RFR: 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding [v2]

Valerie Peng valeriep at openjdk.java.net
Tue Mar 30 22:15:24 UTC 2021


On Tue, 30 Mar 2021 22:10:11 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Martin Balao has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits:
>> 
>>  - Avoid overriding buffered bytes with padding in the doFinal call.
>>  - Only do encryption block-size buffering for NSS
>>  - 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line 819:
> 
>> 817:                     int startOff = 0;
>> 818:                     if (reqBlockUpdates) {
>> 819:                         startOff = bytesBuffered;
> 
> Shouldn't the starting offset be the number of bytes in padBuffer, i.e. padBufferLen?

Then no need for the assert(...) to check the starting offset value.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2510


More information about the security-dev mailing list