RFR: 8170157, 8170245: Enable unlimited cryptographic policy by default in OracleJDK

Seán Coffey sean.coffey at oracle.com
Thu Sep 14 21:04:21 UTC 2017 

Some modifications to the java.security file(s).

Final webrev, I hope :

http://cr.openjdk.java.net/~coffeys/webrev.8170157.8u.02/webrev/

regards,
Sean.


On 01/09/2017 16:04, Seán Coffey wrote:
> comments inline.
>
> On 29/08/17 23:33, Bradford Wetmore wrote:
>>
>> Very minor comments/tweaks.
>>
>> On 8/18/2017 7:01 AM, Seán Coffey wrote:
>>> Looking to backport 8170157 to jdk8u-dev. The 8170245 test bug also 
>>> gets pulled in for this port since some tests need cleaning up to 
>>> deal with unlimited crypto environment.
>>>
>>> webrev : 
>>> http://cr.openjdk.java.net/~coffeys/webrev.8170157.8u.01/webrev/index.html
>>
>> Update copyright dates.  Looks like the original work was done in 
>> December 2016, but this is our actual push.
> Done.
>>
>> JceSecurity.java
>> ================
>> 265:  Suggestion since this is JDK/JRE specific:
>>
>> jre/lib/security
>> ->
>> <java-home>/lib/security
> Done. I corrected line 260 also which was using the jre/lib/security 
> syntax.
>>
>> Dynamic.java
>> ============
>> Is the removal of the separate ECB case because the parameter will 
>> just be ignored?  Why was this a failing test case?
> I inherited these changes from the JDK 9 edits. It looks like the 
> stronger AES defaults place stricter conditions on the IV length.[1] - 
> The test had some old conditions for some non-GCM mode based ciphers. 
> That seems to be no longer necessary and the call to 
> "ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());" appears to 
> work for all now.
>
> regards,
> Sean.
>
> [1]
> java.security.InvalidAlgorithmParameterException: Wrong IV length: 
> must be 16 bytes long
>         at com.sun.crypto.provider.CipherCore.init(CipherCore.java:526)
>         at 
> com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:346)
>         at javax.crypto.Cipher.init(Cipher.java:1394)
>         at javax.crypto.Cipher.init(Cipher.java:1327)
>         at Dynamic.runTest(Dynamic.java:145)
>         at Dynamic.runAllTest(Dynamic.java:89)
>         at Dynamic.run(Dynamic.java:59)
>         at 
> TestAESWithRemoveAddProvider.main(TestAESWithRemoveAddProvider.java:40)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:498)
>         at 
> com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
>         at java.lang.Thread.run(Thread.java:748)
>
>>
>> Thanks.
>>
>> Brad
>>
>>
>>
>

More information about the security-dev mailing list