RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v24]
Kevin Driver
kdriver at openjdk.org
Mon Sep 9 15:26:24 UTC 2024
On Fri, 6 Sep 2024 18:23:27 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 259:
>>
>>> 257: os.writeBytes(CipherCore.getKeyBytes(workItem));
>>> 258: }
>>> 259: return os.toByteArray();
>>
>> I haven't found any specification indicating that flush is not required before toByteArray(), but it can't hurt right?
>>
>> Suggestion:
>>
>> os.flush();
>> return os.toByteArray();
>
> `os.flush()` requires catching an `IOException`. Do you suggest wrapping it in the `InvalidKeyException` already thrown by the method if it should occur? As you mention, it doesn't appear to be strictly necessary, and the javadoc for `toByteArray()` contains the following:
>
>
> Creates a newly allocated byte array. Its size is the current size of this output stream and the valid contents of the buffer have been copied into it.
Will add a comment, since no need to flush before writing to memory (ByteArrayOutputStream).
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1750469522
More information about the security-dev
mailing list