-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P4
-
Affects Version/s: 8u66, 9
-
Component/s: security-libs
-
b109
-
generic
-
generic
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8151382 | 8-pool | Vincent Ryan | P4 | Open | Unresolved |
FULL PRODUCT VERSION :
A DESCRIPTION OF THE PROBLEM :
CipherSpi.engineGetKeySize() should return key size in bits. PBEWithSHA1AndDESede algorithm implementing class com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede returns key size in bytes. This enables usage of this algorithm without installing JCE Unlimited Strength Jurisdiction Policy Files. While this is maybe intended (permission javax.crypto.CryptoPermission "DESede", *; in default_local.policy) ti certainly isn't done right.
REPRODUCIBILITY :
This bug can be reproduced always.
A DESCRIPTION OF THE PROBLEM :
CipherSpi.engineGetKeySize() should return key size in bits. PBEWithSHA1AndDESede algorithm implementing class com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede returns key size in bytes. This enables usage of this algorithm without installing JCE Unlimited Strength Jurisdiction Policy Files. While this is maybe intended (permission javax.crypto.CryptoPermission "DESede", *; in default_local.policy) ti certainly isn't done right.
REPRODUCIBILITY :
This bug can be reproduced always.
- backported by
-
JDK-8151382 CipherSpi implementation of PBEWithSHA1AndDESede returns key size in bytes
-
- Open
-