On Wed, 5 Jun 2024 01:25:24 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> `convertCTSVariant` needs the total output's length to determine the >> penultimate block size and do the slicing in the `out` array. The assumption >> here is that `outOfs` has the previously generated output (if any) starting >> at offset 0. In the CTS case, `k` has all the bytes (potentially) added to >> the output after flushing `padBuffer` with `C_EncryptUpdate` and all the >> bytes added after `C_EncryptFinal`. > > I understand the meaning of `k`. It seems that the code here assumes `outOfs > = 0`, but this may not always be the case when operating on user-supplied > output byte array, right? The code does not assume that `outOfs = 0` but that the content of `out` (between 0 and `outOfs`) is previously generated output of a multi-part operation (not the whole output but one that is multiple of the block size). `outOfs + k` is an offset that we need to know and pass to `convertCTSVariant` for the `out` slicing. @franferrax , do you see possible to determine the penultimate block size from `k` only? (i.e. `int pad = k % blockSize;`) This would be more resilient for handling a user-supplied value. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18898#discussion_r1626870291