RFR: 8249783: Simplify DerValue and DerInputStream [v2]

Valerie Peng valeriep at openjdk.java.net
Tue Sep 29 04:16:45 UTC 2020


On Tue, 29 Sep 2020 03:12:42 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Well, allowBER may be false? How about ASN.1/DER/BER?
>
> I'll just write ASN.1 then.

Sure.

>> We have to be strict in "sensitive" area such as signatures. The parsing code seems to be still mainly DER. It was
>> never fully BER, but just some. It's good to keep behavior change minimum as this is like a re-write and may already
>> have some unintentional changes.
>
> As this constructor calls another with allowBER=true, I leave the BER word there. Yes, I understand our impl is not
> always precise. To make it so, we need to adjust the callers everywhere to match the RFCs, but then there will be
> compatibility issues.

Yes, I agree.

-------------

PR: https://git.openjdk.java.net/jdk/pull/232



More information about the security-dev mailing list