RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v46]
Kevin Driver
kdriver at openjdk.org
Tue May 14 17:13:09 UTC 2024
On Thu, 9 May 2024 07:28:06 GMT, Sibabrata Sahoo <ssahoo at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> refactor to remove some class fields for thread-safety and to also unify around one "derive" method
>
> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 306:
>
>> 304:
>> 305: bb = Arrays.copyOf(bb, bb.length + workItemBytes.length);
>> 306: System.arraycopy(workItemBytes, 0, bb, bb.length - workItemBytes.length,
>
> Can it cause IndexOutOfBoundsException at some stage?
Closing this, as I have reviewed the logic, and no specific concern is raised. Note that `SecretKeySpec` requires a `SecretKey` to be non-null and non-empty. Also, `CipherCore.getKeyBytes(...)` will throw an exception if the key material is `null`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1600386882
More information about the security-dev
mailing list