> Hi, > > I'd like to propose a fix for JDK-8261355 [1]. > > The scheme used for holding data and padding while performing encryption > operations is almost the same than the existing one for decryption. The only > difference is that encryption does not require a block-sized buffer to be > always held because there is no need, upon an update call, to determine which > bytes are real output for the caller and which are padding -as it's required > for decryption-. I added a couple of comments in implUpdate to explain this. > > No regressions observed in jdk/sun/security/pkcs11. > > Thanks, > Martin.- > > -- > [1] - https://bugs.openjdk.java.net/browse/JDK-8261355
Martin Balao has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits: - Avoid overriding buffered bytes with padding in the doFinal call. - Only do encryption block-size buffering for NSS - 8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding ------------- Changes: https://git.openjdk.java.net/jdk/pull/2510/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=2510&range=01 Stats: 245 lines in 2 files changed: 164 ins; 23 del; 58 mod Patch: https://git.openjdk.java.net/jdk/pull/2510.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/2510/head:pull/2510 PR: https://git.openjdk.java.net/jdk/pull/2510