On Thu, 9 May 2024 07:28:06 GMT, Sibabrata Sahoo <ssa...@openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional >> commit since the last revision: >> >> refactor to remove some class fields for thread-safety and to also unify >> around one "derive" method > > src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java > line 306: > >> 304: >> 305: bb = Arrays.copyOf(bb, bb.length + >> workItemBytes.length); >> 306: System.arraycopy(workItemBytes, 0, bb, bb.length - >> workItemBytes.length, > > Can it cause IndexOutOfBoundsException at some stage? Closing this, as I have reviewed the logic, and no specific concern is raised. Note that `SecretKeySpec` requires a `SecretKey` to be non-null and non-empty. Also, `CipherCore.getKeyBytes(...)` will throw an exception if the key material is `null`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1600386882
