RFR: 8343232: PKCS#12 KeyStore support for RFC 9579: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v3]
Mark Powers
mpowers at openjdk.org
Tue Sep 16 23:03:04 UTC 2025
On Thu, 4 Sep 2025 21:21:04 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Is it possible to add a `keyLength` argument to the constructor, so that a different key length can be set along with the block length.
>
> In fact, this will change the behavior of the Mac algorithm `PBEWithHmacSHA256` since we hardcoded `keyLength` as `blockLength` there.
I made the check in MacData on the DER input stream instead. That said, I took Weijun's suggestion in JDK-8366979 and was able to avoid making any change to PBMAC1Core.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2353826863
More information about the security-dev
mailing list