RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v22]

[Sean Mullan]

On Thu, 5 Sep 2024 22:34:41 GMT, Kevin Driver <kdriver at openjdk.org> wrote:

>> src/java.base/share/classes/javax/crypto/KDF.java line 89:
>> 
>>> 87:  * the {@code deriveKey} or {@code deriveData} method is called, and a provider
>>> 88:  * is chosen that supports the parameters passed to the {@code deriveKey} or
>>> 89:  * {@code deriveData} method. However, if {@code getProviderName} or
>> 
>> This sentence is repeating what you said in the first sentence of the previous paragraph, so I don't think it is needed. 
>> 
>> Some suggested re-wordings (and a typo fix on `getKDFParameters` method name),  starting this paragraph as:
>> 
>> "If the {@code getProviderName} or {@code getParameters} method is called before the {@code deriveKey} or {@code deriveData} methods, the first provider supporting the KDF algorithm and optional {@code KDFParameters} is chosen. This provider may not support the key material that is subsequently passed to the deriveKey or deriveData methods. Therefore, it is recommended not to call the {@code getProviderName} or {@code getParameters} methods until after a key derivation operation. Once a provider is selected, it cannot be changed."
>
> Addressed in: https://github.com/openjdk/jdk/pull/20301/commits/59b1743fd225ff34e6bcce055fd47a887ed22a08. Please indicate if resolved.

The first comment above is not resolved. You still have the repeated sentence.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1750936686