RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v10]
Mark Powers
mpowers at openjdk.org
Thu Oct 2 18:09:09 UTC 2025
On Mon, 29 Sep 2025 21:00:13 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>>
>> another day another iteration
>
> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 190:
>
>> 188: var skf = SecretKeyFactory.getInstance(
>> 189: kdfHmac.equals("HmacSHA512") ?
>> 190: "PBKDF2WithHmacSHA512" : "PBKDF2WithHmacSHA256");
>
> The calculation of mac can be consolidated in one method, which is then called by both `processMacData` and `calculateMac`.
fixed
> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 250:
>
>> 248: }
>> 249: }
>> 250: // Fall back to old way of computing MAC
>
> This is not a fallback. There are 2 different kinds of algorithms. If it starts with "PBEWith", PBMAC1 is used. If it starts with "HmacPBE", the old algorithm is used.
fixed
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2399651513
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2399651055
More information about the security-dev
mailing list