Design review: JEP 273: DRBG-Based SecureRandom Implementations

Wang Weijun weijun.wang at oracle.com
Fri Nov 20 00:23:47 UTC 2015


> On Nov 20, 2015, at 1:11 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>> 
>> However, I cannot get it working, and I found difficulties understanding the EngineDescription inner class inside Provider.java.
>> 
>> 1. For each engine that can take an extra parameter (not provider) in getInstance(), it is always named XyzParameters, not an AlgorithmParameterSpec.

Shall we also use SecureRandomParameters?

> 
>> 2. For each of these, if you have getInstance(alg, params), there is no getInstance(alg). Obviously, for SecureRandom we need to have both.
> 
> Right, this is the first case where we have both variants of getInstance.
> 
> Just looking through the code, it looks like you can change Provider.Service.newInstance() to call the appropriate constructor depending on whether the constructorParameter is null or not. Can you try that?

Good. I'll try.

Thanks
Max




More information about the security-dev mailing list