On Wed, 29 Oct 2025 17:30:17 GMT, Mark Powers <[email protected]> wrote:
>> src/java.base/share/classes/sun/security/pkcs12/PBMAC1Parameters.java line
>> 118:
>>
>>> 116: * Encode PBMAC1 parameters from components.
>>> 117: */
>>> 118: static byte[] encode(byte[] salt, int iterationCount, int
>>> keyLength,
>>
>> This is encoding more than the PBMAC1 parameters, it is also encoding the
>> `MacData` structure. That should really be in the `MacData` class.
>
> I moved it to the `MacData` class as you suggest. `macSalt` ("NOT USED") and
> `iterations` (1) also belong in `MacData` and have been moved.
The latest `encode` returns two algorithm identifiers concatenated together
without any frame. I suggest we follow the `PBKDF2Parameters.java` style you
described below ("The outer algorithm ID is also encoded in addition to the
parameters"), which means moving the code around `tmp2` and `tmp3` from
`MacData::encode` here and back there a simple
`tmp1.writeBytes(PBMAC1Parameters.encode(...))`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2475530557
