RFR: 8271566: DSA signature length value is not accurate in P11Signature [v3]

Martin Balao mbalao at openjdk.java.net
Sat Dec 4 21:59:21 UTC 2021


On Fri, 3 Dec 2021 19:48:53 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Martin Balao has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains six commits:
>> 
>>  - 8271566: DSA signature length value is not accurate in P11Signature (Webrev.02 based)
>>  - Merge branch 'master' into JDK-8271566
>>  - Revert 8271566: DSA signature length value is not accurate in P11Signature
>>  - Revert P11Key static inner classes refactorings.
>>  - P11Key static inner classes refactorings.
>>  - 8271566: DSA signature length value is not accurate in P11Signature
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java line 126:
> 
>> 124:         boolean sensitive = false;
>> 125:         boolean extractable = true;
>> 126:         for (CK_ATTRIBUTE attr : attrs) {
> 
> Just noticed this: add a check for non-null attrs? If null, skip the for-loop.

I've noticed that when reviewing your Webrev.01 but thought that the change was on purpose because of the P11Key constructor callers, which do not currently pass null. Anyways, I'll add the null check again just in case.

> test/jdk/TEST.groups line 202:
> 
>> 200: 
>> 201: jdk_security1 = \
>> 202:     sun/security/pkcs11
> 
> Please discard this, this is just for quick testing, it's not meant to be part of this change...

Well spotted.

-------------

PR: https://git.openjdk.java.net/jdk/pull/4961



More information about the security-dev mailing list