RFR: 8353578: Refactor existing usage of internal HKDF impl to use the KDF API [v8]
Valerie Peng
valeriep at openjdk.org
Mon May 12 22:41:57 UTC 2025
On Sat, 10 May 2025 14:30:16 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/KeyUtil.java line 451:
>>
>>> 449: || alg.equalsIgnoreCase("Generic");
>>> 450: }
>>> 451:
>>
>> As you know, I've been working on the [TLS Exporters change]( https://github.com/openjdk/jdk/pull/24976) which will use the same KDF APIs. I've already updated that to use your style.
>>
>> Looks like I've now got one more thing to change! ;)
>
> This is a reply to the comment above. I don't know why GitHub does not show a reply box there.
>
>> Is any specific salt needed here like in TLS?
>
> In DHKEM, the salt used is always empty.
So, no need to explicitly set it I assume? As this is a refactoring, I prefer to minimize changes unless consensus is different.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2085631201
More information about the security-dev
mailing list