RFR: 8308010: X509Key and PKCS8Key allows garbage bytes at the end
Sean Mullan
mullan at openjdk.org
Wed May 17 18:55:54 UTC 2023
On Wed, 17 May 2023 18:51:11 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/pkcs/PKCS8Key.java line 99:
>>
>>> 97: } catch (IOException e) {
>>> 98: throw new InvalidKeyException("IOException: " +
>>> 99: e.getMessage());
>>
>> How about including the cause in the IKE? Also, I suggest an error message such as "unable to decode key".
>>
>> Same comments for `X509Key`.
>
> Oh, that was old behavior. Would you like the same for https://github.com/openjdk/jdk/blob/199c84a0a2b74f855d75871a26205e05bcf8dc4b/src/java.base/share/classes/sun/security/pkcs/PKCS8Key.java#L138 as well?
Sure.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13958#discussion_r1196935852
More information about the security-dev
mailing list