RFR: 8348732: SunJCE and SunPKCS11 have different PBE key encodings [v2]
Valerie Peng
valeriep at openjdk.org
Thu Mar 27 20:57:17 UTC 2025
On Tue, 25 Mar 2025 18:34:00 GMT, Francisco Ferrari Bihurriet <fferrari at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> apply the suggested changes and minor code refactoring.
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java line 203:
>
>> 201: // because this is a PBE Mac service. In addition to checking
>> 202: // the key, check that params (if passed) are consistent.
>> 203: PBEUtil.checkKeyAndParams(key, params, algorithm);
>
> Both usages of `PBEUtil.checkKeyAndParams` have been removed (this is the first one), so we should now remove it from `src/java.base/share/classes/sun/security/util/PBEUtil.java`.
Sure, will remove. less code to maintain.
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PBECipher.java line 135:
>
>> 133: // because this is a PBE Cipher service. In addition to checking the
>> 134: // key, check that params (if passed) are consistent.
>> 135: PBEUtil.checkKeyAndParams(key, params, pbeAlg);
>
> Both usages of `PBEUtil.checkKeyAndParams` have been removed (this is the second one), so we should now remove it from `src/java.base/share/classes/sun/security/util/PBEUtil.java`.
Yes.
> test/jdk/sun/security/pkcs11/Mac/PBAMac.java line 114:
>
>> 112: "ae6b69cf9edfd9cd8c3b51cdf2b0243502f35a3e6007f33b1ab73568" +
>> 113: "2ea81ea562f4383bb9512ff70752367b7259b16f"),
>> 114: macAssertionData("HmacPBESHA512", "HmacSHA512",
>
> nit: all the `macAssertionData` calls are now indented with an extra space (13 leading spaces in total).
Yes, should be 12 spaces.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24068#discussion_r2017585554
PR Review Comment: https://git.openjdk.org/jdk/pull/24068#discussion_r2017588409
PR Review Comment: https://git.openjdk.org/jdk/pull/24068#discussion_r2017587244
More information about the security-dev
mailing list