On Thu, 1 Jun 2023 22:06:04 GMT, Francisco Ferrari Bihurriet <d...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/PBEUtil.java line 105: >> >>> 103: "needed for decryption"); >>> 104: } >>> 105: } >> >> Isn't there also default value for iteration count? 'params' can be >> PBEParameterSpec (line 82) but its salt and iteration count values aren't >> used comparing to the IvParameterSpec inside. Seems a bit inconsistent? > > @valeriepeng: I agree, `DEFAULT_ITERATIONS` should be used here and only > here, so we consistently initialize any defaults in a single place. We'll > update that. There are cases in which _salt_ and _iteration count_ come from the _key_ (`javax.crypto.interfaces.PBEKey`), so `PBES2Params.initialize()` shouldn't try to extract them from `params` (when it is `PBEParameterSpec`). To solve the inconsistency, and in line with your other comment, let's allow `params` to only be `IvParameterSpec`. But let's still receive it as `AlgorithmParameterSpec`, so we can check its type here (and make it simpler for callers), where only `IvParameterSpec` is allowed (plus `null` when encrypting). ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1213728625
