On Fri, 15 Jan 2021 18:51:20 GMT, Martin Balao <mba...@openjdk.org> wrote:
>> When a multi-part cipher operation fails in SunPKCS11 (i.e. because of an
>> invalid block size), we now cancel the operation before returning the
>> underlying Session to the Session Manager. This allows to use the returned
>> Session for a different purpose. Otherwise, an CKR_OPERATION_ACTIVE error
>> would be raised from the PKCS#11 library.
>>
>> The jdk/sun/security/pkcs11/Cipher/CancelMultipart.java regression test is
>> introduced as part of this PR.
>>
>> No regressions found in jdk/sun/security/pkcs11.
>
> Martin Balao has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Minor documentation improvement in P11Mac regarding Cancel Operation
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line
802:
> 800: System.arraycopy(padBuffer, 0, out, outOfs, k);
> 801: } else {
> 802: k = token.p11.C_DecryptFinal(session.id(), 0, out,
> outOfs,
Comment for line 638 apply here as well.
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line
887:
> 885: (!(outBuffer instanceof DirectBuffer) &&
> 886: !outBuffer.hasArray())) {
> 887: outBuffer.put(outArray, outOfs, k);
Comment for line 638 apply here as well.
-------------
PR: https://git.openjdk.java.net/jdk/pull/1901
