On Mon, 29 Sep 2025 20:44:29 GMT, Weijun Wang <[email protected]> wrote:
>> Mark Powers has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> another day another iteration
>
> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 260:
>
>> 258:
>> 259: var skf =
>> SecretKeyFactory.getInstance(kdfHmac.equals("HmacSHA512") ?
>> 260: "PBKDF2WithHmacSHA512" : "PBKDF2WithHmacSHA256");
>
> Why not just use `"PBKDF2With" + kdfHmac`? What if `kdfHmac` is "HmacSHA384"?
Also, for old algorithms, this `SecretKeyFactory` should not be used, even if
the final result can also be used. Use the old `getPBEKey` code here.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2389234712
