RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v3]
Thomas Fitzsimmons
fitzsim at openjdk.org
Fri Sep 19 14:24:40 UTC 2025
On Tue, 16 Sep 2025 23:03:00 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232)
>
> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>
> a few more comments
src/java.base/share/classes/com/sun/crypto/provider/PBMAC1Parameters.java line 173:
> 171: if (keyLength > 0) {
> 172: pBKDF2_params.putInteger(keyLength / 8); // derived key length (in octets)
> 173: }
I think `keyLength` is a MUST here. Maybe this should instead check if `keyLength` is `<= 0`, and if so, throw an exception. Then proceed to encode `keyLength` unconditionally.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2356839298
More information about the security-dev
mailing list