Re: [classlib][security] Exception compatibility
Boris thank you for your question. I asked myself the same question and choose the same answer as you. Unfortunately as people wrote above we were wrong and they are reasonable. I have already written patch for HARMONY-1120 to follow RI behavior. 2006/9/5, Stepan Mishura [EMAIL PROTECTED]: On 9/4/06, Boris Kuznetsov wrote: Usually Harmony behavior is compared with RI behavior. But in security area RI behavior depends on provider. With different providers RI behave differently. For example, RI passes incorrect method arguments to provider. In such cases provider may throw exception (e.g. DigestException or IllegalArgumentException) or some RuntimeException (e.g. ArrayIndexOutOfBoundsException) may be thrown during the execution. Here is example. There are number of methods with arguments like (byte[] buf, int offset, int len). RI doesn't check if offset and len are negative but Harmony does, so we have difference in behavior (see Harmony-1120, 1148): on combination RI + provider application gets provider specific exception, but on Harmony + provider - IllegalArgumentException (as in other invalid parameters cases). So we have two options: 1. Fix Harmony (remove negative parameters checks) 2. Don't fix. Throw IllegalArgumentException for invalid parameters. Document as non-bug difference from RI. Hi, Boris. We agreed to be exceptions-compatible with RI so we would have chosen the first option. But I think that the first option is not suitable. I'll try to explain why. I have a look at MessageDigest.java and mentioned JIRAs: so there are 4 cases when parameters are invalid and an implementation has to check if: 1) buf - is null 2) offset 0 3) len 0 4) offset + len buf's len The first option means that we have to remove 2 and 3 checks. And leave 1 and 4 as RI does. But 4 check is meaningless without 2 and 3. IOW, it is only valid if offset and len params are correct. IMO chosing the first option is copying inconsistent behaviour. So I vote for the second option. Thanks, Stepan. Note, specification doesn't describe implementation behavior for invalid arguments, but RI also throws IllegalArgumentException if ofsset+len buf.length. So throwing of IllegalArgumentException in Harmony can't break any application. I suggest option 2. Thoughts? Thanks, Boris -- Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Denis M. Kishenko Intel Middleware Products Division - Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [classlib][security] Exception compatibility
IMHO we should look from the perspective of migrating the apps. So let's try to make behavior of Harmony + BC provider close to Sun + Sun's provider If without the checks the combination Harmony+BC works similar to Sun+Sun's provider, then let's remove the checks. Otherwise let's keep it to make the behavior at least logical. Thanks, Mikhail 2006/9/4, Boris Kuznetsov [EMAIL PROTECTED]: Usually Harmony behavior is compared with RI behavior. But in security area RI behavior depends on provider. With different providers RI behave differently. For example, RI passes incorrect method arguments to provider. In such cases provider may throw exception (e.g. DigestException or IllegalArgumentException) or some RuntimeException (e.g. ArrayIndexOutOfBoundsException) may be thrown during the execution. Here is example. There are number of methods with arguments like (byte[] buf, int offset, int len). RI doesn't check if offset and len are negative but Harmony does, so we have difference in behavior (see Harmony-1120, 1148): on combination RI + provider application gets provider specific exception, but on Harmony + provider - IllegalArgumentException (as in other invalid parameters cases). So we have two options: 1. Fix Harmony (remove negative parameters checks) 2. Don't fix. Throw IllegalArgumentException for invalid parameters. Document as non-bug difference from RI. Note, specification doesn't describe implementation behavior for invalid arguments, but RI also throws IllegalArgumentException if ofsset+len buf.length. So throwing of IllegalArgumentException in Harmony can't break any application. I suggest option 2. Thoughts? Thanks, Boris - Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [classlib][security] Exception compatibility
By the way, people what do you think about HARMONY-1110? Problem is we have to reproduce behavior of pattern parser without specification. There is only one example in Java doc which doesn't allow understand when pattern is incorrect. 2006/9/5, Denis Kishenko [EMAIL PROTECTED]: Boris thank you for your question. I asked myself the same question and choose the same answer as you. Unfortunately as people wrote above we were wrong and they are reasonable. I have already written patch for HARMONY-1120 to follow RI behavior. 2006/9/5, Stepan Mishura [EMAIL PROTECTED]: On 9/4/06, Boris Kuznetsov wrote: Usually Harmony behavior is compared with RI behavior. But in security area RI behavior depends on provider. With different providers RI behave differently. For example, RI passes incorrect method arguments to provider. In such cases provider may throw exception (e.g. DigestException or IllegalArgumentException) or some RuntimeException (e.g. ArrayIndexOutOfBoundsException) may be thrown during the execution. Here is example. There are number of methods with arguments like (byte[] buf, int offset, int len). RI doesn't check if offset and len are negative but Harmony does, so we have difference in behavior (see Harmony-1120, 1148): on combination RI + provider application gets provider specific exception, but on Harmony + provider - IllegalArgumentException (as in other invalid parameters cases). So we have two options: 1. Fix Harmony (remove negative parameters checks) 2. Don't fix. Throw IllegalArgumentException for invalid parameters. Document as non-bug difference from RI. Hi, Boris. We agreed to be exceptions-compatible with RI so we would have chosen the first option. But I think that the first option is not suitable. I'll try to explain why. I have a look at MessageDigest.java and mentioned JIRAs: so there are 4 cases when parameters are invalid and an implementation has to check if: 1) buf - is null 2) offset 0 3) len 0 4) offset + len buf's len The first option means that we have to remove 2 and 3 checks. And leave 1 and 4 as RI does. But 4 check is meaningless without 2 and 3. IOW, it is only valid if offset and len params are correct. IMO chosing the first option is copying inconsistent behaviour. So I vote for the second option. Thanks, Stepan. Note, specification doesn't describe implementation behavior for invalid arguments, but RI also throws IllegalArgumentException if ofsset+len buf.length. So throwing of IllegalArgumentException in Harmony can't break any application. I suggest option 2. Thoughts? Thanks, Boris -- Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Denis M. Kishenko Intel Middleware Products Division -- Denis M. Kishenko Intel Middleware Products Division - Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [classlib][security] Exception compatibility
let's talk about it on a different thread 2006/9/5, Denis Kishenko [EMAIL PROTECTED]: By the way, people what do you think about HARMONY-1110? Problem is we have to reproduce behavior of pattern parser without specification. There is only one example in Java doc which doesn't allow understand when pattern is incorrect. 2006/9/5, Denis Kishenko [EMAIL PROTECTED]: Boris thank you for your question. I asked myself the same question and choose the same answer as you. Unfortunately as people wrote above we were wrong and they are reasonable. I have already written patch for HARMONY-1120 to follow RI behavior. 2006/9/5, Stepan Mishura [EMAIL PROTECTED]: On 9/4/06, Boris Kuznetsov wrote: Usually Harmony behavior is compared with RI behavior. But in security area RI behavior depends on provider. With different providers RI behave differently. For example, RI passes incorrect method arguments to provider. In such cases provider may throw exception (e.g. DigestException or IllegalArgumentException) or some RuntimeException (e.g. ArrayIndexOutOfBoundsException) may be thrown during the execution. Here is example. There are number of methods with arguments like (byte[] buf, int offset, int len). RI doesn't check if offset and len are negative but Harmony does, so we have difference in behavior (see Harmony-1120, 1148): on combination RI + provider application gets provider specific exception, but on Harmony + provider - IllegalArgumentException (as in other invalid parameters cases). So we have two options: 1. Fix Harmony (remove negative parameters checks) 2. Don't fix. Throw IllegalArgumentException for invalid parameters. Document as non-bug difference from RI. Hi, Boris. We agreed to be exceptions-compatible with RI so we would have chosen the first option. But I think that the first option is not suitable. I'll try to explain why. I have a look at MessageDigest.java and mentioned JIRAs: so there are 4 cases when parameters are invalid and an implementation has to check if: 1) buf - is null 2) offset 0 3) len 0 4) offset + len buf's len The first option means that we have to remove 2 and 3 checks. And leave 1 and 4 as RI does. But 4 check is meaningless without 2 and 3. IOW, it is only valid if offset and len params are correct. IMO chosing the first option is copying inconsistent behaviour. So I vote for the second option. Thanks, Stepan. Note, specification doesn't describe implementation behavior for invalid arguments, but RI also throws IllegalArgumentException if ofsset+len buf.length. So throwing of IllegalArgumentException in Harmony can't break any application. I suggest option 2. Thoughts? Thanks, Boris -- Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Denis M. Kishenko Intel Middleware Products Division -- Denis M. Kishenko Intel Middleware Products Division - Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [classlib][security] Exception compatibility
BC provider throws the same exceptions as SUN provider (at least for standard digest alg. names: SHA, MD2, MD5, SHA-256, SHA-384, SHA-512). But what about other third party providers? On 9/5/06, Mikhail Loenko [EMAIL PROTECTED] wrote: IMHO we should look from the perspective of migrating the apps. So let's try to make behavior of Harmony + BC provider close to Sun + Sun's provider If without the checks the combination Harmony+BC works similar to Sun+Sun's provider, then let's remove the checks. Otherwise let's keep it to make the behavior at least logical. Thanks, Mikhail 2006/9/4, Boris Kuznetsov [EMAIL PROTECTED]: Usually Harmony behavior is compared with RI behavior. But in security area RI behavior depends on provider. With different providers RI behave differently. For example, RI passes incorrect method arguments to provider. In such cases provider may throw exception (e.g. DigestException or IllegalArgumentException) or some RuntimeException (e.g. ArrayIndexOutOfBoundsException) may be thrown during the execution. Here is example. There are number of methods with arguments like (byte[] buf, int offset, int len). RI doesn't check if offset and len are negative but Harmony does, so we have difference in behavior (see Harmony-1120, 1148): on combination RI + provider application gets provider specific exception, but on Harmony + provider - IllegalArgumentException (as in other invalid parameters cases). So we have two options: 1. Fix Harmony (remove negative parameters checks) 2. Don't fix. Throw IllegalArgumentException for invalid parameters. Document as non-bug difference from RI. Note, specification doesn't describe implementation behavior for invalid arguments, but RI also throws IllegalArgumentException if ofsset+len buf.length. So throwing of IllegalArgumentException in Harmony can't break any application. I suggest option 2. Thoughts? Thanks, Boris - Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Best regards, Boris Kuznetsov Intel Middleware Products Division - Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [classlib][security] Exception compatibility
On 9/4/06, Boris Kuznetsov [EMAIL PROTECTED] wrote: Usually Harmony behavior is compared with RI behavior. But in security area RI behavior depends on provider. With different providers RI behave differently. For example, RI passes incorrect method arguments to provider. In such cases provider may throw exception (e.g. DigestException or IllegalArgumentException) or some RuntimeException (e.g. ArrayIndexOutOfBoundsException) may be thrown during the execution. Here is example. There are number of methods with arguments like (byte[] buf, int offset, int len). RI doesn't check if offset and len are negative but Harmony does, so we have difference in behavior (see Harmony-1120, 1148): on combination RI + provider application gets provider specific exception, but on Harmony + provider - IllegalArgumentException (as in other invalid parameters cases). So we have two options: 1. Fix Harmony (remove negative parameters checks) 2. Don't fix. Throw IllegalArgumentException for invalid parameters. Document as non-bug difference from RI. Note, specification doesn't describe implementation behavior for invalid arguments, but RI also throws IllegalArgumentException if ofsset+len buf.length. So throwing of IllegalArgumentException in Harmony can't break any application. I suggest option 2. I like option1. Why not just pass all parameters to provider as RI, and let the provider determine the behaviour? Thoughts? Thanks, Boris - Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Andrew Zhang China Software Development Lab, IBM
Re: [classlib][security] Exception compatibility
On 9/4/06, Boris Kuznetsov [EMAIL PROTECTED] wrote: Usually Harmony behavior is compared with RI behavior. But in security area RI behavior depends on provider. With different providers RI behave differently. For example, RI passes incorrect method arguments to provider. In such cases provider may throw exception (e.g. DigestException or IllegalArgumentException) or some RuntimeException (e.g. ArrayIndexOutOfBoundsException) may be thrown during the execution. Here is example. There are number of methods with arguments like (byte[] buf, int offset, int len). RI doesn't check if offset and len are negative but Harmony does, so we have difference in behavior (see Harmony-1120, 1148): on combination RI + provider application gets provider specific exception, but on Harmony + provider - IllegalArgumentException (as in other invalid parameters cases). So we have two options: 1. Fix Harmony (remove negative parameters checks) 2. Don't fix. Throw IllegalArgumentException for invalid parameters. Document as non-bug difference from RI. Note, specification doesn't describe implementation behavior for invalid arguments, but RI also throws IllegalArgumentException if ofsset+len buf.length. So throwing of IllegalArgumentException in Harmony can't break any application. I suggest option 2. Thoughts? According to our Compatibility guidelines[1], I suggest we follow RI for this issue, because the spec does not describe the behavior clearly and it seems that RI's behavior is not so illogical ;-) [1] http://incubator.apache.org/harmony/subcomponents/classlibrary/compat.html Best regards, Richard Thanks, Boris - Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Richard Liang China Software Development Lab, IBM - Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [classlib][security] Exception compatibility
On 9/4/06, Boris Kuznetsov wrote: Usually Harmony behavior is compared with RI behavior. But in security area RI behavior depends on provider. With different providers RI behave differently. For example, RI passes incorrect method arguments to provider. In such cases provider may throw exception (e.g. DigestException or IllegalArgumentException) or some RuntimeException (e.g. ArrayIndexOutOfBoundsException) may be thrown during the execution. Here is example. There are number of methods with arguments like (byte[] buf, int offset, int len). RI doesn't check if offset and len are negative but Harmony does, so we have difference in behavior (see Harmony-1120, 1148): on combination RI + provider application gets provider specific exception, but on Harmony + provider - IllegalArgumentException (as in other invalid parameters cases). So we have two options: 1. Fix Harmony (remove negative parameters checks) 2. Don't fix. Throw IllegalArgumentException for invalid parameters. Document as non-bug difference from RI. Hi, Boris. We agreed to be exceptions-compatible with RI so we would have chosen the first option. But I think that the first option is not suitable. I'll try to explain why. I have a look at MessageDigest.java and mentioned JIRAs: so there are 4 cases when parameters are invalid and an implementation has to check if: 1) buf - is null 2) offset 0 3) len 0 4) offset + len buf's len The first option means that we have to remove 2 and 3 checks. And leave 1 and 4 as RI does. But 4 check is meaningless without 2 and 3. IOW, it is only valid if offset and len params are correct. IMO chosing the first option is copying inconsistent behaviour. So I vote for the second option. Thanks, Stepan. Note, specification doesn't describe implementation behavior for invalid arguments, but RI also throws IllegalArgumentException if ofsset+len buf.length. So throwing of IllegalArgumentException in Harmony can't break any application. I suggest option 2. Thoughts? Thanks, Boris -- Terms of use : http://incubator.apache.org/harmony/mailing.html To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]