RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v10]
Weijun Wang
weijun at openjdk.org
Tue Aug 13 19:39:52 UTC 2024
On Tue, 13 Aug 2024 14:23:12 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 465:
>>
>>> 463: * permitting a {@code null} return value here, implementations will
>>> 464: * handle cases where a value cannot be returned by throwing an
>>> 465: * appropriate {@code Exception}.
>>
>> We don't need to specify that `null` is not a valid return value in APIs, it is assumed *unless* you specify that `null` is a valid return value. Otherwise, applications would have to defensively check for `null` for every method where it is not specified, which would be impractical. I think the text above is in the wrong place. If there are situations where an implementation should throw an exception, then it should be specified in the @throws blocks. Is this a case where something has gone seriously wrong and a `ProviderException` should be thrown?
>
> @seanjmullan: This text was added here at @wangweij's request, since he felt that it should be explicitly stated that null cannot be returned.
Ignore my suggestion. I'm convinced now that unless specified we should consider the return value non nullable. Sorry.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1715828559
More information about the security-dev
mailing list