On Thu, 2 Oct 2025 23:14:48 GMT, Valerie Peng <[email protected]> wrote:
> This PR updates the cipher transformation parsing and verification logic to > be stricter and throws NoSuchAlgorithmException (NSAE) when additional > slash(es) is found. With the existing parsing logic, the extra slash(es) is > likely to end up in the last component, i.e. the padding scheme, and lead to > NoSuchPaddingException (NSPE) from the underlying CipherSpi object. > > Out of the supported cipher algorithms for all JDK providers, PBES2 cipher > algorithms and RSA cipher with OAEP paddings may contain truncated SHA-512 in > their transformations. This proposed fix would check for truncated SHA in > both algorithm and padding schemes and throws NSAE if any extra slash is > found. > > Thanks in advance for the review~ This pull request has now been integrated. Changeset: ac73e688 Author: Valerie Peng <[email protected]> URL: https://git.openjdk.org/jdk/commit/ac73e688b13595b63dcfc9ce0aee76e7262d68c3 Stats: 168 lines in 4 files changed: 50 ins; 58 del; 60 mod 8368984: Extra slashes in Cipher transformation leads to NSPE instead of NSAE Reviewed-by: weijun ------------- PR: https://git.openjdk.org/jdk/pull/27615
