Inform key sizes in the exception when failing check.

Author: martinuy

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11HKDF.java

@@ -221,7 +221,8 @@ private <T> T derive(String alg, AlgorithmParameterSpec derivationSpec,
         } catch (PKCS11Exception e) {
             if (e.match(CKR_KEY_SIZE_RANGE)) {
                 throw new InvalidAlgorithmParameterException("Invalid key " +
-                        "size for algorithm '" + alg + "'.", e);
+                        "size (" + outLen + " bytes) for algorithm '" + alg +
+                        "'.", e);
             }
             throw new ProviderException("HKDF derivation for algorithm '" +
                     alg + "' failed.", e);

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java

@@ -137,8 +137,8 @@ private static int checkKeySize(long keyGenMech, int keySize,
         switch ((int)keyGenMech) {
             case (int)CKM_DES_KEY_GEN:
                 if ((keySize != 64) && (keySize != 56)) {
-                    throw new InvalidAlgorithmParameterException
-                            ("DES key length must be 56 bits");
+                    throw new InvalidAlgorithmParameterException("DES key " +
+                            "length was " + keySize + " but must be 56 bits");
                 }
                 sigKeySize = 56;
                 break;
@@ -149,23 +149,26 @@ private static int checkKeySize(long keyGenMech, int keySize,
                 } else if ((keySize == 168) || (keySize == 192)) {
                     sigKeySize = 168;
                 } else {
-                    throw new InvalidAlgorithmParameterException
-                            ("DESede key length must be 112, or 168 bits");
+                    throw new InvalidAlgorithmParameterException("DESede key " +
+                            "length was " + keySize + " but must be 112, or " +
+                            "168 bits");
                 }
                 break;
             default:
                 // Handle all variable-key-length algorithms here
                 if (range != null && (keySize < range.iMinKeySize
                     || keySize > range.iMaxKeySize)) {
-                    throw new InvalidAlgorithmParameterException
-                        ("Key length must be between " + range.iMinKeySize +
-                        " and " + range.iMaxKeySize + " bits");
+                    throw new InvalidAlgorithmParameterException("Key length " +
+                            "was " + keySize + " but must be between " +
+                            range.iMinKeySize + " and " + range.iMaxKeySize +
+                            " bits");
                 }
                 if (keyGenMech == CKM_AES_KEY_GEN) {
                     if ((keySize != 128) && (keySize != 192) &&
                         (keySize != 256)) {
-                        throw new InvalidAlgorithmParameterException
-                            ("AES key length must be 128, 192, or 256 bits");
+                        throw new InvalidAlgorithmParameterException("AES key" +
+                                " length was " + keySize + " but must be 128," +
+                                " 192, or 256 bits");
                     }
                 }
                 sigKeySize = keySize;