On Fri, 25 Apr 2025 15:36:26 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Undo the special workaround for JSSE in PKCS11 HKDF impl. > > src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java line 131: > >> 129: >> 130: // derive handshake secret >> 131: return hkdf.deriveKey(type, HKDFParameterSpec.ofExtract() > > The line above may fail because the `hkdf` object has been used once on line > 121 with zero-valued salt and IKM, which selected the software-based HKDF > from SunJCE. At this point, however, `sharedSecret` is the result of ECDH and > may be non-extractable if produced by an HSM, making it incompatible with the > SunJCE implementation. To avoid this issue, get a new `hkdf` by calling `hkdf > = KDF.getInstance(hashAlg.hkdfAlgorithm)` before this line. Hmm, ok, interesting scenario. I add another `KDF.getInstance()` call as you suggested just to be safe. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2060720014
