[15] RFR JDK-8242151 Improve OID mapping and reuse among JDK security providers for aliases registration

Valerie Peng valerie.peng at oracle.com
Tue May 12 01:25:22 UTC 2020

Thanks for filing the bug for PBES2Parameters class.

Webrev for 8242151 is updated at: 

It addresses:

- added KnownOIDs for CurveDB class
- updated the KDF parsing code in PBES2Parameters class to match 
existing behavior
- removed the String constants of PKCS9Attribute class and commented out 
its constructor which takes String argument
- use 3rd party aliasing info in AlgorithmId.getName() impl
- misc changes to KnownOIDs class regarding the register() impl



On 5/6/2020 6:59 PM, Weijun Wang wrote:
>> It seems that existing impl of PBES2Parameters class only enforces that the KDF algo is one of the HmacSHAxxx. But it does not throw exception if the instance is requested with "PBEWithHmacSHA256AndAES_256" and then initialized with DER encoding containing "PBEWithHmacSHA512AndAES_256". Perhaps it should be further tightened up?
> I think so. There is a general "PBES2" that allows filling in the algorithms at init() but if they are already inside the algorithm name, then only the same can appear in the encoding.
> Filed https://bugs.openjdk.java.net/browse/JDK-8244564. Maybe we will backport it.
> --Max

More information about the security-dev mailing list