RFR: 8368520: TLS 1.3 KeyUpdate fails with SunPKCS11 provider [v2]
Daniel Jeliński
djelinski at openjdk.org
Tue Sep 30 08:20:53 UTC 2025
On Mon, 29 Sep 2025 16:59:01 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java line 215:
>>
>>> 213: if (this == TlsKey)
>>> 214: return cs.bulkCipher.algorithm;
>>> 215: return algorithm;
>>
>> nit: how about just `return (this == TlsKey ? cs.bulkCipher.algorithm : algorithm);`
>
> In addition, looking at the KeySchedule enum, only `TlsIv` is of iv type, so overall we don't really need the `isIv` field. If we change the `getKeyLength(CipherSuite cs)` method as below, then we can remove the `isIv` field.
>
> + return switch (this) {
> + case TlsUpdateNplus1->cs.hashAlg.hashLength;
> + case TlsIv->cs.bulkCipher.ivSize;
> + case TlsKey->cs.bulkCipher.keySize;
> + default->throw new RuntimeException("Unexpected exception");
> + };
>
> What do you think?
Yes, that's a good cleanup, thanks for the suggestions. I applied the changes.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27498#discussion_r2390287221
More information about the security-dev
mailing list