RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v9]
Kevin Driver
kdriver at openjdk.org
Fri Aug 2 19:19:59 UTC 2024
On Mon, 29 Jul 2024 19:01:08 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> review comments
>
> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 328:
>
>> 326: }
>> 327:
>> 328: private Extract(List<SecretKey> ikms, List<SecretKey> salts) {
>
> Should it throw an exception if either or both of the lists are empty?
See the discussion here: https://github.com/C2SP/wycheproof/issues/114
@wangweij has been discussing this issue, and it looks like openssl permits "empty" IKM values. We already know from the RFC that salt is optional, but the RFC is less explicit about IKM.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1697220406
More information about the security-dev
mailing list