RFR: 8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
Valerie Peng
valeriep at openjdk.java.net
Mon Jan 11 19:54:59 UTC 2021
On Fri, 8 Jan 2021 19:28:55 GMT, Martin Balao <mbalao at openjdk.org> wrote:
> The P11Cipher case is different because the size of the output buffer (the one that may lead to a CKR_BUFFER_TOO_SMALL error) is a user input and the error visible to OpenJDK Java code [4] [5] [6] [7]. In addition, and contrary to the PKCS#11 v2.20 standard -which states "A call to C_EncryptUpdate which results in an error other than CKR_BUFFER_TOO_SMALL terminates the current encryption operation."-, the NSS Software Token may not terminate the operation on other error types [8] [9]. This is why we need to always cancel from P11Cipher.
For cipher impls, there are more than just P11Cipher, there are also P11AEADCipher and P11RSACipher. It looks like they should be updated with this defensive cancellation change unless the non-compliant NSS impl is algorithm-specific and does not apply to AES/GCM and RSA.
-------------
PR: https://git.openjdk.java.net/jdk/pull/1901
More information about the security-dev
mailing list