RFR: 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding [v2]

Martin Balao mbalao at openjdk.java.net
Tue Apr 6 14:56:25 UTC 2021


On Tue, 30 Mar 2021 21:24:37 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Martin Balao has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits:
>> 
>>  - Avoid overriding buffered bytes with padding in the doFinal call.
>>  - Only do encryption block-size buffering for NSS
>>  - 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line 654:
> 
>> 652:             }
>> 653:             // update 'padBuffer' if using our own padding impl.
>> 654:             if (paddingObj != null) {
> 
> nit: if (paddingObj != null && newPadBufferLen > 0)?

Yes, makes sense. I've replaced the other " newPadBufferLen != 0" with "newPadBufferLen > 0" to be consistent.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2510


More information about the security-dev mailing list