RFR: 8368520: TLS 1.3 KeyUpdate fails with SunPKCS11 provider [v2]
Daniel Jeliński
djelinski at openjdk.org
Wed Oct 1 14:49:28 UTC 2025
On Wed, 1 Oct 2025 13:43:15 GMT, Mikhail Yankelevich <myankelevich at openjdk.org> wrote:
>> Daniel Jeliński has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - Remove isIv
>> - Replace if/else with ternary
>
> src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java line 204:
>
>> 202: int getKeyLength(CipherSuite cs) {
>> 203: return switch (this) {
>> 204: case TlsUpdateNplus1 -> cs.hashAlg.hashLength;
>
> I believe this is not covered by any tests, do you think the test could be amended to cover this case?
There are no functional changes to getKeyLength; this is purely a refactoring. Any bugs in this code would be caught by interop testing.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27498#discussion_r2394884939
More information about the security-dev
mailing list