RFR 8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
Svetlana Nikandrova
svetlana.nikandrova at oracle.com
Mon Aug 29 18:23:55 UTC 2016
Hi Artem,
thank you for your replay. I've updated copyright and made separate test
for this bug.
As for Arrays.copyOfRange() unfortunately it won't simplify code in my
case. I need to extend an array, not to get a sub-array of existing one.
http://cr.openjdk.java.net/~snikandrova/8157404/webrev.01/
<http://cr.openjdk.java.net/%7Esnikandrova/8157404/webrev.01/>
Thanks,
Svetlana
On 26.08.2016 23:48, Artem Smotrakov wrote:
>
> Hi Svetlana,
>
> DerValue class may be implicitly used in different areas (x509,
> SSL/TLS, keystores, maybe krb5, etc). Please make sure that tests from
> jdk_security pass.
>
> I'll leave the main review to someone who is more knowledgeable in
> this area, here are a couple of comments:
> - Please update copyright year
> - You may want to replace new byte[] + System.arraycopy() by
> Arrays.copyOfRange()
> - It may be better to add a separate test case in ReadP12Test.java for
> SequenceInputStream instead of loading a keystore twice in each call
> to readTest(). One test with SequenceInputStream seems to be enough,
> and it would make the logic of readTest() clearer.
>
> Artem
>
> On 08/26/2016 10:58 AM, Svetlana Nikandrova wrote:
>> Hello,
>>
>> please review this fix. It's not possible to read PKCS12 keystore
>> with big undefined length DER value in it from SequenceInputStream.
>> Root cause of the problem is that sun.security.util.DerValue relays
>> on InputStream.available() to get a complete 'indefinite.length'
>> section length and then read it, but for SequenceInputStream this
>> method returns number of available bytes only for current input
>> stream, not the whole sequence. Fixed to read all available data.
>>
>> JBS:
>> https://bugs.openjdk.java.net/browse/JDK-8157404
>> Webrev:
>> http://cr.openjdk.java.net/~snikandrova/8157404/webrev.00/
>> <http://cr.openjdk.java.net/%7Esnikandrova/8157404/webrev.00/>
>>
>> Thanks,
>> Svetlana
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20160829/ebf58956/attachment.htm>
More information about the security-dev
mailing list