CSR Review Request: JDK-8220531, SecretKeyFactory.getInstance( algo_, provider_ ) ignores the provider argument.
Adam Petcher
adam.petcher at oracle.com
Wed Mar 13 13:44:05 UTC 2019
On 3/12/2019 2:33 PM, Jamil Nimeh wrote:
> Hello all,
>
> Please review the CSR for the behavioral change to SunJCE's PBKDF2
> implementaion. This change will make the underlying Mac also come
> from SunJCE. This change only affects the SunJCE implementation of
> PBKDF2, not any other implementation from any different provider.
>
> https://bugs.openjdk.java.net/browse/JDK-8220531
Looks pretty straightforward. I just have a couple of questions related
to compatibility:
1) Is it possible that the requested Mac would not be available in
SunJCE, but it would be available in some other provider? If so, then
PBKDF2 would fail after this change. Should we fall back to the current
behavior if we get a NoSuchAlgorithmException from SunJCE?
2) Do you (or anyone else on the mailing list) have any reason to be
concerned that the Mac in SunJCE won't work as well in some cases where
it could also come from another (higher-priority) provider? If so, then
we should think about adding a system property or other toggle for this
behavior. This is a question---not a suggestion. I don't think we should
include this toggle unless we have some motivation to do so.
Also, if there is no change to any spec, then I think that means the
scope is "Implementation" rather than "SE".
More information about the security-dev
mailing list