RFR: 8259535: ECDSA SignatureValue do not always have the specified length

Weijun Wang weijun at openjdk.java.net
Fri Feb 26 15:37:41 UTC 2021


On Thu, 25 Feb 2021 21:23:51 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> The code change fixes the ECDSA XML signature length issue. It should only happen when there is no P1363 ECDSA support, which is not true when SunEC is used.
>> 
>> If a PrivateKey is not of ECPrivateKey type then the bug will still show up. Technically, we can drill into the OID/parameter of the ASN.1 encoding and do further evaluation, but I think this is not worth doing. Please advise me if you think differently.
>
> src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/algorithms/implementations/SignatureECDSA.java line 68:
> 
>> 66:      *
>> 67:      * @param asn1Bytes
>> 68:      * @param rawLen
> 
> You should add the same javadoc for these parameters as you did in ECDSAUtils.java.

Well, it looks like a "style" to only list the param names without any explanation in this file and nearby files. Since the body of this method is only one line I assume people curious about the meaning of the parameters can just navigate to `ECDSAUtils.convertASN1toXMLDSIG` to read the description there.

Can we just keep it "clean"?

-------------

PR: https://git.openjdk.java.net/jdk/pull/2550



More information about the security-dev mailing list