RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v3]
Valerie Peng
valeriep at openjdk.org
Mon Jul 24 20:01:45 UTC 2023
On Thu, 20 Jul 2023 05:06:11 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Update to address review feedbacks
>
> src/java.base/share/classes/sun/security/rsa/RSASignature.java line 227:
>
>> 225: byte[] padded2 = padding.pad(encoded2);
>> 226: return MessageDigest.isEqual(padded2, decrypted);
>> 227: }
>
> I had a check of the specification (Section A.2.4 of RFC 8017), and the [update](https://github.com/openjdk/jdk/pull/8365) and the [JBS entry](https://bugs.openjdk.org/browse/JDK-8285404) that added the comment "some vendors might omit the NULL params".
>
> Per section A.2.4 of RFC 8017, it is said "For each OID, the parameters field associated with this OID in a value of type AlgorithmIdentifier SHALL have a value of type NULL."
>
> Per the key words specification, RFC 2119, "SHALL" is the same as MUST which "mean that the definition is an absolute requirement of the specification."
>
> In the bug description of bug JDK-8285404, there is a section "*Update*: We think it's possible that there might be signers omitting the NULL params in the digest algorithm identifier. "
>
> For this case, if the signers omitting the NULL params, does it means the signer does not follow the specification and should be rejected? @wangweij could you recall if there is a real case that omits the NULL params in practice?
Max is on vacation and may not see your question for a while...
IIRC, the inconsistency (NULL vs omission) goes way back. As time goes on, this may no longer be an issue as spec is clarified and vendors update their implementation.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1272692439
More information about the security-dev
mailing list