-
Bug
-
Resolution: Fixed
-
P4
-
5.0
-
None
-
beta
-
generic
-
generic
Looking over the comments in the com/sun/security/sasl/digest/PrivacyRc4.java
class, it says:
* @ignore RC4 ciphers not in std JDK; run this by hand after installing RC4 cipher.
This was added to JDK's reg suite area by rosanna back in 03, I'm assuming
before tiger had an RC4 cipher (ARCFOUR).
Should this test be enabled now?
As it is, it's failing when running by hand.
###@###.### 2004-08-25
Andreas Sterbenz wrote:
> Andrew Fan wrote:
>
>>--------------
>>In the source code of com/sun/security/sasl/digest/DigestMD5Base.java, I
>>found the following linies:
>>---------------------------
>> private static final String[] JCE_CIPHER_NAME = {
>> "Cipher.DESede",
>> "Cipher.RC4",
>> "Cipher.DES",
>> };
>>Those strings will be used to match the cipher name from system providers.
>>-------------------
>> protected static byte[] getPlatformCiphers() {
>> Provider[] providers = java.security.Security.getProviders();
>> Set set;
>>
>> byte[] ciphers = new byte[CIPHER_TOKENS.length];
>> for (int j = 0; j < providers.length; j++) {
>> set = providers[j].keySet();
>> ......
>> if (set.contains(JCE_CIPHER_NAME[RC4])) {
>> logger.log(Level.FINE, "DIGEST03:Platform supports rc4");
>> ciphers[RC4] |= CIPHER_MASKS[RC4];
>> ciphers[RC4_56] |= CIPHER_MASKS[RC4_56];
>> ciphers[RC4_40] |= CIPHER_MASKS[RC4_40];
>> }
>> }
>> ......
>>}
>>--------------------------
>
>
> I think this method of testing that an algorithm is available is not very
> wise and needs to be changed.
>
> I don't know how our "J2SE required algorithm list" turned out, but it may
> require all of those algorithms, in which case this code would seem
> completely redundant.
>
> Otherwise, a better way of testing if an encryption algorithm is available
> is to just call Cipher.getInstance(algorithm). Another method is to
> iterate over Security.getProviders() and call
> provider.getService("Cipher", name). If you get a non-null value, the
> algorithm is supported. (The performance difference between these two
> options is negligible)
###@###.### 2005-1-12 03:12:01 GMT
class, it says:
* @ignore RC4 ciphers not in std JDK; run this by hand after installing RC4 cipher.
This was added to JDK's reg suite area by rosanna back in 03, I'm assuming
before tiger had an RC4 cipher (ARCFOUR).
Should this test be enabled now?
As it is, it's failing when running by hand.
###@###.### 2004-08-25
Andreas Sterbenz wrote:
> Andrew Fan wrote:
>
>>--------------
>>In the source code of com/sun/security/sasl/digest/DigestMD5Base.java, I
>>found the following linies:
>>---------------------------
>> private static final String[] JCE_CIPHER_NAME = {
>> "Cipher.DESede",
>> "Cipher.RC4",
>> "Cipher.DES",
>> };
>>Those strings will be used to match the cipher name from system providers.
>>-------------------
>> protected static byte[] getPlatformCiphers() {
>> Provider[] providers = java.security.Security.getProviders();
>> Set set;
>>
>> byte[] ciphers = new byte[CIPHER_TOKENS.length];
>> for (int j = 0; j < providers.length; j++) {
>> set = providers[j].keySet();
>> ......
>> if (set.contains(JCE_CIPHER_NAME[RC4])) {
>> logger.log(Level.FINE, "DIGEST03:Platform supports rc4");
>> ciphers[RC4] |= CIPHER_MASKS[RC4];
>> ciphers[RC4_56] |= CIPHER_MASKS[RC4_56];
>> ciphers[RC4_40] |= CIPHER_MASKS[RC4_40];
>> }
>> }
>> ......
>>}
>>--------------------------
>
>
> I think this method of testing that an algorithm is available is not very
> wise and needs to be changed.
>
> I don't know how our "J2SE required algorithm list" turned out, but it may
> require all of those algorithms, in which case this code would seem
> completely redundant.
>
> Otherwise, a better way of testing if an encryption algorithm is available
> is to just call Cipher.getInstance(algorithm). Another method is to
> iterate over Security.getProviders() and call
> provider.getService("Cipher", name). If you get a non-null value, the
> algorithm is supported. (The performance difference between these two
> options is negligible)
###@###.### 2005-1-12 03:12:01 GMT