Code Review Request for 8026943: SQE test jce/Global/Cipher/SameBuffer failed

Sean Mullan sean.mullan at oracle.com
Thu Nov 14 16:20:38 UTC 2013


This looks good to me.

--Sean

On 11/13/2013 04:43 PM, Valerie (Yu-Ching) Peng wrote:
>
> Can someone help review my fixes for 8026943 "SQE test
> jce/Global/Cipher/SameBuffer failed"?
>
> According to Cipher javadoc, both its update(...) and doFinal(...)
> methods should be copy-safe, meaning the |input| and |output| buffers
> can reference the same byte array and no unprocessed input data is
> overwritten when the result is copied into the output buffer. In
> CipherCore class, this condition is not checked and thus leads to the
> scenarios of unprocessed input data being accidentally overwritten.
>
> I added checks to CipherCore class to detect this for both
> update(...)/doFinal(...) operations.
> DESedeWrapCipher class is also updated to not pass the same byte array
> for input and output when using FeedbackCipher objects.
> Also, removed similar handling inside CipherBlockChaining class as it's
> now handled at its caller level (CipherCore and DESedeWrapCipher classes).
>
> Webrev: http://cr.openjdk.java.net/~valeriep/8026943/webrev.00/
>
> Thanks,
> Valerie




More information about the security-dev mailing list