Hi, I would like to request a review for the fix of JDK-8350661. In this fix, we translate the native PKCS 11 error code into an `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey` API. With that said, different PKCS 11 libraries may throw different errors and may even (in theory) delay the error until the key is used, as _SunJCE_ does. I believe that this is an improvement but further adjustments may be needed in the future.
No regressions observed in `test/jdk/sun/security/pkcs11/KDF/TestHKDF.java`. Thanks, Martin.- ------------- Commit messages: - 8350661: PKCS11 HKDF throws ProviderException when requesting a 31-byte AES key Changes: https://git.openjdk.org/jdk/pull/24526/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=24526&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8350661 Stats: 21 lines in 2 files changed: 21 ins; 0 del; 0 mod Patch: https://git.openjdk.org/jdk/pull/24526.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/24526/head:pull/24526 PR: https://git.openjdk.org/jdk/pull/24526
