RFR: 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding [v2]
Martin Balao
mbalao at openjdk.java.net
Tue Apr 6 17:52:36 UTC 2021
On Tue, 6 Apr 2021 16:56:49 GMT, Martin Balao <mbalao at openjdk.org> wrote:
>> test/jdk/sun/security/pkcs11/Cipher/EncryptionPadding.java line 97:
>>
>>> 95: throw new Exception("Cross-provider cipher test failed.");
>>> 96: }
>>> 97: }
>>
>> Why not just use the byte[] forms for the Cipher.doFinal() and simplify this part, i.e. line 86-96?
>
> We are accumulating cipher text in the cipherText local variable while doing updates, both for the 'update(byte[]...' and 'update(ByteBuffer...' cases. The last call to doFinal will return the last block of cipher text, which we need to append. In regards to Cipher::doFinal, we are using the byte[] form of it. Please let me know if I'm not understanding your comment correctly.
I've just realized that the test is not exercising the 'doFinal(ByteBuffer..' path. Thus, why it did not catch the previous sync bugs. I'll fix that.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2510
More information about the security-dev
mailing list