On Mon, 28 Dec 2020 16:24:43 GMT, Martin Balao <mba...@openjdk.org> wrote:
> When a multi-part cipher operation fails in SunPKCS11 (i.e. because of an
> invalid block size), we now cancel the operation before returning the
> underlying Session to the Session Manager. This allows to use the returned
> Session for a different purpose. Otherwise, an CKR_OPERATION_ACTIVE error
> would be raised from the PKCS#11 library.
>
> The jdk/sun/security/pkcs11/Cipher/CancelMultipart.java regression test is
> introduced as part of this PR.
>
> No regressions found in jdk/sun/security/pkcs11.
test/jdk/sun/security/pkcs11/Cipher/CancelMultipart.java line 122:
> 120: cipher.doFinal(new byte[1], 0, 0);
> 121: } else {
> 122: cipher.update(new byte[1]);
Why only calling update(..) for Cipher encryption would lead to Exception?
Seems strange...
test/jdk/sun/security/pkcs11/Cipher/CancelMultipart.java line 194:
> 192: private static void tryCipherInit() throws Exception {
> 193: Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding",
> provider);
> 194: cipher.init(Cipher.ENCRYPT_MODE, key);
Add a comment here or to this method about the CKR_OPERATION_ACTIVE error (w/o
this fix) as this is actually the key test point.
-------------
PR: https://git.openjdk.java.net/jdk/pull/1901
