On Sat, 4 Jan 2025 01:20:31 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Martin Balao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Check disabled PKCS #11 mechanisms when concatenating keys and data. >> >> Co-authored-by: Martin Balao Alonso <mba...@redhat.com> >> Co-authored-by: Francisco Ferrari Bihurriet <fferr...@redhat.com> > > src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KDF.java line 63: > >> 61: }; >> 62: >> 63: private static KDFParameters requireNull(KDFParameters kdfParameters, > > Would `void` be better since we are not using `KDFParameters` and require it > to be `null`? I guess the reason for doing this is to fit this method inside > the protected constructor. We want to make sure that the `KDFParameters` value passed to the protected constructor is `null`. In the process of passing `null`, we check that the `P11KDF` constructor caller did not pass a non-null value. The method `requireNull` serves the purpose of ensuring that `null` is passed, that `KDFParameters kdfParameters` is `null` and allows code execution before the call the super class constructor, so the `token`, `svcKi` and `hmacMechanism` fields can be `final`. While `null` is returned, the value is technically used because it's received by the super class constructor. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/22215#discussion_r1905772811
