On Tue, 6 Jun 2023 18:18:43 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Martin Balao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> 8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #5) >> >> Co-authored-by: Francisco Ferrari <fferr...@redhat.com> >> Co-authored-by: Martin Balao <mba...@redhat.com> > > src/java.base/share/classes/sun/security/util/PBEUtil.java line 347: > >> 345: "Salt or iteration count parameters are " + >> 346: "not consistent with PBE key"); >> 347: } > > Based on the javadoc of PBEKey, it's possible that salt and ic aren't > specified, e.g. null and 0. In this case, this check will fail if the > PBEParameterSpec contains salt and ic. IIRC, the java impl will use the > values from PBEParameterSpec in this case. Perhaps we can consider same > handling? This can be handled separately by tracking this under a separate > bug as it's getting too close to RPD1 already. The PBEUtil::checkKeyAndParams function is used by SunPKCS11 only (see P11PBECipher::engineInit and P11Mac::engineInit), and the keys passed are always P11Key instances. Thus, a P11Key that is also a PBEKey is a P11PBEKey, and both the salt and iteration count for these keys are properly set. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1220191902