-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: None
-
Component/s: security-libs
-
None
-
b27
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8268837 | 18 | Valerie Peng | P3 | Resolved | Fixed | b02 |
When using the AES KW and KWP ciphers from SunJCE provider, it is observed that unexpected NPE occur calling getIV() and getParameters() if init() is not yet called. When the cipher object has not yet been initialized with init(), the internal iv field has value 'null'. The getIV() should check for null value (meaning iv has not been set as no init() call takes place) before cloning the iv. As for getParameters(), it should also check for null iv and return a default parameters as the javadoc suggested.
- backported by
-
JDK-8268837 SunJCE provider may throw unexpected NPE for un-initialized AES KW/KWP Ciphers
-
- Resolved
-
- relates to
-
JDK-8248268 Support KWP in addition to KW
-
- Resolved
-
