RFR: 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding [v2]

Martin Balao mbalao at openjdk.java.net
Tue Apr 6 17:00:39 UTC 2021


On Wed, 31 Mar 2021 17:00:26 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Martin Balao has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits:
>> 
>>  - Avoid overriding buffered bytes with padding in the doFinal call.
>>  - Only do encryption block-size buffering for NSS
>>  - 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
>
> test/jdk/sun/security/pkcs11/Cipher/EncryptionPadding.java line 97:
> 
>> 95:             throw new Exception("Cross-provider cipher test failed.");
>> 96:         }
>> 97:     }
> 
> Why not just use the byte[] forms for the Cipher.doFinal() and simplify this part, i.e. line 86-96?

We are accumulating cipher text in the cipherText local variable while doing updates, both for the 'update(byte[]...' and 'update(ByteBuffer...' cases. The last call to doFinal will return the last block of cipher text, which we need to append. In regards to Cipher::doFinal, we are using the byte[] form of it. Please let me know if I'm not understanding your comment correctly.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2510


More information about the security-dev mailing list