RFR: 8341346: Add support for exporting TLS Keying Material [v3]
Weijun Wang
weijun at openjdk.org
Thu May 1 21:33:47 UTC 2025
On Thu, 1 May 2025 19:32:03 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1691:
>>
>>> 1689: // ...now the final expand.
>>> 1690: SecretKey key = hkdf.expand(derivedSecret, hkdfInfo, length,
>>> 1691: "label");
>>
>> Are you using "label" as the algorithm name for the output?
>
> Egads...should be the label variable. Thanks.
I don't know whether label is always a legal algorithm name. PKCS #11 is especially picky at new names. The KDF `deriveKey` method contains the algorithm as an argument.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2070833436
More information about the security-dev
mailing list