RFR[11] JDK-8206171: Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized
Valerie Peng
valerie.peng at oracle.com
Mon Jul 16 22:16:10 UTC 2018
No issues found and it seems ok to return null if no parameters is set.
Thus, I have updated the webrev and CSR accordingly.
Bug: https://bugs.openjdk.java.net/browse/JDK-8206171
Webrev: http://cr.openjdk.java.net/~valeriep/8206171/webrev.01/
CSR: https://bugs.openjdk.java.net/browse/JDK-8206864
Thanks,
Valerie
On 7/13/2018 11:05 AM, Valerie Peng wrote:
>
> Hmm, I like the idea of expanding null to cover both cases.
> I will explore it more and see.
> Thanks for the feedback,
> Valerie
>
> On 7/13/2018 6:56 AM, Sean Mullan wrote:
>> On 7/12/18 10:23 PM, Weijun Wang wrote:
>>>
>>>
>>>> On Jul 13, 2018, at 10:01 AM, Valerie Peng
>>>> <valerie.peng at oracle.com> wrote:
>>>>
>>>> Hi Max,
>>>>
>>>> The javadoc is for Signature.getParameters(), so null can be
>>>> returned for signature algorithms which do not use parameters, e.g.
>>>> SHA256withDSA. As Signature class covers all signature algorithms,
>>>> I am not sure about mentioning specific algorithm names as it may
>>>> be lengthy and even misleading unless we list out all applicable
>>>> algorithms.
>>>
>>> Sure.
>>>
>>>>
>>>> The part of "default and randomly generated" is inherited from
>>>> existing javadoc. I think "default" in the aforementioned sentence
>>>> means "hardcoded values". For example, something like salt length
>>>> will likely have a fixed default value. Since we have no control
>>>> over 3rd party providers, I think we may have to keep this for
>>>> backward compatibility reason. For RSASSA-PSS sig algorithm, it
>>>> errors out if the required parameter is not given. Thus, I added
>>>> the sentence "If there are no provider-specific default values, the
>>>> underlying signature implementation may also fail".
>>>
>>>
>>> OK, now I understand "a combination of default and randomly
>>> generated" means some part of the parameter is hardcoded and some is
>>> random. Anyway, let's keep it unchanged.
>>>
>>> Then, how about simply "If there are no provider-specific values"
>>> which covers both hardcoded and random values?
>>>
>>> "the underlying signature implementation may also fail" is still not
>>> clear to me. If I had not read the CSR I would thought an exception
>>> will be thrown when update/sign is called.
>>>
>>>>
>>>> As for @throws, I debated about it. The main reason for not adding
>>>> one is consistency. Many (or should I say most) security classes do
>>>> not have @throws for ProviderException. If we were to add @throws
>>>> ProviderException here, we should do it across the board. Besides,
>>>> it is recommended to NOT document runtime exceptions which callers
>>>> are not prepared to handle.
>>>
>>> I assume other getParameters() had not added it is because it
>>> happened they can return one.
>>>
>>> While people does not catch runtime exceptions but my understanding
>>> is that if you mentioned "fail" in the spec maybe it's better to add
>>> a @throws for it.
>>>
>>> For example, @throws SecurityException for File/Files operations.
>>
>> Thinking more about this, I would be more inclined to recommend that
>> you change the meaning of null as the return value to cover both cases:
>>
>> @return the parameters used with this signature, or null if this
>> signature does not use any parameters or does not support default or
>> randomly generated parameter values
>>
>> I don't think it is critical to make a distinction between these 2
>> cases, because if the programmer doesn't initialize it with
>> parameters it will get a SignatureException anyway when it tries to
>> call sign or verify.
>>
>> It's not perfect, but probably the best you can do working within the
>> constraints of that API and minimizing compatibility risk.
>>
>> --Sean
>>
>>>
>>> Thanks
>>> Max
>>>
>>>>
>>>> Thanks,
>>>> Valerie
>>>>
>>>> On 7/10/2018 7:16 PM, Weijun Wang wrote:
>>>>> Hi Valerie
>>>>>
>>>>> About "it *may* return", do you mean it could also return null? My
>>>>> understanding is no.
>>>>>
>>>>> Is it better to clarify when the implementation "may also fail"?
>>>>> From the CSR, it's this method. Can you add a @throws spec to this
>>>>> method then?
>>>>>
>>>>> Also, I am a little confused by "default and randomly generated".
>>>>> Does this actually mean "default (might be randomly generated)"?
>>>>> The "it may" sentence mentions "default and randomly generated"
>>>>> but the "if there" only says "default", which sounds like the the
>>>>> "randomly generated" case could be different.
>>>>>
>>>>> Thanks
>>>>> Max
>>>>>
>>>>>
>>>>>> On Jul 11, 2018, at 5:12 AM, Valerie Peng
>>>>>> <valerie.peng at oracle.com> wrote:
>>>>>>
>>>>>> Hi Brad,
>>>>>>
>>>>>> Would you have time to review the fix for JDK-8206171:
>>>>>> Signature#getParameters for RSASSA-PSS throws ProviderException
>>>>>> when not initialized?
>>>>>> No source code changes, but just updating javadoc to mention the
>>>>>> possible failure case.
>>>>>> Otherwise, JCK team expects a parameter object or null being
>>>>>> returned.
>>>>>> I filed a CSR to track the javadoc clarification.
>>>>>>
>>>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8206171
>>>>>> Webrev: http://cr.openjdk.java.net/~valeriep/8206171/webrev.00/
>>>>>> CSR: https://bugs.openjdk.java.net/browse/JDK-8206864
>>>>>>
>>>>>> Thanks,
>>>>>> Valerie
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>
>
More information about the security-dev
mailing list