RFR: 8296442: EncryptedPrivateKeyInfo can be created with an uninitialized AlgorithmParameters [v3]
Sean Mullan
mullan at openjdk.org
Tue Nov 15 21:56:38 UTC 2022
On Thu, 10 Nov 2022 15:03:21 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/x509/AlgorithmId.java line 113:
>>
>>> 111: } catch (IOException ioe) {
>>> 112: throw new IllegalStateException(
>>> 113: "AlgorithmParameters not initialized", ioe);
>>
>> Did you have a chance to look at the caller and make sure this behavioral update is safe?
>
> The only left caller is `EncryptedPrivateKeyInfo`. If new callers start using this constructor, this will be the expected behavior. The message can be enhanced a little since there could be other reasons. (Ex: `PSSParameters` with unknown hash algorithms).
Would it be more correct to change the message to "AlgorithmParameters are not initialized or cannot be decoded"?
-------------
PR: https://git.openjdk.org/jdk/pull/11067
More information about the security-dev
mailing list