RFR: 8353578: Refactor existing usage of internal HKDF impl to use the KDF API [v2]
Daniel Jeliński
djelinski at openjdk.org
Mon Apr 7 20:54:12 UTC 2025
On Sat, 5 Apr 2025 19:12:23 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal JSSE HKDF impl is removed as the test vectors are already covered by the HKDF impl in SunJCE provider.
>>
>> Thanks in advance for the review~
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>
> added default deriveData method to SSLKeyDerivation interface and
> refactored code to remove unused AlgorithmParameterSpec argument.
Still looks good.
The changes here are not enough to get the NSS-FIPS library to complete TLS1.3 handshake, but it's a big step in the right direction. I think we can fix the remaining issues separately.
-------------
Marked as reviewed by djelinski (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/24393#pullrequestreview-2748084288
More information about the security-dev
mailing list