RFR: 8371156: PBKDF2 default values should not be DER encoded
Weijun Wang
weijun at openjdk.org
Fri Nov 14 19:14:10 UTC 2025
On Thu, 6 Nov 2025 19:49:56 GMT, Mark Powers <mpowers at openjdk.org> wrote:
> [JDK-8371156](https://bugs.openjdk.org/browse/JDK-8371156)
>
> HmacSHA1 is the DEFAULT for PBKDF2. Therefore, it should not be DER encoded.
>
>
> PBKDF2-params ::= SEQUENCE {
> salt CHOICE {
> specified OCTET STRING,
> otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
> },
> iterationCount INTEGER (1..MAX),
> keyLength INTEGER (1..MAX) OPTIONAL,
> prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
> }
test/jdk/sun/security/pkcs12/ImportPassKeyAlg.java line 96:
> 94: // 003B:000E [1013] SEQUENCE
> 95: // 003D:000A [10130] OID 1.2.840.113549.2.7 (HmacSHA1)
> 96: // 0047:0002 [10131] NULL
Thanks for catching this. Unfortunately, the example encoding shown here is exactly for the HmacSHA1 case so it's incorrect now. You can change line 95 above to
003D:000A [10130] OID 1.2.840.113549.2.9 (HmacSHA256)
Otherwise, all good.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28182#discussion_r2528635531
More information about the security-dev
mailing list