On Wed, 15 Feb 2023 05:30:06 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
>> Due to an error in the existing regression test, this bug remain
>> undiscovered until now. Added the key size check to the KeyWrapCipher class
>> and fixed the regression test.
>>
>> Please help review this trivial fix.
>>
>> Thanks in advance,
>> Valerie
>
> src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java line
> 302:
>
>> 300: if (fixedKeySize != -1 && fixedKeySize != keyBytes.length) {
>> 301: throw new InvalidKeyException("Invalid key length: " +
>> 302: keyBytes.length + " bytes, should be " +
>> fixedKeySize);
>
> Is it necessary to check that the key algorithm is "AES", and the size is a
> valid AES key size, as the code in engineGetKeySize()?
Makes sense to have a consistent check, I will refactor it. Thanks for the
comment~
-------------
PR: https://git.openjdk.org/jdk/pull/12569
