RFR: 8353578: Refactor existing usage of internal HKDF impl to use the KDF API [v6]
Valerie Peng
valeriep at openjdk.org
Wed Apr 30 18:27:51 UTC 2025
On Wed, 30 Apr 2025 15:49:16 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Add comment about not using the same HKDF instance.
>
> src/java.base/share/classes/sun/security/ssl/ServerHello.java line 624:
>
>> 622:
>> 623: SSLKeyDerivation handshakeKD = ke.createKeyDerivation(shc);
>> 624: SecretKey handshakeSecret = handshakeKD.deriveKey(
>
> It looks like this can be cleared after it is used to derive the key. Similar comment on line 1310.
Well, I am not sure if clearing `handshakeSecret` is ok - this `handshakeSecret` is passed to `kd` on line 636 and stored internally without cloning. Then `kd` is stored into `shc` which suggests that it may be used later. Clearing it will likely cause problems for subsequent key derivations? Same goes for line 1310. Is there something that I missed?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2069231346
More information about the security-dev
mailing list