RFR: 8371156: PBKDF2 default values should not be DER encoded [v2]
Mark Powers
mpowers at openjdk.org
Sun Nov 16 13:44:47 UTC 2025
> [JDK-8371156](https://bugs.openjdk.org/browse/JDK-8371156)
>
> HmacSHA1 is the DEFAULT for PBKDF2. Therefore, it should not be DER encoded.
>
>
> PBKDF2-params ::= SEQUENCE {
> salt CHOICE {
> specified OCTET STRING,
> otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
> },
> iterationCount INTEGER (1..MAX),
> keyLength INTEGER (1..MAX) OPTIONAL,
> prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
> }
Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
comment from weijun
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/28182/files
- new: https://git.openjdk.org/jdk/pull/28182/files/1172c284..b028ee29
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=28182&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=28182&range=00-01
Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/28182.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/28182/head:pull/28182
PR: https://git.openjdk.org/jdk/pull/28182
More information about the security-dev
mailing list