Code review request: 7197245: Eliminate sun.security.ssl.JsseJce dependency on sun.security.ec
Vincent Ryan
vincent.x.ryan at oracle.com
Mon Sep 17 14:01:56 UTC 2012
Thanks Mike.
I've filed a bug on that and will fix it separately from 7197245/7194075:
7198901: correct the field size check when decoding a point on ECC curve
On 12 Sep 2012, at 19:19, Michael StJohns wrote:
> Sorry - additional comment. I think this one needs to be entered as a bug as it needs to be fixed both places.
>
> In encodePoint at 426,427
>
> int n = (data.length -1 ) / 2; // fix component size calculation.
> if ( n != ((curve.getField().getFieldSize() + 7 ) >> 3)) { // has to be equal, not just greater.
>
> Per x9.63 an encoded point is 1 byte of type followed by ceiling(log base 2 field size/8) bytes of x and same of y. You can't trim or pad extra left zeros.
>
>
> At 12:22 PM 9/11/2012, Vincent Ryan wrote:
>
>> Hello Brad,
>>
>> Please review these changes to eliminate the dependency between the
>> SunJSSE provider and the ECParameters and NamedCurve classes in the
>> SunEC provider.
>>
>> http://cr.openjdk.java.net/~vinnie/7197245/webrev.00/
>>
>> Thanks.
>
>
More information about the security-dev
mailing list