RFR: 8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider
Weijun Wang
weijun at openjdk.java.net
Wed May 25 17:29:40 UTC 2022
On Tue, 24 May 2022 16:29:02 GMT, Sean Mullan <mullan at openjdk.org> wrote:
> Please review this fix to the XML Signature implementation to check for null or missing DSA parameters and throw a MarshalException before trying to create a DSA public key from its XML encoding. This will allow the code to fail earlier and not depend on the underlying provider to detect illegal or missing parameters.
src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java line 306:
> 304: // Recommendation as they might be known from application context,
> 305: // but this implementation does not support that, so they are
> 306: // required.
Can you provide more details on why "this implementation" does not support that? Is it because we don't have an API for that or we haven't defined any property for that?
src/java.xml.crypto/share/classes/org/jcp/xml/dsig/internal/dom/DOMKeyValue.java line 306:
> 304: // Recommendation as they might be known from application context,
> 305: // but this implementation does not support that, so they are
> 306: // required.
Can you provide more details on why "this implementation" does not support that? Is it because we don't have an API for that or we haven't defined any property for that?
-------------
PR: https://git.openjdk.java.net/jdk/pull/8870
More information about the security-dev
mailing list