RFR: 8328119: Support HKDF in SunPKCS11 (Preview) [v8]
Martin Balao
mbalao at openjdk.org
Tue Jan 7 16:51:42 UTC 2025
On Sat, 4 Jan 2025 01:20:31 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Martin Balao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Check disabled PKCS #11 mechanisms when concatenating keys and data.
>>
>> Co-authored-by: Martin Balao Alonso <mbalao at redhat.com>
>> Co-authored-by: Francisco Ferrari Bihurriet <fferrari at redhat.com>
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KDF.java line 63:
>
>> 61: };
>> 62:
>> 63: private static KDFParameters requireNull(KDFParameters kdfParameters,
>
> Would `void` be better since we are not using `KDFParameters` and require it to be `null`? I guess the reason for doing this is to fit this method inside the protected constructor.
We want to make sure that the `KDFParameters` value passed to the protected constructor is `null`. In the process of passing `null`, we check that the `P11KDF` constructor caller did not pass a non-null value. The method `requireNull` serves the purpose of ensuring that `null` is passed, that `KDFParameters kdfParameters` is `null` and allows code execution before the call the super class constructor, so the `token`, `svcKi` and `hmacMechanism` fields can be `final`. While `null` is returned, the value is technically used because it's received by the super class constructor.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22215#discussion_r1905772811
More information about the security-dev
mailing list