On Tue, 14 Oct 2025 23:43:39 GMT, Mark Powers <[email protected]> wrote:
>> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232) > > Mark Powers has updated the pull request incrementally with one additional > commit since the last revision: > > remaining comments src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java line 308: > 306: DerOutputStream pBES2_params = new DerOutputStream(); > 307: pBES2_params.write(DerValue.tag_Sequence, > 308: PBKDF2Parameters.encode(salt, iCount, keysize, > kdfAlgo_OID)); `keySize` here is number of bits, but the `PBKDF2Parameters.encode` requires number of bytes. This means a newly created PKCS12 keystore is invalid. When Java loads a PKCS12 keystore, this field is read but not validated. On the other hand, openssl validates it and will report an error. Suggestion: either always use the same style in all fields and method arguments, or name them precisely. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2432512562
