Weijun Wang

Two comments on HKDF: 1. Expand length cannot exceed 255 * HashLen. See https://datatracker.ietf.org/doc/html/rfc5869#section-2.3. 2. Why disallow empty ikms and salts? For the salt side, RFC5869 allows [no salt](https://datatracker.ietf.org/doc/html/rfc5869#autoid-4). For...

`deriveKey` and `deriveData` throw `InvalidParameterSpecException`. Should it be `InvalidAlgorithmParameterException`? It seems like `InvalidParameterSpecException` is only used with `AlgorithmParameters` and `AlgorithmParametersSpi`.

RFC 5869's title has "extract-and-expand", but inside the text when talking about the 2-step mode it uses "extract-then-expand". To be precise, I suggest we name this mode to "Extract-Then-Expand", and...

We cannot say the KDF instance is immutable because it does have an internal state and it could change. On the other hand, because 1) the change is done only...

security changes (`java.security.jgss`, `jdk.crypto.cryptoki`, `jdk.crypto.mscapi`, and `jdk.security.auth`) look good.

> Are there any existing interoperability tests? Not with real KDCs, but I can probably enhance the test to cover the case when this prop is not set.

> Changes look good to me. Thanks~ Thanks a lot! Can you please also review the CSR?

/integrate

/label remove security