RFR: 8296442: EncryptedPrivateKeyInfo can be created with an uninitialized AlgorithmParameters
Weijun Wang
weijun at openjdk.org
Wed Nov 9 20:19:11 UTC 2022
On Wed, 9 Nov 2022 19:59:08 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> An `EncryptedPrivateKeyInfo` object can be created with an uninitialized `AlgorithmParameters`, but before you call `getEncoded` on it you need to remember to initialize the params. This is unfortunate but since this is a public API, I hesitate to make a change.
>
> Instead, this code change fixes the much more widely used internal class `AlgorithmId` so that it cannot be created with an uninitialized `AlgorithmParameters`. `EncryptedPrivateKeyInfo` now works with both initialized and uninitialized params, and it's immutable.
>
> No intention to make `AlgorithmId` immutable this time. It has a child class named `AlgIdDSA` which makes things complicated.
src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line 423:
> 421: // wrap everything into a SEQUENCE
> 422: out.write(DerValue.tag_Sequence, tmp);
> 423: return out.toByteArray();
I'd rather not cache the encoding. First, the cache makes the class mutable. Second, `getEncode` should usually only be called once and the cache is not so useful. Third, this avoids an unnecessary clone (on the line below).
-------------
PR: https://git.openjdk.org/jdk/pull/11067
More information about the security-dev
mailing list