On Wed, 20 Jan 2021 13:47:13 GMT, Martin Balao <mba...@openjdk.org> wrote:
>> When a multi-part cipher operation fails in SunPKCS11 (i.e. because of an
>> invalid block size), we now cancel the operation before returning the
>> underlying Session to the Session Manager. This allows to use the returned
>> Session for a different purpose. Otherwise, an CKR_OPERATION_ACTIVE error
>> would be raised from the PKCS#11 library.
>>
>> The jdk/sun/security/pkcs11/Cipher/CancelMultipart.java regression test is
>> introduced as part of this PR.
>>
>> No regressions found in jdk/sun/security/pkcs11.
>
> Martin Balao has updated the pull request incrementally with two additional
> commits since the last revision:
>
> - Align doCancel pattern in 'P11Cipher::implDoFinal(byte[]..' to
> 'P11Cipher::implDoFinal(ByteBuffer..'. Better documentation in P11Cipher.
> Copyright date updated.
> - Copyright dates updated to 2021 on modified files
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line
793:
> 791: // only after this point. See JDK-8258833 for further
> 792: // information.
> 793: doCancel = false;
@valeriepeng I made a code change here so I'd like you to have a final look and
validate. I'm just aligning the 'P11Cipher::implDoFinal(byte[]..' function to
'P11Cipher::implDoFinal(ByteBuffer..'. The rationale is that 'doFalse = false'
can be placed before the C_EncryptFinal call because any error on it does not
require a cancel (it already cancels the operation)
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line
812:
> 810: // only after this point. See JDK-8258833 for further
> 811: // information.
> 812: doCancel = false;
Same comment that for line 793 of P11Cipher
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line
820:
> 818: System.arraycopy(padBuffer, 0, out, outOfs, k);
> 819: } else {
> 820: doCancel = false;
Same comment than for line 793 of P11Cipher
-------------
PR: https://git.openjdk.java.net/jdk/pull/1901
