RFR: 8297878: KEM: Implementation [v2]
Weijun Wang
weijun at openjdk.org
Fri Apr 14 14:36:45 UTC 2023
On Thu, 13 Apr 2023 21:20:51 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> spec change, getAlgorithm
>
> src/java.base/share/classes/javax/crypto/KEM.java line 94:
>
>> 92: * @see KEM#newEncapsulator(PublicKey, AlgorithmParameterSpec, SecureRandom)
>> 93: */
>> 94: public record Encapsulated(SecretKey key, byte[] encapsulation, byte[] params) {
>
> We need to decide if the encapsulation and params arrays should be defensively cloned. I would lean towards cloning it since immutability is a feature of this API, and I think it would be surprising if this type was not.
>
> We can potentially switch to frozen arrays later.
If we need to clone defensively I'll switch back to normal class, and then we can clone in both the constructor and the getters. IMO records are meant to be deadly simple.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13256#discussion_r1166916179
More information about the security-dev
mailing list