RFR: 8350661: PKCS11 HKDF throws ProviderException when requesting a 31-byte AES key

[Daniel Jeliński]

On Wed, 9 Apr 2025 13:19:45 GMT, Martin Balao <mbalao at openjdk.org> wrote:

>  Perhaps we can do both: check beforehand and handle the error afterwards.

That sounds reasonable.

Whatever you decide, I think it would be good to make sure P11HKDF, P11SecretKeyFactory and P11KeyGenerator perform the same checks during key generation.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/24526#issuecomment-2789946445