On Tue, 6 Jun 2023 18:18:43 GMT, Valerie Peng <valer...@openjdk.org> wrote:

>> Martin Balao has updated the pull request incrementally with one additional 
>> commit since the last revision:
>> 
>>   8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #5)
>>   
>>   Co-authored-by: Francisco Ferrari <fferr...@redhat.com>
>>   Co-authored-by: Martin Balao <mba...@redhat.com>
>
> src/java.base/share/classes/sun/security/util/PBEUtil.java line 347:
> 
>> 345:                             "Salt or iteration count parameters are " +
>> 346:                             "not consistent with PBE key");
>> 347:                 }
> 
> Based on the javadoc of PBEKey, it's possible that salt and ic aren't 
> specified, e.g. null and 0. In this case, this check will fail if the 
> PBEParameterSpec contains salt and ic. IIRC, the java impl will use the 
> values from PBEParameterSpec in this case. Perhaps we can consider same 
> handling? This can be handled separately by tracking this under a separate 
> bug as it's getting too close to RPD1 already.

The PBEUtil::checkKeyAndParams function is used by SunPKCS11 only (see 
P11PBECipher::engineInit and P11Mac::engineInit), and the keys passed are 
always P11Key instances. Thus, a P11Key that is also a PBEKey is a P11PBEKey, 
and both the salt and iteration count for these keys are properly set.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1220191902

Reply via email to