-
Task
-
Resolution: Done
-
Major
-
JBossAS-3.2.6 Final, JBossAS-4.0.1 Final
-
None
The current mechanism of creating a cipher iv during the request of the SRPParameters from the SRPServerInterface, and trying to initialize the cipher with this regardless of whether the cipher supports an iv cannot be handled consistently across the jce implementations of jdk 1.3, 1.4.x and 1.5.
The creation of the cipher iv needs to be pushed to the SRPVerifierStore and its VerifierInfo data object as this is where the cipher algorithm originates. This is potentially an incompatible change for SRPVerifierStore implementations that are using cipher algorithms that do require a cipher iv. The SRPVerifierStore implementation will need to be updated to populate the VerifierInfo.cipherIV in this situation.