RFR: 6227536: KeyGenerator.init() methods do not throw IllegalArgumentException for keysize == 0 [v2]

Bradford Wetmore wetmore at openjdk.org
Thu Jul 28 20:36:35 UTC 2022


On Thu, 28 Jul 2022 20:02:29 GMT, Kevin Driver <kdriver at openjdk.org> wrote:

>> As mentioned in the bug report, this issue *should not* be a framework-level issue, since potentially an individual provider could create a keysize of zero to have a certain significance. 
>> 
>> In the changes made here, the check is for `keysize <= 0` and this message indicates this is a check characteristic to the `SunJCE` provider.
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
> 
>   formatting

Needs regression tests.  

Have you looked at the other Key(Pair)Generators?  We've probably added more when this bug was filed.  I took a quick look at some, and they were covered.  (DES/DESede/Blowfish/AES/etc.)

src/java.base/share/classes/com/sun/crypto/provider/HmacMD5KeyGenerator.java line 93:

> 91: 
> 92:         if (keysize <= 0) {
> 93:             throw new IllegalArgumentException("keysize must not be <= 0 for SunJCE");

< 80 chars please

src/java.base/share/classes/com/sun/crypto/provider/HmacSHA1KeyGenerator.java line 93:

> 91: 
> 92:         if (keysize <= 0) {
> 93:             throw new IllegalArgumentException("keysize must not be <= 0 for SunJCE");

Same

-------------

PR: https://git.openjdk.org/jdk/pull/9679



More information about the security-dev mailing list