RFR: 8353578: Refactor existing usage of internal HKDF impl to use the KDF API [v8]
Bradford Wetmore
wetmore at openjdk.org
Sat May 10 02:30:04 UTC 2025
On Thu, 8 May 2025 21:19:10 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal JSSE HKDF impl is removed as the test vectors are already covered by the HKDF impl in SunJCE provider.
>>
>> Thanks in advance for the review~
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>
> Address review feedbacks from Brad.
Marked as reviewed by wetmore (Reviewer).
You're probably good to go, but might check with Weijun/Sean/DJ in case there's anything last minute.
src/java.base/share/classes/sun/security/util/KeyUtil.java line 451:
> 449: || alg.equalsIgnoreCase("Generic");
> 450: }
> 451:
As you know, I've been working on the [TLS Exporters change]( https://github.com/openjdk/jdk/pull/24976) which will use the same KDF APIs. I've already updated that to use your style.
Looks like I've now got one more thing to change! ;)
-------------
PR Review: https://git.openjdk.org/jdk/pull/24393#pullrequestreview-2830088116
PR Comment: https://git.openjdk.org/jdk/pull/24393#issuecomment-2868234417
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2082762131
More information about the security-dev
mailing list