From 06d3723384a2d27e669a187c066d0f780f5c2a7a Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Wed, 14 Jan 2026 16:25:59 -0800 Subject: [PATCH 1/4] fix(java): drop hkdf offset method --- .../datamodeling/internal/Hkdf.java | 55 ++++++++----------- 1 file changed, 22 insertions(+), 33 deletions(-) diff --git a/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java b/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java index 83e86a672e..85e9b77f2c 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java +++ b/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java @@ -207,47 +207,17 @@ public byte[] deriveKey(final String info, final int length) public byte[] deriveKey(final byte[] info, final int length) throws IllegalStateException { byte[] result = new byte[length]; - try { - deriveKey(info, length, result, 0); - } catch (ShortBufferException ex) { - // This exception is impossible as we ensure the buffer is long - // enough - throw new RuntimeException(ex); - } - return result; - } - - /** - * Derives a pseudorandom key of length bytes and stores the result in output - * . - * - * @param info optional context and application specific information (can be a zero-length array). - * @param length the length of the output key in bytes - * @param output the buffer where the pseudorandom key will be stored - * @param offset the offset in output where the key will be stored - * @throws ShortBufferException if the given output buffer is too small to hold the result - * @throws IllegalStateException if this object has not been initialized - */ - public void deriveKey( - final byte[] info, - final int length, - final byte[] output, - final int offset - ) throws ShortBufferException, IllegalStateException { assertInitialized(); if (length < 0) { throw new IllegalArgumentException( - "Length must be a non-negative value." + "Length must be a non-negative value." ); } - if (output.length < offset + length) { - throw new ShortBufferException(); - } Mac mac = createMac(); if (length > 255 * mac.getMacLength()) { throw new IllegalArgumentException( - "Requested keys may not be longer than 255 times the underlying HMAC length." + "Requested keys may not be longer than 255 times the underlying HMAC length." ); } @@ -262,7 +232,7 @@ public void deriveKey( t = mac.doFinal(); for (int x = 0; x < t.length && loc < length; x++, loc++) { - output[loc] = t[x]; + result[loc] = t[x]; } i++; @@ -270,6 +240,25 @@ public void deriveKey( } finally { Arrays.fill(t, (byte) 0); // Zeroize temporary array } + return result; + } + + /** + * Derives a pseudorandom key of length bytes and stores the result in output + * . + * + * @param info optional context and application specific information (can be a zero-length array). + * @param length the length of the output key in bytes + * @param output the buffer where the pseudorandom key will be stored + * @throws ShortBufferException if the given output buffer is too small to hold the result + * @throws IllegalStateException if this object has not been initialized + */ + public void deriveKey( + final byte[] info, + final int length, + final byte[] output + ) throws ShortBufferException, IllegalStateException { + } private Mac createMac() { From 9662c1a3120272dab9dc84ff028479cecb3bf57b Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Wed, 14 Jan 2026 16:28:46 -0800 Subject: [PATCH 2/4] clean up --- .../dynamodbv2/datamodeling/internal/Hkdf.java | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java b/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java index 85e9b77f2c..8278bf599b 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java +++ b/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java @@ -243,24 +243,6 @@ public byte[] deriveKey(final byte[] info, final int length) return result; } - /** - * Derives a pseudorandom key of length bytes and stores the result in output - * . - * - * @param info optional context and application specific information (can be a zero-length array). - * @param length the length of the output key in bytes - * @param output the buffer where the pseudorandom key will be stored - * @throws ShortBufferException if the given output buffer is too small to hold the result - * @throws IllegalStateException if this object has not been initialized - */ - public void deriveKey( - final byte[] info, - final int length, - final byte[] output - ) throws ShortBufferException, IllegalStateException { - - } - private Mac createMac() { try { Mac mac = Mac.getInstance(algorithm, provider); From 05d7f6ce460a5f001402e782807665c21abc9ddb Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Wed, 14 Jan 2026 16:38:48 -0800 Subject: [PATCH 3/4] chore: formatting --- .../services/dynamodbv2/datamodeling/internal/Hkdf.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java b/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java index 8278bf599b..2cb94eec60 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java +++ b/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java @@ -210,14 +210,14 @@ public byte[] deriveKey(final byte[] info, final int length) assertInitialized(); if (length < 0) { throw new IllegalArgumentException( - "Length must be a non-negative value." + "Length must be a non-negative value." ); } Mac mac = createMac(); if (length > 255 * mac.getMacLength()) { throw new IllegalArgumentException( - "Requested keys may not be longer than 255 times the underlying HMAC length." + "Requested keys may not be longer than 255 times the underlying HMAC length." ); } From 14fce2410028ff4979c6677b25600da040f816cf Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Wed, 14 Jan 2026 17:00:46 -0800 Subject: [PATCH 4/4] cleanup --- .../services/dynamodbv2/datamodeling/internal/Hkdf.java | 5 ----- 1 file changed, 5 deletions(-) diff --git a/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java b/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java index 2cb94eec60..3fb20e33a5 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java +++ b/DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/internal/Hkdf.java @@ -208,11 +208,6 @@ public byte[] deriveKey(final byte[] info, final int length) throws IllegalStateException { byte[] result = new byte[length]; assertInitialized(); - if (length < 0) { - throw new IllegalArgumentException( - "Length must be a non-negative value." - ); - } Mac mac = createMac(); if (length > 255 * mac.getMacLength()) {