RFR 8157526: 3KeyTDEA word left in DRBG after JDK-8156213

Bradford Wetmore bradford.wetmore at oracle.com
Mon May 23 22:20:28 UTC 2016


+1.

Brad


On 5/22/2016 6:29 PM, Xuelei Fan wrote:
> Looks fine to me.
>
> Xuelei
>
> On 5/23/2016 9:12 AM, Wang Weijun wrote:
>> Hi All
>>
>> The removal of 3KeyTDEA in JDK-8156213 is not clean. This bug removes the "(112 bits for CTR_DRBG with 3KeyTDEA)" words in class spec of DrbgParameters.java.
>>
>> No webrev, just the patch below. Please review.
>>
>> diff --git a/src/java.base/share/classes/java/security/DrbgParameters.java b/src/java.base/share/classes/java/security/DrbgParameters.java
>> --- a/src/java.base/share/classes/java/security/DrbgParameters.java
>> +++ b/src/java.base/share/classes/java/security/DrbgParameters.java
>> @@ -216,10 +216,9 @@
>>   * <p>
>>   * If a DRBG is not instantiated with a {@link DrbgParameters.Instantiation}
>>   * object explicitly, this implementation instantiates it with a default
>> - * requested strength of 128 bits (112 bits for CTR_DRBG with 3KeyTDEA),
>> - * no prediction resistance request, and no personalization string.
>> - * These default instantiation parameters can also be customized with
>> - * the {@code securerandom.drbg.config} security property.
>> + * requested strength of 128 bits, no prediction resistance request, and
>> + * no personalization string. These default instantiation parameters can also
>> + * be customized with the {@code securerandom.drbg.config} security property.
>>   * <p>
>>   * This implementation reads fresh entropy from the system default entropy
>>   * source determined by the security property {@code securerandom.source}.
>>
>> Thanks
>> Max
>>
>> p.s. Although this changes the spec part, it's a bug fix, and therefore no CCC.
>>
>



More information about the security-dev mailing list