Code Review Request for 7196805: DH Key interoperability testing between SunJCE and JsafeJCE not successful

Wang Weijun at
Tue Jun 25 16:34:21 PDT 2013

ÔÚ Jun 26, 2013£¬6:51 AM£¬"Valerie (Yu-Ching) Peng" <valerie.peng at> дµÀ£º

> It's covered by SQE interoperability tests.

That's enough.

> In terms of regression tests, I think we should not put any 3rd party provider-related stuff.
> I can add a regression test to make sure that optional component doesn't affect the equals check if you see value in doing this kind of test.

That part looks trivial. Not necessary.


> Thanks,
> Valerie
> On 06/24/13 21:20, Weijun Wang wrote:
>> Code change looks fine. No regression test?
>> --Max
>> On 6/20/13 4:45 AM, Valerie (Yu-Ching) Peng wrote:
>>> I have updated the webrev to address your comments:
>>> As for using JDK 8 default method feature, I think maybe it's better to
>>> delay the adoption to a later release since it's easier for sustaining
>>> to just grab current changes and apply to earlier releases.
>>> Thanks for the review & please let me know if you have additional comments,
>>> Valerie
>>> On 06/17/13 22:41, Wang Weijun wrote:
>>>>> I will also apply the same change to P11DHPrivateKey/P11DHPublicKey
>>>>> then. Equality check using ASN.1 encoding is fine for non-DH
>>>>> algorithms but not for DH.
>>>> I cannot read the source codes now, but is it possible to implement
>>>> the equals method right in the base interface using the JDK 8 default
>>>> method feature?
>>>>>> For, it looks like you don't want the first
>>>>>> octet being zero. Is this related to this bug? Is that required in
>>>>>> the "Handbook of Applied Cryptography" book? I understand it could
>>>>>> be necessary for interop.
>>>>> The change is for conforming to the description under section 7.1
>>>>> "Private-value generation" of PKCS#3 DH Key Agreement Standard
>>>>> , i.e.
>>>>> An integer x, the private value, shall be generated
>>>>> privately and randomly. This integer shall satisfy 0<   x<
>>>>> p-1, unless the central authority specifies a private-value
>>>>> length l, in which case the integer shall satisfy 2^(l-1)<=
>>>>> x<   2^l.
>>>> Great. I think you can add a reference to pkcs3. The current wording
>>>> seems to say it's suggested by the Handbook.
>>>> Thanks
>>>> Max

More information about the security-dev mailing list