RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v8]
Weijun Wang
weijun at openjdk.org
Wed Sep 24 16:51:03 UTC 2025
On Wed, 24 Sep 2025 16:41:33 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Maybe `macAlgorithm` shouldn't be set when reading a keystore.
>
> There is no difference whether `newKeystore` is true or false. Yes, I can see `writeIterationCount` has already been set to `defaultMacIterationCount()` before, but then there is no need to set it to the same value again here.
>
> `macAlgorithm` needs to be set when reading a keystore. This ensures when `store` is called, the original algorithm is used.
The `macAlgorithm` and `writeIterationCount` fields are initialized to be null and -1. When reading a keystore, they are filled with the actual values. When storing a keystore, if they are still null or -1, default values are used.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2376409359
More information about the security-dev
mailing list