On Wed, 25 Jan 2023 22:33:59 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> This RFE enhances existing PBE algorithms with the "SHA512/224" and >> "SHA512/256" support. >> Current transformation parsing in javax.crypto.Cipher class is re-written to >> handle the additional "/" in the "SHA512/224" and "SHA512/256" algorithm >> names. Existing tests are updated with the additional new algorithms. > > Valerie Peng has updated the pull request with a new target base due to a > merge or a rebase. The incremental webrev excludes the unrelated changes > brought in by the merge/rebase. The pull request contains six additional > commits since the last revision: > > - Merge branch 'master' of https://github.com/openjdk/jdk into JDK-8288050 > so bot can find the CSR for JDK21 and mark the PR complete. > - address review feedbacks > - handle the "SHA512/2" lookup of the cipher transformation in a > case-insensitive way. > - remove extra whitespace > - remove trailing whitespace > - 8288050: Add support of SHA-512/224 and SHA-512/256 to the PBKDF2 and > PBES2 impls in SunJCE provider Another question, the cipher/keyfactlry PBEWithHmacSHA512/224AndAES_256 algorithm looks a bit strange, that would require two rounds of the iterations - I mean it might not be much work to implement it anyway, but I wonder if it is a good combination? On the other hand PBEWithHmacSHA512/224AndAES_192 might be a good combo. (Or generally the AES192 variants are missing?) ------------- PR: https://git.openjdk.org/jdk/pull/11339