From bda62a83a61ce8c54b6bf85ce3efb5f37e472128 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Thu, 27 Mar 2025 15:47:57 -0600
Subject: [PATCH] JCE: use local KDF iterations in
 WKSPrivateKey.getDecryptedKey() in case Security property iteration count has
 changed

---
 src/main/java/com/wolfssl/provider/jce/WolfSSLKeyStore.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/wolfssl/provider/jce/WolfSSLKeyStore.java b/src/main/java/com/wolfssl/provider/jce/WolfSSLKeyStore.java
index b317833..4e1f67a 100644
--- a/src/main/java/com/wolfssl/provider/jce/WolfSSLKeyStore.java
+++ b/src/main/java/com/wolfssl/provider/jce/WolfSSLKeyStore.java
@@ -1655,6 +1655,7 @@ public class WolfSSLKeyStore extends KeyStoreSpi {
         }
 
         if (stream == null) {
+            log("KeyStore InputStream is null, nothing to load");
             return;
         }
 
@@ -2229,7 +2230,7 @@ public class WolfSSLKeyStore extends KeyStoreSpi {
                  * split between 32-byte AES-CBC-256 key and 64-byte
                  * HMAC-SHA512 key. */
                 derivedKey = deriveKeyFromPassword(password, this.kdfSalt,
-                    WKS_PBKDF2_ITERATION_COUNT,
+                    this.kdfIterations,
                     WKS_ENC_KEY_LENGTH + WKS_HMAC_KEY_LENGTH);
 
                 if (derivedKey == null) {