RFR: 8253821: Improve ByteBuffer performance with GCM [v3]
Valerie Peng
valeriep at openjdk.java.net
Fri Nov 6 23:06:00 UTC 2020
On Mon, 2 Nov 2020 22:06:15 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java line 943:
>>
>>> 941: }
>>> 942: }
>>> 943: byte[] outBuffer = (internalOutput != null) ? internalOutput : output;
>>
>> With this line of change, the decrypted bytes are written into the output buffer including padding bytes. Is it not?
>
> If the output buffer provided is not big enough, it creates an internal one. Two things happened here, one the variable was renamed because I felt "outWithPadding" was misleading. The second was to only create this buffer when the length was smaller than the estimated length. Before this change it would already create and use this buffer whether it was needed or not.
I understand the renaming and etc. The difference here is that if output buffer is large enough, then the padding bytes are written into the output buffer even though the returned output length does not count them. Before this change, a separate output buffer is always used. Do you think it's ok to output padding bytes into user-supplied buffer? This is my main concern about this line.
-------------
PR: https://git.openjdk.java.net/jdk/pull/411
More information about the security-dev
mailing list