JCE: use local KDF iterations in WKSPrivateKey.getDecryptedKey() in case Security property iteration count has changed

cconlon · cconlon · commit 96af4859bdfd · 2025-03-27T17:06:33.000-06:00
diff --git a/src/main/java/com/wolfssl/provider/jce/WolfSSLKeyStore.java b/src/main/java/com/wolfssl/provider/jce/WolfSSLKeyStore.java
@@ -1657,6 +1657,7 @@ public synchronized void engineLoad(InputStream stream, char[] password)
         }
 
         if (stream == null) {
+            log("KeyStore InputStream is null, nothing to load");
             return;
         }
 
@@ -2230,7 +2231,7 @@ protected synchronized byte[] getDecryptedKey(char[] password)
                  * split between 32-byte AES-CBC-256 key and 64-byte
                  * HMAC-SHA512 key. */
                 derivedKey = deriveKeyFromPassword(password, this.kdfSalt,
-                    WKS_PBKDF2_ITERATION_COUNT,
+                    this.kdfIterations,
                     WKS_ENC_KEY_LENGTH + WKS_HMAC_KEY_LENGTH);
 
                 if (derivedKey == null) {

Original file line number	Diff line number	Diff line change
`@@ -1657,6 +1657,7 @@ public synchronized void engineLoad(InputStream stream, char[] password)`
`1657`	`1657`	`}`
`1658`	`1658`
`1659`	`1659`	`if (stream == null) {`
	`1660`	`+ log("KeyStore InputStream is null, nothing to load");`
`1660`	`1661`	`return;`
`1661`	`1662`	`}`
`1662`	`1663`
`@@ -2230,7 +2231,7 @@ protected synchronized byte[] getDecryptedKey(char[] password)`
`2230`	`2231`	`* split between 32-byte AES-CBC-256 key and 64-byte`
`2231`	`2232`	`* HMAC-SHA512 key. */`
`2232`	`2233`	`derivedKey = deriveKeyFromPassword(password, this.kdfSalt,`
`2233`		`- WKS_PBKDF2_ITERATION_COUNT,`
	`2234`	`+ this.kdfIterations,`
`2234`	`2235`	`WKS_ENC_KEY_LENGTH + WKS_HMAC_KEY_LENGTH);`
`2235`	`2236`
`2236`	`2237`	`if (derivedKey == null) {`