RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v8]
Mark Powers
mpowers at openjdk.org
Tue Oct 7 20:40:56 UTC 2025
On Wed, 24 Sep 2025 16:47:49 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> There is no difference whether `newKeystore` is true or false. Yes, I can see `writeIterationCount` has already been set to `defaultMacIterationCount()` before, but then there is no need to set it to the same value again here.
>>
>> `macAlgorithm` needs to be set when reading a keystore. This ensures when `store` is called, the original algorithm is used.
>
> The `macAlgorithm` and `writeIterationCount` fields are initialized to be null and -1. When reading a keystore, they are filled with the actual values. When storing a keystore, if they are still null or -1, default values are used.
This code has changed. I think this is fixed.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2411830768
More information about the security-dev
mailing list