RFR: 8341346: Add support for exporting TLS Keying Material [v26]
Artur Barashev
abarashev at openjdk.org
Tue May 27 23:40:54 UTC 2025
On Fri, 23 May 2025 21:23:04 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE respectively.
>>
>> CSR is underway.
>>
>> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net jck:api/javax_security jck:api/org_ietf jck:api/javax_xml/crypto)
>
> Bradford Wetmore has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 36 commits:
>
> - Remove TlsExporterKeyingMaterial for now. Can add later if needed.
> - Merge branch 'master' into JDK-8341346
> - Merge branch 'master' into JDK-8341346
> - Added PKCS11 testing
> - Minor bug
> - Missed one change
> - Merge branch 'master' into JDK-8341346
> - Private Codereview comment: Don't allow use of null keyAlgs, plus some minor cleanups
> - get*() no longer needed, backout error (oops!)
> - Merge branch 'master' into JDK-8341346
> - ... and 26 more: https://git.openjdk.org/jdk/compare/66747710...67480e99
src/java.base/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java line 1:
> 1: /*
Not related to this PR, but `engineGenerateKey0` method should be `protected`
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2110533393
More information about the net-dev
mailing list