Fixes for Cipher, AlgorithmParameters, SecretKeyFactory#166
Merged
rlm2002 merged 6 commits intowolfSSL:masterfrom Nov 6, 2025
Merged
Fixes for Cipher, AlgorithmParameters, SecretKeyFactory#166rlm2002 merged 6 commits intowolfSSL:masterfrom
rlm2002 merged 6 commits intowolfSSL:masterfrom
Conversation
…urrent SunJCE default
There was a problem hiding this comment.
Pull Request Overview
This PR adds OID alias support for AES Cipher and HMAC-SHA algorithms, fixes a PBEKeySpec key length bug to return bits instead of bytes, and improves AES AlgorithmParameters encoding/decoding support. It also adds serialization support for DH/EC keys and changes the default AES key size from 128 to 256 bits.
- Added OID aliases for AES cipher modes (ECB, CBC, OFB) and HMAC-SHA algorithms
- Fixed PBEKeySpec to return key length in bits instead of bytes
- Implemented ASN.1 encoding/decoding for AES AlgorithmParameters
- Added serialization support for DH and EC public/private keys
Reviewed Changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 20 comments.
Show a summary per file
| File | Description |
|---|---|
| WolfCryptSecretKeyFactory.java | Fixed bug where PBEKeySpec was initialized with key length in bytes instead of bits |
| WolfCryptProvider.java | Added OID and algorithm aliases for AES cipher modes and HMAC algorithms |
| WolfCryptKeyGenerator.java | Changed default AES key size from 128 bits to 256 bits |
| WolfCryptECPublicKey.java | Added readObject method for proper deserialization and made stateLock non-final |
| WolfCryptECPrivateKey.java | Added readObject method for proper deserialization and made stateLock non-final |
| WolfCryptDHPublicKey.java | Added readObject method, extraction methods for parameters, and made stateLock non-final |
| WolfCryptDHPrivateKey.java | Added readObject method, extraction methods for parameters, and made stateLock non-final |
| WolfCryptCipher.java | Added buffer reset on cipher initialization to prevent stale data issues |
| WolfCryptAesParameters.java | Implemented ASN.1 encoding/decoding support and added double initialization checks |
| WolfCryptSecretKeyFactoryTest.java | Added test for PBEKeySpec key length in bits |
| WolfCryptMacTest.java | Added tests for HMAC OID aliases |
| WolfCryptKeyGeneratorTest.java | Added test for AES 256-bit default key size |
| WolfCryptKeyAgreementTest.java | Added tests for DH/EC key serialization |
| WolfCryptCipherTest.java | Added tests for AES AlgorithmParameters encoding and OID aliases |
| README_JCE.md | Updated documentation with new OID aliases |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
src/test/java/com/wolfssl/provider/jce/test/WolfCryptKeyGeneratorTest.java
Outdated
Show resolved
Hide resolved
src/main/java/com/wolfssl/provider/jce/WolfCryptAesParameters.java
Outdated
Show resolved
Hide resolved
src/test/java/com/wolfssl/provider/jce/test/WolfCryptKeyAgreementTest.java
Outdated
Show resolved
Hide resolved
src/main/java/com/wolfssl/provider/jce/WolfCryptDHPublicKey.java
Outdated
Show resolved
Hide resolved
src/main/java/com/wolfssl/provider/jce/WolfCryptDHPrivateKey.java
Outdated
Show resolved
Hide resolved
src/main/java/com/wolfssl/provider/jce/WolfCryptDHPrivateKey.java
Outdated
Show resolved
Hide resolved
src/main/java/com/wolfssl/provider/jce/WolfCryptDHPrivateKey.java
Outdated
Show resolved
Hide resolved
src/main/java/com/wolfssl/provider/jce/WolfCryptDHPrivateKey.java
Outdated
Show resolved
Hide resolved
src/main/java/com/wolfssl/provider/jce/WolfCryptDHPrivateKey.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 15 out of 15 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…HPublicKey, ECPrivateKey, ECPublicKey
rlm2002
approved these changes
Nov 6, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR includes various fixes including:
Cipher.engineInit()AlgorithmParametersencoding supportPBEKeykey length when creating inSecretKeyFactory.engineGetKeySpec()KeyGeneratorto 256-bits (32 bytes) to match current SunJCE defaultCipherAES andMacHmac algorithm aliasesreadObject()methods forDHPrivateKey,DHPublicKey,ECPrivateKey,ECPublicKeyJUnit tests are included to prevent regression.