On Tue, 23 Mar 2021 19:56:40 GMT, Greg Rubin
<github.com+829871+salusasecon...@openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Changed AlgorithmParameters impls to register under AES/KW/NoPadding and
>> AES/KWP/NoPadding
>
> src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java
> line 69:
>
>> 67: if (!Arrays.equals(ivAndLen, 0, ICV2.length, icv, 0,
>> ICV2.length)) {
>> 68: throw new IllegalBlockSizeException("Integrity check
>> failed");
>> 69: }
>
> While I cannot find any public discussion of this, I'm always uncomfortable
> checking the plaintext (prior to authentication) against a known value in
> non-constant time. I'm worried that this (and the equivalent in the unpadded
> version) might be a problem in the future.
This is just IV and length, not plaintext. So, I didn't use the constant time
array check. I can switch to the constant time version, it's trivial.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2404
