RFR: 8367008: Algorithm identifiers for HmacSHA* should always have NULL as params [v8]
Mikhail Yankelevich
myankelevich at openjdk.org
Sun Oct 19 08:26:07 UTC 2025
On Sun, 19 Oct 2025 01:52:02 GMT, Koushik Muthukrishnan Thirupattur <duke at openjdk.org> wrote:
>> Looking at RFC 9879 on PBES2 and PBMAC1 in PKCS12, algorithm identifiers for HmacSHA*** (like SHA***) should always contain NULL as params. We can update the list at AlgorithmId.encode(DOS) to enforce this rule.
>
> Koushik Muthukrishnan Thirupattur has updated the pull request incrementally with two additional commits since the last revision:
>
> - 8367008: Algorithm identifiers for HmacSHA* should always have NULL as params
> - 8367008: Algorithm identifiers for HmacSHA* should always have NULL as params
Thank you for your changes. LGTM
-------------
PR Review: https://git.openjdk.org/jdk/pull/27700#pullrequestreview-3354136947
More information about the security-dev
mailing list