RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v37]
Kevin Driver
kdriver at openjdk.org
Mon Sep 16 19:11:13 UTC 2024
On Mon, 16 Sep 2024 13:12:30 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> remove unused debug field
>
> src/java.base/share/classes/javax/crypto/KDF.java line 670:
>
>> 668: }
>> 669: }
>> 670: throw new InvalidAlgorithmParameterException(
>
> Should this ever happen? We already made sure `firstPairOfSpiAndProv` is for this algorithm and we have tried calling `deriveXyz` on it. Therefore there must be a `lastException` now. In the lines above, you checked two types of `lastException`. Is that exhaustive? If not, can you wrap it into an IAPE and throw it there?
>
> Also, even if `deriveXyz` finally fails, we still have to complete the DPS process, i.e. assign something to `pairOfSpiAndProv`, since DPS should only be run once. Later calls to `getProviderName` still need a return value.
I may be wrong, but I think the final exception indicates a `Provider` couldn't be chosen, so I'm not sure we can "complete" the provider selection task. Maybe I misunderstood what you meant.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1761718146
More information about the security-dev
mailing list