RFR: 8343232: PKCS#12 KeyStore support for RFC 9579: Use of Password-Based Message Authentication Code 1 (PBMAC1)

Valerie Peng valeriep at openjdk.org
Tue Sep 2 22:15:45 UTC 2025


On Thu, 3 Apr 2025 22:58:39 GMT, Mark Powers <mpowers at openjdk.org> wrote:

> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232)

src/java.base/share/classes/sun/security/util/PBKDF2Parameters.java line 73:

> 71: 
> 72:     // AlgorithmIdentifier
> 73:     private String prf = null;

Set the default value to "HmacSHA1" here instead of when parsing the DER encoding?

src/java.base/share/classes/sun/security/util/PBKDF2Parameters.java line 81:

> 79:     // the pseudorandom function (default is HmacSHA1)
> 80:     private ObjectIdentifier kdfAlgo_OID =
> 81:             ObjectIdentifier.of(KnownOIDs.HmacSHA1);

This field is not really used? This can just be a local variable when parsing the DER encoding.

src/java.base/share/classes/sun/security/util/PBKDF2Parameters.java line 142:

> 140:         } else {
> 141:             kdfAlgo = "HmacSHA1";
> 142:         }

Can be removed if setting the `prf` default value.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2317284964
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2317283305
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2317286039


More information about the security-dev mailing list