harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boris Kuznetsov" <boris.v.kuznet...@gmail.com>
Subject Re: [classlib][security]different behavior between Harmony and RI in MessageDigest.digest(byte[], int, int)
Date Wed, 24 Jan 2007 05:16:56 GMT
My point is the implementation should behave consistently.

RI accept empty array result returned by engineDigest(), but throws
NPE for null.  But both results mean the same: "no digest bytes".

For consistency, I believe that null and empty array should be
interpreted by engineDigest(byte[], int, int) in a similar manner.
But real algorithms, as I know, always returns non empty array. So,
any decision (follow RI vs. non-bug difference) doesn't effect real
provider implementations.

I prefer to save the current Harmony behavior and mark this issue as
non-bug difference. But another decision is also OK


On 1/24/07, Ruth Cao <ruoshen.c@gmail.com> wrote:
> 2007/1/23, Boris Kuznetsov <boris.v.kuznetsov@gmail.com>:
> >
> > The spec. doesn't state that empty array (not null) must be returned
> > by engineDigest() implemented by a provider. It is provider
> > implementation specific behavior and J2SE implementation should handle
> > null and empty array in a similar manner. Harmony do it, but RI not.
>
>
> I agree that engineDigest() is a implementation-specific method. However, it
> seems that engineDigest(byte[], int, int) is not, at least in the class
> MessageDigestSpi. So would it be better to follow RI's behavior since the
> spec does not make it clear?
>
> So, I agree with Spark. It should be considered as non bug difference.
> >
> >
> >
> > On 1/23/07, Ruth Cao <ruoshen.c@gmail.com> wrote:
> > > 2007/1/23, Spark Shen <smallsmallorgan@gmail.com>:
> > > >
> > > > IMO, all these engineXXX methods are from it's super class
> > > > MessageDigestSpi.
> > > > And there is a paragraph on spec:
> > >
> > >
> > > Yes. MessageDigestSpi contains several such methods. For instance,
> > > engineDigest() is one of them.
> > >
> > > However, MessageDigestSpi.engineDigest(byte[], int, int) is not an
> > abstract
> > > one. According to the impl code, it depends on the result on
> > engineDigest().
> > >
> > > So maybe my question should be "What behavior should
> > engineDigest(byte[],
> > > int, int) have when engineDigest() returns null?". So far RI throws NPE
> > > while Harmony silently returns 0.
> > >
> > > Any idea or comments?
> > >
> > > <cite>
> > > > Note that this class is abstract and extends from MessageDigestSpi for
> > > > historical reasons. Application developers should only take notice of
> > the
> > > > methods defined in this MessageDigest class; all the methods in the
> > > > superclass are intended for cryptographic service providers who wish
> > to
> > > > supply their own implementations of message digest algorithms.
> > > > </cite>
> > > >
> > > > So, this exception thrown senario is implementation dependent. I'd
> > prefer
> > > > to
> > > > regards it as non bug difference.
> > > >
> > > > Best regards
> > > > 2007/1/23, Ruth Cao <ruoshen.c@gmail.com>:
> > > > >
> > > > > Hello all,
> > > > >
> > > > > I've found that MessageDigest_Impl1Test in security module, the
> > > > following
> > > > > test case[1] passes on Harmony but fails on *RI*. RI throws
> > > > > NullPointerException here.
> > > > >
> > > > > Is it a non-bug difference or a bug? Would any security expert give
> > some
> > > > > suggestions?
> > > > >
> > > > > Thanks in advance.
> > > > >
> > > > > [1] public class MyMessageDigest1 extends MessageDigest {
> > > > >
> > > > >    public boolean runEngineReset = false;
> > > > >    public boolean runEngineDigest = false;
> > > > >    public boolean runEngineUpdate1 = false;
> > > > >    public boolean runEngineUpdate2 = false;
> > > > >
> > > > >    public MyMessageDigest1() {
> > > > >        super(null);
> > > > >    }
> > > > >
> > > > >    public MyMessageDigest1(String algorithm) {
> > > > >        super(algorithm);
> > > > >    }
> > > > >
> > > > >    public void engineReset() {
> > > > >        runEngineReset = true;
> > > > >    }
> > > > >
> > > > >    public byte[] engineDigest() {
> > > > >        runEngineDigest = true;
> > > > >        return null;
> > > > >    }
> > > > >
> > > > >    public void engineUpdate(byte arg0) {
> > > > >        runEngineUpdate1 = true;
> > > > >    }
> > > > >
> > > > >    public void engineUpdate(byte[] arg0, int arg1, int arg2) {
> > > > >        runEngineUpdate2 = true;
> > > > >    }
> > > > > }
> > > > >
> > > > > public void testDigestbyteArrayintint() throws Exception {
> > > > >        MyMessageDigest1 md = new MyMessageDigest1("ABC");
> > > > >        byte[] b = {1, 2, 3, 4, 5};
> > > > >        assertEquals("incorrect result", 0, md.digest(b, 2, 3));
> > > > > //$NON-NLS-1$
> > > > > }
> > > > >
> > > > > --
> > > > > Best regards,
> > > > >
> > > > > Ruth Cao
> > > > > China Software Development Lab, IBM
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Spark Shen
> > > > China Software Development Lab, IBM
> > > >
> > > >
> > >
> > >
> > > --
> > > Best regards,
> > >
> > > Ruth Cao
> > > China Software Development Lab, IBM
> > >
> > >
> >
> >
> > --
> > Best regards,
> > Boris Kuznetsov
> > Intel Middleware Products Division
> >
>
>
>
> --
> Best regards,
>
> Ruth Cao
> China Software Development Lab, IBM
>
>


-- 
Best regards,
Boris Kuznetsov
Intel Middleware Products Division

Mime
View raw message