On Fri, 15 Jan 2021 20:28:28 GMT, Martin Balao <mba...@openjdk.org> wrote:
>> When a multi-part cipher operation fails in SunPKCS11 (i.e. because of an >> invalid block size), we now cancel the operation before returning the >> underlying Session to the Session Manager. This allows to use the returned >> Session for a different purpose. Otherwise, an CKR_OPERATION_ACTIVE error >> would be raised from the PKCS#11 library. >> >> The jdk/sun/security/pkcs11/Cipher/CancelMultipart.java regression test is >> introduced as part of this PR. >> >> No regressions found in jdk/sun/security/pkcs11. > > Martin Balao has updated the pull request incrementally with one additional > commit since the last revision: > > Removing the encryption-update path in CancelMultipart test as it depends > on a know bug to cause a PKCS#11 error. src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java line 631: > 629: // these cases are not expected here because the output > length > 630: // is checked in the OpenJDK side before making the PKCS#11 > call. > 631: // Thus, doCancel can safely be 'false'. Since the code is following the spec, I am not sure if this comment provides additional info? Fine to leave it if you prefer to have it. Just a thought. This goes for the same comments for other classes where we are not changing the behavior. ------------- PR: https://git.openjdk.java.net/jdk/pull/1901