RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v4]
Mark Powers
mpowers at openjdk.org
Sun Sep 21 19:29:23 UTC 2025
On Fri, 19 Sep 2025 18:27:25 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>>
>> comment from Sean
>
> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 117:
>
>> 115:
>> 116: // Get the old salt.
>> 117: extraSalt = macData[1].getOctetString();
>
> Do we need the `extraSalt` and `extraIterations` variables? What if you just put an `else` block here (if not PBMAC1) and then fill in the `macSalt` and `iterations`.
Weijun has a similar concern. I've remove `extraSalt` and `extraIterationCount`. I no longer think it's worth the complexity to keep these.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2366359699
More information about the security-dev
mailing list