RFR: 6227536: KeyGenerator.init() methods do not throw IllegalArgumentException for keysize == 0 [v2]
Bradford Wetmore
wetmore at openjdk.org
Thu Jul 28 20:36:35 UTC 2022
On Thu, 28 Jul 2022 20:02:29 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> As mentioned in the bug report, this issue *should not* be a framework-level issue, since potentially an individual provider could create a keysize of zero to have a certain significance.
>>
>> In the changes made here, the check is for `keysize <= 0` and this message indicates this is a check characteristic to the `SunJCE` provider.
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>
> formatting
Needs regression tests.
Have you looked at the other Key(Pair)Generators? We've probably added more when this bug was filed. I took a quick look at some, and they were covered. (DES/DESede/Blowfish/AES/etc.)
src/java.base/share/classes/com/sun/crypto/provider/HmacMD5KeyGenerator.java line 93:
> 91:
> 92: if (keysize <= 0) {
> 93: throw new IllegalArgumentException("keysize must not be <= 0 for SunJCE");
< 80 chars please
src/java.base/share/classes/com/sun/crypto/provider/HmacSHA1KeyGenerator.java line 93:
> 91:
> 92: if (keysize <= 0) {
> 93: throw new IllegalArgumentException("keysize must not be <= 0 for SunJCE");
Same
-------------
PR: https://git.openjdk.org/jdk/pull/9679
More information about the security-dev
mailing list