RFR: 8353578: Refactor existing usage of internal HKDF impl to use the KDF API [v4]
Valerie Peng
valeriep at openjdk.org
Fri Apr 25 18:25:59 UTC 2025
On Fri, 25 Apr 2025 10:40:47 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Undo the special workaround for JSSE in PKCS11 HKDF impl.
>
> src/java.base/share/classes/com/sun/crypto/provider/DHKEM.java line 260:
>
>> 258: if (eae_prk instanceof SecretKeySpec s) {
>> 259: SharedSecrets.getJavaxCryptoSpecAccess()
>> 260: .clearSecretKeySpec(s);
>
> I wish we could use `s.destroy()` here instead.
Yes, it'd be nice. I reopened https://bugs.openjdk.org/browse/JDK-8160206 and we can address this separately.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2060697742
More information about the security-dev
mailing list