RFR: 8255557: Decouple GCM from CipherCore [v4]
Anthony Scarpino
ascarpino at openjdk.java.net
Fri Jun 4 01:33:12 UTC 2021
On Thu, 3 Jun 2021 22:30:38 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> A engine is a one time use, so setting originalOut to null isn't necessary. engineDoFinal() sets engine = null.
>
> engine is one time use per encryption/decryption. But 'originalOut' is for overlap detection/protection which may be used multiple times during multi-part encryption/decrypion. For each overlapDetection()/restoreOut() pair, the 'originalOut' value should be cleared, otherwise there may be cases where the old value of 'originalOut' gets used?
Ok. I see what you are saying. I had not consider a situation where an update buffer overlapped and doFinal did not. I'll set originalDst and originalOut to null on their restore methods.
-------------
PR: https://git.openjdk.java.net/jdk/pull/4072
More information about the security-dev
mailing list