On Thu, 6 Jun 2024 21:18:04 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Francisco Ferrari Bihurriet has updated the pull request incrementally with
>> one additional commit since the last revision:
>>
>> Apply code-review suggestion
>>
>> Co-authored-by: Francisco Ferrari <fferr...@redhat.com>
>> Co-authored-by: Martin Balao <mba...@redhat.com>
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java line
> 1169:
>
>> 1167: }
>> 1168: if (ciphertextArr != null) {
>> 1169: ciphertextBuf = ByteBuffer.wrap(ciphertextArr);
>
> Can we add a comment here to caution that position may be incorrect (since
> the offset is not passed to this call) and thus need to always supply an
> index for reading/writing values to the `ciphertextBuf`?
It's not so much about position being incorrect —`convertCTSVariant` makes no
assumptions about it, but could have reset position to the beginning of the
last 2 blocks— but that `ciphertextBuf` bytes should not be modified except for
the last 2 blocks. I'm okay with adding a comment but I don't see any
extension of the `convertCTSVariant` function that could be at risk of having
to access anything other than the last 2 blocks.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18898#discussion_r1630335033
