On Wed, 8 Jan 2025 19:42:47 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HKDFKeyDerivation.java
>> line 183:
>>
>>> 181: // set this value in the "if"
>>> 182: if ((pseudoRandomKey = anExpand.prk().getEncoded()) ==
>>> null) {
>>> 183: throw new InvalidAlgorithmParameterException(
>>
>> My only question here is whether the `Expand` could be created without a PRK
>> for any other reason besides it being non-extractable. If we think so (even
>> if it's just user-error), then perhaps the wording of the message for the
>> IAPE should be revised from the currently proposed text.
>
> In the creation of the `Expand` object, we've already guaranteed that PRK the
> object must be non null. The only problem here is its encoding.
I don't want to explicitly mention the null encoding so the wording is a little
vague. What do you suggest?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22976#discussion_r1907739046
