> This PR updates the cipher transformation parsing and verification logic to > be stricter and throws NoSuchAlgorithmException (NSAE) when additional > slash(es) is found. With the existing parsing logic, the extra slash(es) is > likely to end up in the last component, i.e. the padding scheme, and lead to > NoSuchPaddingException (NSPE) from the underlying CipherSpi object. > > Out of the supported cipher algorithms for all JDK providers, PBES2 cipher > algorithms and RSA cipher with OAEP paddings may contain truncated SHA-512 in > their transformations. This proposed fix would check for truncated SHA in > both algorithm and padding schemes and throws NSAE if any extra slash is > found. > > Thanks in advance for the review~
Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: Updated based on Weijun's suggestion. ------------- Changes: - all: https://git.openjdk.org/jdk/pull/27615/files - new: https://git.openjdk.org/jdk/pull/27615/files/5b29656b..6fa2a15f Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=27615&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=27615&range=01-02 Stats: 61 lines in 1 file changed: 9 ins; 15 del; 37 mod Patch: https://git.openjdk.org/jdk/pull/27615.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/27615/head:pull/27615 PR: https://git.openjdk.org/jdk/pull/27615
