On Thu, 13 Feb 2025 18:12:52 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Please review this trivial fix that ensures that the mechanism always
>> matches the parameter class type.
>>
>> I added a new test case that crashes without the fix, passes with the fix.
>> Existing tier1-3 test cases continue to pass.
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java
> line 122:
>
>> 120: } else if (tlsVersion == 0x0301 || tlsVersion == 0x0302) {
>> 121: mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
>> 122: } else if (tlsVersion == 0x0303) {
>
> Should TLS 1.2 also use CKM_TLS12_KEY_AND_MAC_DERIVE?
TLS 1.2 is version 3.3.
The versions are:
SSL 3.0 - 3.0
TLS 1.0 - 3.1
TLS 1.1 - 3.2
TLS 1.2 - 3.3
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23583#discussion_r1955032712
