On Fri, 19 Sep 2025 08:32:41 GMT, Daniel Jeliński <[email protected]> wrote:
> Enable HDKF to work with providers that do not allow secret keys to be > created from arbitrary data. > > This permits the TLS 1.3 handshake to complete with SunPKCS11 provider backed > by NSS in FIPS mode. > > I added a TLS 1.3 test case to an existing test. The new test passes with the > HKDF changes, fails without them. Other tier1-3 tests continue to pass. This pull request has now been integrated. Changeset: 3183a13f Author: Daniel Jeliński <[email protected]> URL: https://git.openjdk.org/jdk/commit/3183a13f666ff38c03c0628e139998803be8a719 Stats: 147 lines in 3 files changed: 97 ins; 34 del; 16 mod 8368073: PKCS11 HKDF can't use byte array IKM in FIPS mode Reviewed-by: valeriep ------------- PR: https://git.openjdk.org/jdk/pull/27384
