RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v10]
Kevin Driver
kdriver at openjdk.org
Fri Aug 16 21:16:36 UTC 2024
On Wed, 7 Aug 2024 16:32:50 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/KDFSpi.java line 65:
>>
>>> 63: * @param kdfParameters
>>> 64: * the initialization parameters for the {@code KDF} algorithm (may be
>>> 65: * {@code null})
>>
>> Should we further specify what {@code null} means or when it is (not-)allowed? For KDF algorithms which does not use initialization parameters, {@code null} should be specified, otherwise IAPE is thrown? However, for KDF algorithms which use initialization parameters, can {@code null} be specified? Is it ok for the provider to choose their own default values when {@code null} is specified through {@code KDF.getInstance()} calls? But then callers have to call {@code KDF.getKDFParameters()} to check/find out?
>
> I would answer yes, yes, yes, yes, and YES. :-)
Addressed in https://github.com/openjdk/jdk/pull/20301/commits/c6f491cd05c76088e6431b2ba9d4ab42b29e4055. Please indicate if this is resolved.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1720349295
More information about the security-dev
mailing list