On Tue, 6 May 2025 04:58:41 GMT, Bradford Wetmore <wetm...@openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Address review comments from Sean.
>
> src/java.base/share/classes/sun/security/ssl/ServerHello.java line 1222:
>
>> 1220: CipherSuite.HashAlg hashAlg =
>> hc.negotiatedCipherSuite.hashAlg;
>> 1221: KDF hkdf = KDF.getInstance(hashAlg.hkdfAlgorithm);
>> 1222: SecretKey earlySecret = hkdf.deriveKey("TlsEarlySecret",
>
> I'm a little worried that the proper number of salt zeros are now expected to
> be known in the KDF deriveKey code instead of specified specifically here
> (and in other similar places). Should we consider specifying them here and
> the other places instead to play it safe?
I just found that we had talked about this previously. What was your reasoning
for pulling it?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2076762302
