RFR: 8279800: isAssignableFrom checks in AlgorithmParametersSpi.engineGetParameterSpec appear to be backwards
Valerie Peng
valeriep at openjdk.java.net
Wed Jan 12 20:04:30 UTC 2022
On Wed, 12 Jan 2022 19:54:38 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> The check ensures casting always succeeds. The fact that this has not been noticed for such a long time means everyone is using the exact subclass type when calling the method.
>
> Right, I suppose so.
PBEKeyFactory.java, PBKDF2Core.java and PBKDF2HmacSHA1Factory.java also have isAssignableFrom() calls which seem backward. Perhaps covering them as well?
-------------
PR: https://git.openjdk.java.net/jdk/pull/7037
More information about the security-dev
mailing list