RFR: 8267125: AES Galois CounterMode (GCM) interleaved implementation using AVX512 + VAES instructions [v4]

Anthony Scarpino ascarpino at openjdk.java.net
Fri Jul 16 00:14:14 UTC 2021


On Thu, 15 Jul 2021 22:44:05 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Smita Kamath has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Updated AES-GCM intrinsic to match latest Java Code
>
> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 170:
> 
>> 168: 
>> 169:         // always encrypt mode for embedded cipher
>> 170:         blockCipher.init(false, key.getAlgorithm(), keyValue);
> 
> Is this change intentional? Looks like we are reverting to older version of source and undo newer changes.

Nope.. unintentional

> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 472:
> 
>> 470:             engine = null;
>> 471:             if (encodedKey != null) {
>> 472:                 Arrays.fill(encodedKey, (byte)0);
> 
> Looks like another unintentional newer->older change.

I don't remember an old comment about that, dunno if that was reverted

> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 992:
> 
>> 990:          */
>> 991:         byte[] overlapDetection(byte[] in, int inOfs, byte[] out, int outOfs) {
>> 992:             if (in == out && (!encryption || inOfs < outOfs)) {
> 
> So, we will always allocate an output buffer for decryption if in==out? Why just decryption? Update the javadoc for this method with the reason?

If the crypto is decryption in-place, an internal output buffer is needed in case the auth tag fails, otherwise the input buffer would be zero'ed.

-------------

PR: https://git.openjdk.java.net/jdk/pull/4019



More information about the security-dev mailing list