RFR: 8330842: Support AES CBC with Ciphertext Stealing (CTS) in SunPKCS11 [v4]
Martin Balao
mbalao at openjdk.org
Wed Jun 5 03:51:59 UTC 2024
On Wed, 5 Jun 2024 02:41:35 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Francisco Ferrari Bihurriet has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Apply code-review suggestion
>>
>> Co-authored-by: Francisco Ferrari <fferrari at redhat.com>
>> Co-authored-by: Martin Balao <mbalao at redhat.com>
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line 1183:
>
>> 1181: // Temporary buffer to the penultimate block
>> 1182: ciphertextBuf.put(start, tmp);
>> 1183: } else {
>
> Personally, I find it easier to follow if this code block follows the decrypt case (line 1184-1190), the allocated `tmp` could be smaller, e.g.
> Suggestion:
>
> byte[] tmp = new byte[pad];
> // .... pp[pp] ffff -> .... ffff pp[pp]
> ciphertextBuf.get(start, tmp);
> ciphertextBuf.put(start, ciphertextBuf, end - blockSize, blockSize);
> ciphertextBuf.put(end - pad, tmp);
>
> Have you considered this?
I have no personal preference, but would suggest that if we change it to cut the pad, we keep the decryption case aligned.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18898#discussion_r1626883413
More information about the security-dev
mailing list