Code Review Request for 7196805: DH Key interoperability testing between SunJCE and JsafeJCE not successful
Valerie (Yu-Ching) Peng
valerie.peng at oracle.com
Wed May 29 01:25:48 UTC 2013
Vinnie,
Can you help reviewing my fix for 7196805 "DH Key interoperability
testing between SunJCE and JsafeJCE not successful"?
In SunJCE provider, the equality check for DH private/public keys is
based on DER encoding which may not be correct all the time due to the
optional L value defined in the DER syntax. In addition, JsafeJCE
provider sometimes encode the optional L value incorrectly which leads
to unexpected IOException when parsing the DER bytes.
I have changed the comparison to based on component values rather than
DER encodings which may vary due to the presence or missing of optional
values. In addition, I made the changes to DHKeyPairGenerator to ensure
that generated private value has the requested length/size.
Webrev: http://cr.openjdk.java.net/~valeriep/7196805/webrev.00/
Thanks,
Valerie
More information about the security-dev
mailing list