RFR: 8330842: Support AES CBC with Ciphertext Stealing (CTS) in SunPKCS11 [v6]
Martin Balao
mbalao at openjdk.org
Fri Jun 7 01:14:39 UTC 2024
On Fri, 7 Jun 2024 00:39:50 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Francisco Ferrari Bihurriet has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Apply code-review suggestion
>>
>> Co-authored-by: Francisco Ferrari <fferrari at redhat.com>
>> Co-authored-by: Martin Balao <mbalao at redhat.com>
>
> test/jdk/sun/security/pkcs11/Cipher/TestCipherTextStealingMultipart.java line 139:
>
>> 137: byte [] outArray = new byte[cipher.getOutputSize(0) + outOfs];
>> 138: cipher.doFinal(outArray, outOfs);
>> 139: actualCiphertextBuf.put(outArray, outOfs, outArray.length - outOfs);
>
> Add this offset testing to the decryption part as well?
Ok, I'll add it but it's not the same for decryption because it's the cipher text what has (potentially) to be reordered and output buffer will be for plain text. In fact, the reordering is over `padBuffer` (that has the last bytes of cipher text) for decryption.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18898#discussion_r1630487007
More information about the security-dev
mailing list