On Wed, 5 Jun 2024 18:27:11 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> The code does not assume that `outOfs = 0` but that the content of `out` >> (between 0 and `outOfs`) is previously generated output of a multi-part >> operation (not the whole output but one that is multiple of the block size). >> `outOfs + k` is an offset that we need to know and pass to >> `convertCTSVariant` for the `out` slicing. @franferrax , do you see possible >> to determine the penultimate block size from `k` only? (i.e. `int pad = k % >> blockSize;`) This would be more resilient for handling a user-supplied value. > > I am not sure that we can make the assumption `the content of out (between 0 > and outOfs) is previously generated output of a multi-part operation`. It's > possible that the output buffer starts at a non-zero offset for storing the > encrypt/decrypted data. @valeriepeng you are right, that assumption was wrong, we fixed it in 37d6eb805a3ca93e331eae9fec0f6f657758bc3e, and also modified `TestCipherTextStealingMultipart.java` to exercise the issue. Instead of `k`, we used `padBufferLen` to determine the penultimate block size. Please note that the data that can make a difference for the penultimate block size calculation is always available in `padBuffer`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18898#discussion_r1628314682
