RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v9]
Sean Mullan
mullan at openjdk.org
Mon Jul 29 19:05:39 UTC 2024
On Fri, 26 Jul 2024 20:01:23 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic algorithms for deriving additional keys from a secret key and other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>
> review comments
src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 263:
> 261: throw new NullPointerException(
> 262: "salt must not be null or empty");
> 263: }
Are you ignoring an empty salt or throwing an exception? The code is doing the former, but the exception says the latter.
src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 328:
> 326: }
> 327:
> 328: private Extract(List<SecretKey> ikms, List<SecretKey> salts) {
Should it throw an exception if either or both of the lists are empty?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1695729060
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1695729750
More information about the security-dev
mailing list