JCE: use local KDF iterations in WKSPrivateKey.getDecryptedKey() in case Security property iteration count has changed

cconlon · cconlon · commit bda62a83a61c · 2025-05-08T16:04:27.000-06:00
diff --git a/src/main/java/com/wolfssl/provider/jce/WolfSSLKeyStore.java b/src/main/java/com/wolfssl/provider/jce/WolfSSLKeyStore.java
@@ -1655,6 +1655,7 @@ public synchronized void engineLoad(InputStream stream, char[] password)
         }
 
         if (stream == null) {
+            log("KeyStore InputStream is null, nothing to load");
             return;
         }
 
@@ -2229,7 +2230,7 @@ protected synchronized byte[] getDecryptedKey(char[] password)
                  * split between 32-byte AES-CBC-256 key and 64-byte
                  * HMAC-SHA512 key. */
                 derivedKey = deriveKeyFromPassword(password, this.kdfSalt,
-                    WKS_PBKDF2_ITERATION_COUNT,
+                    this.kdfIterations,
                     WKS_ENC_KEY_LENGTH + WKS_HMAC_KEY_LENGTH);
 
                 if (derivedKey == null) {

Original file line number	Diff line number	Diff line change
`@@ -1655,6 +1655,7 @@ public synchronized void engineLoad(InputStream stream, char[] password)`
`1655`	`1655`	`}`
`1656`	`1656`
`1657`	`1657`	`if (stream == null) {`
	`1658`	`+ log("KeyStore InputStream is null, nothing to load");`
`1658`	`1659`	`return;`
`1659`	`1660`	`}`
`1660`	`1661`
`@@ -2229,7 +2230,7 @@ protected synchronized byte[] getDecryptedKey(char[] password)`
`2229`	`2230`	`* split between 32-byte AES-CBC-256 key and 64-byte`
`2230`	`2231`	`* HMAC-SHA512 key. */`
`2231`	`2232`	`derivedKey = deriveKeyFromPassword(password, this.kdfSalt,`
`2232`		`- WKS_PBKDF2_ITERATION_COUNT,`
	`2233`	`+ this.kdfIterations,`
`2233`	`2234`	`WKS_ENC_KEY_LENGTH + WKS_HMAC_KEY_LENGTH);`
`2234`	`2235`
`2235`	`2236`	`if (derivedKey == null) {`