On Sat, 5 Apr 2025 19:12:23 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API >> for the HKDF support from JCA/JCE providers. >> >> This is just code refactoring. Known-answer regression test for the internal >> JSSE HKDF impl is removed as the test vectors are already covered by the >> HKDF impl in SunJCE provider. >> >> Thanks in advance for the review~ > > Valerie Peng has updated the pull request incrementally with one additional > commit since the last revision: > > added default deriveData method to SSLKeyDerivation interface and > refactored code to remove unused AlgorithmParameterSpec argument. Still looks good. The changes here are not enough to get the NSS-FIPS library to complete TLS1.3 handshake, but it's a big step in the right direction. I think we can fix the remaining issues separately. ------------- Marked as reviewed by djelinski (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/24393#pullrequestreview-2748084288
