RFR: 8267125: AES Galois CounterMode (GCM) interleaved implementation using AVX512 + VAES instructions [v4]
Anthony Scarpino
ascarpino at openjdk.java.net
Sat Jul 17 03:33:54 UTC 2021
On Fri, 16 Jul 2021 00:10:52 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 992:
>>
>>> 990: */
>>> 991: byte[] overlapDetection(byte[] in, int inOfs, byte[] out, int outOfs) {
>>> 992: if (in == out && (!encryption || inOfs < outOfs)) {
>>
>> So, we will always allocate an output buffer for decryption if in==out? Why just decryption? Update the javadoc for this method with the reason?
>
> If the crypto is decryption in-place, an internal output buffer is needed in case the auth tag fails, otherwise the input buffer would be zero'ed.
If decryption fails with a bad auth tag, the in is not overwritten because it's in-place. Encryption is not needed because there is nothing to check. I can add a comment.
-------------
PR: https://git.openjdk.java.net/jdk/pull/4019
More information about the security-dev
mailing list