I see. Good. --Max
On 8/20/2016 19:47, Vincent Ryan wrote:
I did consider the approach below, especially since it saves an extra call to Mac.getInstance. However one motivation for fixing the original issue was to better facilitate third-party JCE providers and I know of one provider that does support empty passwords which will never get selected if that approach is used.On 20 Aug 2016, at 01:30, Weijun Wang <weijun.w...@oracle.com> wrote: How about this.prf = (passwdBytes.length == 0) ? Mac.getInstance(prfAlgo, SunJCE.getInstance()) : Mac.getInstance(prfAlgo); Mac is only implemented in SunPKCS11 and SunJCE out-of-box, so this saves an extra getInstance() call. If a 3rd party provider is involved, I'm not sure it supports an empty password (I have a feeling that except for Java everyone else are using the same C codes. Maybe not Microsoft), and this call is safer. --Max
