RFR: 8341346: Add support for exporting TLS Keying Material [v7]
Bradford Wetmore
wetmore at openjdk.org
Fri May 16 21:34:56 UTC 2025
On Wed, 7 May 2025 16:21:23 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Bradford Wetmore has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Updated to use the upcoming KDF (still in preview) + bits of JDK-8353578 for compilation)
>
> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1808:
>
>> 1806: String label, byte[] context, int length) throws SSLKeyException {
>> 1807: byte[] bytes =
>> 1808: exportKeyingMaterialKey(label, context, length).getEncoded();
>
> In PKCS #11, calling `deriveKey(...).getEncoded()` is not equivalent to `deriveData()`. It's quite likely that `deriveKey` returns an un-extractable key, but `deriveData` using the exact same input returns the keying material.
Adjusted for the comment.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2093695000
More information about the net-dev
mailing list