RFR: 8267125: AES Galois CounterMode (GCM) interleaved implementation using AVX512 + VAES instructions [v4]
Anthony Scarpino
ascarpino at openjdk.java.net
Fri Jul 16 00:14:14 UTC 2021
On Thu, 15 Jul 2021 22:44:05 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Smita Kamath has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Updated AES-GCM intrinsic to match latest Java Code
>
> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 170:
>
>> 168:
>> 169: // always encrypt mode for embedded cipher
>> 170: blockCipher.init(false, key.getAlgorithm(), keyValue);
>
> Is this change intentional? Looks like we are reverting to older version of source and undo newer changes.
Nope.. unintentional
> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 472:
>
>> 470: engine = null;
>> 471: if (encodedKey != null) {
>> 472: Arrays.fill(encodedKey, (byte)0);
>
> Looks like another unintentional newer->older change.
I don't remember an old comment about that, dunno if that was reverted
> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 992:
>
>> 990: */
>> 991: byte[] overlapDetection(byte[] in, int inOfs, byte[] out, int outOfs) {
>> 992: if (in == out && (!encryption || inOfs < outOfs)) {
>
> So, we will always allocate an output buffer for decryption if in==out? Why just decryption? Update the javadoc for this method with the reason?
If the crypto is decryption in-place, an internal output buffer is needed in case the auth tag fails, otherwise the input buffer would be zero'ed.
-------------
PR: https://git.openjdk.java.net/jdk/pull/4019
More information about the security-dev
mailing list