RFR: 8350661: PKCS11 HKDF throws ProviderException when requesting a 31-byte AES key [v4]

Fri Apr 18 21:20:54 UTC 2025

On Fri, 18 Apr 2025 21:15:41 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> We would need to repeat code if we separate (invocation to `P11KeyGenerator::checkKeySize`). Does not look complex enough in my opinion to merit this split.
>
> The separation can remove 1 conditional block, so only 1 extra line and the flow looks cleaner in my opinion, e.g.
> Suggestion:
> 
>                 case (int) CKK_DES, (int) CKK_DES3 -> {
>                     keyLength = P11KeyGenerator.checkKeySize(ki.keyGenMech, n,
>                             token);
>                     fixDESParity(encoded, 0);
>                     if (keyType == CKK_DES3) {
>                         fixDESParity(encoded, 8);
>                         if (keyLength == 112) {
>                             keyType = CKK_DES2;
>                         } else {
>                             fixDESParity(encoded, 16);
>                         }
>                     }
>                 }
>                 case (int) CKK_AES, (int) CKK_RC4, (int) CKK_BLOWFISH, (int) CKK_CHACHA20 -> {
>                     keyLength = P11KeyGenerator.checkKeySize(ki.keyGenMech, n,
>                             token);
>                 }

If you'd still like lumping them together as you have it now, then at least move the `if (keyType == CKK_DES3)` block (line 624-630) to inside the previous if-block (line 621-623)?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24526#discussion_r2051133889