JDK-8296217 : Release Note: Crypto-J exception for Diffie-Hellman and DSA AlgorithmParameters requests
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8u371,11.0.19-oracle,17.0.7-oracle
  • Priority: P4
  • Status: Resolved
  • Resolution: Delivered
  • Submitted: 2022-11-02
  • Updated: 2022-11-07
  • Resolved: 2022-11-04
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17
17.0.7-oracleResolved
Description
An implementation detail from the JDK-8242556 fix translates an algorithm ID in OID notation to the human readable string format before retrieving a provider to work with that AlgorithmParameters request. An implementation detail in the Crypto-J provider means that the provider registers for the "Diffie-Hellman" (DH) and "DSA" AlgorithmParameters services but doesn't register for their OID equivalent values. Since JDK-8242556, all DSA and DH AlgorithmParameters requests are directed to the Crypto-J provider, if registered as the priority provider, which handles the human readable form of the algorithm. 

A bug in the Crypto-J provider means that it can throw an IOException if decoding DH/DSA parameters with the following exception message: "Could not decode parameters."

Crypto-J version 6.2.6.2 is released to fix this issue. Applications using the this provider should upgrade to that patch or later. JDK-8278027 is a JDK interoperability aid to revert the lookup of security Provider for DH/DSA AlgorithmParameters service to the implementation used prior to JDK-8242556