RFR: 8258833: Cancel multi-part cipher operations in SunPKCS11 after failures [v6]
Martin Balao
mbalao at openjdk.java.net
Wed Jan 20 12:55:58 UTC 2021
On Wed, 20 Jan 2021 05:58:49 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Martin Balao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Removing the encryption-update path in CancelMultipart test as it depends on a know bug to cause a PKCS#11 error.
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line 638:
>
>> 636: (new ShortBufferException().initCause(e));
>> 637: }
>> 638: reset(true);
>
> Per PKCS#11 spec, "A call to C_EncryptUpdate which results in an error other than CKR_BUFFER_TOO_SMALL terminates the current encryption operation.", so I'd expect comment here to explain why we are doing reset(true). If not mentioning the known NSS behavior which triggered this change, at least comment the bug id so we don't lost track of the reason for the switch.
Yes, makes sense. Thanks
-------------
PR: https://git.openjdk.java.net/jdk/pull/1901
More information about the security-dev
mailing list