> TLS 1.3 changed the way it generates the FFDHE shared secret. In TLS 1.2, the > leading zeroes in the shared secret were stripped, and in TLS 1.3 the leading > zeroes are preserved. > > Thanks to the recent work in > [JDK-8189441](https://bugs.openjdk.org/browse/JDK-8189441), we now have a new > algorithm name `Generic` that can be used to generate a shared secret with > the leading zeroes preserved. > > This PR changes the TLS 1.3 handshake to use the new algorithm name. It also > fixes a bug in PKCS11 Generic key derivation, and updates the existing tests > to verify that the Generic algorithm doesn't strip leading zeroes. > > I didn't add any tests to verify the correctness of the handshake. This can > be verified using tlsfuzzer, see JBS for details. > > Tier1-3 tests continue to pass. The `TestLeadingZeroesP11.java` test fails > before the `P11KeyAgreement.java` changes, passes after.
Daniel Jeliński has updated the pull request incrementally with one additional commit since the last revision: Revert PKCS11 changes ------------- Changes: - all: https://git.openjdk.org/jdk/pull/27343/files - new: https://git.openjdk.org/jdk/pull/27343/files/7c39df58..7104ae3e Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=27343&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=27343&range=00-01 Stats: 84 lines in 3 files changed: 23 ins; 51 del; 10 mod Patch: https://git.openjdk.org/jdk/pull/27343.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/27343/head:pull/27343 PR: https://git.openjdk.org/jdk/pull/27343
