On Tue, 7 Oct 2025 20:42:48 GMT, Valerie Peng <[email protected]> wrote:
>> This PR updates the cipher transformation parsing and verification logic to >> be stricter and throws NoSuchAlgorithmException (NSAE) when additional >> slash(es) is found. With the existing parsing logic, the extra slash(es) is >> likely to end up in the last component, i.e. the padding scheme, and lead to >> NoSuchPaddingException (NSPE) from the underlying CipherSpi object. >> >> Out of the supported cipher algorithms for all JDK providers, PBES2 cipher >> algorithms and RSA cipher with OAEP paddings may contain truncated SHA-512 >> in their transformations. This proposed fix would check for truncated SHA in >> both algorithm and padding schemes and throws NSAE if any extra slash is >> found. >> >> Thanks in advance for the review~ > > Valerie Peng has updated the pull request incrementally with one additional > commit since the last revision: > > removed unused variable Thanks for the review~ ------------- PR Comment: https://git.openjdk.org/jdk/pull/27615#issuecomment-3379691303
