RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v37]
Weijun Wang
weijun at openjdk.org
Mon Sep 16 22:26:28 UTC 2024
On Mon, 16 Sep 2024 19:06:48 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 670:
>>
>>> 668: }
>>> 669: }
>>> 670: throw new InvalidAlgorithmParameterException(
>>
>> Should this ever happen? We already made sure `firstPairOfSpiAndProv` is for this algorithm and we have tried calling `deriveXyz` on it. Therefore there must be a `lastException` now. In the lines above, you checked two types of `lastException`. Is that exhaustive? If not, can you wrap it into an IAPE and throw it there?
>>
>> Also, even if `deriveXyz` finally fails, we still have to complete the DPS process, i.e. assign something to `pairOfSpiAndProv`, since DPS should only be run once. Later calls to `getProviderName` still need a return value.
>
> I may be wrong, but I think the final exception indicates a `Provider` couldn't be chosen, so I'm not sure we can "complete" the provider selection task. Maybe I misunderstood what you meant.
My understanding is that there must be a non-null `lastException` when no provider is selected, and therefore you won't be able to reach here.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1762033532
More information about the security-dev
mailing list