RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations
weijun.wang at oracle.com
Thu Apr 21 08:52:38 UTC 2016
Webrev updated again at
Changes since webrev.10:
- DRBG's generateSeed() will directly read from securerandom.source and does not have the synchronized modifier anymore. This is the same as SHA1PRNG.
- new Capability methods boolean supportsReseeding() and boolean supportsPredictionResistance()
- The "drbg" security property is renamed to "securerandom.drbg.config".
- SecureRandom#nextBytes(byte) will no longer throw an NPE. It's up to a provider to decide what to do. Currently, SunPKCS11 ignores it and all others throw an NPE.
- Move spec in Instantiate#getCapability to Capability.
- Internal nonce provider upgraded from a long to 16 bytes.
- "DRBG:SUN" added as a fallback for "securerandom.strongAlgorithms" security property on *nix
- Rename engineConfigure() to configure() in AbstractDrbg, and merge configureInternal() into it.
- Provider#newInstanceUtil will throw NoSuchMethodException (instead of IAE) if a SecureRandom implementation has not provided a constructor with a params parameter and user is calling getInstance(alg,params). This is just an internal change since the exception thrown by getInstance() is always be NoSuchAlgorithmException.
- More information in exceptions
- Other refactoring
More information about the security-dev