On Wed, 15 May 2024 19:59:59 GMT, Kevin Driver <kdri...@openjdk.org> wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are >> cryptographic algorithms for deriving additional keys from a secret key and >> other data. See [JEP 478](https://openjdk.org/jeps/478). > > Kevin Driver has updated the pull request incrementally with one additional > commit since the last revision: > > javadoc formatting > > * The KDF.deriveXXX methods mention "Delayed provider selection". Is this > > idempotent? If I create a KDF and several threads race to derive keys or > > data, is it guaranteed that the same provider will be selection for any > > ordering of these threads? What does KDF::getProviderName if no provider > > has been selected? > > I believe it would _not_ be guaranteed that the same provider would be > selected for any ordering of the threads (depending on their possibly unique > KDFParameterSpec values). Is this a documentation call-out? Or did you have a > concern about this? It means that a KDF is stateful and mutable. It may be thread safe but it would be a hazard to attempt to use a shared instance. So I think there is a bit of a design smell here, something to look at for the next preview. The behaviour of KDF::getProviderName with delayed provider selection is very surprising. It may be that this method has to throw IllegalStateException when not bound to a provider. ------------- PR Comment: https://git.openjdk.org/jdk/pull/18924#issuecomment-2114096567