RFR: 8343232: PKCS#12 KeyStore support for RFC 9579: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v4]

[Mark Powers]

On Tue, 16 Sep 2025 22:56:02 GMT, Mark Powers <mpowers at openjdk.org> wrote:

>> In fact, this will change the behavior of the Mac algorithm `PBEWithHmacSHA256` since we hardcoded `keyLength` as `blockLength` there.
>
> I made the check in MacData on the DER input stream instead. That said, I took Weijun's suggestion in JDK-8366979 and was able to avoid making any change to PBMAC1Core.

To clarify, the check in MacData is for other HmacSHAXXX algorithms; `IllegalArgumentException` is thrown.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2361194670