I've created a webrev for Florain at
http://cr.openjdk.java.net/~weijun/6415637/webrev.00/
Very tiny format changes, removing trailing whitespaces, change TABs to
spaces, and add braces for one-line block in two places.
The code change looks fine, but I would like to get a confirmation from
someone in the JCE team.
Thanks
Max
On 01/31/2012 09:47 PM, Florian Weimer wrote:
I've ported my previous patch to fix bug 6415637 to the current jdk8-tl
forrest.
There are two related changes (quoting from the initial submission):
1. The password and salt expansion resulted in a division by zero for
empty password strings.
2. Practically speaking, there are two different ways of deriving keys
from an empty passphrase: the terminating NUL character is required
by the specification, but is left out by some implementations
(including OpenJDK if the first bug is fixed). OpenSSL tries to
decrypt with both encodings, and the patch implements that as well.
It is difficult to properly implement the retry behavior without
changing any interfaces, so this patch uses "\0" for the password
*without* a NUL terminator. This is a bit confusing, but it ensures
that passing an empty string as the password creates a PKCS#12 store
which is compliant with the specification.
Because of the division of zero issue, the second change does not
actually modify visible behavior.
To my knowledge, there is now an OCA which covers this change.
