RFR: 8350661: PKCS11 HKDF throws ProviderException when requesting a 31-byte AES key [v4]
Martin Balao
mbalao at openjdk.org
Fri Apr 18 19:55:47 UTC 2025
On Thu, 17 Apr 2025 22:59:49 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Martin Balao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Inform key sizes in the exception when failing check.
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java line 605:
>
>> 603: }
>> 604: }
>> 605: }
>
> Hmm, how about separating out AES, RC4, Blowfish and ChaCha20 to a separate case? Only DES and DES3 needs parity checking and they are very legacy.
We would need to repeat code if we separate (invocation to `P11KeyGenerator::checkKeySize`). Does not look complex enough in my opinion to merit this split.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24526#discussion_r2051055130
More information about the security-dev
mailing list