On Wed, 11 Sep 2024 23:06:40 GMT, Kevin Driver <kdri...@openjdk.org> wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are >> cryptographic algorithms for deriving additional keys from a secret key and >> other data. See [JEP 478](https://openjdk.org/jeps/478). >> >> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924). > > Kevin Driver has updated the pull request incrementally with one additional > commit since the last revision: > > further review comment changes src/java.base/share/classes/javax/crypto/KDF.java line 82: > 80: * ensure that the selected provider can handle the key material that is > passed > 81: * to those methods - for example, the key material may reside on a > 82: * hardware device that only a specific {@code KDF} provider can utilize. I think we should also add this sentence. This is similar to the provider search algorithm that is documented in all current JCE/JCA getInstance APIs so it is important to repeat it here. "Once initiated, the selection process traverses the list of registered security providers, starting with the most preferred `Provider`. A new `KDF` object encapsulating the `KDFSpi` implementation from the first provider that supports the specified algorithm and optional parameters is returned." src/java.base/share/classes/javax/crypto/KDF.java line 281: > 279: * Returns a {@code KDF} object that implements the specified > algorithm from > 280: * the specified security provider. The specified provider must be > 281: * registered in the security provider list. The second sentence should be removed. The Provider is passed in so does not need to be registered. src/java.base/share/classes/javax/crypto/KDF.java line 461: > 459: * Returns a {@code KDF} object that implements the specified > algorithm from > 460: * the specified provider and is initialized with the specified > parameters. > 461: * The specified provider must be registered in the security > provider list. The second sentence should be removed. The Provider is passed in so does not need to be registered. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757561670 PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757565061 PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757565494
