RFR: 8297878: KEM: Implementation [v2]
Weijun Wang
weijun at openjdk.org
Thu Apr 13 22:38:37 UTC 2023
On Thu, 13 Apr 2023 21:46:22 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> spec change, getAlgorithm
>
> src/java.base/share/classes/javax/crypto/KEMSpi.java line 119:
>
>> 117: * of {@code from} and {@code to} are within the correct range.
>> 118: * Therefore an implementation of this method does not need to
>> 119: * validate them.
>
> The KEM caller does validate the parameters, but the caller may be more widely other than the KEM. Then, the statement here could be wrong at that time.
I can rewrite this into something like "The caller of this method must validate..." so it becomes a requirement. We'll make sure the `KEM` class follows it. Any other class that wishes to call it directly must do it as well.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13256#discussion_r1166090688
More information about the security-dev
mailing list