On Wed, 2 Apr 2025 21:43:19 GMT, Valerie Peng <valer...@openjdk.org> wrote:
> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
> for the HKDF support from JCA/JCE providers.
>
> This is just code refactoring. Known-answer regression test for the internal
> JSSE HKDF impl is removed as the test vectors are already covered by the HKDF
> impl in SunJCE provider.
>
> Thanks in advance for the review~
src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java line 120:
> 118: SecretKey earlySecret = hkdf.deriveKey("TlsEarlySecret",
> 119: HKDFParameterSpec.ofExtract().addSalt(zeros)
> 120: .addIKM(ikm).extractOnly());
Maybe no need for `addSalt(zeros)`. I remember salt is by default zeros for
HKDF.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2025733194
