RFR: 8258833: Cancel multi-part cipher operations in SunPKCS11 after failures [v6]

Martin Balao mbalao at openjdk.java.net
Wed Jan 20 12:46:53 UTC 2021

On Wed, 20 Jan 2021 05:55:26 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Martin Balao has updated the pull request incrementally with one additional commit since the last revision:
>>   Removing the encryption-update path in CancelMultipart test as it depends on a know bug to cause a PKCS#11 error.
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java line 631:
>> 629:             // these cases are not expected here because the output length
>> 630:             // is checked in the OpenJDK side before making the PKCS#11 call.
>> 631:             // Thus, doCancel can safely be 'false'.
> Since the code is following the spec, I am not sure if this comment provides additional info? Fine to leave it if you prefer to have it. Just a thought. This goes for the same comments for other classes where we are not changing the behavior.

I wish we could keep the comment and make the previous assumption more explicit, even when someone can read the code above and arrive to the same conclusion. If the code around ever changes, this comment is something we must consider and, eventually, take action.


PR: https://git.openjdk.java.net/jdk/pull/1901

More information about the security-dev mailing list