On Tue, 6 May 2025 04:40:02 GMT, Bradford Wetmore <wetm...@openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Address review comments from Sean.
>
> src/java.base/share/classes/com/sun/crypto/provider/DHKEM.java line 409:
>
>> 407: HKDFParameterSpec spec =
>> 408:
>> HKDFParameterSpec.ofExtract().addIKM(s).extractOnly();
>> 409: return hkdf.deriveKey("Generic", spec);
>
> I haven't done much with DHKEM yet, but should the returned key have
> algorithm name of "Generic," or something more descriptive like the previous
> "HKDF-PRK"?
Me neither. However, given `HKDF-PRK` is not a standard algorithm and also not
recognized by the `SunPKCS11` provider, I changed it to `Generic`. Existing
`HKDF` impl in the `SunPKCS11` provider is quite strict about the derived key
algorithms and it will error out unless we add `HKDF-PRK` to be a recognized
key algorithm for key derivation. Given these reasons, it seems `Generic` is
the better choice here.
> src/java.base/share/classes/sun/security/ssl/CipherSuite.java line 1:
>
>> 1: /*
>
> Copyright update.
Will fix.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2080285333
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2080288826
