Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: allow to use password encrypted keys #49

Merged
merged 4 commits into from
Sep 25, 2020
Merged

fix: allow to use password encrypted keys #49

merged 4 commits into from
Sep 25, 2020

Conversation

kuisathaverat
Copy link
Contributor

@kuisathaverat kuisathaverat commented Sep 5, 2020
edited
Loading

see JENKINS-63601

java.lang.IllegalArgumentException: java.security.NoSuchAlgorithmException: Cannot find any provider supporting PBEWithMD5AndDESede
	at com.trilead.ssh2.crypto.cipher.JreCipherWrapper.getInstance(JreCipherWrapper.java:26)
	at com.trilead.ssh2.crypto.cipher.JreCipherWrapperTest.testPBEWithMD5AndDESede(JreCipherWrapperTest.java:60)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)


testSupportedCiphersAvailable(com.trilead.ssh2.crypto.cipher.JreCipherWrapperTest)  Time elapsed: 0.107 sec  <<< ERROR!
java.lang.IllegalArgumentException: java.security.NoSuchAlgorithmException: Cannot find any provider supporting PBEWithMD5AndAES_128
	at com.trilead.ssh2.crypto.cipher.JreCipherWrapper.getInstance(JreCipherWrapper.java:26)
	at com.trilead.ssh2.crypto.cipher.JreCipherWrapperTest.testSupportedCiphersAvailable(JreCipherWrapperTest.java:62)

regression #45

@kuisathaverat kuisathaverat self-assigned this Sep 5, 2020
@MarkEWaite
Copy link

I confirmed that PBEWithMD5AndTripleDES is mentioned in https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html and in other articles and that PBEWithMD5AndDESede is mentioned elsewhere but is not mentioned in the Oracle docs.

@kuisathaverat kuisathaverat changed the title fix: set Triple DES cipher name [WIP] fix: set Triple DES cipher name Sep 6, 2020
@kuisathaverat kuisathaverat changed the title [WIP] fix: set Triple DES cipher name [WIP] fix: allow to use password encrypted keys Sep 6, 2020
@jvz
Copy link
Member

jvz commented Sep 8, 2020

It's bad enough that 3DES is still in use (it's incredibly slow compared to pretty much any other symmetric cipher; it might still be secure); I remember coming across this problem back when I was working on it. Depending on which JCA providers you have installed, 3DES has two different names apparently.

jvz
jvz reviewed Sep 8, 2020
View reviewed changes
src/com/trilead/ssh2/crypto/PEMDecoder.java

MessageDigest digest = null;
try {
digest = MessageDigest.getInstance("MD5");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: is there a @SuppressWarnings of some sort to apply here? Any sort of static code scanner will end up crying about MD5 usage despite it being valid here.

src/com/trilead/ssh2/crypto/PEMDecoder.java Show resolved Hide resolved
src/com/trilead/ssh2/crypto/PEMDecoder.java Outdated Show resolved Hide resolved
@kuisathaverat kuisathaverat merged commit e52ed03 into jenkinsci:master Sep 25, 2020
@kuisathaverat kuisathaverat changed the title [WIP] fix: allow to use password encrypted keys fix: allow to use password encrypted keys Sep 25, 2020
@kuisathaverat kuisathaverat deleted the fix_triple_des branch December 20, 2024 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jvz jvz jvz left review comments

@MarkEWaite MarkEWaite MarkEWaite approved these changes

Assignees

@kuisathaverat kuisathaverat

Labels
bug WIP
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kuisathaverat @MarkEWaite @jvz