Code Review request: 8028591: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
Xuelei Fan
xuelei.fan at oracle.com
Wed Mar 12 11:26:25 UTC 2014
On 3/12/2014 7:22 PM, Xuelei Fan wrote:
> On 3/12/2014 6:14 PM, Wang Weijun wrote:
>>>> According to Xuelei, BER (that supports indefinite length method) is still a popular format, PKCS#7 is BER based, and JDK accepts PKCS#7 records. I think that's why it needs to support indefinite length.
>> I don't know about the details in PKCS #7. Does it say a set/sequence can have indefinite length, but not octet string?
>>
> From PKCS#7:
> ============
> The standard is designed such that the enhanced content types can be
> prepared defined in a single pass using indefinite-length BER encoding,
> and processed in a single [RSA78]. pass in any BER encoding.
>
Ooops, bad copy and past:
- and processed in a single [RSA78]. pass in any BER encoding.
+ and processed in a single pass in any BER encoding.
>
> BTW, X.509 cert and CRL are also not necessary DER fully encoded. See
> my previous reply in the same thread.
>
>
> Xuelei
>
More information about the security-dev
mailing list