bug-classpath
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug classpath/23899] BouncyCastle crypto library errors

From: david at jpackage dot org
Subject: [Bug classpath/23899] BouncyCastle crypto library errors
Date: 19 Apr 2006 03:09:59 -0000 

------- Comment #11 from david at jpackage dot org  2006-04-19 03:09 -------
It is really not a good idea to post something from someone who has seen the
Sun source code.

It was already obvious by my previous comment that Sun's implementation must be
calling nextBytes().

>From the javadocs for Random, it seems that next() is the basis for all calls.
Since SecureRandom is a subclass of Random, I just assumed without checking
that this was still the case.

I do not like how the semantics seem to have changed between Random and
SecureRandom, but I did notice that nextBytes() should be used in accordance
with ``this method is used as the basis of all random entities returned by this
class (except seed bytes)'' and the fact that SecureRandomSpi only contains
engineNextBytes(). Thus, it seems the correct behavior in classpath would be to
call nextBytes() for everything and in nextBytes() itself call
SecureRandomSpi.engineNextBytes().

I do not explicitly find the method for masking bytes in the javadocs, but I
think it proceeds in the ``obvious'' way.

At first I thought that this was a bouncycastle bug as it should have been
overriding next() instead of nextBytes(), but I see that unfortunately the
semantics for Random and SecureRandom are different.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23899
reply via email to
[Prev in Thread] Current Thread [Next in Thread]