8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11

Reviewed-by: valeriep
2025-08-28 07:14:30 +02:00 · 2019-04-03 16:23:22 -07:00 · 2019-04-03 16:23:22 -07:00 · 661b5f1534
commit 661b5f1534
parent 2f20909d10
7 changed files with 36 additions and 16 deletions
--- a/src/java.base/share/classes/sun/security/ssl/ECDHKeyExchange.java
+++ b/src/java.base/share/classes/sun/security/ssl/ECDHKeyExchange.java
@ -35,7 +35,6 @@ import java.security.KeyPairGenerator;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.SecureRandom;
-import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.ECGenParameterSpec;
@ -265,12 +264,12 @@ final class ECDHKeyExchange {
                    continue;
                }

-                PrivateKey privateKey = ((X509Possession)poss).popPrivateKey;
-                if (!privateKey.getAlgorithm().equals("EC")) {
+                ECParameterSpec params =
+                        ((X509Possession)poss).getECParameterSpec();
+                if (params == null) {
                    continue;
                }

-                ECParameterSpec params = ((ECPrivateKey)privateKey).getParams();
                NamedGroup ng = NamedGroup.valueOf(params);
                if (ng == null) {
                    // unlikely, have been checked during cipher suite negotiation.