On Jul 5, 2006, at 12:20 PM, Matthew Wringe wrote:
After looking into this issue more, PBEKeySpec needs to also create a copy of the salt, and some of the PBEKeySpec implementation is not according to spec.Please find attached a patch for PBEKeySpec(Crypto-PBEKeySpec.patch).This patch now only stores clones of the password and salt arguments, aswell as checking arguments being passed for validity. The javadoc has also been updated to reflect that only copies of the passed parameters are being stored. I am also attaching a mauve testlet for this class (TestOfPBEKeySpec.java). This test should go intognu/testlet/javax/crypto/spec (and as this directory does not exist yetin cvs, I could not just create a nice patch) Please review and comment. I do not have classpath commit permissions nor mauve commit permissions, so if this is deemed acceptable, could someone please submit them for me.
This looks fine; I think most of us agree that it's OK if we give you commit access, so you can go ahead and check this in yourself when that's done.
Thanks!
PGP.sig
Description: This is a digitally signed message part