RFR: 8353578: Refactor existing usage of internal HKDF impl to use the KDF API [v7]
Valerie Peng
valeriep at openjdk.org
Thu May 8 18:52:54 UTC 2025
On Wed, 7 May 2025 04:27:10 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/ServerHello.java line 1222:
>>
>>> 1220: CipherSuite.HashAlg hashAlg = hc.negotiatedCipherSuite.hashAlg;
>>> 1221: KDF hkdf = KDF.getInstance(hashAlg.hkdfAlgorithm);
>>> 1222: SecretKey earlySecret = hkdf.deriveKey("TlsEarlySecret",
>>
>> I'm a little worried that the proper number of salt zeros are now expected to be known in the KDF deriveKey code instead of specified specifically here (and in other similar places). Should we consider specifying them here and the other places instead to play it safe?
>
> I just found that we had talked about this previously. What was your reasoning for pulling it?
>
> Call me paranoid, but I'm not seeing where the [JDK 24 javadocs](https://docs.oracle.com/en/java/javase/24/docs/api/java.base/javax/crypto/spec/HKDFParameterSpec.Builder.html#addSalt(byte%5B%5D)) discuss what happens if salt is not supplied. [RFC 8446/Section 7.1](https://www.rfc-editor.org/rfc/rfc8446.html#section-7.1) states:
>
> - "0" indicates a string of Hash.length bytes set to zero.
Ok, I will add it back just to be safe.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2080292640
More information about the security-dev
mailing list