Re: OpenJDK11u: Backward incompatible behavior

2020-03-17 Thread Alexey Bakhtin 
Hi Kumar,

I have no OpenJDK Author account yet, so I had to ask another authors to 
publish my patches. All patches still available, but on different locations:

[1] JDK11 patch: http://cr.openjdk.java.net/~yan/8239788/webrev.0/
[2] JDK11 patch: http://cr.openjdk.java.net/~yan/8239788/webrev.1/
[3] JDK15 patch: http://cr.openjdk.java.net/~yan/8239788/webrev.2/
[4] JDK11 patch: http://cr.openjdk.java.net/~yan/8239788/webrev.3/
[5] JDK11 patch: http://cr.openjdk.java.net/~bae/8239788/webrev.v3/
[6] JDK15 patch: http://cr.openjdk.java.net/~bae/8239788/webrev.v4/
[7] JDK15 patch: http://cr.openjdk.java.net/~dcherepanov/8239788/webrev.v5/

Regards
Alexey

On 17 Mar 2020, at 05:44, Kumar Srinivasan 
mailto:kusriniva...@vmware.com>> wrote:

Hi Alexey - I was trying to understand the fix for the "Unexpected number of 
plaintext bytes” issue.

But it appears that the earlier iterations of the webrevs have disappeared, 
only webrev.5 is available in [1]
In  the future it would be a good practice, to retain all the webrevs for 
sometime.

Thanks

Kumar

[1] http://cr.openjdk.java.net/~dcherepanov/8239788/

Re: RFR JDK-8227024 : Remove the deprecated javax.security.cert APIs

2020-03-17 Thread Alan Bateman 

On 16/03/2020 08:31, Paul Stanley wrote:

Hi.


I believe that you should remove deprecated javax api's. By delaying 
it, you are pushing the problem into 2022.



If they are removed now then it will force developers to use the 
correct crypto api's, rather than using a mixture which is what's 
currently happening.



The compatibility problem for historic code can fixed by an optional 
3rd party library/module.
No, the main issue here isn't the terminally deprecated 
javax.security.cert package but the methods in the SSLSession interface 
and HandshakeCompletedEvent class. See the follow-up thread "8241039, 
Retire the deprecated SSLSession.getPeerCertificateChain() method" for 
the proposal that provides a migration path for libraries once they get 
to JDK 15 or newer.


-Alan

RFR: 8076999: SunJCE support of password-based encryption scheme 2 params (PBES2) not working

2020-03-17 Thread Jamil Nimeh 

Hello all,

I'm finally getting back around to this after dusting off the cobwebs.

Webrev: https://cr.openjdk.java.net/~jnimeh/reviews/8076999/webrev.03

Bug: https://bugs.openjdk.java.net/browse/JDK-8076999

Valerie, you had some comments from way back (7/9/2019).  Just a short 
summary of what's been done to address them:


 * Removed unused imports
 * Added a default "PBES2" string value for when the toString method is
   called on a PBES2Parameters object before the init() method.
 * Tested encoding of PBKDF2 parameters AlgorithmIdentifiers with the
   optional parameters field not present (as opposed to an ASN.1
   NULL).  OpenSSL seems happy with it so that's how we'll encode those.
 * Switched order on the IV and keysize parsing for RC2 parameters
 * Using KEYLEN_ANY (changed to KEYLEN_UNSPEC) now in lieu of -1 in the
   conditionals you cited.
 * For algorithms where the key length is implicit either due to the
   algorithm or the specific OID, we no longer assert the key length in
   the KDF parameters.  This is consistent with other implementations
   such as OpenSSL.
 * Regarding the comment from the parsing in engineInit(byte[])

"By calling data.getDerValue(), we are essentially peeling one layer 
off, right? If you still agree with me at this point, then note that 
pBES2_params is a local variable and its value should be the same unless 
explicitly re-assigned (as on line 413). Thus, per my reading of the 
code, the tag that you are checking on line 419 is not the one for 
encryption scheme, but rather the outer sequence tag encapsulating kdf 
and encryption scheme. Its current location is very misleading though, 
in between kdf and encryption scheme. To really check the tag for kdf 
and encryption scheme, the tag checking should be in parseKDF(...) and 
parseES(...) against the DerValue argument."


I did add a DerValue check in parseKDF because it is appropriate as you 
stated.  I also removed the check from line 419 in the old webrev.  With 
the new code that check is redundant as we are using AlgorithmId.parse() 
now as the initial operation in parseES, which in turn does the sequence 
tag check for us.


The check itself on 419 though is testing the ASN.1 tag for the 
Encryption scheme, not the higher level sequence for PBES2-params.  
Otherwise neither the KDF nor the encryption scheme would parse properly 
and none of the tests would pass.


With this new code, parseKDF and parseES are testing the outer SEQUENCE 
tags for each of the AlgorithmIdentifier objects described by 
keyDerivationFunc and encryptionScheme per RFC 8018.


 * keysize setting: This one is a bit tricky because key size is
   specified in multiple ways.  The basic flow is this.  Key size will
   start as KEYLEN_UNSPEC.  If it is at any point specified, either via
   the constructor, by KDF params, or by enc params then that is the
   value that is set.  At near the end of parsing a validation of the
   encryption parameters occurs and at that point the key length is
   checked against the algorithm.  If it is an alg that uses a fixed
   value then keysize has to be consistent with it.  If it is variable
   length and it is still KEYSIZE_UNSPEC that is also a failure (since
   something needs to be specified to distinguish RC2_40 from RC2_128,
   for example).
 o This approach seems to work and catches the issue you found
   where certain DER encodings could yield things like
   PBEWithHmacSHA256AndRC5_-1.
 * Added some new tests to handle the changes listed above.

I'll be updating the CSR shortly to reflect comments there and I'll send 
a separate review notice for that.


Thanks,

--Jamil