On Thu, 30 Sep 2021 19:14:10 GMT, Anthony Scarpino <ascarp...@openjdk.org>
wrote:
>> Anyone has time to review this RFE for adding AES cipher with KW, KWP modes
>> support to SunPKCS11 provider?
>>
>> The main changes are in only one new class, i.e. P11KeyWrapCipher.java,
>> which is the CipherSpi impl for the native PKCS11 key wrap mechanisms. When
>> testing against NSS library, it seems that they only support the single part
>> enc/dec PKCS11 APIs, so have to use a new class as existing P11Cipher class
>> relies on the multi part enc/dec PKCS11 APIs and do not support key
>> wrapping/unwrapping.
>>
>> The rest are minor code refactoring and updates for the PKCS11 Exception
>> class.
>> The new regression tests are adapted from existing key wrap regression tests
>> for SunJCE provider.
>>
>> Thanks,
>> Valerie
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyWrapCipher.java
> line 437:
>
>> 435: protected byte[] engineDoFinal(byte[] in, int inOfs, int inLen)
>> 436: throws IllegalBlockSizeException, BadPaddingException {
>> 437: int minOutLen = doFinalLength(inLen);
>
> nit: seems like this could be maxOutLen given it's the length used to
> allocate out[]. It can't be any larger, otherwise the operations would fail
Sure, I will rename it to maxOutLen
-------------
PR: https://git.openjdk.java.net/jdk/pull/5569
