RFR: 8302225: SunJCE Provider doesn't validate key sizes when using 'constrained' transforms for AES/KW and AES/KWP [v2]
Valerie Peng
valeriep at openjdk.org
Thu Feb 16 01:30:49 UTC 2023
> Due to an error in the existing regression test, this bug remain undiscovered until now. Added the key size check to the KeyWrapCipher class and fixed the regression test.
>
> Please help review this trivial fix.
>
> Thanks in advance,
> Valerie
Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
Refactor to address review comments
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/12569/files
- new: https://git.openjdk.org/jdk/pull/12569/files/e3ba3672..38851051
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=12569&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=12569&range=00-01
Stats: 42 lines in 1 file changed: 19 ins; 18 del; 5 mod
Patch: https://git.openjdk.org/jdk/pull/12569.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/12569/head:pull/12569
PR: https://git.openjdk.org/jdk/pull/12569
More information about the security-dev
mailing list