RFR: 8350661: PKCS11 HKDF throws ProviderException when requesting a 31-byte AES key [v4]
Martin Balao
mbalao at openjdk.org
Mon Apr 21 17:12:27 UTC 2025
On Fri, 18 Apr 2025 21:18:04 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> The separation can remove 1 conditional block, so only 1 extra line and the flow looks cleaner in my opinion, e.g.
>> Suggestion:
>>
>> case (int) CKK_DES, (int) CKK_DES3 -> {
>> keyLength = P11KeyGenerator.checkKeySize(ki.keyGenMech, n,
>> token);
>> fixDESParity(encoded, 0);
>> if (keyType == CKK_DES3) {
>> fixDESParity(encoded, 8);
>> if (keyLength == 112) {
>> keyType = CKK_DES2;
>> } else {
>> fixDESParity(encoded, 16);
>> }
>> }
>> }
>> case (int) CKK_AES, (int) CKK_RC4, (int) CKK_BLOWFISH, (int) CKK_CHACHA20 -> {
>> keyLength = P11KeyGenerator.checkKeySize(ki.keyGenMech, n,
>> token);
>> }
>
> If you'd still like lumping them together as you have it now, then at least move the `if (keyType == CKK_DES3)` block (line 624-630) to inside the previous if-block (line 621-623)?
Ok
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24526#discussion_r2052728076
More information about the security-dev
mailing list