On Thu, 3 Apr 2025 00:51:44 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java line 120:
>>
>>> 118: SecretKey earlySecret =
>>> hkdf.deriveKey("TlsEarlySecret",
>>> 119: HKDFParameterSpec.ofExtract().addSalt(zeros)
>>> 120: .addIKM(ikm).extractOnly());
>>
>> Maybe no need for `addSalt(zeros)`. I remember salt is by default zeros for
>> HKDF.
>
> Yes, I am on the fence about this. Given the specified value is the same as
> the default, it can be removed. I kept it there so the new code matches the
> original code completely. Not much difference either way I think.
I like having it there to communicate that is really the intent.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24393#discussion_r2029534765
