RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v6]
Martin Balao
mbalao at openjdk.org
Wed Jul 24 21:09:33 UTC 2024
On Wed, 24 Jul 2024 16:52:27 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic algorithms for deriving additional keys from a secret key and other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
>
> Kevin Driver has refreshed the contents of this pull request, and previous commits have been removed. The incremental views will show differences compared to the previous content of the PR. The pull request contains one new commit since the last revision:
>
> change exception type
src/java.base/share/classes/javax/crypto/KDF.java line 138:
> 136: // the lock is not needed, because the Spi will already be set in
> 137: // chooseProvider
> 138: lock = null;
I guess that by `chooseProvider` you mean `chooseFirstProvider`. However, I'm not sure how not having a lock would work in cases such as this one:
KDF kdf = KDF.getInstance("HkdfSHA512", sunPKCS11);
SecretKey derivedKey = kdf.deriveKey("AES", kdfParameterSpec);
I'm getting a `NullPointerException` because `lock` is `null` in `KDF::deriveKey`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1690430197
More information about the security-dev
mailing list