[security-dev 00040]: Re: JCE webrev requested...
Valerie (Yu-Ching) Peng
Yu-Ching.Peng at Sun.COM
Thu Jan 10 22:09:14 UTC 2008
The changes look fine although I prefer the later, e.g. explicitly
specifies SunJCE to be used, slightly since it does not depend on other
provider(s).
Thanks,
Valerie
Brad Wetmore wrote:
>
> Valerie,
>
> Here's that PBE memory leak bug which was calling "new SunJCE" for every
> PBE key created.
>
> Fixed 6578538: com.sun.crypto.provider.SunJCE instance leak using
> KRB5 and LoginContext
>
> I had the option to either fix by:
>
> Mac.getInstance(alg)
>
> or
>
> Mac.getInstance(alg, "SunJCE");
>
> Decided to go with the former, as Hmac1Sha1 should be standard across
> impls.
>
> I'm attaching the webrev in case external folks want to see, I'll send
> you the internal link separately.
>
> This will be backported.
>
> Brad
More information about the security-dev
mailing list