RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v10]
Kevin Driver
kdriver at openjdk.org
Mon Aug 19 21:42:19 UTC 2024
On Fri, 16 Aug 2024 18:18:51 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 258:
>>
>>> 256: byte[] workItemBytes = CipherCore.getKeyBytes(checkIt);
>>> 257: return new SecretKeySpec(workItemBytes, "Generic");
>>> 258: } else {
>>
>> I think this is less error prone and easier to read than what you have below:
>>
>> ByteArrayOutputStream os = new ByteArrayOutputStream();
>> for (SecretKey workItem : localKeys) {
>> try {
>> os.write(CipherCore.getKeyBytes(workItem));
>> } catch (IOException e) {
>> // won't happen
>> }
>> }
>> return new SecretKeySpec(os.toByteArray(), "Generic");
>>
>> And if your concerned about the extra copy from `toByteArray()`, you could consider using an internal class `AEADBufferedStream` which extends ByteArrayOutputStream but will return the internal copy to avoid extra mem allocation.
>
> +1.
Addressed in https://github.com/openjdk/jdk/pull/20301/commits/48395b86ba8e1cda663ae326e06ae2556f4b905a. Please indicate if this is resolved.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1722375664
More information about the security-dev
mailing list