RFR: 8170157, 8170245: Enable unlimited cryptographic policy by default in OracleJDK (original) (raw)
Seán Coffey sean.coffey at oracle.com
Fri Sep 15 07:23:20 UTC 2017
- Previous message (by thread): RFR: 8170157, 8170245: Enable unlimited cryptographic policy by default in OracleJDK
- Next message (by thread): RFR 8186931: jdk.security.jarsigner package is missing package summary
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thanks for the review. Yes - main difference is the java.security files.
The minor edits suggested in your first review are also done.
regards, Sean.
On 14/09/2017 22:12, Bradford Wetmore wrote:
The java.security files are the only differences? Then looks good to me.
Brad
On 9/14/2017 2:04 PM, Seán Coffey wrote: Some modifications to the java.security file(s).
Final webrev, I hope : http://cr.openjdk.java.net/~coffeys/webrev.8170157.8u.02/webrev/ regards, Sean.
On 01/09/2017 16:04, Seán Coffey wrote: comments inline. On 29/08/17 23:33, Bradford Wetmore wrote:
Very minor comments/tweaks. On 8/18/2017 7:01 AM, Seán Coffey wrote: Looking to backport 8170157 to jdk8u-dev. The 8170245 test bug also gets pulled in for this port since some tests need cleaning up to deal with unlimited crypto environment.
webrev : http://cr.openjdk.java.net/~coffeys/webrev.8170157.8u.01/webrev/index.html
Update copyright dates. Looks like the original work was done in December 2016, but this is our actual push. Done. JceSecurity.java ================ 265: Suggestion since this is JDK/JRE specific: jre/lib/security -> /lib/security Done. I corrected line 260 also which was using the jre/lib/security syntax. Dynamic.java ============ Is the removal of the separate ECB case because the parameter will just be ignored? Why was this a failing test case? I inherited these changes from the JDK 9 edits. It looks like the stronger AES defaults place stricter conditions on the IV length.[1] - The test had some old conditions for some non-GCM mode based ciphers. That seems to be no longer necessary and the call to "ci.init(Cipher.DECRYPTMODE, key, ci.getParameters());" appears to work for all now. regards, Sean. [1] java.security.InvalidAlgorithmParameterException: Wrong IV length: must be 16 bytes long at com.sun.crypto.provider.CipherCore.init(CipherCore.java:526) at com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:346) at javax.crypto.Cipher.init(Cipher.java:1394) at javax.crypto.Cipher.init(Cipher.java:1327) at Dynamic.runTest(Dynamic.java:145) at Dynamic.runAllTest(Dynamic.java:89) at Dynamic.run(Dynamic.java:59) at TestAESWithRemoveAddProvider.main(TestAESWithRemoveAddProvider.java:40) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115) at java.lang.Thread.run(Thread.java:748) Thanks. Brad
- Previous message (by thread): RFR: 8170157, 8170245: Enable unlimited cryptographic policy by default in OracleJDK
- Next message (by thread): RFR 8186931: jdk.security.jarsigner package is missing package summary
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]