RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]
Francisco Ferrari Bihurriet
duke at openjdk.org
Thu Jun 1 22:10:22 UTC 2023
On Thu, 1 Jun 2023 22:06:04 GMT, Francisco Ferrari Bihurriet <duke at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/PBEUtil.java line 105:
>>
>>> 103: "needed for decryption");
>>> 104: }
>>> 105: }
>>
>> Isn't there also default value for iteration count? 'params' can be PBEParameterSpec (line 82) but its salt and iteration count values aren't used comparing to the IvParameterSpec inside. Seems a bit inconsistent?
>
> @valeriepeng: I agree, `DEFAULT_ITERATIONS` should be used here and only here, so we consistently initialize any defaults in a single place. We'll update that.
There are cases in which _salt_ and _iteration count_ come from the _key_ (`javax.crypto.interfaces.PBEKey`), so `PBES2Params.initialize()` shouldn't try to extract them from `params` (when it is `PBEParameterSpec`). To solve the inconsistency, and in line with your other comment, let's allow `params` to only be `IvParameterSpec`. But let's still receive it as `AlgorithmParameterSpec`, so we can check its type here (and make it simpler for callers), where only `IvParameterSpec` is allowed (plus `null` when encrypting).
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1213728625
More information about the security-dev
mailing list