On Tue, 4 Jun 2024 00:25:04 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Francisco Ferrari Bihurriet has updated the pull request with a new target >> base due to a merge or a rebase. The incremental webrev excludes the >> unrelated changes brought in by the merge/rebase. The pull request contains >> ten additional commits since the last revision: >> >> - Improve handling when the token variant is unknown >> >> Avoid registering CTS algorithms (those depending on CKM_AES_CTS) when >> the token CTS variant has not been specified in the configuration. Make >> NSS an exception, as we know that it uses the CS1 variant. >> >> Take advantage to extract a pkcs11.Config::parseEnumEntry() method for >> a cleaner entry in the main switch statement of pkcs11.Config::parse(), >> also slightly improving the error message. >> >> Co-authored-by: Francisco Ferrari <fferr...@redhat.com> >> Co-authored-by: Martin Balao <mba...@redhat.com> >> - Merge 'openjdk/master' into JDK-8330843 >> - Revert re-arrangement of native methods parameters >> >> This reverts commit 0a777e94229723376e1264e87cbf0ba805dc736f, except for >> the copyright which is retained as 2024. >> >> NOTE: new calls of the same methods are retained in the re-arrangement >> style, as we didn't introduce this re-arrangement, it was already >> present in most of the calls inside ::implUpdate() and ::implDoFinal(). >> >> Co-authored-by: Francisco Ferrari <fferr...@redhat.com> >> Co-authored-by: Martin Balao <mba...@redhat.com> >> - Merge 'openjdk/master' into JDK-8330843 >> - 8330842: Add AES CBC with Ciphertext Stealing (CTS) SunPKCS11 tests >> >> Co-authored-by: Francisco Ferrari <fferr...@redhat.com> >> Co-authored-by: Martin Balao <mba...@redhat.com> >> - 8330842: Support AES CBC with Ciphertext Stealing (CTS) in SunPKCS11 >> >> Co-authored-by: Francisco Ferrari <fferr...@redhat.com> >> Co-authored-by: Martin Balao <mba...@redhat.com> >> - Fix cipher tests logging >> >> Co-authored-by: Francisco Ferrari <fferr...@redhat.com> >> Co-authored-by: Martin Balao <mba...@redhat.com> >> - Implement integer constants as enum >> >> Co-authored-by: Francisco Ferrari <fferr...@redhat.com> >> Co-authored-by: Martin Balao <mba...@redhat.com> >> - Arrange parameters of native methods evenly >> >> C_EncryptUpdate / C_DecryptUpdate / C_EncryptFinal / C_DecryptFinal >> >> If the call doesn't fit on a single line, use the following order: >> long hSession, >> [ long directIn, byte[] in, int inOfs, int inLen,... > > src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line > 950: > >> 948: 0, out, (outOfs + k), (outLen - k)); >> 949: if (blockMode == Mode.CTS) { >> 950: convertCTSVariant(null, out, outOfs + k); > > The 3rd argument of the convertCTSVariant() method is the data length which > is used to determine the penultimate block size? It looks incorrect to use > `outOfs + k` for that? `convertCTSVariant` needs the total output's length to determine the penultimate block size and do the slicing in the `out` array. The assumption here is that `outOfs` has the previously generated output (if any) starting at offset 0. In the CTS case, `k` has all the bytes (potentially) added to the output after flushing `padBuffer` with `C_EncryptUpdate` and all the bytes added after `C_EncryptFinal`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18898#discussion_r1625350395