On Fri, 11 Apr 2025 21:32:47 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Martin Balao has updated the pull request incrementally with two additional
>> commits since the last revision:
>>
>> - Algorithm and key size checking before derivation. Mechanism
>> normalization for TLS.
>> - Minor import adjustment.
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11HKDF.java line
> 251:
>
>> 249: (int) PCKK_TLSMASTER -> {
>> 250: return CKK_GENERIC_SECRET;
>> 251: }
>
> It's easier to troubleshoot to add a default case and not let it fall through
> to the exception on line 253? It's possible that P11SecretKeyFactory is
> enhanced with more KeyInfo, but the newly added keyType is not added here.
> Lumping different causes into the same exception may be harder to debug.
The exception informs the algorithm, and we know that the algorithm was found
in the map because, otherwise, we would have not been able to get the `KeyInfo
ki` received by parameter. I can add two separate exceptions if you want, but
should not make much of a difference because the reason for the exception is
the same: the algorithm is not valid for derivation, regardless if its
underlying mechanism is CKK_GENERIC_SECRET or something else.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24526#discussion_r2040431816
