Code Review request: 8028591: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()

Xuelei Fan xuelei.fan at oracle.com
Wed Mar 12 11:22:20 UTC 2014


On 3/12/2014 6:14 PM, Wang Weijun wrote:
>> > According to Xuelei, BER (that supports indefinite length method) is still a popular format, PKCS#7 is BER based, and JDK accepts PKCS#7 records. I think that's why it needs to support indefinite length.
> I don't know about the details in PKCS #7. Does it say a set/sequence can have indefinite length, but not octet string?
> 
>From PKCS#7:
============
The standard is designed such that the enhanced content types can be
prepared defined in a single pass using indefinite­-length BER encoding,
and processed in a single [RSA78]. pass in any BER encoding.


BTW, X.509 cert and CRL are also not necessary DER fully encoded.  See
my previous reply in the same thread.


Xuelei



More information about the security-dev mailing list