Integrated: 8302225: SunJCE Provider doesn't validate key sizes when using 'constrained' transforms for AES/KW and AES/KWP

Valerie Peng valeriep at openjdk.org
Thu Feb 16 23:17:01 UTC 2023


On Wed, 15 Feb 2023 02:23:31 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

> Due to an error in the existing regression test, this bug remain undiscovered until now. Added the key size check to the KeyWrapCipher class and fixed the regression test.
> 
> Please help review this trivial fix.
> 
> Thanks in advance,
> Valerie

This pull request has now been integrated.

Changeset: 4ce493f0
Author:    Valerie Peng <valeriep at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/4ce493f09ea3a34322462e82fd73b8375be1cba5
Stats:     60 lines in 2 files changed: 36 ins; 13 del; 11 mod

8302225: SunJCE Provider doesn't validate key sizes when using 'constrained' transforms for AES/KW and AES/KWP

Reviewed-by: xuelei

-------------

PR: https://git.openjdk.org/jdk/pull/12569



More information about the security-dev mailing list