On Tue, 4 Jun 2024 05:04:45 GMT, Martin Balao <mba...@openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java
>> line 950:
>>
>>> 948: 0, out, (outOfs + k), (outLen - k));
>>> 949: if (blockMode == Mode.CTS) {
>>> 950: convertCTSVariant(null, out, outOfs + k);
>>
>> The 3rd argument of the convertCTSVariant() method is the data length which
>> is used to determine the penultimate block size? It looks incorrect to use
>> `outOfs + k` for that?
>
> `convertCTSVariant` needs the total output's length to determine the
> penultimate block size and do the slicing in the `out` array. The assumption
> here is that `outOfs` has the previously generated output (if any) starting
> at offset 0. In the CTS case, `k` has all the bytes (potentially) added to
> the output after flushing `padBuffer` with `C_EncryptUpdate` and all the
> bytes added after `C_EncryptFinal`.
I understand the meaning of `k`. It seems that the code here assumes `outOfs =
0`, but this may not always be the case when operating on user-supplied output
byte array, right?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18898#discussion_r1626806896
