[security-dev 00041]: Re: JCE webrev requested...
Brad Wetmore
Bradford.Wetmore at Sun.COM
Fri Jan 11 07:29:24 UTC 2008
I could have gone either way. I'll change to what you suggested.
Thanks for the review.
Brad
Valerie (Yu-Ching) Peng wrote:
>
> The changes look fine although I prefer the later, e.g. explicitly
> specifies SunJCE to be used, slightly since it does not depend on other
> provider(s).
> Thanks,
> Valerie
>
> Brad Wetmore wrote:
>>
>> Valerie,
>>
>> Here's that PBE memory leak bug which was calling "new SunJCE" for every
>> PBE key created.
>>
>> Fixed 6578538: com.sun.crypto.provider.SunJCE instance leak using
>> KRB5 and LoginContext
>>
>> I had the option to either fix by:
>>
>> Mac.getInstance(alg)
>>
>> or
>>
>> Mac.getInstance(alg, "SunJCE");
>>
>> Decided to go with the former, as Hmac1Sha1 should be standard across
>> impls.
>>
>> I'm attaching the webrev in case external folks want to see, I'll send
>> you the internal link separately.
>>
>> This will be backported.
>>
>> Brad
>
More information about the security-dev
mailing list