RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v10]
Mark Powers
mpowers at openjdk.org
Wed Oct 1 00:30:31 UTC 2025
On Mon, 29 Sep 2025 21:02:43 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>>
>> another day another iteration
>
> src/java.base/share/classes/com/sun/crypto/provider/PBMAC1Parameters.java line 184:
>
>> 182: * Returns a formatted string describing the parameters.
>> 183: */
>> 184: public String engineToString() {
>
> Useless now. Therefore, `pbmac1AlgorithmName` is also useless.
fixed
> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 262:
>
>> 260: "PBKDF2WithHmacSHA512" : "PBKDF2WithHmacSHA256");
>> 261: try {
>> 262: int keyLength = Hmac.equals("HmacSHA512") ? 64*8 : 32*8;
>
> Use `Mac.getInstance(Hmac).getMacLength()`. There are other algorithms.
Good Suggestion.
> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 287:
>
>> 285: return mData;
>> 286: }
>> 287:
>
> For all methods below, unless one is used outside of this class, there is no need to create a getter method.
fixed
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2393136697
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2393136206
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2393136376
More information about the security-dev
mailing list