[9] review request for 6977937: The SunJCE PBKDF2KeyImpl is requiring the MAC instance also be from SunJCE.

Vincent Ryan vincent.x.ryan at oracle.com
Sat Apr 5 15:00:44 UTC 2014

I was concerned about the impact on applications of a different JCE 
provider being selected instead of SunJCE, on some platforms.

I can change the fix to follow the standard JCE provider ordering.

On 04/04/2014 22:23, Bradford Wetmore wrote:
> With the current and proposed code, you are effectively requiring the
> MAC come from JCE, as all the algorithms exist in SunJCE.
> IIRC, when we discussed the previous change in this area, the idea was
> that the MAC would follow the standard JCA provider priority ordering.
> Brad
> On 4/4/2014 8:45 AM, Vincent Ryan wrote:
>> Hello,
>> Please review the following fix to remove the requirement for the Mac
>> algorithm used by a PBKDF2 algorithm to be supplied by the SunJCE
>> provider.
>> The SunJCE provider is still preferred (for compatibility with
>> previous releases and for performance reasons) but it is no longer
>> required.
>> The com.sun.crypto.provider.PBKDF2KeyImpl class first searches SunJCE
>> for the required Mac algorithm but fails over to searching the
>> other installed JCE providers too.
>> Bug: https://bugs.openjdk.java.net/browse/JDK-6977937
>> Webrev: http://cr.openjdk.java.net/~vinnie/6977937/webrev.00/
>> Thanks.

More information about the security-dev mailing list