RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v27]

[Kevin Driver]

On Tue, 10 Sep 2024 15:08:15 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   updated comments around locking mechanism
>
> src/java.base/share/classes/javax/crypto/KDF.java line 225:
> 
>> 223:      *     if {@code algorithm} is {@code null}
>> 224:      */
>> 225:     public static KDF getInstance(String algorithm)
> 
> One thing that is missing from this method is an Implementation Note describing how the `jdk.security.provider.preferred` property affects the search algorithm. See any other JCE API - you can just copy/paste the text. Also affects the `getInstance` method that takes an algorithm and params.

@seanjmullan: Further changes in https://github.com/openjdk/jdk/pull/20301/commits/07480619a0fccc6b862712d015645421d887b984.

> src/java.base/share/classes/javax/crypto/KDF.java line 349:
> 
>> 347:                 Object obj = s.newInstance(kdfParameters);
>> 348:                 if (!(obj instanceof KDFSpi spiObj)) {
>> 349:                     lastException = new NoSuchAlgorithmException(
> 
> Unless I'm mistaken, you don't need to wrap the IAPE in a NSAE, only to unwrap it again in `handleException()`. I think you can throw it directly as an IAPE on line 379.

@seanjmullan: Addressed in https://github.com/openjdk/jdk/pull/20301/commits/07480619a0fccc6b862712d015645421d887b984.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757638489
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757638105