RFR: 8353578: Refactor existing usage of internal HKDF impl to use the KDF API [v7]
Bradford Wetmore
wetmore at openjdk.org
Sat May 10 02:30:04 UTC 2025
On Sat, 10 May 2025 02:06:43 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> Me neither. However, given `HKDF-PRK` is not a standard algorithm and also not recognized by the `SunPKCS11` provider, I changed it to `Generic`. Existing `HKDF` impl in the `SunPKCS11` provider is quite strict about the derived key algorithms and it will error out unless we add `HKDF-PRK` to be a recognized key algorithm for key derivation. Given these reasons, it seems `Generic` is the better choice here.
>
> Is any specific salt needed here like in TLS?
We should chat next week about an issue Weijun raised and the algorithm names in the Exporters.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2082763827
More information about the security-dev
mailing list