RFR: 8170157, 8170245: Enable unlimited cryptographic policy by default in OracleJDK

Seán Coffey sean.coffey at oracle.com
Fri Sep 15 07:23:20 UTC 2017 

Thanks for the review. Yes - main difference is the java.security files.

The minor edits suggested in your first review are also done.

regards,
Sean.


On 14/09/2017 22:12, Bradford Wetmore wrote:
> The java.security files are the only differences?  Then looks good to me.
>
> Brad
>
>
> On 9/14/2017 2:04 PM, Seán Coffey wrote:
>> Some modifications to the java.security file(s).
>>
>> Final webrev, I hope :
>>
>> http://cr.openjdk.java.net/~coffeys/webrev.8170157.8u.02/webrev/
>>
>> regards,
>> Sean.
>>
>>
>> On 01/09/2017 16:04, Seán Coffey wrote:
>>> comments inline.
>>>
>>> On 29/08/17 23:33, Bradford Wetmore wrote:
>>>>
>>>> Very minor comments/tweaks.
>>>>
>>>> On 8/18/2017 7:01 AM, Seán Coffey wrote:
>>>>> Looking to backport 8170157 to jdk8u-dev. The 8170245 test bug 
>>>>> also gets pulled in for this port since some tests need cleaning 
>>>>> up to deal with unlimited crypto environment.
>>>>>
>>>>> webrev : 
>>>>> http://cr.openjdk.java.net/~coffeys/webrev.8170157.8u.01/webrev/index.html 
>>>>>
>>>>
>>>> Update copyright dates.  Looks like the original work was done in 
>>>> December 2016, but this is our actual push.
>>> Done.
>>>>
>>>> JceSecurity.java
>>>> ================
>>>> 265:  Suggestion since this is JDK/JRE specific:
>>>>
>>>> jre/lib/security
>>>> ->
>>>> <java-home>/lib/security
>>> Done. I corrected line 260 also which was using the jre/lib/security 
>>> syntax.
>>>>
>>>> Dynamic.java
>>>> ============
>>>> Is the removal of the separate ECB case because the parameter will 
>>>> just be ignored?  Why was this a failing test case?
>>> I inherited these changes from the JDK 9 edits. It looks like the 
>>> stronger AES defaults place stricter conditions on the IV length.[1] 
>>> - The test had some old conditions for some non-GCM mode based 
>>> ciphers. That seems to be no longer necessary and the call to 
>>> "ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());" appears to 
>>> work for all now.
>>>
>>> regards,
>>> Sean.
>>>
>>> [1]
>>> java.security.InvalidAlgorithmParameterException: Wrong IV length: 
>>> must be 16 bytes long
>>>         at com.sun.crypto.provider.CipherCore.init(CipherCore.java:526)
>>>         at 
>>> com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:346)
>>>         at javax.crypto.Cipher.init(Cipher.java:1394)
>>>         at javax.crypto.Cipher.init(Cipher.java:1327)
>>>         at Dynamic.runTest(Dynamic.java:145)
>>>         at Dynamic.runAllTest(Dynamic.java:89)
>>>         at Dynamic.run(Dynamic.java:59)
>>>         at 
>>> TestAESWithRemoveAddProvider.main(TestAESWithRemoveAddProvider.java:40)
>>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>         at 
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
>>>
>>>         at 
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
>>>
>>>         at java.lang.reflect.Method.invoke(Method.java:498)
>>>         at 
>>> com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115) 
>>>
>>>         at java.lang.Thread.run(Thread.java:748)
>>>
>>>>
>>>> Thanks.
>>>>
>>>> Brad
>>>>
>>>>
>>>>
>>>
>>

More information about the security-dev mailing list