RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v11]
Valerie Peng
valeriep at openjdk.org
Fri Aug 16 18:01:55 UTC 2024
On Thu, 15 Aug 2024 21:05:15 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 151:
>>
>>> 149: try {
>>> 150: return hkdfExtract(inputKeyMaterial,
>>> 151: (salt == null) ? null : salt.getEncoded());
>>
>> If you use byte[] for `salt`, then you can just pass it to `hkdfExtract()` and no need for this null-check and `getEncoded()` call.
>
> See above comment.
Well, the hardware keys reason doesn't apply. I am referring to the type of `inputKeyMaterial` and `salt`, not `ikms` and `salts`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1720148788
More information about the security-dev
mailing list