RFR: 8353578: Refactor existing usage of internal HKDF impl to use the KDF API [v2]
Valerie Peng
valeriep at openjdk.org
Thu Apr 10 21:19:37 UTC 2025
On Mon, 7 Apr 2025 18:48:15 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/Utilities.java line 150:
>>
>>> 148: String sanitizedAlg = digestAlg.replace("-", "");
>>> 149: return switch (sanitizedAlg) {
>>> 150: case "SHA256", "SHA384", "SHA512" -> "HKDF-" + sanitizedAlg;
>>
>> This is a nit, but currently we don't have SHA512 in `CipherSuite.HashAlg`. You can leave it for any future enhancements.
>
> You could also consider storing the HKDF algorithm names in the `HashAlg` enum. Not sure if it would make much difference, performance wise.
Yes, this sounds better for overall consistency. Will adopt the `HashAlg` enum suggestion.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2038350409
More information about the security-dev
mailing list