[Bug 356] keytool doesn't handle SHA384withECDSA signatures
bugzilla-daemon at icedtea.classpath.org
bugzilla-daemon at icedtea.classpath.org
Thu Aug 27 11:30:09 PDT 2009
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=356
------- Comment #16 from gnu_andrew at member.fsf.org 2009-08-27 18:30 -------
The problem is that the Java code doesn't support an DER encoded key.
>From mozilla/security/nss/lib/softoken/pkcs11.c in NSS:
/* special note: We can't just use the first byte to determine
* between these 2 cases because both EC_POINT_FORM_UNCOMPRESSED
* and SEC_ASN1_OCTET_STRING are 0x04 */
/* handle the non-DER encoded case (UNCOMPRESSED only) */
if (pubKey->u.ec.publicValue.data[0] == EC_POINT_FORM_UNCOMPRESSED
&& pubKey->u.ec.publicValue.len == keyLen) {
break; /* key was not DER encoded, no need to unwrap */
}
/* if we ever support compressed, handle it here */
/* handle the encoded case */
if ((pubKey->u.ec.publicValue.data[0] == SEC_ASN1_OCTET_STRING)
&& pubKey->u.ec.publicValue.len > keyLen) {
SECItem publicValue;
SECStatus rv;
rv = SEC_QuickDERDecodeItem(arena, &publicValue,
SEC_ASN1_GET(SEC_OctetStringTemplate),
&pubKey->u.ec.publicValue);
/* nope, didn't decode correctly */
if ((rv != SECSuccess)
|| (publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED)
|| (publicValue.len != keyLen)) {
crv = CKR_ATTRIBUTE_VALUE_INVALID;
break;
}
/* replace our previous with the decoded key */
pubKey->u.ec.publicValue = publicValue;
break;
}
--
Configure bugmail: http://icedtea.classpath.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the distro-pkg-dev
mailing list