diff options
Diffstat (limited to 'gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java')
-rw-r--r-- | gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java b/gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java index 34fb00706..98ea47653 100644 --- a/gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java +++ b/gnu/javax/crypto/key/dh/DHKeyPairPKCS8Codec.java @@ -98,6 +98,13 @@ public class DHKeyPairPKCS8Codec * q INTEGER -- factor of p-1 * } * </pre> + * <p> + * <b>IMPORTANT</b>: with RI's {@link javax.crypto.spec.DHGenParameterSpec} + * and {@link javax.crypto.spec.DHParameterSpec} classes, we may end up with + * Diffie-Hellman keys that have a <code>null</code> for the <code>q</code> + * parameter. RFC-2631 DOES NOT allow for an <i>optional</i> value for that + * parameter, hence we replace such null values with <code>0</code>, and do + * the reverse in the corresponding decode method. * * @return the DER encoded form of the ASN.1 representation of the * <i>PrivateKeyInfo</i> field in an X.509 certificate. @@ -117,6 +124,8 @@ public class DHKeyPairPKCS8Codec BigInteger p = pk.getParams().getP(); BigInteger g = pk.getParams().getG(); BigInteger q = pk.getQ(); + if (q == null) + q = BigInteger.ZERO; BigInteger x = pk.getX(); ArrayList params = new ArrayList(3); @@ -212,6 +221,8 @@ public class DHKeyPairPKCS8Codec val = der.read(); DerUtil.checkIsBigInteger(val, "Wrong Q field"); q = (BigInteger) val.getValue(); + if (q.compareTo(BigInteger.ZERO) == 0) + q = null; val = der.read(); byte[] xBytes = (byte[]) val.getValue(); |