RFR: 8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
Martin Balao
mbalao at openjdk.java.net
Fri Jan 15 18:51:21 UTC 2021
On Wed, 13 Jan 2021 00:53:01 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>>> For cipher impls, there are more than just P11Cipher, there are also P11AEADCipher and P11RSACipher. It looks like they should be updated with this defensive cancellation change unless the non-compliant NSS impl is algorithm-specific and does not apply to AES/GCM and RSA.
>>
>> Sure, I was going to go through each of them. Only P11Cipher and P11Signature so far but I'm working on this.
>
>>
>>
>> > For cipher impls, there are more than just P11Cipher, there are also P11AEADCipher and P11RSACipher. It looks like they should be updated with this defensive cancellation change unless the non-compliant NSS impl is algorithm-specific and does not apply to AES/GCM and RSA.
>>
>> Sure, I was going to go through each of them. Only P11Cipher and P11Signature so far but I'm working on this.
>
> Wonderful, thanks!
@valeriepeng let me know your thoughts. Nothing else from my side now, unless you want me to revisit something.
-------------
PR: https://git.openjdk.java.net/jdk/pull/1901
More information about the security-dev
mailing list