harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruth Cao" <ruoshe...@gmail.com>
Subject Re: [classlib][security]different behavior between Harmony and RI in MessageDigest.digest(byte[], int, int)
Date Wed, 24 Jan 2007 06:39:53 GMT
2007/1/24, Stepan Mishura <stepan.mishura@gmail.com>:
>
> Hi Boris,
>
> On 1/24/07, Boris Kuznetsov wrote:
>
> > My point is the implementation should behave consistently.
> >
> > RI accept empty array result returned by engineDigest(), but throws
> > NPE for null.  But both results mean the same: "no digest bytes".
>
>
>
>
> > For consistency, I believe that null and empty array should be
> > interpreted by engineDigest(byte[], int, int) in a similar manner.
>
>
> I got your point but I don't agree with your interpretation. I think that
> the spec. for engineDigest() implies that it performs some computing and a
> result of computing is a real (non-null) array. So I'd say that null array
> means "the method functions incorrectly". Now to "empty array". I believe
> that the method shouldn't verify contents of the returned array. That
> includes its length and bytes values.


Agree. RI throws NPE to indicate the digest function works wrong.

If no one objects, I'll raise a JIRA and attach the corresponding patch.
Thanks.

> But real algorithms, as I know, always returns non empty array. So,
> > any decision (follow RI vs. non-bug difference) doesn't effect real
> > provider implementations.
>
>
> Agree. So for me there is no sense to keep the check.
>
> Thanks,
> Stepan.
>
>
> > I prefer to save the current Harmony behavior and mark this issue as
> > non-bug difference. But another decision is also OK
> >
> >
> > On 1/24/07, Ruth Cao <ruoshen.c@gmail.com> wrote:
> > > 2007/1/23, Boris Kuznetsov <boris.v.kuznetsov@gmail.com>:
> > > >
> > > > The spec. doesn't state that empty array (not null) must be returned
> > > > by engineDigest() implemented by a provider. It is provider
> > > > implementation specific behavior and J2SE implementation should
> handle
> > > > null and empty array in a similar manner. Harmony do it, but RI not.
> > >
> > >
> > > I agree that engineDigest() is a implementation-specific method.
> > However, it
> > > seems that engineDigest(byte[], int, int) is not, at least in the
> class
> > > MessageDigestSpi. So would it be better to follow RI's behavior since
> > the
> > > spec does not make it clear?
> > >
> > > So, I agree with Spark. It should be considered as non bug difference.
> > > >
> > > >
> > > >
> > > > On 1/23/07, Ruth Cao <ruoshen.c@gmail.com> wrote:
> > > > > 2007/1/23, Spark Shen <smallsmallorgan@gmail.com>:
> > > > > >
> > > > > > IMO, all these engineXXX methods are from it's super class
> > > > > > MessageDigestSpi.
> > > > > > And there is a paragraph on spec:
> > > > >
> > > > >
> > > > > Yes. MessageDigestSpi contains several such methods. For instance,
> > > > > engineDigest() is one of them.
> > > > >
> > > > > However, MessageDigestSpi.engineDigest(byte[], int, int) is not an
> > > > abstract
> > > > > one. According to the impl code, it depends on the result on
> > > > engineDigest().
> > > > >
> > > > > So maybe my question should be "What behavior should
> > > > engineDigest(byte[],
> > > > > int, int) have when engineDigest() returns null?". So far RI
> throws
> > NPE
> > > > > while Harmony silently returns 0.
> > > > >
> > > > > Any idea or comments?
> > > > >
> > > > > <cite>
> > > > > > Note that this class is abstract and extends from
> MessageDigestSpi
> > for
> > > > > > historical reasons. Application developers should only take
> notice
> > of
> > > > the
> > > > > > methods defined in this MessageDigest class; all the methods
in
> > the
> > > > > > superclass are intended for cryptographic service providers
who
> > wish
> > > > to
> > > > > > supply their own implementations of message digest algorithms.
> > > > > > </cite>
> > > > > >
> > > > > > So, this exception thrown senario is implementation dependent.
> I'd
> > > > prefer
> > > > > > to
> > > > > > regards it as non bug difference.
> > > > > >
> > > > > > Best regards
> > > > > > 2007/1/23, Ruth Cao <ruoshen.c@gmail.com>:
> > > > > > >
> > > > > > > Hello all,
> > > > > > >
> > > > > > > I've found that MessageDigest_Impl1Test in security module,
> the
> > > > > > following
> > > > > > > test case[1] passes on Harmony but fails on *RI*. RI throws
> > > > > > > NullPointerException here.
> > > > > > >
> > > > > > > Is it a non-bug difference or a bug? Would any security
expert
> > give
> > > > some
> > > > > > > suggestions?
> > > > > > >
> > > > > > > Thanks in advance.
> > > > > > >
> > > > > > > [1] public class MyMessageDigest1 extends MessageDigest
{
> > > > > > >
> > > > > > >    public boolean runEngineReset = false;
> > > > > > >    public boolean runEngineDigest = false;
> > > > > > >    public boolean runEngineUpdate1 = false;
> > > > > > >    public boolean runEngineUpdate2 = false;
> > > > > > >
> > > > > > >    public MyMessageDigest1() {
> > > > > > >        super(null);
> > > > > > >    }
> > > > > > >
> > > > > > >    public MyMessageDigest1(String algorithm) {
> > > > > > >        super(algorithm);
> > > > > > >    }
> > > > > > >
> > > > > > >    public void engineReset() {
> > > > > > >        runEngineReset = true;
> > > > > > >    }
> > > > > > >
> > > > > > >    public byte[] engineDigest() {
> > > > > > >        runEngineDigest = true;
> > > > > > >        return null;
> > > > > > >    }
> > > > > > >
> > > > > > >    public void engineUpdate(byte arg0) {
> > > > > > >        runEngineUpdate1 = true;
> > > > > > >    }
> > > > > > >
> > > > > > >    public void engineUpdate(byte[] arg0, int arg1, int
arg2) {
> > > > > > >        runEngineUpdate2 = true;
> > > > > > >    }
> > > > > > > }
> > > > > > >
> > > > > > > public void testDigestbyteArrayintint() throws Exception
{
> > > > > > >        MyMessageDigest1 md = new MyMessageDigest1("ABC");
> > > > > > >        byte[] b = {1, 2, 3, 4, 5};
> > > > > > >        assertEquals("incorrect result", 0, md.digest(b,
2,
> 3));
> > > > > > > //$NON-NLS-1$
> > > > > > > }
> > > > > > >
> > > > > > > --
> > > > > > > Best regards,
> > > > > > >
> > > > > > > Ruth Cao
> > > > > > > China Software Development Lab, IBM
> >
> >
> --
> Stepan Mishura
> Intel Enterprise Solutions Software Division
>
>


-- 
Best regards,

Ruth Cao
China Software Development Lab, IBM

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message