RFR: 8347289: HKDF delayed provider selection failed with non-extractable PRK
Kevin Driver
kdriver at openjdk.org
Wed Jan 8 21:35:21 UTC 2025
On Wed, 8 Jan 2025 19:53:30 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> In the creation of the `Expand` object, we've already guaranteed that PRK the object must be non null. The only problem here is its encoding.
>
> I don't want to explicitly mention the null encoding so the wording is a little vague. What do you suggest?
Ah, you're right. I wondered if it was just the encoding that was `null` in this case, rather than the object itself. I didn't double-check but just read through the delta.
I think your wording should suffice, upon further reflection. It would be overly verbose to say something like "Cannot retrieve PRK bytes ..." or even "Cannot retrieve encoded PRK bytes ...".
This is probably fine to leave as-is.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22976#discussion_r1907881100
More information about the security-dev
mailing list