Code Review Request for 7196805: DH Key interoperability testing between SunJCE and JsafeJCE not successful

Valerie (Yu-Ching) Peng valerie.peng at oracle.com
Wed May 29 01:25:48 UTC 2013


Vinnie,

Can you help reviewing my fix for 7196805 "DH Key interoperability 
testing between SunJCE and JsafeJCE not successful"?

In SunJCE provider, the equality check for DH private/public keys is 
based on DER encoding which may not be correct all the time due to the 
optional L value defined in the DER syntax. In addition, JsafeJCE 
provider sometimes encode the optional L value incorrectly which leads 
to unexpected IOException when parsing the DER bytes.
I have changed the comparison to based on component values rather than 
DER encodings which may vary due to the presence or missing of optional 
values. In addition, I made the changes to DHKeyPairGenerator to ensure 
that generated private value has the requested length/size.

Webrev: http://cr.openjdk.java.net/~valeriep/7196805/webrev.00/

Thanks,
Valerie



More information about the security-dev mailing list