RFR: 8296442: EncryptedPrivateKeyInfo can be created with an uninitialized AlgorithmParameters
Weijun Wang
weijun at openjdk.org
Thu Nov 10 15:05:51 UTC 2022
On Thu, 10 Nov 2022 06:15:27 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> An `EncryptedPrivateKeyInfo` object can be created with an uninitialized `AlgorithmParameters`, but before you call `getEncoded` on it you need to remember to initialize the params. This is unfortunate but since this is a public API, I hesitate to make a change.
>>
>> Instead, this code change fixes the much more widely used internal class `AlgorithmId` so that it cannot be created with an uninitialized `AlgorithmParameters`. `EncryptedPrivateKeyInfo` now works with both initialized and uninitialized params, and it's immutable.
>>
>> No intention to make `AlgorithmId` immutable this time. It has a child class named `AlgIdDSA` which makes things complicated.
>
> src/java.base/share/classes/sun/security/x509/AlgorithmId.java line 113:
>
>> 111: } catch (IOException ioe) {
>> 112: throw new IllegalStateException(
>> 113: "AlgorithmParameters not initialized", ioe);
>
> Did you have a chance to look at the caller and make sure this behavioral update is safe?
The only left caller is `EncryptedPrivateKeyInfo`. If new callers start using this constructor, this will be the expected behavior. The message can be enhanced a little since there could be other reasons. (Ex: `PSSParameters` with unknown hash algorithms).
-------------
PR: https://git.openjdk.org/jdk/pull/11067
More information about the security-dev
mailing list