RFR: 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding [v2]

Martin Balao mbalao at openjdk.java.net
Tue Apr 6 15:31:30 UTC 2021


On Tue, 30 Mar 2021 22:12:16 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line 819:
>> 
>>> 817:                     int startOff = 0;
>>> 818:                     if (reqBlockUpdates) {
>>> 819:                         startOff = bytesBuffered;
>> 
>> Shouldn't the starting offset be the number of bytes in padBuffer, i.e. padBufferLen?
>
> Then no need for the assert(...) to check the starting offset value.

padBufferLen and bytesBuffered look a bit confusing to me. My suspicion is that they have the same value every time we need them. I'll make the change you suggested and check that we have no regressions. If you believe the assertions are trivial, I'll remove them.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2510


More information about the security-dev mailing list