RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v16]
Sean Mullan
mullan at openjdk.org
Tue Oct 28 18:21:33 UTC 2025
On Mon, 27 Oct 2025 23:36:43 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232)
>
> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>
> A4-A6 from RFC
src/java.base/share/classes/sun/security/util/PBKDF2Parameters.java line 153:
> 151: * Encode PBKDF2 parameters from components.
> 152: */
> 153: public static byte[] encode(byte[] salt, int iterationCount,
This method actually encodes more than the parameters. It also encodes the outer algorithm id. I guess that's ok, but I suggest adding a comment that says that.
src/java.base/share/classes/sun/security/util/PBKDF2Parameters.java line 159:
> 157: DerOutputStream out = new DerOutputStream();
> 158: DerOutputStream tmp0 = new DerOutputStream();
> 159: DerOutputStream tmp1 = new DerOutputStream();
unused variable.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2470595972
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2470593435
More information about the security-dev
mailing list