On Thu, 8 May 2025 21:19:10 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Mon, 12 May 2025 19:45:47 GMT, Kevin Driver wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Address review feedbacks from Brad.
>
> src/java.base/share/classes/sun/security/ssl/SSLBasicKeyDerivation.java line
>
On Sat, 10 May 2025 14:30:16 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/sun/security/util/KeyUtil.java line 451:
>>
>>> 449: || alg.equalsIgnoreCase("Generic");
>>> 450: }
>>> 451:
>>
>> As you know, I've been working on the [TLS Exporters change](
>> https://g
On Mon, 12 May 2025 19:38:59 GMT, Kevin Driver wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Address review feedbacks from Brad.
>
> src/java.base/share/classes/sun/security/ssl/SSLBasicKeyDerivation.java line
>
On Mon, 12 May 2025 19:33:09 GMT, Kevin Driver wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Address review feedbacks from Brad.
>
> src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java line 128:
>
On Thu, 8 May 2025 21:19:10 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Thu, 8 May 2025 21:19:10 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Thu, 8 May 2025 21:19:10 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Thu, 8 May 2025 21:19:10 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Thu, 8 May 2025 21:19:10 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Thu, 8 May 2025 21:19:10 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Thu, 8 May 2025 21:19:10 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Sat, 10 May 2025 02:10:14 GMT, Bradford Wetmore wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Address review feedbacks from Brad.
>
> src/java.base/share/classes/sun/security/util/KeyUtil.java line 451:
>
>>
On Thu, 8 May 2025 21:19:10 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Thu, 8 May 2025 18:50:16 GMT, Valerie Peng wrote:
>> I just found that we had talked about this previously. What was your
>> reasoning for pulling it?
>>
>> Call me paranoid, but I'm not seeing where the [JDK 24
>> javadocs](https://docs.oracle.com/en/java/javase/24/docs/api/java.base/ja
On Sat, 10 May 2025 02:06:43 GMT, Bradford Wetmore wrote:
>> Me neither. However, given `HKDF-PRK` is not a standard algorithm and also
>> not recognized by the `SunPKCS11` provider, I changed it to `Generic`.
>> Existing `HKDF` impl in the `SunPKCS11` provider is quite strict about the
>> der
On Thu, 8 May 2025 18:44:27 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/DHKEM.java line 409:
>>
>>> 407: HKDFParameterSpec spec =
>>> 408:
>>> HKDFParameterSpec.ofExtract().addIKM(s).extractOnly();
>>> 409: return h
On Thu, 8 May 2025 18:04:58 GMT, Valerie Peng wrote:
>> Or in the meantime:
>>
>> } finally {
>> // Best effort
>> if (eae_prk instanceof SecretKeySpec s) {
>> SharedSecrets.getJavaxCryptoSpecAccess()
>> .clearSecretKeySpec(s);
>> } els
> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
> for the HKDF support from JCA/JCE providers.
>
> This is just code refactoring. Known-answer regression test for the internal
> JSSE HKDF impl is removed as the test vectors are already covered by the HKDF
> impl in
On Tue, 6 May 2025 04:40:02 GMT, Bradford Wetmore wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Address review comments from Sean.
>
> src/java.base/share/classes/com/sun/crypto/provider/DHKEM.java line 409:
>
>
On Wed, 7 May 2025 04:27:10 GMT, Bradford Wetmore wrote:
>> src/java.base/share/classes/sun/security/ssl/ServerHello.java line 1222:
>>
>>> 1220: CipherSuite.HashAlg hashAlg =
>>> hc.negotiatedCipherSuite.hashAlg;
>>> 1221: KDF hkdf = KDF.getInstance(hashAlg.hkdfAlgorith
On Wed, 7 May 2025 05:00:57 GMT, Bradford Wetmore wrote:
>> Yes, it'd be nice. I reopened https://bugs.openjdk.org/browse/JDK-8160206
>> and we can address this separately.
>
> Or in the meantime:
>
> } finally {
> // Best effort
> if (eae_prk instanceof SecretKeySpec s) {
>
On Fri, 25 Apr 2025 18:23:14 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/DHKEM.java line 260:
>>
>>> 258: if (eae_prk instanceof SecretKeySpec s) {
>>> 259: SharedSecrets.getJavaxCryptoSpecAccess()
>>> 260:
On Tue, 6 May 2025 04:58:41 GMT, Bradford Wetmore wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Address review comments from Sean.
>
> src/java.base/share/classes/sun/security/ssl/ServerHello.java line 1222:
>
>
On Thu, 1 May 2025 18:49:33 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
> for the HKDF support from JCA/JCE providers.
>
> This is just code refactoring. Known-answer regression test for the internal
> JSSE HKDF impl is removed as the test vectors are already covered by the HKDF
> impl in
On Wed, 30 Apr 2025 22:37:54 GMT, Bradford Wetmore wrote:
> Missing test plan in the PR Description. (i.e. tier1/tier2/JCK?)
I always run tier 1-3 tests for all of my PRs. Don't anticipate that this would
affect JCK, but will give it a try just in case.
Thanks for the suggestion~
-
On Tue, 29 Apr 2025 21:44:26 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Wed, 30 Apr 2025 18:25:35 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/sun/security/ssl/ServerHello.java line 624:
>>
>>> 622:
>>> 623: SSLKeyDerivation handshakeKD = ke.createKeyDerivation(shc);
>>> 624: SecretKey handshakeSecret = handshakeKD.deriveKey(
>
On Wed, 30 Apr 2025 15:49:16 GMT, Sean Mullan wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Add comment about not using the same HKDF instance.
>
> src/java.base/share/classes/sun/security/ssl/ServerHello.java li
On Tue, 29 Apr 2025 21:44:26 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Tue, 29 Apr 2025 21:44:26 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Tue, 29 Apr 2025 21:44:26 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Tue, 29 Apr 2025 21:44:26 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Tue, 29 Apr 2025 21:44:26 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Tue, 29 Apr 2025 21:44:26 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
> for the HKDF support from JCA/JCE providers.
>
> This is just code refactoring. Known-answer regression test for the internal
> JSSE HKDF impl is removed as the test vectors are already covered by the HKDF
> impl in
On Fri, 25 Apr 2025 18:40:17 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java line 131:
>>
>>> 129:
>>> 130: // derive handshake secret
>>> 131: return hkdf.deriveKey(type, HKDFParameterSpec.ofExtract()
>>
>> The line above m
> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
> for the HKDF support from JCA/JCE providers.
>
> This is just code refactoring. Known-answer regression test for the internal
> JSSE HKDF impl is removed as the test vectors are already covered by the HKDF
> impl in
On Fri, 25 Apr 2025 15:41:09 GMT, Weijun Wang wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Undo the special workaround for JSSE in PKCS11 HKDF impl.
>
> src/java.base/share/classes/sun/security/ssl/PreSharedKeyE
On Fri, 25 Apr 2025 15:36:26 GMT, Weijun Wang wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Undo the special workaround for JSSE in PKCS11 HKDF impl.
>
> src/java.base/share/classes/sun/security/ssl/KAKeyDerivati
On Fri, 25 Apr 2025 10:40:47 GMT, Daniel Jeliński wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Undo the special workaround for JSSE in PKCS11 HKDF impl.
>
> src/java.base/share/classes/com/sun/crypto/provider/DH
On Thu, 17 Apr 2025 21:35:36 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Thu, 17 Apr 2025 21:35:36 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
> for the HKDF support from JCA/JCE providers.
>
> This is just code refactoring. Known-answer regression test for the internal
> JSSE HKDF impl is removed as the test vectors are already covered by the HKDF
> impl in
> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
> for the HKDF support from JCA/JCE providers.
>
> This is just code refactoring. Known-answer regression test for the internal
> JSSE HKDF impl is removed as the test vectors are already covered by the HKDF
> impl in
On Sat, 5 Apr 2025 19:12:23 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Mon, 7 Apr 2025 16:44:58 GMT, Sean Mullan wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> added default deriveData method to SSLKeyDerivation interface and
>> refactored code to remove unused AlgorithmParamete
On Mon, 7 Apr 2025 16:42:14 GMT, Sean Mullan wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> added default deriveData method to SSLKeyDerivation interface and
>> refactored code to remove unused AlgorithmParamete
On Mon, 7 Apr 2025 18:48:15 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/ssl/Utilities.java line 150:
>>
>>> 148: String sanitizedAlg = digestAlg.replace("-", "");
>>> 149: return switch (sanitizedAlg) {
>>> 150: case "SHA256", "SHA384", "SHA512
On Fri, 4 Apr 2025 23:05:01 GMT, Bradford Wetmore wrote:
>> Yes, I am on the fence about this. Given the specified value is the same as
>> the default, it can be removed. I kept it there so the new code matches the
>> original code completely. Not much difference either way I think.
>
> I like
On Sat, 5 Apr 2025 19:12:23 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Fri, 4 Apr 2025 22:18:31 GMT, Bradford Wetmore wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> added default deriveData method to SSLKeyDerivation interface and
>> refactored code to remove unused AlgorithmPar
On Sat, 5 Apr 2025 19:12:23 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
> for the HKDF support from JCA/JCE providers.
>
> This is just code refactoring. Known-answer regression test for the internal
> JSSE HKDF impl is removed as the test vectors are already covered by the HKDF
> impl in
On Wed, 2 Apr 2025 21:43:19 GMT, Valerie Peng wrote:
> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
> for the HKDF support from JCA/JCE providers.
>
> This is just code refactoring. Known-answer regression test for the internal
> JSSE HKDF impl is removed as the t
On Thu, 3 Apr 2025 00:51:44 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java line 120:
>>
>>> 118: SecretKey earlySecret =
>>> hkdf.deriveKey("TlsEarlySecret",
>>> 119: HKDFParameterSpec.ofExtract().addSalt(zer
On Wed, 2 Apr 2025 21:43:19 GMT, Valerie Peng wrote:
> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
> for the HKDF support from JCA/JCE providers.
>
> This is just code refactoring. Known-answer regression test for the internal
> JSSE HKDF impl is removed as the t
On Wed, 2 Apr 2025 23:22:40 GMT, Weijun Wang wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as t
On Wed, 2 Apr 2025 21:43:19 GMT, Valerie Peng wrote:
> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
> for the HKDF support from JCA/JCE providers.
>
> This is just code refactoring. Known-answer regression test for the internal
> JSSE HKDF impl is removed as the t
This PR removes the internal JSSE HKDF impl and changes to use the KDF API for
the HKDF support from JCA/JCE providers.
This is just code refactoring. Known-answer regression test for the internal
JSSE HKDF impl is removed as the test vectors are already covered by the HKDF
impl in SunJCE provi
61 matches
Mail list logo
