RFR: 8258833: Cancel multi-part cipher operations in SunPKCS11 after failures [v4]
Martin Balao
mbalao at openjdk.java.net
Fri Jan 15 18:39:24 UTC 2021
> When a multi-part cipher operation fails in SunPKCS11 (i.e. because of an invalid block size), we now cancel the operation before returning the underlying Session to the Session Manager. This allows to use the returned Session for a different purpose. Otherwise, an CKR_OPERATION_ACTIVE error would be raised from the PKCS#11 library.
>
> The jdk/sun/security/pkcs11/Cipher/CancelMultipart.java regression test is introduced as part of this PR.
>
> No regressions found in jdk/sun/security/pkcs11.
Martin Balao has updated the pull request incrementally with six additional commits since the last revision:
- More consistent documentation about Cancel Operation in P11-services.
- Consistent Cancel Operation behavior across P11-services: do not fail when the operation being cancelled was not initialized.
- Better error handling in P11PSSSignature Cancel Operation and documentation improvements.
- C_DecryptFinal/C_EncryptFinal failures do not need a Cancel Operation; only C_DecryptUpdate/C_EncryptUpdate ones.
- Documentation note explaining why Cancel Operation is not required in P11AEADCipher
- Documentation note explaining why Cancel Operation is not required in P11PSSSignature
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/1901/files
- new: https://git.openjdk.java.net/jdk/pull/1901/files/5bf00de0..ee90166e
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=1901&range=03
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=1901&range=02-03
Stats: 60 lines in 5 files changed: 53 ins; 3 del; 4 mod
Patch: https://git.openjdk.java.net/jdk/pull/1901.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/1901/head:pull/1901
PR: https://git.openjdk.java.net/jdk/pull/1901
More information about the security-dev
mailing list