RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v3]
Kevin Driver
kdriver at openjdk.org
Tue May 14 15:36:12 UTC 2024
On Thu, 9 May 2024 20:21:59 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> some code review comments
>
> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 54:
>
>> 52: */
>> 53: abstract class HkdfKeyDerivation extends KDFSpi {
>> 54:
>
> All fields below should be local variables inside methods for thread-safety, except for `hmacLen` and `hmacAlgName`, which can be made final.
I believe we also need `hmacObj`.
WRT to `initialKeyMaterial`, `salt`, `pseudoRandomKey`, `info`, and `length`, I understand your argument, but how do you propose we pass around these values if not having a class-level field? If we don't break up the work into smaller methods, that will make the `deriveXXX` methods super long and complicated...
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1600253703
More information about the security-dev
mailing list