Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 9
Affects Version/s: 8u101, 9
Component/s: security-libs
Labels:

Subcomponent:
javax.crypto
Resolved In Build:
b150
Verification:
Verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8183856	8u161	Sean Mullan	P3	Resolved	Fixed	b01
JDK-8178539	8u152	Prasadarao Koppula	P3	Resolved	Fixed	b05
JDK-8192592	emb-8u161	Sean Mullan	P3	Resolved	Fixed	b01
JDK-8178541	7u171	Prasadarao Koppula	P3	Resolved	Fixed	b01
JDK-8181970	7u161	Sean Mullan	P3	Resolved	Fixed	b01
JDK-8194035	openjdk7u	Sean Mullan	P3	Resolved	Fixed	master

3rd party Jsafe provider registered in JDK. When initializing and debugging via java.security.debug=provider flag, we hit an NPE :

     [java] Provider: MessageDigest.SHA-256 algorithm from: SUN
     [java] Provider: Signature.SHA256withRSA verification algorithm from: SunRsaSign
     [java] Provider: MessageDigest.SHA-256 algorithm from: SUN
     [java] Provider: MessageDigest.SHA algorithm from: JsafeJCE
     [java] Exception in thread "main" java.lang.ExceptionInInitializerError
     [java] at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:318)
     [java] at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:263)
     [java] at javax.crypto.JceSecurity.access$000(JceSecurity.java:48)
     [java] at javax.crypto.JceSecurity$1.run(JceSecurity.java:81)
     [java] at java.security.AccessController.doPrivileged(Native Method)
     [java] at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:78)
     [java] at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:204)
     [java] at jce.common.AESKeyUtil.getSecretKey(AESKeyUtil.java:64)
     [java] at jce.asymCipher.RSAEncryptWithOAEP.runSample(RSAEncryptWithOAEP.java:86)
     [java] at jce.asymCipher.RSAEncryptWithOAEP.main(RSAEncryptWithOAEP.java:56)
     [java] Caused by: java.lang.SecurityException: Framework jar verification can not be initialized
     [java] at javax.crypto.JarVerifier.<clinit>(JarVerifier.java:189)
     [java] ... 10 more
     [java] Caused by: java.lang.NullPointerException
     [java] at java.security.Signature.initVerify(Signature.java:462)
     [java] at com.rsa.cryptoj.o.pq.a(Unknown Source)
     [java] at com.rsa.cryptoj.o.pq.verify(Unknown Source)
     [java] at javax.crypto.JarVerifier.testSignatures(JarVerifier.java:737)
     [java] at javax.crypto.JarVerifier.access$400(JarVerifier.java:34)
     [java] at javax.crypto.JarVerifier$1.run(JarVerifier.java:183)
     [java] at javax.crypto.JarVerifier$1.run(JarVerifier.java:149)
     [java] at java.security.AccessController.doPrivileged(Native Method)
     [java] at javax.crypto.JarVerifier.<clinit>(JarVerifier.java:148)

backported by

JDK-8178539 NPE hit with java.security.debug=provider

Resolved

JDK-8178541 NPE hit with java.security.debug=provider

Resolved

JDK-8181970 NPE hit with java.security.debug=provider

Resolved

JDK-8183856 NPE hit with java.security.debug=provider

Resolved

JDK-8192592 NPE hit with java.security.debug=provider

Resolved

JDK-8194035 NPE hit with java.security.debug=provider

Resolved

relates to

JDK-8056026 Debug security logging should print Provider used for each crypto operation

Resolved

JDK-8170876 NPE in JCE engine classes with java.security.debug=provider

Closed

(1 backported by, 2 relates to)

Assignee:: Adam Petcher (Inactive)

Reporter:: Sean Coffey

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2016-09-09 01:18

Updated:: 2017-12-21 11:20

Resolved:: 2016-12-14 07:24

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates