On Wed, 11 Sep 2024 20:31:13 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> batch of review comments
>
> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
> line 299:
>
>> 297: throws InvalidKeyException, NoSuchAlgorithmException {
>> 298:
>> 299: if (salt == null) {
>
> Also cover the empty `salt` case here. The `SecretKeySpec` creation below
> would fail.
>
> Hint: when people call `addSalt(k)`, `k` can be empty. It doesn't have to be
> a `SecretKeySpec`. This is worth a test.
@wangweij: A salt value which is a byte array of length zero is not added to
the List. See:
public Builder addSalt(byte[] salt) {
Objects.requireNonNull(salt, "salt must not be null");
if (salt.length != 0) {
return addSalt(new SecretKeySpec(salt, "Generic"));
} else {
return this;
}
}
I have added an `||` to this statement to check for zero-length.
There is already a test with an empty Extract in `BasicHKDFFunctions`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1755730338
