JDK-8282077 : PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 19
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2022-02-17
  • Updated: 2022-03-11
  • Resolved: 2022-02-19
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 19
19 b11Fixed
Related Reports
Relates :  
The Java_sun_security_pkcs11_wrapper_PKCS11_C_1Sign function in src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_sign.c should check for and handle CKR_BUFFER_TOO_SMALL, much like Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignFinal already does.
Changeset: d7f31d0d Author: Valerie Peng <valeriep@openjdk.org> Date: 2022-02-19 06:40:30 +0000 URL: https://git.openjdk.java.net/jdk/commit/d7f31d0d53bfec627edc83ceb75fc6202891e186

A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk/pull/7540 Date: 2022-02-18 21:52:59 +0000

Add the handling for CKR_BUFFER_TOO_SMALL error for C_Sign(...). However, this handling is coded based on PKCS#11 v3.0 spec for completeness handling. Existing buffer size is good enough for current list of supported signature algorithms, so it can't be tested by regression test. Thus the @noreg-hard label.