RFR: 8170157, 8170245: Enable unlimited cryptographic policy by default in OracleJDK
Seán Coffey
sean.coffey at oracle.com
Fri Sep 1 15:04:24 UTC 2017
comments inline.
On 29/08/17 23:33, Bradford Wetmore wrote:
>
> Very minor comments/tweaks.
>
> On 8/18/2017 7:01 AM, Seán Coffey wrote:
>> Looking to backport 8170157 to jdk8u-dev. The 8170245 test bug also
>> gets pulled in for this port since some tests need cleaning up to
>> deal with unlimited crypto environment.
>>
>> webrev :
>> http://cr.openjdk.java.net/~coffeys/webrev.8170157.8u.01/webrev/index.html
>
> Update copyright dates. Looks like the original work was done in
> December 2016, but this is our actual push.
Done.
>
> JceSecurity.java
> ================
> 265: Suggestion since this is JDK/JRE specific:
>
> jre/lib/security
> ->
> <java-home>/lib/security
Done. I corrected line 260 also which was using the jre/lib/security syntax.
>
> Dynamic.java
> ============
> Is the removal of the separate ECB case because the parameter will
> just be ignored? Why was this a failing test case?
I inherited these changes from the JDK 9 edits. It looks like the
stronger AES defaults place stricter conditions on the IV length.[1] -
The test had some old conditions for some non-GCM mode based ciphers.
That seems to be no longer necessary and the call to
"ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());" appears to work
for all now.
regards,
Sean.
[1]
java.security.InvalidAlgorithmParameterException: Wrong IV length: must
be 16 bytes long
at com.sun.crypto.provider.CipherCore.init(CipherCore.java:526)
at com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:346)
at javax.crypto.Cipher.init(Cipher.java:1394)
at javax.crypto.Cipher.init(Cipher.java:1327)
at Dynamic.runTest(Dynamic.java:145)
at Dynamic.runAllTest(Dynamic.java:89)
at Dynamic.run(Dynamic.java:59)
at
TestAESWithRemoveAddProvider.main(TestAESWithRemoveAddProvider.java:40)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
at java.lang.Thread.run(Thread.java:748)
>
> Thanks.
>
> Brad
>
>
>
More information about the security-dev
mailing list