On Thu, 14 Jan 2021 20:29:54 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> The update fails because the native mechanism (CKM_AES_ECB) has no padding >> and OpenJDK does not buffer data in the Java side for encryption [1] (this >> is a bug that I'll address soon). As a result, there is a PKCS#11 call with >> an invalid length and we get the error that ends up returning the session to >> the Session Manager. I just realized that when we fix the previous >> padding-bug, this test path won't work anymore. CKR_BUFFER_TOO_SMALL errors >> on updates do not lead to a reset call in the OpenJDK side (contrary to >> doFinal), so they wouldn't be useful for the test. I'll investigate if there >> is a way to trigger the path. Otherwise we should keep the doFinal path >> only. I'd still force a reset if there is an error other than >> CKR_BUFFER_TOO_SMALL in the update. >> >> -- >> [1] - >> https://github.com/openjdk/jdk/blob/1cc09ccaef9a3695dd2862e3ee121e141e0a8a13/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java#L583 > > It's an update call, isn't padding occur when doFinal() is called for > encryption? > In any case, it's best for the test case to not have this bug dependency. I > am ok if you can only test doFinal path only. Yes, makes sense to remove the bug dependency and the whole encrypt-update path. I'll keep the test extensible, though; so we can include new paths eventually. ------------- PR: https://git.openjdk.java.net/jdk/pull/1901