[9] RFR 8049312: AES/CICO test failed with on several modes

Valerie Peng valerie.peng at oracle.com
Thu Dec 11 03:20:52 UTC 2014


Still looking for a reviewer for this fix...

Thanks,
Valerie

On 8/22/2014 1:50 PM, Valerie Peng wrote:
> Ping again. Anyone has time to review?
>
> The webrev has been updated in place for
> 1) to reflect the new modular path
> 2) update of test/ProblemList.txt given the integration of the failed 
> test (done in a separate bug fix which adds bunch of new tests).
>
> The main changes are in CipherCore.java to pass the correct data size 
> when calling cipher.encrypt/decrypt(...).
> Also, updated the various modes implementation so that an Exception is 
> thrown if data with incorrect length are passed. This is to make the 
> code more robust.
>
> Thanks,
> Valerie
>
> On 7/18/2014 4:12 PM, Valerie Peng wrote:
>>
>> Can someone please help reviewing this following fix?
>> https://bugs.openjdk.java.net/browse/JDK-8049312
>> Webrev: http://cr.openjdk.java.net/~valeriep/8049312/webrev.00/
>>
>> The must-fix change is in || 
>> src/share/classes/com/sun/crypto/provider/CipherCore.java which is to 
>> correct the data size calculation based on "unitBytes". For example, 
>> for CFB24, our current impl assumes the given data will be multiples 
>> of 3 bytes. When the given data isn't multiples of 3, it will 
>> continue but then the result is incorrect.
>>
>> To make the code more robust, I think we should explicitly check and 
>> error out when the given data doesn't have the correct size. Thus, I 
>> have added the input-length check to the various mode 
>> implementations. Along the way, I also fixed javadoc typos, removed 
>> redundancies, etc.
>>
>> Thanks,
>> Valerie
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20141210/aa380e7a/attachment.htm>


More information about the security-dev mailing list