RFR 8048357: PKCS basic tests

Bernd Eckenfels ecki at zusammenkunft.net
Fri Aug 21 00:32:05 UTC 2015


Hello Amanda,

out of curiosity I was looking at the tests, and have a few comments:

PKCS7VerifyTest.java
63        byte[] base64Bytes = new byte[pkcs7In.available()];
64                 if (pkcs7In.read(base64Bytes) < base64Bytes.length) {

There are two pet peeves of mine. available() to get the file length
and reading without a loop. Both (and more code) could be avoided with
Files.readAllBytes()

SignOrder.java
(not sure what the DER contains. comment? but generally speaking):

94         AlgorithmId[] algIds = {new AlgorithmId(AlgorithmId.MD5_oid),
95             new AlgorithmId(AlgorithmId.SHA_oid)};
...
192             keyGen.initialize(512);

Would it be better to test with more modern algorithms (SHA2) and
larger (1024) key sizes. Especially since this will reduce problems
when weak 512bit keys some times in the future get blocked.

Gruss
Bernd


Am Thu, 20 Aug 2015 16:11:32 -0700
schrieb Amanda Jiang <amanda.jiang at oracle.com>:

> Hi All,
> 
> Please be free to review new tests for conformance testing of PKCS.
> 
> bug: https://bugs.openjdk.java.net/browse/JDK-8048357
> webrev: http://cr.openjdk.java.net/~amjiang/8048357/webrev.01/
> 
> Thanks,
> Amanda
> 


More information about the security-dev mailing list