On Tue, 13 May 2025 05:32:34 GMT, Bradford Wetmore <wetm...@openjdk.org> wrote:
>> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE
>> respectively.
>>
>> CSR is underway.
>>
>> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK
>> API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net
>> jck:api/javax_security jck:api/org_ietf jck:api/javax_xml/crypto)
>
> Bradford Wetmore has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Missed one review comment
src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1598:
> 1596: // L length of output keying material in octets
> 1597: // (<= 255*HashLen)
> 1598: if (length >= (255 * cipherSuite.hashAlg.hashLength )) {
The opposite of `<=` is `>`.
src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1650:
> 1648: emptyHash = md.digest();
> 1649: } catch (NoSuchAlgorithmException nsae) {
> 1650: throw new RuntimeException(
We usually throw a `ProviderException` here, when some weird configuration
removes a basic hash algorithm.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2086821812
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2086826499
