Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8178728

Check the AlgorithmParameters in algorithm constraints

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P3
    • 10
    • 6
    • security-libs
    • None

    Backports

      Description

        The DisabledAlgorithmConstraints.permits() does not consider the impact of AlgorithmParameters.

        107 public final boolean permits(Set<CryptoPrimitive> primitives,
        108 String algorithm, AlgorithmParameters parameters) {
        109 return checkAlgorithm(disabledAlgorithms, algorithm, decomposer);
        110 }

        The 'parameters' argument is not used here. However, the parameters may contains security information (for example key sizes, DSA, DH, RSA parameters).

        TLS implementation depends on this method to check the validity of a AlgorithmParameters. For example, in the FFDHE implementation, it is needed to check whether a DH group (DHE parameter) is available or not. If parameters checking is ignore in the constraints checking, unavailable/disabled DH groups may be requested and negotiated for a TLS/DTLS handshaking, and then the handshaking fails because the negotiated key is disabled by the constraints.

        Adding the following lines to test/sun/security/ssl/DHKeyExchange/UseStrongDHSizes.java can be used as regression test.

         * @run main/othervm UseStrongDHSizes 3072
         * @run main/othervm UseStrongDHSizes 4096
         * @run main/othervm UseStrongDHSizes 6144

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8181716 Check the AlgorithmParameters in algorithm constraints

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8181717 Check the AlgorithmParameters in algorithm constraints

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8181718 Check the AlgorithmParameters in algorithm constraints

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8181719 Check the AlgorithmParameters in algorithm constraints

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8190119 Check the AlgorithmParameters in algorithm constraints

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8192416 Check the AlgorithmParameters in algorithm constraints

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8195239 Check the AlgorithmParameters in algorithm constraints

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8195400 Check the AlgorithmParameters in algorithm constraints

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8197191 Check the AlgorithmParameters in algorithm constraints

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8200038 Check the AlgorithmParameters in algorithm constraints

            • P3 - Major loss of function.
            • Resolved
            blocks

            Enhancement - null JDK-8140436 Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS

            • P3 - Major loss of function.
            • Resolved

            Activity

              People

                xuelei Xuelei Fan
                xuelei Xuelei Fan
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: