RFR: 8368520: TLS 1.3 KeyUpdate fails with SunPKCS11 provider
Daniel Jeliński
djelinski at openjdk.org
Thu Sep 25 20:19:19 UTC 2025
Change SunJSSE to use `TlsUpdateNplus1` instead of `AES` as the key algorithm when deriving the next application traffic secret.
SunPKCS11 provider checks the key length when creating an `AES` key, and since 384 bits is not a valid AES key length, the key creation fails.
`TlsUpdateNplus1` is [already recognized](https://github.com/openjdk/jdk/blob/3c9fd7688f4d73067db9b128c329ca7603a60578/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java#L287) as a standard TLS generic key by SunPKCS11.
Key update is now exercised by the FipsModeTLS test. The test passes with the changes, fails without them. Other tier1-3 tests continue to pass.
-------------
Commit messages:
- Fix key update
Changes: https://git.openjdk.org/jdk/pull/27498/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27498&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8368520
Stats: 10 lines in 2 files changed: 6 ins; 0 del; 4 mod
Patch: https://git.openjdk.org/jdk/pull/27498.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/27498/head:pull/27498
PR: https://git.openjdk.org/jdk/pull/27498
More information about the security-dev
mailing list