On Wed, 24 Jul 2024 16:52:27 GMT, Kevin Driver <kdri...@openjdk.org> wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are >> cryptographic algorithms for deriving additional keys from a secret key and >> other data. See [JEP 478](https://openjdk.org/jeps/478). >> >> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924). > > Kevin Driver has refreshed the contents of this pull request, and previous > commits have been removed. The incremental views will show differences > compared to the previous content of the PR. The pull request contains one new > commit since the last revision: > > change exception type src/java.base/share/classes/javax/crypto/KDF.java line 138: > 136: // the lock is not needed, because the Spi will already be set in > 137: // chooseProvider > 138: lock = null; I guess that by `chooseProvider` you mean `chooseFirstProvider`. However, I'm not sure how not having a lock would work in cases such as this one: KDF kdf = KDF.getInstance("HkdfSHA512", sunPKCS11); SecretKey derivedKey = kdf.deriveKey("AES", kdfParameterSpec); I'm getting a `NullPointerException` because `lock` is `null` in `KDF::deriveKey`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1690430197
