RFR: 8341346: Add support for exporting TLS Keying Material [v27]

[Bradford Wetmore]

On Thu, 29 May 2025 14:09:38 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Bradford Wetmore has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 37 commits:
>> 
>>  - Merge branch 'master' into JDK-8341346
>>  - Remove TlsExporterKeyingMaterial for now.  Can add later if needed.
>>  - Merge branch 'master' into JDK-8341346
>>  - Merge branch 'master' into JDK-8341346
>>  - Added PKCS11 testing
>>  - Minor bug
>>  - Missed one change
>>  - Merge branch 'master' into JDK-8341346
>>  - Private Codereview comment:  Don't allow use of null keyAlgs, plus some minor cleanups
>>  - get*() no longer needed, backout error (oops!)
>>  - ... and 27 more: https://git.openjdk.org/jdk/compare/2ec6ab34...858362c8
>
> src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java line 198:
> 
>> 196:      *                {@code label} will be converted to a {@code byte[]}
>> 197:      *                before the operation begins.
>> 198:      * @param context the context bytes used in the EKM calculation, or null
> 
> `null` needs to be in `{@code}`. Same as in `@throws NullPointerException`. Same as in the other method.

As we discussed in Slack, the javadocs are all over the place on this one.  Some have it, others don't.  We have more non-code nulls than code in the JSSE docs.  I don't mind either way.  But if we're going to do this, we might want to do it throughout the security code.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2114703622