RFR: 8258833: Cancel multi-part cipher operations in SunPKCS11 after failures [v5]
Valerie Peng
valeriep at openjdk.java.net
Wed Jan 20 06:07:50 UTC 2021
On Fri, 15 Jan 2021 18:51:20 GMT, Martin Balao <mbalao at openjdk.org> wrote:
>> When a multi-part cipher operation fails in SunPKCS11 (i.e. because of an invalid block size), we now cancel the operation before returning the underlying Session to the Session Manager. This allows to use the returned Session for a different purpose. Otherwise, an CKR_OPERATION_ACTIVE error would be raised from the PKCS#11 library.
>>
>> The jdk/sun/security/pkcs11/Cipher/CancelMultipart.java regression test is introduced as part of this PR.
>>
>> No regressions found in jdk/sun/security/pkcs11.
>
> Martin Balao has updated the pull request incrementally with one additional commit since the last revision:
>
> Minor documentation improvement in P11Mac regarding Cancel Operation
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line 802:
> 800: System.arraycopy(padBuffer, 0, out, outOfs, k);
> 801: } else {
> 802: k = token.p11.C_DecryptFinal(session.id(), 0, out, outOfs,
Comment for line 638 apply here as well.
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line 887:
> 885: (!(outBuffer instanceof DirectBuffer) &&
> 886: !outBuffer.hasArray())) {
> 887: outBuffer.put(outArray, outOfs, k);
Comment for line 638 apply here as well.
-------------
PR: https://git.openjdk.java.net/jdk/pull/1901
More information about the security-dev
mailing list