On Mon, 26 Aug 2024 17:54:18 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional >> commit since the last revision: >> >> code review comments and test renaming > > src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 282: > >> 280: * @param length >> 281: * the length of the output key material (must be greater than >> 0 and >> 282: * less than 255 * HMAC length) > > The maximum size of `length` is not checked in this class but it's worth > mentioning. Also, the size of `prk` also has a minimum size that is not > checked here. I suggest talking about both in the method spec. The way this is worded it is part of the API specification, so I would expect `IllegalArgumentException` to be thrown if the length is less than 255 * HMAC length. But as I understand, only the HKDF impl can do that. I would change this to only say the length must be greater than 0, and add an "Implementation Note" that says HKDF implementations will enforce that the length is less than 255 * HMAC length. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1732648538
