On Sun, 12 May 2024 18:13:37 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 398: >> >>> 396: * <p> >>> 397: * Delayed provider selection is also supported such that the >>> provider >>> 398: * performing the derive is not selected until the method is >>> called. >> >> Delayed provider selection is an important enough topic that it probably >> should be in the class summary. However it is complicated to word correctly >> as there is also the case if someone calls `getProviderName` beforehand >> which locks the provider to the first one supporting the algorithm. I would >> probably also avoid "delayed provider" as that is not a term currently used >> in the javadocs. Suggest something like: >> >> If a provider is not specified in the getInstance method when instantiating >> a KDF object, the provider is selected the first time the deriveKey or >> deriveData method is called and a provider is chosen that supports the >> parameters passed to the deriveKey or deriveData method, for example the >> initial key material. However, if getProviderName is called before calling >> the deriveKey or deriveData methods, the first provider supporting the KDF >> algorithm is chosen which may not be the desired one; therefore it is >> recommended to not call getProviderName until after a key derivation >> operation. > > This is because the selection occurs just once. Should we explicitly mention > this? Yes, maybe add at end: "Once a provider is selected, it cannot be changed." ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598535050
