RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v11]
Mark Powers
mpowers at openjdk.org
Sat Oct 4 21:26:01 UTC 2025
On Thu, 2 Oct 2025 21:01:46 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>>
>> more review comments from Weijun and Sean
>
> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 267:
>
>> 265: hmac = macAlgorithm;
>> 266: } else {
>> 267: throw new ParsingException("unexpected algorithm");
>
> Do we no longer support `HmacPBESHA512` etc?
Don't know how that happened. It's obviously wrong. Fixed.
> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 364:
>
>> 362: }
>> 363:
>> 364: if (this.encoded != null)
>
> I don't think it's worth caching the `encoded` inside the object. The `getEncoded` method is only called once for each object. Just return the `encoded` output directly.
Agreed. Since it's no longer cached, there is also no reason to clone the `encoded` output.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2404173019
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2404172989
More information about the security-dev
mailing list