8368520: TLS 1.3 KeyUpdate fails with SunPKCS11 provider

Reviewed-by: valeriep
2026-01-28 12:09:14 +00:00 · 2025-10-02 13:29:45 +00:00 · 2025-10-02 13:29:45 +00:00 · 56baf64ada
commit 56baf64ada
parent cc563c87cd
2 changed files with 17 additions and 15 deletions
--- a/src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java
@ -29,13 +29,11 @@ import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.security.GeneralSecurityException;
 import java.security.ProviderException;
-import java.security.spec.AlgorithmParameterSpec;
 import javax.crypto.KDF;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.HKDFParameterSpec;
 import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
 import javax.net.ssl.SSLHandshakeException;
 import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
 import sun.security.internal.spec.TlsKeyMaterialSpec;
@ -191,26 +189,26 @@ enum SSLTrafficKeyDerivation implements SSLKeyDerivationGenerator {

    private enum KeySchedule {
        // Note that we use enum name as the key name.
-        TlsKey              ("key", false),
-        TlsIv               ("iv",  true),
-        TlsUpdateNplus1     ("traffic upd", false);
+        TlsKey              ("key"),
+        TlsIv               ("iv"),
+        TlsUpdateNplus1     ("traffic upd");

        private final byte[] label;
-        private final boolean isIv;

-        KeySchedule(String label, boolean isIv) {
+        KeySchedule(String label) {
            this.label = ("tls13 " + label).getBytes();
-            this.isIv = isIv;
        }

        int getKeyLength(CipherSuite cs) {
-            if (this == KeySchedule.TlsUpdateNplus1)
-                return cs.hashAlg.hashLength;
-            return isIv ? cs.bulkCipher.ivSize : cs.bulkCipher.keySize;
+            return switch (this) {
+                case TlsUpdateNplus1 -> cs.hashAlg.hashLength;
+                case TlsIv -> cs.bulkCipher.ivSize;
+                case TlsKey -> cs.bulkCipher.keySize;
+            };
        }

        String getAlgorithm(CipherSuite cs, String algorithm) {
-            return isIv ? algorithm : cs.bulkCipher.algorithm;
+            return this == TlsKey ? cs.bulkCipher.algorithm : algorithm;
        }
    }

--- a/test/jdk/sun/security/pkcs11/tls/fips/FipsModeTLS.java
+++ b/test/jdk/sun/security/pkcs11/tls/fips/FipsModeTLS.java
@ -24,7 +24,7 @@

 /*
 * @test
- * @bug 8029661 8325164 8368073 8368514
+ * @bug 8029661 8325164 8368073 8368514 8368520
 * @summary Test TLS 1.2 and TLS 1.3
 * @modules java.base/sun.security.internal.spec
 *          java.base/sun.security.util
@ -88,6 +88,9 @@ public final class FipsModeTLS extends SecmodTest {
    private static PublicKey publicKey;

    public static void main(String[] args) throws Exception {
+        // reduce the limit to trigger a key update later
+        Security.setProperty("jdk.tls.keyLimits",
+                "AES/GCM/NoPadding KeyUpdate 10000");
        try {
            initialize();
        } catch (Exception e) {
@ -305,10 +308,11 @@ public final class FipsModeTLS extends SecmodTest {
                cTOs = ByteBuffer.allocateDirect(netBufferMax);
                sTOc = ByteBuffer.allocateDirect(netBufferMax);

+                // big enough to trigger a key update
                clientOut = ByteBuffer.wrap(
-                        "Hi Server, I'm Client".getBytes());
+                        "a".repeat(16000).getBytes());
                serverOut = ByteBuffer.wrap(
-                        "Hello Client, I'm Server".getBytes());
+                        "b".repeat(16000).getBytes());

                SSLEngineResult clientResult;
                SSLEngineResult serverResult;