RFR: 8371156: PBKDF2 default values should not be DER encoded [v2]
Weijun Wang
weijun at openjdk.org
Sun Nov 16 16:41:03 UTC 2025
On Sun, 16 Nov 2025 13:44:47 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> [JDK-8371156](https://bugs.openjdk.org/browse/JDK-8371156)
>>
>> HmacSHA1 is the DEFAULT for PBKDF2. Therefore, it should not be DER encoded.
>>
>>
>> PBKDF2-params ::= SEQUENCE {
>> salt CHOICE {
>> specified OCTET STRING,
>> otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
>> },
>> iterationCount INTEGER (1..MAX),
>> keyLength INTEGER (1..MAX) OPTIONAL,
>> prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
>> }
>
> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>
> comment from weijun
Everything looks fine. Thanks.
-------------
Marked as reviewed by weijun (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/28182#pullrequestreview-3470287664
More information about the security-dev
mailing list