JEP draft: Key Encapsulation Mechanism API

Xuelei Fan xueleifan at global.tencent.com
Thu Jan 26 05:45:54 UTC 2023


> On Jan 25, 2023, at 8:43 PM, Wei-Jun Wang <weijun.wang at oracle.com> wrote:


>  If someone really cares about the result of getProvider(), they should be careful no other thread calls encapsulation or decapsulation.

If no-one care about the result of getProvider(), is it possible to remove this method from the design?

With this method, the API is not easy to use, and the code is not easy to review, unless a developer read the class and methods spec very carefully, considering that the behavior differences impacted by calling sequences.

Anyway, calling sequence problems are known issues for JCA/JCE, just my $0.02 in case it helps to make the specification more clear, if you’d like to the tradition of JCA/JCE.

Xuelei


More information about the security-dev mailing list