On Fri, 6 Sep 2024 13:27:05 GMT, Viktor Klang <vkl...@openjdk.org> wrote:
>> Kevin Driver has updated the pull request with a new target base due to a >> merge or a rebase. The incremental webrev excludes the unrelated changes >> brought in by the merge/rebase. The pull request contains 31 additional >> commits since the last revision: >> >> - Merge remote-tracking branch 'origin/master' into kdf-jep-wip >> # Please enter a commit message to explain why this merge is necessary, >> # especially if it merges an updated upstream into a topic branch. >> # >> # Lines starting with '#' will be ignored, and an empty message aborts >> # the commit. >> - several more review comments >> - change impl class to use byte arrays rather than SecretKey objects where >> possible >> - updated delayed provider selection javadoc >> - review comments >> - use a delegate record to hold the spi and provider >> - assorted review comment changes >> - another round of review comments >> - consistency with wording for addIKM and addSalt >> - another round of code review comments >> - ... and 21 more: https://git.openjdk.org/jdk/compare/77683e2a...a35e98c9 > > src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java > line 183: > >> 181: } >> 182: length = anExpand.length(); >> 183: if (length > (hmacLen * 255)) { > > Since hmacLen is an int, it makes sense to make the multiplication a long > multiplication to avoid potential risk of overflow? > > Suggestion: > > if (length > (hmacLen * 255L)) { `hmacLen` will *at most* be 64 (size of an HMAC with SHA512). There isn't a real risk of overflow here, but I can make the change if you prefer. > src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java > line 222: > >> 220: } >> 221: length = anExtractThenExpand.length(); >> 222: if (length > (hmacLen * 255)) { > > Same comment here w.r.t. overflow `hmacLen` will *at most* be 64 (size of an HMAC with SHA512). There isn't a real risk of overflow here, but I can make the change if you prefer. > src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java > line 337: > >> 335: info = new byte[0]; >> 336: } >> 337: int rounds = (outLen + hmacLen - 1) / hmacLen; > > Perhaps make the addition as long, to rule out the risk of overflow? > Suggestion: > > int rounds = (0L + outLen + hmacLen - 1) / hmacLen; `hmacLen` will *at most* be 64 (size of an HMAC with SHA512). There isn't a real risk of overflow here, but I can make the change if you prefer. `outLen` is bounded by a max value of 255*`hmacLen` (as referenced above). ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1747526118 PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1747526298 PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1747528228