RFR: 8170157, 8170245: Enable unlimited cryptographic policy by default in OracleJDK

Bradford Wetmore bradford.wetmore at oracle.com
Thu Sep 14 21:12:17 UTC 2017 

The java.security files are the only differences?  Then looks good to me.

Brad


On 9/14/2017 2:04 PM, Seán Coffey wrote:
> Some modifications to the java.security file(s).
> 
> Final webrev, I hope :
> 
> http://cr.openjdk.java.net/~coffeys/webrev.8170157.8u.02/webrev/
> 
> regards,
> Sean.
> 
> 
> On 01/09/2017 16:04, Seán Coffey wrote:
>> comments inline.
>>
>> On 29/08/17 23:33, Bradford Wetmore wrote:
>>>
>>> Very minor comments/tweaks.
>>>
>>> On 8/18/2017 7:01 AM, Seán Coffey wrote:
>>>> Looking to backport 8170157 to jdk8u-dev. The 8170245 test bug also 
>>>> gets pulled in for this port since some tests need cleaning up to 
>>>> deal with unlimited crypto environment.
>>>>
>>>> webrev : 
>>>> http://cr.openjdk.java.net/~coffeys/webrev.8170157.8u.01/webrev/index.html 
>>>>
>>>
>>> Update copyright dates.  Looks like the original work was done in 
>>> December 2016, but this is our actual push.
>> Done.
>>>
>>> JceSecurity.java
>>> ================
>>> 265:  Suggestion since this is JDK/JRE specific:
>>>
>>> jre/lib/security
>>> ->
>>> <java-home>/lib/security
>> Done. I corrected line 260 also which was using the jre/lib/security 
>> syntax.
>>>
>>> Dynamic.java
>>> ============
>>> Is the removal of the separate ECB case because the parameter will 
>>> just be ignored?  Why was this a failing test case?
>> I inherited these changes from the JDK 9 edits. It looks like the 
>> stronger AES defaults place stricter conditions on the IV length.[1] - 
>> The test had some old conditions for some non-GCM mode based ciphers. 
>> That seems to be no longer necessary and the call to 
>> "ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());" appears to 
>> work for all now.
>>
>> regards,
>> Sean.
>>
>> [1]
>> java.security.InvalidAlgorithmParameterException: Wrong IV length: 
>> must be 16 bytes long
>>         at com.sun.crypto.provider.CipherCore.init(CipherCore.java:526)
>>         at 
>> com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:346)
>>         at javax.crypto.Cipher.init(Cipher.java:1394)
>>         at javax.crypto.Cipher.init(Cipher.java:1327)
>>         at Dynamic.runTest(Dynamic.java:145)
>>         at Dynamic.runAllTest(Dynamic.java:89)
>>         at Dynamic.run(Dynamic.java:59)
>>         at 
>> TestAESWithRemoveAddProvider.main(TestAESWithRemoveAddProvider.java:40)
>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>         at 
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
>>
>>         at 
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
>>
>>         at java.lang.reflect.Method.invoke(Method.java:498)
>>         at 
>> com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115) 
>>
>>         at java.lang.Thread.run(Thread.java:748)
>>
>>>
>>> Thanks.
>>>
>>> Brad
>>>
>>>
>>>
>>
>

More information about the security-dev mailing list