RFR: 8253821: Improve ByteBuffer performance with GCM [v5]

Valerie Peng valeriep at openjdk.java.net
Tue Dec 1 23:21:11 UTC 2020


On Thu, 26 Nov 2020 02:14:40 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> 8253821: Improve ByteBuffer performance with GCM
>
> Anthony Scarpino has updated the pull request incrementally with five additional commits since the last revision:
> 
>  - test updates
>  - test check mixup
>  - Overlap protection
>  - Updated code comments, all tests pass
>  - Updated code comments, all tests pass

src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 557:

> 555:                 // If a block or more was encrypted from 'buffer' only, but the
> 556:                 // rest of 'buffer' with 'in' could not construct a block, then
> 557:                 // put the rest if 'buffer' back into ibuffer.

typo: if => of

src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 539:

> 537:             // Construct and encrypt a block if there is enough 'buffer' and
> 538:             // 'in' to make one
> 539:             if ((inLen + remainder) >= blockSize) {

This big block of code is only needed when (remainder != 0), right?

src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 554:

> 552:                 ibuffer.reset();
> 553:                 // Code below will write the remainder from 'in' to ibuffer
> 554:             } else if (blen > 0) {

Instead of blen >0, maybe you meant remainder > 0?

src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 514:

> 512:         checkDataLength(inLen, getBufferedLength());
> 513:         ArrayUtil.nullAndBoundsCheck(in, inOfs, inLen);
> 514: 

How about checking out, outOfs with ArrayUtil.nullAndBoundsCheck(...) call? I saw one below, but there are already prior calls writing into out. Existing impl checks it before writing data into it.

src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 580:

> 578: 
> 579:         // Encrypt the remaining blocks inside of 'in'
> 580:         if (len > 0) {

Shouldn't this be 'inLen' instead of 'len'?

src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 657:

> 655:      */
> 656:     int decrypt(byte[] in, int inOfs, int len, byte[] out, int outOfs) {
> 657:         checkDataLength(ibuffer.size(), len);

Just curious, why remove this checkDataLength(...) call? Seems inconsistent to other methods?

-------------

PR: https://git.openjdk.java.net/jdk/pull/411



More information about the security-dev mailing list