On Fri, 16 Aug 2024 21:13:34 GMT, Kevin Driver <kdri...@openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java >> line 338: >> >>> 336: // Calculate the number of rounds of HMAC that are needed to >>> 337: // meet the requested data. Then set up the buffers we will >>> need. >>> 338: hmacObj.init(prk); >> >> RFC5869 sec 2.3 states that "PRK - a pseudorandom key of at least HashLen >> octets". Shouldn't we check it before passing to to `hmacObj`? > > Addressed in > https://github.com/openjdk/jdk/pull/20301/commits/c6f491cd05c76088e6431b2ba9d4ab42b29e4055. > Please indicate if this is resolved. Well, if a non-extractrable hardware key is passed to us, it'd lead to NPE with the new check. Instead of calling getEncoded() on it and access length directly, maybe relying on `CipherCore.getKeyBytes(prk)` which will throw InvalidKeyException? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1724125391
