RFR: 8267125: AES Galois CounterMode (GCM) interleaved implementation using AVX512 + VAES instructions [v4]

Anthony Scarpino ascarpino at openjdk.java.net
Sat Jul 17 03:33:54 UTC 2021


On Fri, 16 Jul 2021 00:10:52 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 992:
>> 
>>> 990:          */
>>> 991:         byte[] overlapDetection(byte[] in, int inOfs, byte[] out, int outOfs) {
>>> 992:             if (in == out && (!encryption || inOfs < outOfs)) {
>> 
>> So, we will always allocate an output buffer for decryption if in==out? Why just decryption? Update the javadoc for this method with the reason?
>
> If the crypto is decryption in-place, an internal output buffer is needed in case the auth tag fails, otherwise the input buffer would be zero'ed.

If decryption fails with a bad auth tag, the in is not overwritten because it's in-place.  Encryption is not needed because there is nothing to check.  I can add a comment.

-------------

PR: https://git.openjdk.java.net/jdk/pull/4019



More information about the security-dev mailing list