RFR: 8343622: AesDkCrypto.stringToKey should not return null [v2]

Weijun Wang weijun at openjdk.org
Wed Dec 4 13:58:39 UTC 2024 

On Tue, 5 Nov 2024 15:51:58 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> When an exception happens inside these stringToKey() methods, it returns a null. This would lead to unexpected NPE some time in the future.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   let it throw NSAE

In my test (where certain required security providers have been removed), the exception thrown is

java.lang.IllegalArgumentException: PBKDF2WithHmacSHA1 SecretKeyFactory not available
	at java.security.jgss/javax.security.auth.kerberos.KeyImpl.<init>(KeyImpl.java:99)
	at java.security.jgss/javax.security.auth.kerberos.KerberosKey.<init>(KerberosKey.java:150)
        ...

I can change `throw new IllegalArgumentException(e.getMessage())` to `throw new IllegalArgumentException("key creation error", e)` in `KeyImpl.<init>` and it will be

java.lang.IllegalArgumentException: key creation error
	at java.security.jgss/javax.security.auth.kerberos.KeyImpl.<init>(KeyImpl.java:99)
	at java.security.jgss/javax.security.auth.kerberos.KerberosKey.<init>(KerberosKey.java:150)
	...
Caused by: KrbException: PBKDF2WithHmacSHA1 SecretKeyFactory not available
	at java.security.jgss/sun.security.krb5.EncryptionKey.stringToKey(EncryptionKey.java:268)
	at java.security.jgss/sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:317)
	at java.security.jgss/javax.security.auth.kerberos.KeyImpl.<init>(KeyImpl.java:94)
	... 6 more
Caused by: java.security.NoSuchAlgorithmException: PBKDF2WithHmacSHA1 SecretKeyFactory not available
	at java.base/javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:116)
	at java.base/javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:162)
	at java.security.jgss/sun.security.krb5.internal.crypto.dk.AesDkCrypto.PBKDF2(AesDkCrypto.java:482)
	at java.security.jgss/sun.security.krb5.internal.crypto.dk.AesDkCrypto.stringToKey(AesDkCrypto.java:129)
	at java.security.jgss/sun.security.krb5.internal.crypto.dk.AesDkCrypto.stringToKey(AesDkCrypto.java:110)
	at java.security.jgss/sun.security.krb5.internal.crypto.Aes128.stringToKey(Aes128.java:46)
	at java.security.jgss/sun.security.krb5.EncryptionKey.stringToKey(EncryptionKey.java:251)
	... 8 more

This will be more useful.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/21908#issuecomment-2517479736

More information about the security-dev mailing list