[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug classpath/27372] BigInteger should use nextBytes()

From: gnu at frogcircus dot org
Subject: [Bug classpath/27372] BigInteger should use nextBytes()
Date: 11 May 2006 13:49:37 -0000

------- Comment #5 from gnu at frogcircus dot org  2006-05-11 13:49 -------
Comments from David Hook of the BouncyCastle project:

The comment ignores the fact that other BigInteger implementations,
including the reference implementation, already conform to the behavior of  
only consuming what bytes are necessary. It is fair enough to argue that the
spec may not document this fact, however the correct answer may be that the
spec should be extended to include this fact, as ignoring it makes it almost
impossible to write a test which incorporates a number of uses of a
SecureRandom class including that of generating BigIntegers as you would
need to implement the test class to recognize why nextInt() is being called
in addition to just providing a mock random data stream. Implementation is
not the only thing that may have holes in it.

Having said that, perhaps describing this as an enhancement request would be
a better way of putting it, "bug report" is perhaps a bit harsh as it's
beginning to sound more like a bug in the spec. While this difference exists
it will not be true to say that the BigInteger class in Classpath is
compatible with the one in the Sun reference implementation, but it will be
true to say that there is nothing to prevent anyone from working with
BigInteger making the same "mistake" that is in some of the Bouncy Castle
tests, so this problem will continue to rear its head simply because the
Classpath project has chosen to be different and it will cause considerably
more work in the wider community to deal with this than simply making the
BigInteger implementation conformant will, from that point while the stance
of sticking with nextInt() may not be necessarily wrong, it is clearly not
going to be helpful. To date Classpath is the only VM implementation with
this difference that Bouncy Castle is aware of.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]