RFR: 8353578: Refactor existing usage of internal HKDF impl to use the KDF API [v7]
Bradford Wetmore
wetmore at openjdk.org
Sat May 10 02:30:04 UTC 2025
On Thu, 8 May 2025 18:50:16 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> I just found that we had talked about this previously. What was your reasoning for pulling it?
>>
>> Call me paranoid, but I'm not seeing where the [JDK 24 javadocs](https://docs.oracle.com/en/java/javase/24/docs/api/java.base/javax/crypto/spec/HKDFParameterSpec.Builder.html#addSalt(byte%5B%5D)) discuss what happens if salt is not supplied. [RFC 8446/Section 7.1](https://www.rfc-editor.org/rfc/rfc8446.html#section-7.1) states:
>>
>> - "0" indicates a string of Hash.length bytes set to zero.
>
> Ok, I will add it back just to be safe.
I thought there were other locations, but maybe I was just imagining it! ;)
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2082762601
More information about the security-dev
mailing list