On Mon, 14 Apr 2025 18:53:12 GMT, Francisco Ferrari Bihurriet <fferr...@openjdk.org> wrote:
>> Martin Balao has updated the pull request incrementally with two additional >> commits since the last revision: >> >> - Algorithm and key size checking before derivation. Mechanism >> normalization for TLS. >> - Minor import adjustment. > > test/jdk/sun/security/pkcs11/KDF/TestHKDF.java line 643: > >> 641: 32, >> 642: "Derivation of an invalid key algorithm"); >> 643: } > > I suggest adding a case with an invalid key algorithm whose key info map > entry doesn't have `KeyInfo.keyType=CKK_GENERIC_SECRET`. For example, > `PBEWithHmacSHA224AndAES_256`, where `KeyInfo.keyType=CKK_AES`. Sounds good! ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24526#discussion_r2044534670
