Use explicit default instead of implicit fallback

[p11_crypto_plugin] mkek_length has no default but the logic uses implicit default value (32) internally. Change-Id: I8743457aab9f0ce4982fcb9255dc86050b791308
2024-03-29 16:49:24 +09:00 · 2024-03-29 16:49:24 +09:00 · ca57ef5436
commit ca57ef5436
parent b6edfda344
3 changed files with 4 additions and 2 deletions
--- a/barbican/cmd/barbican_manage.py
+++ b/barbican/cmd/barbican_manage.py
@ -225,7 +225,7 @@ class HSMCommands(object):
            label = conf.p11_crypto_plugin.mkek_label or 'primarymkek'
        self._verify_label_does_not_exist(self._CKK_AES, label, self.session)
        if length is None:
-            length = conf.p11_crypto_plugin.mkek_length or 32
+            length = conf.p11_crypto_plugin.mkek_length
        if type(length) is not int:
            length = int(length)
        self.pkcs11.generate_key(self._CKK_AES, length, CKM_AES_KEY_GEN,
--- a/barbican/plugin/crypto/p11_crypto.py
+++ b/barbican/plugin/crypto/p11_crypto.py
@ -51,6 +51,8 @@ p11_crypto_plugin_opts = [
    cfg.StrOpt('mkek_label',
               help=u._('Master KEK label (as stored in the HSM)')),
    cfg.IntOpt('mkek_length',
+               default=32,
+               min=1,
               help=u._('Master KEK length in bytes.')),
    cfg.StrOpt('hmac_label',
               help=u._('Master HMAC Key label (as stored in the HSM)')),
--- a/doc/source/install/barbican-backend.rst
+++ b/doc/source/install/barbican-backend.rst
@ -387,7 +387,7 @@ The PKCS#11 plugin configuration looks like:
        mkek_label = 'my_mkek'

        # Master KEK length in bytes. (integer value)
-        #mkek_length = <None>
+        #mkek_length = 32

        # Master HMAC Key label (as stored in the HSM) (string value)
        hmac_label = 'my_hmac_key'