On Wed, 12 Feb 2025 10:02:55 GMT, Daniel Jeliński <[email protected]> wrote:
> Please review this trivial fix that ensures that the mechanism always matches
> the parameter class type.
>
> I added a new test case that crashes without the fix, passes with the fix.
> Existing tier1-3 test cases continue to pass.
@valeriepeng Please review this fix.
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java
line 122:
> 120: } else if (tlsVersion == 0x0301 || tlsVersion == 0x0302) {
> 121: mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
> 122: } else if (tlsVersion == 0x0303) {
Should TLS 1.2 also use CKM_TLS12_KEY_AND_MAC_DERIVE?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/23583#issuecomment-2657385149
PR Review Comment: https://git.openjdk.org/jdk/pull/23583#discussion_r1955005436
