RFR: 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding [v2]
Valerie Peng
valeriep at openjdk.java.net
Tue Mar 30 22:15:24 UTC 2021
On Tue, 30 Mar 2021 22:10:11 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Martin Balao has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits:
>>
>> - Avoid overriding buffered bytes with padding in the doFinal call.
>> - Only do encryption block-size buffering for NSS
>> - 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line 819:
>
>> 817: int startOff = 0;
>> 818: if (reqBlockUpdates) {
>> 819: startOff = bytesBuffered;
>
> Shouldn't the starting offset be the number of bytes in padBuffer, i.e. padBufferLen?
Then no need for the assert(...) to check the starting offset value.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2510
More information about the security-dev
mailing list