harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boris Kuznetsov" <boris.v.kuznet...@gmail.com>
Subject Re: [classlib][security] Exception compatibility
Date Tue, 05 Sep 2006 08:42:23 GMT
BC provider throws the same exceptions as SUN provider
(at least for standard digest alg. names: SHA, MD2, MD5, SHA-256,
SHA-384, SHA-512).
But what about other third party providers?

On 9/5/06, Mikhail Loenko <mloenko@gmail.com> wrote:
> IMHO we should look from the perspective of migrating the apps.
>
> So let's try to make behavior of "Harmony + BC provider" close
> to "Sun + Sun's provider"
>
> If without the checks the combination Harmony+BC works similar to
> Sun+Sun's provider, then let's remove the checks. Otherwise let's
> keep it to make the behavior at least logical.
>
> Thanks,
> Mikhail
>
>
> 2006/9/4, Boris Kuznetsov <boris.v.kuznetsov@gmail.com>:
> > Usually Harmony behavior is compared with RI behavior. But in security
> > area RI behavior depends on provider. With different providers RI
> > behave differently.
> >
> > For example, RI passes incorrect method arguments to provider. In such
> > cases provider may throw exception (e.g. DigestException or
> > IllegalArgumentException) or some RuntimeException (e.g.
> > ArrayIndexOutOfBoundsException) may be thrown during the execution.
> > Here is example.
> >
> > There are number of methods with arguments like (byte[] buf, int
> > offset, int len). RI doesn't check if offset and len are negative but
> > Harmony does, so we have difference in behavior (see Harmony-1120,
> > 1148): on combination RI + provider application gets provider specific
> > exception, but on Harmony + provider - IllegalArgumentException (as in
> > other invalid parameters cases).
> >
> > So we have two options:
> > 1. Fix Harmony (remove negative parameters checks)
> > 2. Don't fix. Throw IllegalArgumentException for invalid parameters.
> > Document as non-bug difference from RI.
> >
> > Note, specification doesn't describe implementation behavior for
> > invalid arguments, but RI also throws IllegalArgumentException if
> > ofsset+len > buf.length. So throwing of IllegalArgumentException in
> > Harmony can't break any application.
> >
> > I suggest option 2.
> > Thoughts?
> >
> > Thanks,
> > Boris
> >
> > ---------------------------------------------------------------------
> > Terms of use : http://incubator.apache.org/harmony/mailing.html
> > To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> > For additional commands, e-mail: harmony-dev-help@incubator.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>
>


-- 
Best regards,
Boris Kuznetsov
Intel Middleware Products Division

---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org


Mime
View raw message