RFR: 8343232: PKCS#12 KeyStore support for RFC 9579: Use of Password-Based Message Authentication Code 1 (PBMAC1)

Valerie Peng valeriep at openjdk.org
Thu Sep 4 19:47:43 UTC 2025


On Thu, 3 Apr 2025 22:58:39 GMT, Mark Powers <mpowers at openjdk.org> wrote:

> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232)

src/java.base/share/classes/com/sun/crypto/provider/PBMAC1Core.java line 168:

> 166:                 } else if (kdfAlgo.equals("HmacSHA256")) {
> 167:                     keyLength = 256;
> 168:                 }

Why only these two algorithms? Doesn't PBMAC1Core also support other HmacSHAXXX algorithms? We should add an else block to cover unsupported algorithms to detect inconsistency also.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2323326330


More information about the security-dev mailing list