RFR: 8350661: PKCS11 HKDF throws ProviderException when requesting a 31-byte AES key [v3]
Martin Balao
mbalao at openjdk.org
Thu Apr 17 02:50:42 UTC 2025
On Thu, 17 Apr 2025 00:47:00 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Martin Balao has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - TLS keys added to the map.
>> - Key type check refactoring (derivation).
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11HKDF.java line 224:
>
>> 222: if (e.match(CKR_KEY_SIZE_RANGE)) {
>> 223: throw new InvalidAlgorithmParameterException("Invalid key " +
>> 224: "size for algorithm '" + alg + "'.", e);
>
> nit: include the requested key size in the exception message?
Sounds good!
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24526#discussion_r2048100736
More information about the security-dev
mailing list