Integrated: 8367008: Algorithm identifiers for HmacSHA* should always have NULL as params
Koushik Muthukrishnan Thirupattur
duke at openjdk.org
Wed Oct 22 21:03:46 UTC 2025
On Wed, 8 Oct 2025 16:49:42 GMT, Koushik Muthukrishnan Thirupattur <duke at openjdk.org> wrote:
> Looking at RFC 9879 on PBES2 and PBMAC1 in PKCS12, algorithm identifiers for HmacSHA*** (like SHA***) should always contain NULL as params. We can update the list at AlgorithmId.encode(DOS) to enforce this rule.
This pull request has now been integrated.
Changeset: 4377e7c9
Author: Koushik Thirupattur <koushik.thirupattur at oracle.com>
Committer: Weijun Wang <weijun at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/4377e7c9e8399037c66799e99825c56bebbee68e
Stats: 142 lines in 3 files changed: 76 ins; 31 del; 35 mod
8367008: Algorithm identifiers for HmacSHA* should always have NULL as params
Reviewed-by: weijun
-------------
PR: https://git.openjdk.org/jdk/pull/27700
More information about the security-dev
mailing list