RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v18]
Mark Powers
mpowers at openjdk.org
Fri Oct 31 15:05:30 UTC 2025
On Fri, 31 Oct 2025 01:16:18 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Mark Powers has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 36 commits:
>>
>> - two algorithm identifiers concatenated together without any frame
>> - merge
>> - three comments and OID name change
>> - A4-A6 from RFC
>> - Weijun code review comments
>> - merge
>> - stragglers
>> - checkpoint
>> - remaining comments
>> - more review comments from Sean and Weijun
>> - ... and 26 more: https://git.openjdk.org/jdk/compare/a2196e20...409f34c5
>
> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 327:
>
>> 325: // id-PBMAC1 OBJECT IDENTIFIER ::= { pkcs-5 14 }
>> 326: tmp2.putOID(ObjectIdentifier.of(KnownOIDs.PBMAC1));
>> 327: tmp2.write(tmp3);
>
> Since there is only one raw byte array in `tmp3`, the following lines
>
> DerOutputStream tmp3 = new DerOutputStream();
> tmp3.writeBytes(PBMAC1Parameters.encode(macSalt, iterations, keyLength, kdfHmac, hmac));
> tmp2.write(tmp3);
>
> is equivalent to
>
> tmp2.writeBytes(PBMAC1Parameters.encode(macSalt, iterations, keyLength, kdfHmac, hmac));
fixed
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2481722954
More information about the security-dev
mailing list