Code review request JDK-8006935: Need to take care of long secret keys in HMAC/PRF compuation

Xuelei Fan at
Tue Apr 16 05:30:47 PDT 2013

Hi Valerie,

Are you available to review the HAMC impl update in JCE/TLS?


The issue comes from the practice that the industry starts to use large
Diffie-Hellman keys in DH key exchanging.

Per HMAC (RFC 2104) spec, if the secret key is longer than the block
size of the HMAC algorithm, it is required to digest the key, and the
hash value will be used as the actual secret key to HMAC.

However, in the implementation of HMAC for TLS at SunJCE provider
(TlsPrfGenerator), we don't consider the case that the secret key size
may be longer than the block size.  It does not matter in the past
because the industry does not use large DH keys.  But now it is a
serious interoperability issue for those who use large DH keys.

In the update, this fix will digest large secret key if it is longer
than the block size per RFC 2104.

SunPKCS11 provider does not have the problem.

No new regression test (noreg-hard). The fix can be tested by manually
running the attached test case in the bug.


More information about the security-dev mailing list