On Tue, 4 Jun 2024 05:04:45 GMT, Martin Balao <mba...@openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java >> line 950: >> >>> 948: 0, out, (outOfs + k), (outLen - k)); >>> 949: if (blockMode == Mode.CTS) { >>> 950: convertCTSVariant(null, out, outOfs + k); >> >> The 3rd argument of the convertCTSVariant() method is the data length which >> is used to determine the penultimate block size? It looks incorrect to use >> `outOfs + k` for that? > > `convertCTSVariant` needs the total output's length to determine the > penultimate block size and do the slicing in the `out` array. The assumption > here is that `outOfs` has the previously generated output (if any) starting > at offset 0. In the CTS case, `k` has all the bytes (potentially) added to > the output after flushing `padBuffer` with `C_EncryptUpdate` and all the > bytes added after `C_EncryptFinal`. I understand the meaning of `k`. It seems that the code here assumes `outOfs = 0`, but this may not always be the case when operating on user-supplied output byte array, right? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18898#discussion_r1626806896