[9] RFR 6877937: The SunJCE PBKDF2KeyImpl is requiring the MAC instance also be from SunJCE.
Bradford Wetmore
bradford.wetmore at oracle.com
Wed Aug 17 18:52:16 UTC 2016
Looks ok, probably better than the initial proposed fix from April 2014.
Brad
On 8/11/2016 4:55 AM, Vincent Ryan wrote:
> Please review this change to unpin the Mac implementation from the
> SunJCE provider.
> Since the Mac is a private field there are no issues
> regarding Clonable implementations for Mac or its MessageDigest.
> Thanks.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-6977937
>
> *diff --git
> a/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
> b/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java*
> *---
> a/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java*
> *+++
> b/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java*
> @@ -107,7 +107,7 @@
> throw new InvalidKeySpecException("Key length is negative");
> }
> try {
> - this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
> + this.prf = Mac.getInstance(prfAlgo);
> } catch (NoSuchAlgorithmException nsae) {
> // not gonna happen; re-throw just in case
> InvalidKeySpecException ike = new InvalidKeySpecException();
More information about the security-dev
mailing list