RFR: 8367008: Algorithm identifiers for HmacSHA* should always have NULL as params
Koushik Muthukrishnan Thirupattur
duke at openjdk.org
Wed Oct 8 16:58:55 UTC 2025
Looking at RFC 9879 on PBES2 and PBMAC1 in PKCS12, algorithm identifiers for HmacSHA*** (like SHA***) should always contain NULL as params. We can update the list at AlgorithmId.encode(DOS) to enforce this rule.
-------------
Commit messages:
- 8367008: Algorithm identifiers for HmacSHA* should always have NULL as params
- 8367008: Algorithm identifiers for HmacSHA* should always have NULL as params
Changes: https://git.openjdk.org/jdk/pull/27700/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27700&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8367008
Stats: 103 lines in 2 files changed: 43 ins; 27 del; 33 mod
Patch: https://git.openjdk.org/jdk/pull/27700.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/27700/head:pull/27700
PR: https://git.openjdk.org/jdk/pull/27700
More information about the security-dev
mailing list