Integrated: 8302225: SunJCE Provider doesn't validate key sizes when using 'constrained' transforms for AES/KW and AES/KWP
Valerie Peng
valeriep at openjdk.org
Thu Feb 16 23:17:01 UTC 2023
On Wed, 15 Feb 2023 02:23:31 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> Due to an error in the existing regression test, this bug remain undiscovered until now. Added the key size check to the KeyWrapCipher class and fixed the regression test.
>
> Please help review this trivial fix.
>
> Thanks in advance,
> Valerie
This pull request has now been integrated.
Changeset: 4ce493f0
Author: Valerie Peng <valeriep at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/4ce493f09ea3a34322462e82fd73b8375be1cba5
Stats: 60 lines in 2 files changed: 36 ins; 13 del; 11 mod
8302225: SunJCE Provider doesn't validate key sizes when using 'constrained' transforms for AES/KW and AES/KWP
Reviewed-by: xuelei
-------------
PR: https://git.openjdk.org/jdk/pull/12569
More information about the security-dev
mailing list