Hi Martin,
Thanks for providing us with the patch. Recently, JDK workspace has been
restructured a bit, do you have an updated webrev?
Your changes mostly look fine, but I think we should allow 3rd party
providers to have similar support. For this, we need to have more public
APIs such as those classes under sun.security.internal.spec package and
possibly more. What do you think?
Thanks,
Valerie
On 11/10/2017 6:38 AM, Martin Balao wrote:
Hi,
I would like to propose a patch for JDK-8029661: JDK-Support TLS v1.2
algorithm in SunPKCS11 provider [1].
*
http://cr.openjdk.java.net/~akasko/mbalao/jdk_8029661_tls_12_sunpkcs11/2017_11_09/8029661.webrev.01/
<http://cr.openjdk.java.net/%7Eakasko/mbalao/jdk_8029661_tls_12_sunpkcs11/2017_11_09/8029661.webrev.01/>
(browse online)
*
http://cr.openjdk.java.net/~akasko/mbalao/jdk_8029661_tls_12_sunpkcs11/2017_11_09/8029661.webrev.01.zip
<http://cr.openjdk.java.net/%7Eakasko/mbalao/jdk_8029661_tls_12_sunpkcs11/2017_11_09/8029661.webrev.01.zip>
(download)
The following algorithms have been implemented in SunPKCS11 provider
(based on PKCS#11 v2.40 mechanisms):
* SunTls12RsaPremasterSecret
* SunTls12MasterSecret
* SunTls12KeyMaterial
* SunTls12Prf
A minor API change is proposed to expose TLS ProtocolVersion constants
(SSL30, TLS10, TLS11, etc.) from java.base to jdk.crypto.cryptoki
module. This allows to remove hardcoded TLS int constants in SunPKCS11
classes (required when implementing "Tls"-like algorithms).
A test case is included with the following:
* TLS 1.2 communication using SunPKCS11 + NSS (in FIPS mode)
* Algorithms test against SunJCE
Regards,
Martin.-
--
[1] - https://bugs.openjdk.java.net/browse/JDK-8029661
