6227536: KeyGenerator.init() methods do not throw IllegalArgumentException for keysize == 0 #9679
Conversation
|
👋 Welcome back kdriver! A progress list of the required criteria for merging this PR into |
|
/issue add 6227536 |
openjdk
bot
changed the title
|
@driverkt This issue is referenced in the PR title - it will now be updated. |
Webrevs
|
src/java.base/share/classes/com/sun/crypto/provider/HmacMD5KeyGenerator.java
Outdated
Show resolved
Hide resolved
src/java.base/share/classes/com/sun/crypto/provider/HmacSHA1KeyGenerator.java
Outdated
Show resolved
Hide resolved
bradfordwetmore
left a comment
bradfordwetmore
left a comment
There was a problem hiding this comment.
Needs regression tests.
Have you looked at the other Key(Pair)Generators? We've probably added more when this bug was filed. I took a quick look at some, and they were covered. (DES/DESede/Blowfish/AES/etc.)
| protected void engineInit(int keysize, SecureRandom random) { | ||
|
|
||
| if (keysize <= 0) { | ||
| throw new IllegalArgumentException("keysize must not be <= 0 for SunJCE"); |
There was a problem hiding this comment.
The "for SunJCE" is odd to see in an exception message, I would leave that out.
There was a problem hiding this comment.
A stack trace of the exception should be sufficient to tell what provider/code is generating it.
There was a problem hiding this comment.
@seanjmullan I thought about this, but I added it due to the bug describing that this would be implementation-specific rather than framework-specific. I can take it out.
There was a problem hiding this comment.
Needs regression tests.
Have you looked at the other Key(Pair)Generators? We've probably added more when this bug was filed. I took a quick look at some, and they were covered. (DES/DESede/Blowfish/AES/etc.)
@bradfordwetmore The bug mentions only the Hmac*KeyGenerators. I thought about this too, but you mentioned in your initial triage comment on the bug that it should be treated as only relevant to the classes I modified. Thoughts?
There was a problem hiding this comment.
What bug/Sean meant was that we wouldn't put in a check into java.security.* framework, but rather in sun.security.* implementation. And that we don't need to put "SunJCE" in this particular throws message, as we'll know where it is from the stack trace.
My comment agrees that we have a problem in the JCE Hmac code, but there might be other locations where init's like this might allow for invalid 0 values. It's just a general idea to check we didn't make the same issue elsewhere.
There was a problem hiding this comment.
Other (newer) HmacXXX KeyGenerator enforces min key size to be 40. So, perhaps just enforce the same lower limit or just check for <0?
There was a problem hiding this comment.
Also, it'd be nice to include HmacMD5 and HmacSHA1 to the bug synopsis as KeyGenerator covers many algorithms. Would be nice to add SunJCE provider to synopsis, so it's clear that this change/fix is provider-specific.
src/java.base/share/classes/com/sun/crypto/provider/HmacSHA1KeyGenerator.java
Outdated
Show resolved
Hide resolved
Yes, the others are covered. |
|
All review comments have been addressed. |
bradfordwetmore
left a comment
bradfordwetmore
left a comment
There was a problem hiding this comment.
We are Slacking on some other test issues. Will approve on next update.
| } | ||
|
|
||
| public static void main(String[] args) throws Exception { | ||
| Test6227536 test = new Test6227536(); |
There was a problem hiding this comment.
Calling the constructor just to get the class name seems redundant, as the test name will appear in all of the jtreg test output. I would probably pull it out, just my $0.02.
There was a problem hiding this comment.
Ack. It's also a nice pattern for avoiding issues with main being static.
|
@driverkt This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 24 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@bradfordwetmore) but any other Committer may sponsor as well. ➡️ To flag this PR as ready for integration with the above commit message, type |
|
/integrate |
|
/sponsor |
|
Going to push as commit 0bcf176.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
|
@bradfordwetmore @driverkt Pushed as commit 0bcf176. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
5 participants
As mentioned in the bug report, this issue should not be a framework-level issue, since potentially an individual provider could create a keysize of zero to have a certain significance.
In the changes made here for
HmacMD5- andHmacSHA1-KeyGenerators, the check is forkeysize <= 0and this message indicates this is a check characteristic to theSunJCEprovider.Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk pull/9679/head:pull/9679$ git checkout pull/9679Update a local copy of the PR:
$ git checkout pull/9679$ git pull https://git.openjdk.org/jdk pull/9679/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 9679View PR using the GUI difftool:
$ git pr show -t 9679Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/9679.diff