On Fri, 10 May 2024 14:54:18 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 70:
>>
>>> 68: */
>>> 69: public Extract extractOnly() {
>>> 70: if (this.ikms.isEmpty() && this.salts.isEmpty()) {
>>
>> I don't think this check is necessary? While it's probably unsafe to provide
>> no IKM, providing no salt is quite common. Anyway, no need to restrict on
>> both, IMHO
>
> I agree. Also, if we do want to validate arguments (and I don't know if we
> need to), then I think the `Extract` constructor should be responsible for
> doing that, not the `Builder`. Doing it in `Extract` is safer since it is
> done after the fields are cloned.
Do we think there is a meaningful definition of an extract that has no IKM &&
no salt values **at the same time**?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1597223378
