On Wed, 8 May 2024 20:46:57 GMT, Jamil Nimeh <jni...@openjdk.org> wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are >> cryptographic algorithms for deriving additional keys from a secret key and >> other data. See [JEP 478](https://openjdk.org/jeps/478). > > src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java > line 370: > >> 368: } >> 369: int rounds = (outLen + hmacLen - 1) / hmacLen; >> 370: kdfOutput = new byte[rounds * hmacLen]; > > Are we missing a check to ensure that the `outLen` parameter is less than or > equal to 255 * HashLen? See RFC 5869 sec. 2.3. Yes! I intended to. Thanks for catching it. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1594639470
