RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v14]
Weijun Wang
weijun at openjdk.org
Fri Oct 24 21:47:12 UTC 2025
On Fri, 24 Oct 2025 19:44:02 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 160:
>>
>>> 158: keySpec = new PBEKeySpec(password);
>>> 159: }
>>> 160: pbeKey = skf.generateSecret(keySpec);
>>
>> If the line above fails, there is no chance to clean `keySpec`. Create a big try-finally block.
>
> I assume you mean to put line 160 in the existing try-finally block rather than create another try-finally block just for this.
Yes.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2462073317
More information about the security-dev
mailing list