RFR: 8279800: isAssignableFrom checks in AlgorithmParametersSpi.engineGetParameterSpec appear to be backwards
Weijun Wang
weijun at openjdk.java.net
Wed Jan 12 19:52:25 UTC 2022
On Wed, 12 Jan 2022 19:31:31 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> If so, then the `if` block will be true and the spec object is casted to your specified class (`AlgorithmParameterSpec.class` or `Object.class`) and it always succeeds.
>>
>> This is exactly what I want to achieve. In fact, this bug and the other `getInstance(oid)` bug have the same root. I was trying to decode an algorithm identifier from its encoding. First, the encoding of the algorithm is in OID so `AlgorithmParameters.getInstance()` must support OID. Second, I want to get the spec from the parameters without knowing the algorithm name and the child `AlgorithmParametersSpec` class type, so `AlgorithmParameters::getParameterSpec` must support `AlgorithmParameterSpec.class` as the argument.
>>
>> Otherwise, the program needs to know name and parameter spec type on all supported algorithms.
>
> Interesting... In hindsight, the cast call sort of confirms that the intended ordering is the suggested one.
The check ensures casting always succeeds. The fact that this has not been noticed for such a long time means everyone is using the exact subclass type when calling the method.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7037
More information about the security-dev
mailing list