RFR: 8302225: SunJCE Provider doesn't validate key sizes when using 'constrained' transforms for AES/KW and AES/KWP [v2]

Xue-Lei Andrew Fan xuelei at openjdk.org
Thu Feb 16 04:40:58 UTC 2023


On Thu, 16 Feb 2023 01:30:49 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Due to an error in the existing regression test, this bug remain undiscovered until now. Added the key size check to the KeyWrapCipher class and fixed the regression test.
>> 
>> Please help review this trivial fix.
>> 
>> Thanks in advance,
>> Valerie
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Refactor to address review comments

Looks good to me.  Thanks!

-------------

Marked as reviewed by xuelei (Reviewer).

PR: https://git.openjdk.org/jdk/pull/12569



More information about the security-dev mailing list