RFR: 8296442: EncryptedPrivateKeyInfo can be created with an uninitialized AlgorithmParameters [v3]

Sean Mullan mullan at openjdk.org
Tue Nov 15 21:56:32 UTC 2022


On Thu, 10 Nov 2022 17:59:44 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> An `EncryptedPrivateKeyInfo` object can be created with an uninitialized `AlgorithmParameters`, but before you call `getEncoded` on it you need to remember to initialize the params. This is unfortunate but since this is a public API, I hesitate to make a change.
>> 
>> Instead, this code change fixes the much more widely used internal class `AlgorithmId` so that it cannot be created with an uninitialized `AlgorithmParameters`. `EncryptedPrivateKeyInfo` now works with both initialized and uninitialized params, and it's immutable.
>> 
>> No intention to make `AlgorithmId` immutable this time. It has a child class named `AlgIdDSA` which makes things complicated.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   expected

Still reviewing, but here are a few comments.

src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line 63:

> 61:     // {@link #EncryptedPrivateKeyInfo(AlgorithmParameters, byte[])}
> 62:     // with an uninitialized params, it's stored here and algid is null.
> 63:     // In all other case, algid is non null and params is null.

s/case/cases/.

src/java.base/share/classes/javax/crypto/EncryptedPrivateKeyInfo.java line 65:

> 63:     // In all other case, algid is non null and params is null.
> 64:     private final AlgorithmId algid;
> 65:     private final AlgorithmParameters params;

Perhaps add a comment for this field since the others have comments.

src/java.base/share/classes/sun/security/pkcs12/MacData.java line 119:

> 117:     }
> 118: 
> 119:     MacData(AlgorithmParameters algParams, byte[] digest,

Is this related to this issue in some way or just a ctor that is not used?

-------------

PR: https://git.openjdk.org/jdk/pull/11067



More information about the security-dev mailing list