Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2351

ScramDigestPasswordImpl fails with PKCS#11 (FIPS)

    XMLWordPrintable

Details

    Description

      ScramDigestPasswordImpl calls Hmac.init() using the supplied secret without checking its length. The default SunJCE provider automatically pads/truncates the secret to the block length, but the SunPKCS11 provider passes the secret as-is to the underlying NSS provider, which causes a CKR_KEY_SIZE_RANGE in case there is a mismatch with the block-size.

      Attachments

        Issue Links

          is depended on by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. ISPN-14078 Upgrade to Elytron 1.20.1.Final

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          is blocked by

          JDK-8278640 Loading...

          Activity

            People

              ttarrant@redhat.com Tristan Tarrant
              ttarrant@redhat.com Tristan Tarrant
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: