On Tue, 23 Apr 2024 20:42:51 GMT, Kevin Driver <kdri...@openjdk.org> wrote:
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic > algorithms for deriving additional keys from a secret key and other data. See > [JEP 478](https://openjdk.org/jeps/478). src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 370: > 368: } > 369: int rounds = (outLen + hmacLen - 1) / hmacLen; > 370: kdfOutput = new byte[rounds * hmacLen]; Are we missing a check to ensure that the `outLen` parameter is less than or equal to 255 * HashLen? See RFC 5869 sec. 2.3. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1594617681
