On Thu, 12 Sep 2024 20:48:05 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> further review comment changes
>
> src/java.base/share/classes/javax/crypto/KDF.java line 82:
>
>> 80: * ensure that the selected provider can handle the key material that is
>> passed
>> 81: * to those methods - for example, the key material may reside on a
>> 82: * hardware device that only a specific {@code KDF} provider can utilize.
>
> I think we should also add this sentence. This is similar to the provider
> search algorithm that is documented in all current JCE/JCA getInstance APIs
> so it is important to repeat it here.
>
> "Once initiated, the selection process traverses the list of registered
> security providers, starting with the most preferred `Provider`. A new `KDF`
> object encapsulating the `KDFSpi` implementation from the first provider that
> supports the specified algorithm and optional parameters is returned."
@seanjmullan: Addressed in
https://github.com/openjdk/jdk/pull/20301/commits/07480619a0fccc6b862712d015645421d887b984.
> src/java.base/share/classes/javax/crypto/KDF.java line 222:
>
>> 220: * See also the Cipher Transformations section of the {@extLink
>> 221: * security_guide_jdk_providers JDK Providers} document for
>> information
>> 222: * on the transformation defaults used by JDK providers.
>
> This sentence is specific to the Cipher API, it does not apply here and
> should be removed.
@seanjmullan: Addressed in
https://github.com/openjdk/jdk/pull/20301/commits/07480619a0fccc6b862712d015645421d887b984.
> src/java.base/share/classes/javax/crypto/KDF.java line 281:
>
>> 279: * Returns a {@code KDF} object that implements the specified
>> algorithm from
>> 280: * the specified security provider. The specified provider must be
>> 281: * registered in the security provider list.
>
> The second sentence should be removed. The Provider is passed in so does not
> need to be registered.
@seanjmullan: Addressed in
https://github.com/openjdk/jdk/pull/20301/commits/07480619a0fccc6b862712d015645421d887b984.
> src/java.base/share/classes/javax/crypto/KDF.java line 339:
>
>> 337: * See also the Cipher Transformations section of the {@extLink
>> 338: * security_guide_jdk_providers JDK Providers} document for
>> information
>> 339: * on the transformation defaults used by JDK providers.
>
> This sentence is specific to the Cipher API, it does not apply here and
> should be removed.
@seanjmullan: Addressed in
https://github.com/openjdk/jdk/pull/20301/commits/07480619a0fccc6b862712d015645421d887b984.
> src/java.base/share/classes/javax/crypto/KDF.java line 461:
>
>> 459: * Returns a {@code KDF} object that implements the specified
>> algorithm from
>> 460: * the specified provider and is initialized with the specified
>> parameters.
>> 461: * The specified provider must be registered in the security
>> provider list.
>
> The second sentence should be removed. The Provider is passed in so does not
> need to be registered.
@seanjmullan: Addressed in
https://github.com/openjdk/jdk/pull/20301/commits/07480619a0fccc6b862712d015645421d887b984.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757636967
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757636167
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757636799
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757635917
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757636569
