JDK 8 Code Review Request: 7187962: sun.security.pkcs11.P11DSAKeyFactory.implTranslatePublicKey doesn't check if params is null
Sean Mullan
sean.mullan at oracle.com
Thu Aug 9 20:22:27 UTC 2012
On 8/9/12 4:09 PM, Valerie (Yu-Ching) Peng wrote:
>
> Yes, various places assume that the params being non-null since they are
> needed for crypto operations.
> I think what you have here is the right fix for the particular test failure.
> Do you know if Certificate.getPublicKey() is called on a certificate
> contains a DSA key whose DSA params should be inherited from the signing
> CA, will the returned DSA public key has the necessary params?
Yes, in this case BasicChecker already has logic to check for and inherit the
DSA Params from the certificate issuer's key, if necessary. It basically
recreates a new DSA key with the inherited params before using it to verify a
signature on the next cert in the chain.
Thanks for the quick review.
--Sean
>
> Thanks,
> Valerie
>
> On 08/09/12 06:53, Sean Mullan wrote:
>> I have re-worked this fix so that our PKIX CertPathValidator implementation
>> detects if a TrustAnchor's DSA key has no parameters *before* using it to verify
>> a signature. This is a cleaner fix, as it turns out there is quite a bit of
>> existing code in JCE that already assumes a DSA key has parameters, and will
>> throw an NPE if it doesn't.
>>
>> Please review:
>>
>> http://cr.openjdk.java.net/~mullan/webrevs/7187962/webrev.01/
>>
>> Thanks,
>> Sean
>>
>> On 8/6/12 10:43 AM, Sean Mullan wrote:
>>> Hi Valerie,
>>>
>>> Could you please review this simple fix to
>>> P11DSAKeyFactory.implTranslatePublicKey?
>>>
>>> http://cr.openjdk.java.net/~mullan/webrevs/7187962/webrev.00/
>>>
>>> Thanks,
>>> Sean
>>>
>
More information about the security-dev
mailing list