On Fri, 10 Oct 2025 20:16:46 GMT, Koushik Muthukrishnan Thirupattur <[email protected]> wrote:
>> Looking at RFC 9879 on PBES2 and PBMAC1 in PKCS12, algorithm identifiers for >> HmacSHA*** (like SHA***) should always contain NULL as params. We can update >> the list at AlgorithmId.encode(DOS) to enforce this rule. > > Koushik Muthukrishnan Thirupattur has updated the pull request incrementally > with one additional commit since the last revision: > > 8367008: Algorithm identifiers for HmacSHA* should always have NULL as > params src/java.base/share/classes/sun/security/x509/AlgorithmId.java line 194: > 192: // if most RFCs suggested absent. > 193: // RSA key and signature algorithms and HmacSHA* algorithms > requires > 194: // the NULL parameters to be present, see A.1 and A.2.4 of > RFC 8017. Move the comment above inside `OIDS_REQUIRING_NULL`, into different lines. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/27700#discussion_r2422122724
