RFR: 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding [v2]
Martin Balao
mbalao at openjdk.java.net
Tue Apr 6 17:00:39 UTC 2021
On Wed, 31 Mar 2021 17:00:26 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Martin Balao has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits:
>>
>> - Avoid overriding buffered bytes with padding in the doFinal call.
>> - Only do encryption block-size buffering for NSS
>> - 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
>
> test/jdk/sun/security/pkcs11/Cipher/EncryptionPadding.java line 97:
>
>> 95: throw new Exception("Cross-provider cipher test failed.");
>> 96: }
>> 97: }
>
> Why not just use the byte[] forms for the Cipher.doFinal() and simplify this part, i.e. line 86-96?
We are accumulating cipher text in the cipherText local variable while doing updates, both for the 'update(byte[]...' and 'update(ByteBuffer...' cases. The last call to doFinal will return the last block of cipher text, which we need to append. In regards to Cipher::doFinal, we are using the byte[] form of it. Please let me know if I'm not understanding your comment correctly.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2510
More information about the security-dev
mailing list