RFR 8157526: 3KeyTDEA word left in DRBG after JDK-8156213
Wang Weijun
weijun.wang at oracle.com
Mon May 23 01:12:28 UTC 2016
Hi All
The removal of 3KeyTDEA in JDK-8156213 is not clean. This bug removes the "(112 bits for CTR_DRBG with 3KeyTDEA)" words in class spec of DrbgParameters.java.
No webrev, just the patch below. Please review.
diff --git a/src/java.base/share/classes/java/security/DrbgParameters.java b/src/java.base/share/classes/java/security/DrbgParameters.java
--- a/src/java.base/share/classes/java/security/DrbgParameters.java
+++ b/src/java.base/share/classes/java/security/DrbgParameters.java
@@ -216,10 +216,9 @@
* <p>
* If a DRBG is not instantiated with a {@link DrbgParameters.Instantiation}
* object explicitly, this implementation instantiates it with a default
- * requested strength of 128 bits (112 bits for CTR_DRBG with 3KeyTDEA),
- * no prediction resistance request, and no personalization string.
- * These default instantiation parameters can also be customized with
- * the {@code securerandom.drbg.config} security property.
+ * requested strength of 128 bits, no prediction resistance request, and
+ * no personalization string. These default instantiation parameters can also
+ * be customized with the {@code securerandom.drbg.config} security property.
* <p>
* This implementation reads fresh entropy from the system default entropy
* source determined by the security property {@code securerandom.source}.
Thanks
Max
p.s. Although this changes the spec part, it's a bug fix, and therefore no CCC.
More information about the security-dev
mailing list