[15] RFR JDK-8242151 Improve OID mapping and reuse among JDK security providers for aliases registration
Weijun Wang
weijun.wang at oracle.com
Thu May 7 01:59:02 UTC 2020
>
> It seems that existing impl of PBES2Parameters class only enforces that the KDF algo is one of the HmacSHAxxx. But it does not throw exception if the instance is requested with "PBEWithHmacSHA256AndAES_256" and then initialized with DER encoding containing "PBEWithHmacSHA512AndAES_256". Perhaps it should be further tightened up?
I think so. There is a general "PBES2" that allows filling in the algorithms at init() but if they are already inside the algorithm name, then only the same can appear in the encoding.
Filed https://bugs.openjdk.java.net/browse/JDK-8244564. Maybe we will backport it.
--Max
More information about the security-dev
mailing list