RFR: 8249783: Simplify DerValue and DerInputStream [v2]

Weijun Wang weijun at openjdk.java.net
Tue Sep 29 03:18:47 UTC 2020


On Tue, 29 Sep 2020 02:53:10 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Yes. In fact I'm not quite confident on our usage of allowBER. In a lot of cases we are actually quite strict. Since
>> this code change is meant to be a refactoring and does not intend to fix many things, I don't intent to make many
>> behavior change.
>
> We have to be strict in "sensitive" area such as signatures. The parsing code seems to be still mainly DER. It was
> never fully BER, but just some. It's good to keep behavior change minimum as this is like a re-write and may already
> have some unintentional changes.

As this constructor calls another with allowBER=true, I leave the BER word there. Yes, I understand our impl is not
always precise. To make it so, we need to adjust the callers everywhere to match the RFCs, but then there will be
compatibility issues.

>> Correct.
>
> Fix the comment then?

Sure.

-------------

PR: https://git.openjdk.java.net/jdk/pull/232



More information about the security-dev mailing list