stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8286090: Add RC2/RC4 to jdk.security.legacyAlgorithms

Browse Source 
Reviewed-by: mullan
This commit is contained in:
Hai-May Chao 2022-05-17 21:47:54 +00:00
parent f17c68ce4a
commit 2ed75be659
2 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/java.base/share/conf/security/java.security
View File

@ -654,7 +654,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
jdk.security.legacyAlgorithms=SHA1, \
RSA keySize < 2048, DSA keySize < 2048, \
DES, DESede, MD5
DES, DESede, MD5, RC2, ARCFOUR
#
# Algorithm restrictions for signed JAR files

20
test/jdk/sun/security/tools/keytool/WeakSecretKeyTest.java
View File

@ -23,7 +23,7 @@
/*
* @test
* @bug 8255552
* @bug 8255552 8286090
* @summary Test keytool commands associated with secret key entries which use weak algorithms
* @library /test/lib
*/
@ -57,12 +57,26 @@ public class WeakSecretKeyTest {
.shouldNotMatch("The generated secret key uses the AES algorithm.*considered a security risk")
.shouldHaveExitValue(0);
SecurityTools.keytool("-keystore ks.p12 -storepass changeit " +
"-genseckey -keyalg RC2 -alias rc2key -keysize 128")
.shouldContain("Warning")
.shouldMatch("The generated secret key uses the RC2 algorithm.*considered a security risk")
.shouldHaveExitValue(0);
SecurityTools.keytool("-keystore ks.p12 -storepass changeit " +
"-genseckey -keyalg RC4 -alias rc4key -keysize 1024")
.shouldContain("Warning")
.shouldMatch("The generated secret key uses the ARCFOUR algorithm.*considered a security risk")
.shouldHaveExitValue(0);
SecurityTools.keytool("-keystore ks.p12 -storepass changeit " +
"-list -v")
.shouldContain("Warning")
.shouldMatch("<des3key> uses the DESede algorithm.*considered a security risk")
.shouldMatch("<deskey> uses the DES algorithm.*considered a security risk")
.shouldNotMatch("<aeskey> uses the AES algorithm.*considered a security risk")
.shouldMatch("<rc2key> uses the RC2 algorithm.*considered a security risk")
.shouldMatch("<rc4key> uses the ARCFOUR algorithm.*considered a security risk")
.shouldHaveExitValue(0);
SecurityTools.setResponse("changeit", "changeit");
@ -71,6 +85,8 @@ public class WeakSecretKeyTest {
.shouldContain("Warning")
.shouldMatch("<des3key> uses the DESede algorithm.*considered a security risk")
.shouldMatch("<deskey> uses the DES algorithm.*considered a security risk")
.shouldMatch("<rc2key> uses the RC2 algorithm.*considered a security risk")
.shouldMatch("<rc4key> uses the ARCFOUR algorithm.*considered a security risk")
.shouldHaveExitValue(0);
SecurityTools.keytool("-keystore ks.new -storepass changeit " +
@ -78,6 +94,8 @@ public class WeakSecretKeyTest {
.shouldContain("Warning")
.shouldMatch("<des3key> uses the DESede algorithm.*considered a security risk")
.shouldMatch("<deskey> uses the DES algorithm.*considered a security risk")
.shouldMatch("<rc2key> uses the RC2 algorithm.*considered a security risk")
.shouldMatch("<rc4key> uses the ARCFOUR algorithm.*considered a security risk")
.shouldHaveExitValue(0);
Files.writeString(Files.createFile(Paths.get(JAVA_SECURITY_FILE)),