[9] RFR 8164494: SunPKCS11-Solaris requires a non-empty PBE password
Weijun Wang
weijun.wang at oracle.com
Sat Aug 20 00:30:52 UTC 2016
How about
this.prf = (passwdBytes.length == 0) ?
Mac.getInstance(prfAlgo, SunJCE.getInstance()) :
Mac.getInstance(prfAlgo);
Mac is only implemented in SunPKCS11 and SunJCE out-of-box, so this
saves an extra getInstance() call.
If a 3rd party provider is involved, I'm not sure it supports an empty
password (I have a feeling that except for Java everyone else are using
the same C codes. Maybe not Microsoft), and this call is safer.
--Max
On 8/20/2016 5:18, Valerie Peng wrote:
> Looks fine to me.
> Thanks,
> Valerie
>
> On 8/19/2016 9:57 AM, Vincent Ryan wrote:
>> Please review this fix to PBE key derivation function which detects
>> when a non-empty password
>> is supplied to the SunPKCS11-Solaris JCE provider and fails over to
>> the SunJCE provider instead.
>> Thanks.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8164494
>> Webrev: http://cr.openjdk.java.net/~vinnie/8164494/webrev.00/
>> <http://cr.openjdk.java.net/%7Evinnie/8164494/webrev.00/>
>>
>
More information about the security-dev
mailing list