RFR: 8341346: Add support for exporting TLS Keying Material [v10]
Weijun Wang
weijun at openjdk.org
Sat May 10 13:50:53 UTC 2025
On Fri, 9 May 2025 21:38:07 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE respectively.
>>
>> CSR is underway.
>>
>> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net jck:api/javax_security jck:api/org_ietf jck:api/javax_xml/crypto)
>
> Bradford Wetmore has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 13 commits:
>
> - Merge branch 'master' into JDK-8341346
> - Adjustments made for JDK-8350830
> - Merge branch 'master' into JDK-8341346
> - Rework to avoid PKCS11 data extraction problems, and enhanced input verification and unit testing
> - More Codereview comments
> - Updated to use the upcoming KDF (still in preview) + bits of JDK-8353578 for compilation)
> - Add in the SharedSecrets SecretKeySpec clearing mechanism
> - More codereview/CSR comments
> - Merge branch 'master' into JDK-8341346
> - Codereview comments.
> - ... and 3 more: https://git.openjdk.org/jdk/compare/68a11850...bd227aa8
Register your new algorithm "TlsExporterMasterSecret" at https://github.com/openjdk/jdk/blob/6536430a3bdedcf5e0636e0eb27bde5e0d7b40fd/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java#L272.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/24976#issuecomment-2868873399
More information about the security-dev
mailing list