RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v9]
Kevin Driver
kdriver at openjdk.org
Fri Aug 16 21:16:36 UTC 2024
On Mon, 5 Aug 2024 20:13:29 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> See the discussion here: https://github.com/C2SP/wycheproof/issues/114
>>
>> @wangweij has been discussing this issue, and it looks like openssl permits "empty" IKM values. We already know from the RFC that salt is optional, but the RFC is less explicit about IKM.
>
> If that's the case, then I think the `ikms` and `salts` method should specify that an empty List may be returned and under what conditions, as it is an edge case. For example, "Returns an empty list if there are no salt values".
>
> P.S. Let's not resolve the comment until the submitter has a chance to respond to the proposed solution, if it still could use discussion/agreement or is not what the submitter had requested.
Addressed in https://github.com/openjdk/jdk/pull/20301/commits/c6f491cd05c76088e6431b2ba9d4ab42b29e4055. Please indicate if this is resolved.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1720347397
More information about the security-dev
mailing list