RFR: 8242068: Signed JAR support for RSASSA-PSS and EdDSA [v6]

Valerie Peng valeriep at openjdk.java.net
Fri Oct 16 19:36:13 UTC 2020


On Fri, 16 Oct 2020 01:38:44 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/util/SignatureUtil.java line 94:
>> 
>>> 92:      * @return an AlgorithmParameterSpec object
>>> 93:      * @throws ProviderException
>>> 94:      */
>> 
>> Well, I am a bit unsure about your changes to this method. With your change, it returns default parameter spec (instead
>> of null) when the specified AlgorithmParameters object is null. This may not be desirable for all cases? Existing
>> callers would have to check for (params != null) before calling this method. The javadoc description also seems a bit
>> strange with the to-be-converted AlgorithmParameters object being optional. Maybe add a separate method like
>> `getParamSpecWithDefault` on top of this method or add a separate boolean argument `useDefault`?
>
> I cannot remember why I need to return a default. The only default we current have is for RSASSA-PSS, and in all
> RSASSA-PSS AlgorithmId for signature I see there is always the params. (When it's for a key the params can be missing).
> All 3 callers of this method is on a signature AlgorithmId so the params should not be null. I'll remove the default
> return value and do more testing.

Sounds good. RSASSA-PSS sig algorithm id always have params, it's required.

-------------

PR: https://git.openjdk.java.net/jdk/pull/322



More information about the security-dev mailing list