RFR 8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5

Sean Mullan sean.mullan at oracle.com
Tue Jan 9 16:22:18 UTC 2018


On 12/19/17 8:39 PM, Weijun Wang wrote:
> 
> 
>> On Dec 20, 2017, at 5:02 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> On 12/19/17 10:52 AM, Weijun Wang wrote:
>>>> * AesSha2DkCrypto.java
>>>>
>>>> - why does stringToKey(char[] password, String salt, byte[] s2kparams) swallow exceptions but stringToKey(char[] secret, byte[] salt, byte[] params) does not?
>>> I simply copy the behavior of the same methods for other etypes. Looks like the later is always private and called by the former. The former is called by EncryptionKey::acquireSecretKey and this method was designed to accept a null value instead of handle an exception.
>>
>> Ok, I suggest logging the exception if debug is enabled.
> 
> The debug flag inside AesDkCrypto and AesSha2DkCrypto are hardcoded to false and not customizable by any system property (and turning it on shows a lot of sensitive things). I can reuse the Krb5.DEBUG flag (controlled by -Dsun.security.krb5.debug=true) but it has never been used inside this level.
> 
> Also, the only reason for exception I can see is that a user managed to pack a non-positive iteration count into the s2kparams. This should be quite rare.

Is that a programming error or something that could be from data sent 
over the network? If only the former, I would say that those exceptions 
should not be suppressed.

The code can also throw GeneralSecurityException but those are also 
always suppressed because of the catch block. Is that the right behavior?

--Sean






More information about the security-dev mailing list