diff --git a/jdk/src/java.base/share/classes/java/security/MessageDigest.java b/jdk/src/java.base/share/classes/java/security/MessageDigest.java index be163c179f94a38b10c11f672893839ceaf99c3b..4f4987ceb46e0fd82fef5d650d58f61cfe7af873 100644 --- a/jdk/src/java.base/share/classes/java/security/MessageDigest.java +++ b/jdk/src/java.base/share/classes/java/security/MessageDigest.java @@ -57,7 +57,7 @@ import javax.crypto.SecretKey; * and catching the CloneNotSupportedException: * * 
{@code
- * MessageDigest md = MessageDigest.getInstance("SHA");
+ * MessageDigest md = MessageDigest.getInstance("SHA-256");
  *
  * try {
  *     md.update(toChapter1);
@@ -496,7 +496,7 @@ public abstract class MessageDigest extends MessageDigestSpi {
     /**
      * Returns a string that identifies the algorithm, independent of
      * implementation details. The name should be a standard
-     * Java Security name (such as "SHA", "MD5", and so on).
+     * Java Security name (such as "SHA-256").
      * See the MessageDigest section in the 
      * Java Security Standard Algorithm Names Specification
diff --git a/jdk/src/java.base/share/classes/java/security/Signature.java b/jdk/src/java.base/share/classes/java/security/Signature.java
index c7c25831a353c7dd39138487bef87862da099c51..3f0a9d967719225b770b232caa51cad78abf9933 100644
--- a/jdk/src/java.base/share/classes/java/security/Signature.java
+++ b/jdk/src/java.base/share/classes/java/security/Signature.java
@@ -51,11 +51,10 @@ import sun.security.jca.GetInstance.Instance;
  * authentication and integrity assurance of digital data.
  *
  * 
 The signature algorithm can be, among others, the NIST standard
- * DSA, using DSA and SHA-1. The DSA algorithm using the
- * SHA-1 message digest algorithm can be specified as {@code SHA1withDSA}.
- * In the case of RSA, there are multiple choices for the message digest
- * algorithm, so the signing algorithm could be specified as, for example,
- * {@code MD2withRSA}, {@code MD5withRSA}, or {@code SHA1withRSA}.
+ * DSA, using DSA and SHA-256. The DSA algorithm using the
+ * SHA-256 message digest algorithm can be specified as {@code SHA256withDSA}.
+ * In the case of RSA the signing algorithm could be specified as, for example,
+ * {@code SHA256withRSA}.
  * The algorithm name must be specified, as there is no default.
  *
  * 
 A Signature object can be used to generate and verify digital
diff --git a/jdk/src/java.base/share/classes/java/security/SignedObject.java b/jdk/src/java.base/share/classes/java/security/SignedObject.java
index 810c5706579619c025a8f76aa63e7bd25795813c..7ef3eca5583d2a92c34a3a5ca0e7406d3edf0c39 100644
--- a/jdk/src/java.base/share/classes/java/security/SignedObject.java
+++ b/jdk/src/java.base/share/classes/java/security/SignedObject.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -81,13 +81,12 @@ import java.io.*;
  * verification in an attempt to bypass a security check.
  *
  * 
 The signature algorithm can be, among others, the NIST standard
- * DSA, using DSA and SHA-1.  The algorithm is specified using the
+ * DSA, using DSA and SHA-256.  The algorithm is specified using the
  * same convention as that for signatures. The DSA algorithm using the
- * SHA-1 message digest algorithm can be specified, for example, as
- * "SHA/DSA" or "SHA-1/DSA" (they are equivalent).  In the case of
- * RSA, there are multiple choices for the message digest algorithm,
- * so the signing algorithm could be specified as, for example,
- * "MD2/RSA", "MD5/RSA" or "SHA-1/RSA".  The algorithm name must be
+ * SHA-256 message digest algorithm can be specified, for example, as
+ * "SHA256withDSA".  In the case of
+ * RSA the signing algorithm could be specified as, for example,
+ * "SHA256withRSA".  The algorithm name must be
  * specified, as there is no default.
  *
  * 
 The name of the Cryptography Package Provider is designated
diff --git a/jdk/src/java.base/share/classes/javax/crypto/Cipher.java b/jdk/src/java.base/share/classes/javax/crypto/Cipher.java
index 4982a87bbe151999d7889482a62bf99afcb74cfc..cd603f223120d54e80633fdcd3f2f01c65cf6dfe 100644
--- a/jdk/src/java.base/share/classes/javax/crypto/Cipher.java
+++ b/jdk/src/java.base/share/classes/javax/crypto/Cipher.java
@@ -59,7 +59,7 @@ import sun.security.jca.*;
  * 
A transformation is a string that describes the operation (or
  * set of operations) to be performed on the given input, to produce some
  * output. A transformation always includes the name of a cryptographic
- * algorithm (e.g., DES), and may be followed by a feedback mode and
+ * algorithm (e.g., AES), and may be followed by a feedback mode and
  * padding scheme.
  *
  * 
 A transformation is of the form:
@@ -75,17 +75,19 @@ import sun.security.jca.*;
  * For example, the following is a valid transformation:
  *
  * 
- *     Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding");
+ *     Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
  * 

  *
  * Using modes such as {@code CFB} and {@code OFB}, block
  * ciphers can encrypt data in units smaller than the cipher's actual
  * block size.  When requesting such a mode, you may optionally specify
  * the number of bits to be processed at a time by appending this number
- * to the mode name as shown in the "{@code DES/CFB8/NoPadding}" and
- * "{@code DES/OFB32/PKCS5Padding}" transformations. If no such
- * number is specified, a provider-specific default is used. (For
- * example, the SunJCE provider uses a default of 64 bits for DES.)
+ * to the mode name as shown in the "{@code AES/CFB8/NoPadding}" and
+ * "{@code AES/OFB32/PKCS5Padding}" transformations. If no such
+ * number is specified, a provider-specific default is used.
+ * (See the
+ * {@extLink security_guide_jdk_providers JDK Providers Documentation}
+ * for the JDK Providers default values.)
  * Thus, block ciphers can be turned into byte-oriented stream ciphers by
  * using an 8 bit mode such as CFB8 or OFB8.
  * 

@@ -308,7 +310,7 @@ public class Cipher {
         /*
          * array containing the components of a Cipher transformation:
          *
-         * index 0: algorithm component (e.g., DES)
+         * index 0: algorithm component (e.g., AES)
          * index 1: feedback component (e.g., CFB)
          * index 2: padding component (e.g., PKCS5Padding)
          */
@@ -354,8 +356,8 @@ public class Cipher {
         // transform string to lookup in the provider
         final String transform;
         // the mode/padding suffix in upper case. for example, if the algorithm
-        // to lookup is "DES/CBC/PKCS5Padding" suffix is "/CBC/PKCS5PADDING"
-        // if loopup is "DES", suffix is the empty string
+        // to lookup is "AES/CBC/PKCS5Padding" suffix is "/CBC/PKCS5PADDING"
+        // if lookup is "AES", suffix is the empty string
         // needed because aliases prevent straight transform.equals()
         final String suffix;
         // value to pass to setMode() or null if no such call required
@@ -440,11 +442,11 @@ public class Cipher {
         }
 
         if ((mode == null) && (pad == null)) {
-            // DES
+            // AES
             Transform tr = new Transform(alg, "", null, null);
             return Collections.singletonList(tr);
         } else { // if ((mode != null) && (pad != null)) {
-            // DES/CBC/PKCS5Padding
+            // AES/CBC/PKCS5Padding
             List list = new ArrayList<>(4);
             list.add(new Transform(alg, "/" + mode + "/" + pad, null, null));
             list.add(new Transform(alg, "/" + mode, null, pad));
@@ -488,7 +490,7 @@ public class Cipher {
      * {@link Security#getProviders() Security.getProviders()}.
      *
      * @param transformation the name of the transformation, e.g.,
-     * DES/CBC/PKCS5Padding.
+     * AES/CBC/PKCS5Padding.
      * See the Cipher section in the 
      * Java Security Standard Algorithm Names Specification
@@ -566,7 +568,7 @@ public class Cipher {
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
      * @param transformation the name of the transformation,
-     * e.g., DES/CBC/PKCS5Padding.
+     * e.g., AES/CBC/PKCS5Padding.
      * See the Cipher section in the 
      * Java Security Standard Algorithm Names Specification
@@ -626,7 +628,7 @@ public class Cipher {
      * does not have to be registered in the provider list.
      *
      * @param transformation the name of the transformation,
-     * e.g., DES/CBC/PKCS5Padding.
+     * e.g., AES/CBC/PKCS5Padding.
      * See the Cipher section in the 
      * Java Security Standard Algorithm Names Specification
diff --git a/jdk/src/java.base/share/classes/javax/crypto/CipherSpi.java b/jdk/src/java.base/share/classes/javax/crypto/CipherSpi.java
index ce7258157d57e3d01bce14a4939941cf1a7c361a..72bfa803bd53011705e5b76d81bbaf6714621886 100644
--- a/jdk/src/java.base/share/classes/javax/crypto/CipherSpi.java
+++ b/jdk/src/java.base/share/classes/javax/crypto/CipherSpi.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,7 +59,7 @@ import java.nio.ByteBuffer;
  * 
A transformation is a string that describes the operation (or
  * set of operations) to be performed on the given input, to produce some
  * output. A transformation always includes the name of a cryptographic
- * algorithm (e.g., DES), and may be followed by a feedback mode and
+ * algorithm (e.g., AES), and may be followed by a feedback mode and
  * padding scheme.
  *
  * 
 A transformation is of the form:
@@ -75,7 +75,7 @@ import java.nio.ByteBuffer;
  * For example, the following is a valid transformation:
  *
  * 
- *     Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding");
+ *     Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
  * 

  *
  * 
A provider may supply a separate class for each combination
@@ -125,32 +125,32 @@ import java.nio.ByteBuffer;
  * 
  *
  * 
For example, a provider may supply a subclass of CipherSpi
- * that implements DES/ECB/PKCS5Padding, one that implements
- * DES/CBC/PKCS5Padding, one that implements
- * DES/CFB/PKCS5Padding, and yet another one that implements
- * DES/OFB/PKCS5Padding. That provider would have the following
+ * that implements AES/ECB/PKCS5Padding, one that implements
+ * AES/CBC/PKCS5Padding, one that implements
+ * AES/CFB/PKCS5Padding, and yet another one that implements
+ * AES/OFB/PKCS5Padding. That provider would have the following
  * Cipher properties in its master class:
  *
  * 

@@ -158,7 +158,7 @@ import java.nio.ByteBuffer;
  * 
Another provider may implement a class for each of the above modes
  * (i.e., one class for ECB, one for CBC, one for CFB,
  * and one for OFB), one class for PKCS5Padding,
- * and a generic DES class that subclasses from CipherSpi.
+ * and a generic AES class that subclasses from CipherSpi.
  * That provider would have the following
  * Cipher properties in its master class:
  *
@@ -166,7 +166,7 @@ import java.nio.ByteBuffer;
  *
  * 
  • 
  * 
    - *     Cipher.DES
+ *     Cipher.AES
  * 
    
  *
  * 
diff --git a/jdk/src/java.base/share/classes/javax/crypto/Mac.java b/jdk/src/java.base/share/classes/javax/crypto/Mac.java
index 245f12f693410d29cafa119789eceb57ca745708..ad7dae88913f353b69a747f2902778b13f8ee5dd 100644
--- a/jdk/src/java.base/share/classes/javax/crypto/Mac.java
+++ b/jdk/src/java.base/share/classes/javax/crypto/Mac.java
@@ -50,7 +50,7 @@ import sun.security.jca.GetInstance.Instance;
  *
  * 
     A MAC mechanism that is based on cryptographic hash functions is
  * referred to as HMAC. HMAC can be used with any cryptographic hash function,
- * e.g., MD5 or SHA-1, in combination with a secret shared key. HMAC is
+ * e.g., SHA256 or SHA384, in combination with a secret shared key. HMAC is
  * specified in RFC 2104.
  *
  * 
     Every implementation of the Java platform is required to support
diff --git a/jdk/src/java.base/share/classes/javax/crypto/SealedObject.java b/jdk/src/java.base/share/classes/javax/crypto/SealedObject.java
index 743125bf0f768e1bae431e3c1218a33492cf425b..3d657423aa42cd80f2310e77ca2b8fa9e9dbb296 100644
--- a/jdk/src/java.base/share/classes/javax/crypto/SealedObject.java
+++ b/jdk/src/java.base/share/classes/javax/crypto/SealedObject.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,7 +40,7 @@ import java.security.NoSuchProviderException;
  * 
     Given any Serializable object, one can create a SealedObject
  * that encapsulates the original object, in serialized
  * format (i.e., a "deep copy"), and seals (encrypts) its serialized contents,
- * using a cryptographic algorithm such as DES, to protect its
+ * using a cryptographic algorithm such as AES, to protect its
  * confidentiality.  The encrypted content can later be decrypted (with
  * the corresponding algorithm using the correct decryption key) and
  * de-serialized, yielding the original object.