On Tue, 27 Aug 2024 11:16:44 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line >> 282: >> >>> 280: * @param length >>> 281: * the length of the output key material (must be greater than >>> 0 and >>> 282: * less than 255 * HMAC length) >> >> The maximum size of `length` is not checked in this class but it's worth >> mentioning. Also, the size of `prk` also has a minimum size that is not >> checked here. I suggest talking about both in the method spec. > > The way this is worded it is part of the API specification, so I would expect > `IllegalArgumentException` to be thrown if the length is less than 255 * HMAC > length. But as I understand, only the HKDF impl can do that. I would change > this to only say the length must be greater than 0, and add an > "Implementation Note" that says HKDF implementations will enforce that the > length is less than 255 * HMAC length. Resolved in https://github.com/openjdk/jdk/pull/20301/commits/a65dc9da044297c313e02d698255bad915dc0a10. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1735262079
