On Tue, 13 May 2025 12:26:54 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> I was following the SecretKey.getEncoded() style. I see now that >> KDF.deriveData() does do UOE. >> >> I could go either way on this. I do need to make this consistent, I have >> TLSv1.3 using KDF style, and TLSv1-TLSv1.2 using the null. > > It seems like it should be an exception, whatever you decide to do. The > caller is asking for the keying material data, and the provider cannot > fulfill that request, so I think explaining why it could not be done would be > best represented in an exception. +1 for UOE. It's not that we got a key and found it un-extractable. It's that we asked for data but were refused. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2086786782
