Use explicit default instead of implicit fallback

[p11_crypto_plugin] mkek_length has no default but the logic uses
implicit default value (32) internally.

Change-Id: I8743457aab9f0ce4982fcb9255dc86050b791308

barbican/cmd/barbican_manage.py

@@ -225,7 +225,7 @@ class HSMCommands(object):
             label = conf.p11_crypto_plugin.mkek_label or 'primarymkek'
         self._verify_label_does_not_exist(self._CKK_AES, label, self.session)
         if length is None:
-            length = conf.p11_crypto_plugin.mkek_length or 32
+            length = conf.p11_crypto_plugin.mkek_length
         if type(length) is not int:
             length = int(length)
         self.pkcs11.generate_key(self._CKK_AES, length, CKM_AES_KEY_GEN,

barbican/plugin/crypto/p11_crypto.py

@@ -51,6 +51,8 @@ p11_crypto_plugin_opts = [
     cfg.StrOpt('mkek_label',
                help=u._('Master KEK label (as stored in the HSM)')),
     cfg.IntOpt('mkek_length',
+               default=32,
+               min=1,
                help=u._('Master KEK length in bytes.')),
     cfg.StrOpt('hmac_label',
                help=u._('Master HMAC Key label (as stored in the HSM)')),

doc/source/install/barbican-backend.rst

@@ -387,7 +387,7 @@ The PKCS#11 plugin configuration looks like:
         mkek_label = 'my_mkek'
 
         # Master KEK length in bytes. (integer value)
-        #mkek_length = <None>
+        #mkek_length = 32
 
         # Master HMAC Key label (as stored in the HSM) (string value)
         hmac_label = 'my_hmac_key'