The change to PBKDF2KeyImpl.java looks fine. About the test:
*) Is it necessary to put the provider in a separate jar? It seems
unnecessary because you are adding it with Security.insertProviderAt.
*) Line 54 of the test compares the result of a constructor to null.
Unless I'm missing something, this reference will always be non-null.
*) At the end of the test, there are some methods that do conversion
between hex strings and bytes. Can you use the methods in Convert (in
the test list) instead? I think Convert.hexStringToByteArray is the same
thing as hex2bin. You may also want to move dumpHexBytes to Convert, but
it's fine either way.
*) It looks the evilprovider source files have the wrong copyright header.
*) There is a commented out line of code on line 16 of EvilProvider.java
On 3/14/2019 9:34 AM, Jamil Nimeh wrote:
Hello all,
This review will change the SunJCE implementation of PBKDF2 so that it
always uses the SunJCE version of the PRF algorithm internally.
Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8218723/webrev.01/
JBS: https://bugs.openjdk.java.net/browse/JDK-8218723
CSR: https://bugs.openjdk.java.net/browse/JDK-8220531
