RFR: 8209038: Clarify the javadoc of Cipher.getParameters()
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Wed Apr 6 16:04:35 UTC 2022
On Wed, 6 Apr 2022 00:14:04 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> Anyone can help review this javadoc update? The main change is the wording for the method javadoc of Cipher.getParameters()/CipherSpi.engineGetParameters(). The original wording is somewhat restrictive and request is to broaden this to accommodate more scenarios such as when null can be returned.
> The rest are minor things like add {@code } to class name and null, and remove redundant ".".
>
> Will file CSR after the review is close to being wrapped up.
> Thanks~
src/java.base/share/classes/javax/crypto/Cipher.java line 1051:
> 1049: * Returns the parameters used with this cipher.
> 1050: *
> 1051: * <p>If this cipher has been previously initialized with parameters,
> If this cipher has been previously initialized with parameters, this method returns the same parameters.
Previously, "may" is used ("may be the same ..."). This change looks too strict for compatibility. I had a look at the AES implementation, the parameters initialized with init() could be filtered and modified before saving the parameters related class fields.
src/java.base/share/classes/javax/crypto/Cipher.java line 1053:
> 1051: * <p>If this cipher has been previously initialized with parameters,
> 1052: * this method returns the same parameters. Otherwise, this method may
> 1053: * return a combination of user-supplied, default and randomly generated
> ... a combination of user-supplied, default and randomly generated parameter values ...
Other than init(), which APIs could impact the user-supplied parameters? Is it the getInstance()?
Is it OK to just use the provider-specific default values instead, by replacing the "a combination of user-supplied, default and randomly generated ..."?
-------------
PR: https://git.openjdk.java.net/jdk/pull/8117
More information about the security-dev
mailing list