RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

Wang Weijun weijun.wang at oracle.com
Thu Apr 28 03:55:32 UTC 2016


http://cr.openjdk.java.net/~weijun/8051408/webrev.13
http://cr.openjdk.java.net/~weijun/8051408/webrev.13/spec
http://cr.openjdk.java.net/~weijun/8051408/webrev.13/specdiff

Another update.

1. Comment out health test for the moment.

2. Remove the following words in SecureRandom#nextBytes:

-     * If the underlying implementation is prohibited from supplying a
-     * full arrays worth of data, the application must repeatedly call
-     * its generation algorithm until all elements in {@code bytes} are
-     * filled with random data.

Instead, add these into SecureRandomSpi#engineNextBytes:

+     * Some random number generators can only generate a limit amount
+     * of random bytes per invocation. If the size of {@code bytes}
+     * is greater than this limit, the implementation should invoke
+     * the generation process multiple times to generate enough random bytes
+     * in a single {@code engineNextBytes} call.

Thanks
Max



More information about the security-dev mailing list