Integrated: 8371156: PBKDF2 default values should not be DER encoded
Mark Powers
mpowers at openjdk.org
Mon Nov 17 15:02:58 UTC 2025
On Thu, 6 Nov 2025 19:49:56 GMT, Mark Powers <mpowers at openjdk.org> wrote:
> [JDK-8371156](https://bugs.openjdk.org/browse/JDK-8371156)
>
> HmacSHA1 is the DEFAULT for PBKDF2. Therefore, it should not be DER encoded.
>
>
> PBKDF2-params ::= SEQUENCE {
> salt CHOICE {
> specified OCTET STRING,
> otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
> },
> iterationCount INTEGER (1..MAX),
> keyLength INTEGER (1..MAX) OPTIONAL,
> prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
> }
This pull request has now been integrated.
Changeset: 52ffe8a0
Author: Mark Powers <mpowers at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/52ffe8a09637701cf93d3425b69089ced5ad4dcb
Stats: 23 lines in 3 files changed: 17 ins; 1 del; 5 mod
8371156: PBKDF2 default values should not be DER encoded
Reviewed-by: weijun
-------------
PR: https://git.openjdk.org/jdk/pull/28182
More information about the security-dev
mailing list