On Tue, 30 Mar 2021 20:51:26 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Martin Balao has updated the pull request with a new target base due to a >> merge or a rebase. The incremental webrev excludes the unrelated changes >> brought in by the merge/rebase. The pull request contains three additional >> commits since the last revision: >> >> - Avoid overriding buffered bytes with padding in the doFinal call. >> - Only do encryption block-size buffering for NSS >> - 8261355: No data buffering in SunPKCS11 Cipher encryption when the >> underlying mechanism has no padding > > src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line > 265: > >> 263: // NSS requires block-sized updates in multi-part >> operations. >> 264: reqBlockUpdates = ((tokenLabel[0] == 'N' && >> tokenLabel[1] == 'S' >> 265: && tokenLabel[2] == 'S') ? true : false); > > IIRC, depending on how the impl is registered, engineSetPadding(String) may > not always be called. It's probably safer to set this in engineInit(...)? Looks to me that engineSetPadding is always called from the P11Cipher constructor. I thought that was a good location to set the reqBlockUpdates variable because it's next to the paddingObj initialization; which is a pre-requisite for reqBlockUpdates to be used. In other words, if we have no Java-side padding (paddingObj == null), reqBlockUpdates won't be used and we don't even pay the price of setting it. ------------- PR: https://git.openjdk.java.net/jdk/pull/2510