harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stepan Mishura" <stepan.mish...@gmail.com>
Subject Re: [classlib][security]different behavior between Harmony and RI in MessageDigest.digest(byte[], int, int)
Date Wed, 24 Jan 2007 06:18:12 GMT
Hi Boris,

On 1/24/07, Boris Kuznetsov wrote:

> My point is the implementation should behave consistently.
>
> RI accept empty array result returned by engineDigest(), but throws
> NPE for null.  But both results mean the same: "no digest bytes".




> For consistency, I believe that null and empty array should be
> interpreted by engineDigest(byte[], int, int) in a similar manner.


 I got your point but I don't agree with your interpretation. I think that
the spec. for engineDigest() implies that it performs some computing and a
result of computing is a real (non-null) array. So I'd say that null array
means "the method functions incorrectly". Now to "empty array". I believe
that the method shouldn't verify contents of the returned array. That
includes its length and bytes values.



> But real algorithms, as I know, always returns non empty array. So,
> any decision (follow RI vs. non-bug difference) doesn't effect real
> provider implementations.


Agree. So for me there is no sense to keep the check.

Thanks,
Stepan.


> I prefer to save the current Harmony behavior and mark this issue as
> non-bug difference. But another decision is also OK
>
>
> On 1/24/07, Ruth Cao <ruoshen.c@gmail.com> wrote:
> > 2007/1/23, Boris Kuznetsov <boris.v.kuznetsov@gmail.com>:
> > >
> > > The spec. doesn't state that empty array (not null) must be returned
> > > by engineDigest() implemented by a provider. It is provider
> > > implementation specific behavior and J2SE implementation should handle
> > > null and empty array in a similar manner. Harmony do it, but RI not.
> >
> >
> > I agree that engineDigest() is a implementation-specific method.
> However, it
> > seems that engineDigest(byte[], int, int) is not, at least in the class
> > MessageDigestSpi. So would it be better to follow RI's behavior since
> the
> > spec does not make it clear?
> >
> > So, I agree with Spark. It should be considered as non bug difference.
> > >
> > >
> > >
> > > On 1/23/07, Ruth Cao <ruoshen.c@gmail.com> wrote:
> > > > 2007/1/23, Spark Shen <smallsmallorgan@gmail.com>:
> > > > >
> > > > > IMO, all these engineXXX methods are from it's super class
> > > > > MessageDigestSpi.
> > > > > And there is a paragraph on spec:
> > > >
> > > >
> > > > Yes. MessageDigestSpi contains several such methods. For instance,
> > > > engineDigest() is one of them.
> > > >
> > > > However, MessageDigestSpi.engineDigest(byte[], int, int) is not an
> > > abstract
> > > > one. According to the impl code, it depends on the result on
> > > engineDigest().
> > > >
> > > > So maybe my question should be "What behavior should
> > > engineDigest(byte[],
> > > > int, int) have when engineDigest() returns null?". So far RI throws
> NPE
> > > > while Harmony silently returns 0.
> > > >
> > > > Any idea or comments?
> > > >
> > > > <cite>
> > > > > Note that this class is abstract and extends from MessageDigestSpi
> for
> > > > > historical reasons. Application developers should only take notice
> of
> > > the
> > > > > methods defined in this MessageDigest class; all the methods in
> the
> > > > > superclass are intended for cryptographic service providers who
> wish
> > > to
> > > > > supply their own implementations of message digest algorithms.
> > > > > </cite>
> > > > >
> > > > > So, this exception thrown senario is implementation dependent. I'd
> > > prefer
> > > > > to
> > > > > regards it as non bug difference.
> > > > >
> > > > > Best regards
> > > > > 2007/1/23, Ruth Cao <ruoshen.c@gmail.com>:
> > > > > >
> > > > > > Hello all,
> > > > > >
> > > > > > I've found that MessageDigest_Impl1Test in security module,
the
> > > > > following
> > > > > > test case[1] passes on Harmony but fails on *RI*. RI throws
> > > > > > NullPointerException here.
> > > > > >
> > > > > > Is it a non-bug difference or a bug? Would any security expert
> give
> > > some
> > > > > > suggestions?
> > > > > >
> > > > > > Thanks in advance.
> > > > > >
> > > > > > [1] public class MyMessageDigest1 extends MessageDigest {
> > > > > >
> > > > > >    public boolean runEngineReset = false;
> > > > > >    public boolean runEngineDigest = false;
> > > > > >    public boolean runEngineUpdate1 = false;
> > > > > >    public boolean runEngineUpdate2 = false;
> > > > > >
> > > > > >    public MyMessageDigest1() {
> > > > > >        super(null);
> > > > > >    }
> > > > > >
> > > > > >    public MyMessageDigest1(String algorithm) {
> > > > > >        super(algorithm);
> > > > > >    }
> > > > > >
> > > > > >    public void engineReset() {
> > > > > >        runEngineReset = true;
> > > > > >    }
> > > > > >
> > > > > >    public byte[] engineDigest() {
> > > > > >        runEngineDigest = true;
> > > > > >        return null;
> > > > > >    }
> > > > > >
> > > > > >    public void engineUpdate(byte arg0) {
> > > > > >        runEngineUpdate1 = true;
> > > > > >    }
> > > > > >
> > > > > >    public void engineUpdate(byte[] arg0, int arg1, int arg2)
{
> > > > > >        runEngineUpdate2 = true;
> > > > > >    }
> > > > > > }
> > > > > >
> > > > > > public void testDigestbyteArrayintint() throws Exception {
> > > > > >        MyMessageDigest1 md = new MyMessageDigest1("ABC");
> > > > > >        byte[] b = {1, 2, 3, 4, 5};
> > > > > >        assertEquals("incorrect result", 0, md.digest(b, 2, 3));
> > > > > > //$NON-NLS-1$
> > > > > > }
> > > > > >
> > > > > > --
> > > > > > Best regards,
> > > > > >
> > > > > > Ruth Cao
> > > > > > China Software Development Lab, IBM
>
>
-- 
Stepan Mishura
Intel Enterprise Solutions Software Division

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message