RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v14]
Kevin Driver
kdriver at openjdk.org
Fri Aug 30 18:22:15 UTC 2024
On Fri, 23 Aug 2024 21:36:30 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 345:
>>
>>> 343: continue;
>>> 344: }
>>> 345: return new KDF(spiObj, s.getProvider(), t, algorithm, kdfParameters);
>>
>> If there is no other services supporting the requested KDF algorithm, we can construct the KDF object without `t` and lock in the found `spiObj` and its provider? Say
>>
>> if (t.hasNext()) {
>> return new KDF(d, t, algorithm, kdfParameters);
>> } else { // no other choices, lock down provider
>> return new KDF(d, algorithm, kdfParameters);
>> }
>
> Neat! I think in many cases there is only one provider. Maybe we can make the same enhancement to other classes.
Addressed in https://github.com/openjdk/jdk/pull/20301/commits/4a0bc0ef28ebbe8c5f22b3a5540725e3b4339c2e. Please review and indicate if resolved.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1739224006
More information about the security-dev
mailing list