RFR: 8328119: Support HKDF in SunPKCS11 (Preview) [v8]
Valerie Peng
valeriep at openjdk.org
Wed Jan 15 01:06:55 UTC 2025
On Tue, 7 Jan 2025 16:49:08 GMT, Martin Balao <mbalao at openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KDF.java line 63:
>>
>>> 61: };
>>> 62:
>>> 63: private static KDFParameters requireNull(KDFParameters kdfParameters,
>>
>> Would `void` be better since we are not using `KDFParameters` and require it to be `null`? I guess the reason for doing this is to fit this method inside the protected constructor.
>
> We want to make sure that the `KDFParameters` value passed to the protected constructor is `null`. In the process of passing `null`, we check that the `P11KDF` constructor caller did not pass a non-null value. The method `requireNull` serves the purpose of ensuring that `null` is passed, that `KDFParameters kdfParameters` is `null` and allows code execution before the call the super class constructor, so the `token`, `svcKi` and `hmacMechanism` fields can be `final`. While `null` is returned, the value is technically used because it's received by the super class constructor.
Hmm, ok.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22215#discussion_r1915815352
More information about the security-dev
mailing list