RFR: 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding [v2]
Martin Balao
mbalao at openjdk.java.net
Thu Mar 25 22:13:42 UTC 2021
> Hi,
>
> I'd like to propose a fix for JDK-8261355 [1].
>
> The scheme used for holding data and padding while performing encryption operations is almost the same than the existing one for decryption. The only difference is that encryption does not require a block-sized buffer to be always held because there is no need, upon an update call, to determine which bytes are real output for the caller and which are padding -as it's required for decryption-. I added a couple of comments in implUpdate to explain this.
>
> No regressions observed in jdk/sun/security/pkcs11.
>
> Thanks,
> Martin.-
>
> --
> [1] - https://bugs.openjdk.java.net/browse/JDK-8261355
Martin Balao has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits:
- Avoid overriding buffered bytes with padding in the doFinal call.
- Only do encryption block-size buffering for NSS
- 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
-------------
Changes: https://git.openjdk.java.net/jdk/pull/2510/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=2510&range=01
Stats: 245 lines in 2 files changed: 164 ins; 23 del; 58 mod
Patch: https://git.openjdk.java.net/jdk/pull/2510.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/2510/head:pull/2510
PR: https://git.openjdk.java.net/jdk/pull/2510
More information about the security-dev
mailing list