[9] review request for 6977937: The SunJCE PBKDF2KeyImpl is requiring the MAC instance also be from SunJCE.
Bradford Wetmore
bradford.wetmore at oracle.com
Fri Apr 4 21:23:43 UTC 2014
With the current and proposed code, you are effectively requiring the
MAC come from JCE, as all the algorithms exist in SunJCE.
IIRC, when we discussed the previous change in this area, the idea was
that the MAC would follow the standard JCA provider priority ordering.
Brad
On 4/4/2014 8:45 AM, Vincent Ryan wrote:
> Hello,
>
> Please review the following fix to remove the requirement for the Mac algorithm used by a PBKDF2 algorithm to be supplied by the SunJCE provider.
> The SunJCE provider is still preferred (for compatibility with previous releases and for performance reasons) but it is no longer required.
> The com.sun.crypto.provider.PBKDF2KeyImpl class first searches SunJCE for the required Mac algorithm but fails over to searching the
> other installed JCE providers too.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-6977937
> Webrev: http://cr.openjdk.java.net/~vinnie/6977937/webrev.00/
>
> Thanks.
>
More information about the security-dev
mailing list