On 12/19/17 8:39 PM, Weijun Wang wrote:
On Dec 20, 2017, at 5:02 AM, Sean Mullan <sean.mul...@oracle.com> wrote:
On 12/19/17 10:52 AM, Weijun Wang wrote:
* AesSha2DkCrypto.java
- why does stringToKey(char[] password, String salt, byte[] s2kparams) swallow
exceptions but stringToKey(char[] secret, byte[] salt, byte[] params) does not?
I simply copy the behavior of the same methods for other etypes. Looks like the
later is always private and called by the former. The former is called by
EncryptionKey::acquireSecretKey and this method was designed to accept a null
value instead of handle an exception.
Ok, I suggest logging the exception if debug is enabled.
The debug flag inside AesDkCrypto and AesSha2DkCrypto are hardcoded to false
and not customizable by any system property (and turning it on shows a lot of
sensitive things). I can reuse the Krb5.DEBUG flag (controlled by
-Dsun.security.krb5.debug=true) but it has never been used inside this level.
Also, the only reason for exception I can see is that a user managed to pack a
non-positive iteration count into the s2kparams. This should be quite rare.
Is that a programming error or something that could be from data sent
over the network? If only the former, I would say that those exceptions
should not be suppressed.
The code can also throw GeneralSecurityException but those are also
always suppressed because of the catch block. Is that the right behavior?
--Sean
