> This PR updates the cipher transformation parsing and verification logic to > be stricter and throws NoSuchAlgorithmException (NSAE) when additional > slash(es) is found. With the existing parsing logic, the extra slash(es) is > likely to end up in the last component, i.e. the padding scheme, and lead to > NoSuchPaddingException (NSPE) from the underlying CipherSpi object. > > Out of the supported cipher algorithms for all JDK providers, PBES2 cipher > algorithms and RSA cipher with OAEP paddings may contain truncated SHA-512 in > their transformations. This proposed fix would check for truncated SHA in > both algorithm and padding schemes and throws NSAE if any extra slash is > found. > > Thanks in advance for the review~
Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: refactored using record to keep track of indices ------------- Changes: - all: https://git.openjdk.org/jdk/pull/27615/files - new: https://git.openjdk.org/jdk/pull/27615/files/65c4ca6f..5b29656b Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=27615&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=27615&range=00-01 Stats: 96 lines in 1 file changed: 43 ins; 44 del; 9 mod Patch: https://git.openjdk.org/jdk/pull/27615.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/27615/head:pull/27615 PR: https://git.openjdk.org/jdk/pull/27615
