On Wed, 24 Sep 2025 02:48:42 GMT, Mark Powers <[email protected]> wrote:
>> src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line
>> 1964:
>>
>>> 1962: ((PBEParameterSpec)params).getIterationCount(),
>>> 1963: kdfHmac.equals("HmacSHA512") ? 64*8 : 32*8));
>>> 1964: Mac m = Mac.getInstance(kdfHmac);
>>
>> `kdfHmac` is used as `prfHmac` here. If you intend to only support them
>> being the same, please error out as early as possible when parsing
>> PBMAC1-params. You might be able to support them at loading but still lack
>> enough info at storing.
>
> An exception is now thrown in `MacData` when reading.
They can now be different when loading a keystore. My comment about an
exception being thrown is no longer valid.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2417921148
