On Thu, 2 Oct 2025 23:14:48 GMT, Valerie Peng <[email protected]> wrote:
> This PR updates the cipher transformation parsing and verification logic to > be stricter and throws NoSuchAlgorithmException (NSAE) when additional > slash(es) is found. With the existing parsing logic, the extra slash(es) is > likely to end up in the last component, i.e. the padding scheme, and lead to > NoSuchPaddingException (NSPE) from the underlying CipherSpi object. > > Out of the supported cipher algorithms for all JDK providers, PBES2 cipher > algorithms and RSA cipher with OAEP paddings may contain truncated SHA-512 in > their transformations. This proposed fix would check for truncated SHA in > both algorithm and padding schemes and throws NSAE if any extra slash is > found. > > Thanks in advance for the review~ src/java.base/share/classes/javax/crypto/Cipher.java line 329: > 327: SHA512TRUNCATED.length()); > 328: sha512SlashIdx = (sha512Idx != -1 ? sha512Idx + 3 : -2); > 329: } The logic is quite complex. Can you create a dedicated method for it like `indexOfRealSlashIn(String s)`? Also, although we know there is no `512/2` in valid `mode`, there is no need to treat it specially, especially if we have `indexOfReachSlashIn`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/27615#discussion_r2400611322
