RFR: 8271566: DSA signature length value is not accurate in P11Signature [v2]

Valerie Peng valeriep at openjdk.java.net
Thu Nov 18 18:40:43 UTC 2021


On Wed, 17 Nov 2021 21:25:33 GMT, Martin Balao <mbalao at openjdk.org> wrote:

> 
> 
> > > ```
> > > * By eliminating P11RSAPrivateKey::getModulus, looks to me that P11PrivateKeyRSA::getModulus and P11PrivateKeyRSA::fetchValues are now called, leading to an unnecessary call to the native library as the modulus was already received on P11RSAPrivateKey constructor. This happens to P11RSAPrivateNonCRTKey as well.
> > > ```
> > 
> > 
> > There shouldn't be another call to the native library as it is only made when the modulus n is null. However, since n is already available, overriding the getModulus() method makes sense as there is no need to call fetchValues() which should return upon a non-null n value, but still an overhead.
> 
> In my view (Webrev.00 based comment), the variable 'n' holding the modulus value is private in P11RSAPrivateKey. This means that when P11PrivateKeyRSA::getModulus is called, P11PrivateKeyRSA::n (which is protected) has a 'null' value and the PKCS#11 lib call is done again.

Hmm, this is a bug and unintended. The 'n' in the child class should be removed as the 'n' in the parent class has scope protected and should be used instead. 
Regards,
Valerie

-------------

PR: https://git.openjdk.java.net/jdk/pull/4961


More information about the security-dev mailing list