On Thu, 29 Aug 2024 17:50:28 GMT, Kevin Driver <[email protected]> wrote:
>> src/java.base/share/classes/java/security/KDFParameters.java line 43:
>>
>>> 41: * <p>
>>> 42: * The {@code KDFParameters} used for initialization can be retrieved
>>> via
>>> 43: * {@link javax.crypto.KDF#getParameters()}.
>>
>> Since you add this line here right after the "initialized with" line, there
>> should be some words about the difference between the user-provided params
>> and actual params.
>
> I think the reference to `KDF#getParameters()` is meant to refer the reader
> to the information there, rather than repeating it again here. Thoughts?
Addressed in
https://github.com/openjdk/jdk/pull/20301/commits/6b7a75da2ebb1cc9d95628018d756e2ce2162768.
Please review and confirm if resolved.
>> src/java.base/share/classes/javax/crypto/KDF.java line 518:
>>
>>> 516: * the object describing the inputs to the derivation function
>>> 517: *
>>> 518: * @return a byte array corresponding to the KDF output and
>>> according to
>>
>> I suggest `@return the derived key in its raw bytes`. This also implies my
>> earlier suggestion on the relation between the output of the 2 derive
>> methods.
>
> Addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/deadc28d6d81f5ecc056b38762f6cda49fd0cfe5.
> Please confirm.
KDFSpi also edited now. Addressed in
https://github.com/openjdk/jdk/pull/20301/commits/6b7a75da2ebb1cc9d95628018d756e2ce2162768.
Please review and confirm if resolved.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1739095549
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1739096843
