[security-dev 00284]: Cleaning up crypto support

Mark Wielaard mark at klomp.org
Thu Aug 28 06:44:09 PDT 2008


Hi,

There is still a lot of cruft in the codebase for preventing the usage
of certain crypto algorithms or key-sizes. And we were actually shipping
restricted policies preventing people from using unlimted crypto. Oops.

So if you saw: "java.securityInvalidKeyException: Illegal key size or
default parameters" that was caused by wrongly installed security policy
files. The code was actually there, just not properly activated.

This patch cleans up the crypto code so it doesn't go out of its way to
prevent usage of "restricted crypto" and makes sure no restricted crypto
security policies are installed.

2008-08-28  Mark Wielaard  <mjw at redhat.com>

    * patches/icedtea-clean-crypto.patch: New patch.
    * Makefile.am (ICEDTEA_PATCHES): Add icedtea-clean-crypto.patch.

This should enable all normal crypto usage by default. And now a make
check-jdk makes sure the jtreg tests that are run and test "unlimited
crypto".

Cheers,

Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: icedtea-clean-crypto.patch
Type: text/x-patch
Size: 24049 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/security-dev/attachments/20080828/84f6a4f0/icedtea-clean-crypto.patch 


More information about the security-dev mailing list