RFR: 8353578: Refactor existing usage of internal HKDF impl to use the KDF API [v8]
Kevin Driver
kdriver at openjdk.org
Mon May 12 19:41:57 UTC 2025
On Thu, 8 May 2025 21:19:10 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal JSSE HKDF impl is removed as the test vectors are already covered by the HKDF impl in SunJCE provider.
>>
>> Thanks in advance for the review~
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>
> Address review feedbacks from Brad.
src/java.base/share/classes/sun/security/ssl/SSLBasicKeyDerivation.java line 49:
> 47: this.secret = secret;
> 48: this.hkdfInfo = createHkdfInfo(label, context, hashAlg.hashLength);
> 49: this.keyLen = hashAlg.hashLength;
Very minor nit: might be worth accessing this field once and passing `this.keyLen` to `createHkdfInfo` instead.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2085329395
More information about the security-dev
mailing list