RFR: [CSR] JDK-8221936: Improvements to SunJCE implementation of PBES2 Parameters

Jamil Nimeh jamil.j.nimeh at oracle.com
Fri Apr 5 23:43:33 UTC 2019


I'm pretty close to a webrev, but I need to write up the tests still.  
I've made a lot of changes in PBES2Parameters to make the internal state 
of the object more consistent as it leaves the init state.  The other 
major change is how the KDFs and encryption schemes are modeled in 
PBES2Parameters.  The way I've done it I think will make it more 
extensible if we want to support other PBES2 parameter encodings in the 
future.  It is all contained within that one file though.

--Jamil

On 4/5/2019 4:12 PM, Valerie Peng wrote:
> Hi Jamil,
>
> Do you have a webrev ready? For this particular case, I feel it's 
> probably better to review the webrev first and agree on the 
> changes/approach and then file csr to document the 
> impact/incompatibility.
>
> Thanks,
>
> Valerie
>
> On 4/4/2019 6:08 AM, Jamil Nimeh wrote:
>> Hello all,
>>
>> This CSR covers some improvements and behavioral changes specifically 
>> to the SunJCE implementation of PBES2-based AlgorithmParameters.  The 
>> original bug, JDK-8076999, was partially fixed by JDK-8202837 and the 
>> remaining issue to fix involves expanding the accepted PRFs and 
>> encryption schemes when initializing using DER-encoding.  Working on 
>> that issue brought about some additional behavioral improvements 
>> which are documented in the CSR below.
>>
>> https://bugs.openjdk.java.net/browse/JDK-8221936
>>
>> Thank you,
>> --Jamil



More information about the security-dev mailing list