RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v10]
Mark Powers
mpowers at openjdk.org
Tue Oct 7 20:40:42 UTC 2025
On Mon, 29 Sep 2025 20:57:07 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>>
>> another day another iteration
>
> src/java.base/share/classes/com/sun/crypto/provider/PBMAC1Parameters.java line 84:
>
>> 82: private int keyLength = -1;
>> 83:
>> 84: protected void Init(AlgorithmParameterSpec paramSpec)
>
> Method names should start with a lowercase letter. If it's not used, remove it.
>
> That said, in a different comment, I was hoping we can also construct a `PBMAC1Parameters` object using its components.
Not in this initial integration.
> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 234:
>
>> 232: String Hmac = null;
>> 233:
>> 234: if (newKeystore) {
>
> What could happen if `newKeystore` is different? Is the only difference about the `And` in `macAlgorithm`? Can we just treat it in a consistent way no matter if a new keystore is created?
Fixed. `newKeystore` has been removed.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2411828976
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2411830126
More information about the security-dev
mailing list