RFR: 8170157, 8170245: Enable unlimited cryptographic policy by default in OracleJDK

Seán Coffey sean.coffey at oracle.com
Fri Sep 1 15:04:24 UTC 2017

comments inline.

On 29/08/17 23:33, Bradford Wetmore wrote:
> Very minor comments/tweaks.
> On 8/18/2017 7:01 AM, Seán Coffey wrote:
>> Looking to backport 8170157 to jdk8u-dev. The 8170245 test bug also 
>> gets pulled in for this port since some tests need cleaning up to 
>> deal with unlimited crypto environment.
>> webrev : 
>> http://cr.openjdk.java.net/~coffeys/webrev.8170157.8u.01/webrev/index.html
> Update copyright dates.  Looks like the original work was done in 
> December 2016, but this is our actual push.
> JceSecurity.java
> ================
> 265:  Suggestion since this is JDK/JRE specific:
> jre/lib/security
> ->
> <java-home>/lib/security
Done. I corrected line 260 also which was using the jre/lib/security syntax.
> Dynamic.java
> ============
> Is the removal of the separate ECB case because the parameter will 
> just be ignored?  Why was this a failing test case?
I inherited these changes from the JDK 9 edits. It looks like the 
stronger AES defaults place stricter conditions on the IV length.[1] - 
The test had some old conditions for some non-GCM mode based ciphers. 
That seems to be no longer necessary and the call to 
"ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());" appears to work 
for all now.


java.security.InvalidAlgorithmParameterException: Wrong IV length: must 
be 16 bytes long
         at com.sun.crypto.provider.CipherCore.init(CipherCore.java:526)
         at com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:346)
         at javax.crypto.Cipher.init(Cipher.java:1394)
         at javax.crypto.Cipher.init(Cipher.java:1327)
         at Dynamic.runTest(Dynamic.java:145)
         at Dynamic.runAllTest(Dynamic.java:89)
         at Dynamic.run(Dynamic.java:59)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at java.lang.reflect.Method.invoke(Method.java:498)
         at java.lang.Thread.run(Thread.java:748)

> Thanks.
> Brad

More information about the security-dev mailing list