RFR: 8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
Valerie Peng
valeriep at openjdk.java.net
Tue Jan 5 19:35:58 UTC 2021
On Mon, 28 Dec 2020 16:24:43 GMT, Martin Balao <mbalao at openjdk.org> wrote:
> When a multi-part cipher operation fails in SunPKCS11 (i.e. because of an invalid block size), we now cancel the operation before returning the underlying Session to the Session Manager. This allows to use the returned Session for a different purpose. Otherwise, an CKR_OPERATION_ACTIVE error would be raised from the PKCS#11 library.
>
> The jdk/sun/security/pkcs11/Cipher/CancelMultipart.java regression test is introduced as part of this PR.
>
> No regressions found in jdk/sun/security/pkcs11.
test/jdk/sun/security/pkcs11/Cipher/CancelMultipart.java line 122:
> 120: cipher.doFinal(new byte[1], 0, 0);
> 121: } else {
> 122: cipher.update(new byte[1]);
Why only calling update(..) for Cipher encryption would lead to Exception? Seems strange...
test/jdk/sun/security/pkcs11/Cipher/CancelMultipart.java line 194:
> 192: private static void tryCipherInit() throws Exception {
> 193: Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding", provider);
> 194: cipher.init(Cipher.ENCRYPT_MODE, key);
Add a comment here or to this method about the CKR_OPERATION_ACTIVE error (w/o this fix) as this is actually the key test point.
-------------
PR: https://git.openjdk.java.net/jdk/pull/1901
More information about the security-dev
mailing list