RFR: 8258833: Cancel multi-part cipher operations in SunPKCS11 after failures [v7]

Valerie Peng valeriep at openjdk.java.net
Fri Jan 22 02:16:01 UTC 2021


On Wed, 20 Jan 2021 13:51:56 GMT, Martin Balao <mbalao at openjdk.org> wrote:

>> Martin Balao has updated the pull request incrementally with two additional commits since the last revision:
>> 
>>  - Align doCancel pattern in 'P11Cipher::implDoFinal(byte[]..' to 'P11Cipher::implDoFinal(ByteBuffer..'. Better documentation in P11Cipher. Copyright date updated.
>>  - Copyright dates updated to 2021 on modified files
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line 793:
> 
>> 791:                 // only after this point. See JDK-8258833 for further
>> 792:                 // information.
>> 793:                 doCancel = false;
> 
> @valeriepeng I made a code change here so I'd like you to have a final look and validate. I'm just aligning the 'P11Cipher::implDoFinal(byte[]..' function to 'P11Cipher::implDoFinal(ByteBuffer..'. The rationale is that 'doFalse = false' can be placed before the C_EncryptFinal call because any error on it does not require a cancel (it already cancels the operation)

Yes, aligning them is better.

-------------

PR: https://git.openjdk.java.net/jdk/pull/1901


More information about the security-dev mailing list