RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v10]
Mark Powers
mpowers at openjdk.org
Thu Oct 2 19:43:56 UTC 2025
On Thu, 2 Oct 2025 18:37:00 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/PBMAC1Parameters.java line 86:
>>
>>> 84: protected void Init(AlgorithmParameterSpec paramSpec)
>>> 85: throws InvalidParameterSpecException {
>>> 86: if (!(paramSpec instanceof PBEParameterSpec)) {
>>
>> Use the instanceof pattern (see JEP 394) to avoid the need to cast on lines 90 and 91.
>
> fixed
fixed
>> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 178:
>>
>>> 176: throws Exception {
>>> 177: final String kdfHmac;
>>> 178: final String Hmac;
>>
>> Use lower-case as first letter of variable names, s/Hmac/hmac
>
> fixed
fixed
>> src/java.base/share/classes/sun/security/util/PBKDF2Parameters.java line 151:
>>
>>> 149: */
>>> 150: public byte[] getSalt() {
>>> 151: return this.salt.clone();
>>
>> I don't think you need to return a clone here as you are just using it internally and not mutating it or exposing it to applications that could modify it. I'll double-check as I review the rest of the code.
>
> fixed
fixed
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2399889006
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2399889926
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2399886026
More information about the security-dev
mailing list