RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]
Martin Balao
mbalao at openjdk.org
Tue Jun 6 03:07:07 UTC 2023
On Sat, 3 Jun 2023 00:00:04 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> There are cases in which _salt_ and _iteration count_ come from the _key_ (`javax.crypto.interfaces.PBEKey`), so `PBES2Params.initialize()` shouldn't try to extract them from `params` (when it is `PBEParameterSpec`). To solve the inconsistency, and in line with your other comment, let's allow `params` to only be `IvParameterSpec`. But let's still receive it as `AlgorithmParameterSpec`, so we can check its type here (and make it simpler for callers), where only `IvParameterSpec` is allowed (plus `null` when encrypting).
>
> Sure, sounds reasonable.
Both changes (passing a IvParameterSpec instance and consolidating defaults for iteration count in a single place) look good to me.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1218807629
More information about the security-dev
mailing list