On Tue, 30 Jul 2024 16:04:25 GMT, Kevin Driver <kdri...@openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line
>> 328:
>>
>>> 326: }
>>> 327:
>>> 328: private Extract(List<SecretKey> ikms, List<SecretKey> salts) {
>>
>> Should it throw an exception if either or both of the lists are empty?
>
> See the discussion here: https://github.com/C2SP/wycheproof/issues/114
>
> @wangweij has been discussing this issue, and it looks like openssl permits
> "empty" IKM values. We already know from the RFC that salt is optional, but
> the RFC is less explicit about IKM.
If that's the case, then I think the `ikms` and `salts` method should specify
that an empty List may be returned and under what conditions, as it is an edge
case. For example, "Returns an empty list if there are no salt values".
P.S. Let's not resolve the comment until the submitter has a chance to respond
to the proposed solution, if it still could use discussion/agreement or is not
what the submitter had requested.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1704586163
