On Wed, 7 May 2025 04:27:10 GMT, Bradford Wetmore <wetm...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/ServerHello.java line 1222:
>>
>>> 1220: CipherSuite.HashAlg hashAlg =
>>> hc.negotiatedCipherSuite.hashAlg;
>>> 1221: KDF hkdf = KDF.getInstance(hashAlg.hkdfAlgorithm);
>>> 1222: SecretKey earlySecret = hkdf.deriveKey("TlsEarlySecret",
>>
>> I'm a little worried that the proper number of salt zeros are now expected
>> to be known in the KDF deriveKey code instead of specified specifically here
>> (and in other similar places). Should we consider specifying them here and
>> the other places instead to play it safe?
>
> I just found that we had talked about this previously. What was your
> reasoning for pulling it?
>
> Call me paranoid, but I'm not seeing where the [JDK 24
> javadocs](https://docs.oracle.com/en/java/javase/24/docs/api/java.base/javax/crypto/spec/HKDFParameterSpec.Builder.html#addSalt(byte%5B%5D))
> discuss what happens if salt is not supplied. [RFC 8446/Section
> 7.1](https://www.rfc-editor.org/rfc/rfc8446.html#section-7.1) states:
>
> - "0" indicates a string of Hash.length bytes set to zero.
Ok, I will add it back just to be safe.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2080292640
