RFR: 8357033: Reduce stateless session ticket size [v2]
Artur Barashev
abarashev at openjdk.org
Tue May 20 17:28:51 UTC 2025
On Tue, 20 May 2025 08:51:36 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Log error and return null no compress/decompress failure
>
> src/java.base/share/classes/sun/security/ssl/SessionTicketExtension.java line 250:
>
>> 248: result[3] = (byte)(key.num);
>> 249: System.arraycopy(iv, 0, result, Integer.BYTES, iv.length);
>> 250: result[Integer.BYTES + iv.length] = compressed;
>
> this byte should be authenticated. Either pass it to updateAAD, or to doFinal
Done, thanks!
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25310#discussion_r2098511576
More information about the security-dev
mailing list