RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]
Valerie Peng
valeriep at openjdk.org
Sat Jun 3 00:03:23 UTC 2023
On Thu, 1 Jun 2023 22:06:47 GMT, Francisco Ferrari Bihurriet <duke at openjdk.org> wrote:
>> @valeriepeng: I agree, `DEFAULT_ITERATIONS` should be used here and only here, so we consistently initialize any defaults in a single place. We'll update that.
>
> There are cases in which _salt_ and _iteration count_ come from the _key_ (`javax.crypto.interfaces.PBEKey`), so `PBES2Params.initialize()` shouldn't try to extract them from `params` (when it is `PBEParameterSpec`). To solve the inconsistency, and in line with your other comment, let's allow `params` to only be `IvParameterSpec`. But let's still receive it as `AlgorithmParameterSpec`, so we can check its type here (and make it simpler for callers), where only `IvParameterSpec` is allowed (plus `null` when encrypting).
Sure, sounds reasonable.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1214982193
More information about the security-dev
mailing list