On Thu, 29 Aug 2024 20:01:57 GMT, Kevin Driver <kdri...@openjdk.org> wrote:
>> test/jdk/javax/crypto/KDF/KDFDelayedProviderSyncTest.java line 66:
>>
>>> 64: public void testDerive()
>>> 65: throws InvalidAlgorithmParameterException,
>>> NoSuchAlgorithmException {
>>> 66: SecretKey result = kdfUnderTest.deriveKey("AES",
>>> kdfParameterSpec);
>>
>> Here the key algorithm is "AES" with output length 42 bytes. However, AES
>> only has 128, 192, and 256-bits key sizes though. Based on the javadoc, this
>> combination is not valid and should throw IAPE? Maybe use some other
>> algorithm as the key algorithm?
>
> Addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/deadc28d6d81f5ecc056b38762f6cda49fd0cfe5.
> Please confirm.
Changing to "Generic" is fine, however, there is still the remaining question
of whether the HKDF impl of SunJCE provider should do algorithm-specific key
length checking. Just something to keep in mind, this comment is more for
`HkdfKeyDerivation.java` though.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1737298625
