RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v14]
Weijun Wang
weijun at openjdk.org
Fri Aug 23 21:39:29 UTC 2024
On Thu, 22 Aug 2024 21:13:08 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> addresses delayed provider selection where parameters are involved
>
> src/java.base/share/classes/javax/crypto/KDF.java line 345:
>
>> 343: continue;
>> 344: }
>> 345: return new KDF(spiObj, s.getProvider(), t, algorithm, kdfParameters);
>
> If there is no other services supporting the requested KDF algorithm, we can construct the KDF object without `t` and lock in the found `spiObj` and its provider? Say
>
> if (t.hasNext()) {
> return new KDF(d, t, algorithm, kdfParameters);
> } else { // no other choices, lock down provider
> return new KDF(d, algorithm, kdfParameters);
> }
Neat! I think in many cases there is only one provider. Maybe we can make the same enhancement to other classes.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1729539222
More information about the security-dev
mailing list