[jdk11u-dev] RFR: 8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption [v7]
Scott Gibbons
sgibbons at openjdk.org
Mon Mar 6 21:30:22 UTC 2023
On Mon, 6 Mar 2023 19:33:27 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> Scott Gibbons has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Address review comment
>
> Something that should be verified is that this doesn't expose failed auth tag decrypted GCM data or other GCM decryption. There maybe some unexpected differences as this change was after GCM separated from CipherCore in 17. I believe GCM still uses CipherCore in 11.
Thanks, @ascarpino. Are there any tests I can run to verify that no GCM data have been exposed? It appears to me that there's one place where decrypted data could be leaked (ShortBufferException), but this is the same in newer versions.
-------------
PR: https://git.openjdk.org/jdk11u-dev/pull/1780
More information about the jdk-updates-dev
mailing list