RFR: 8255557: Decouple GCM from CipherCore [v3]
Anthony Scarpino
ascarpino at openjdk.java.net
Fri May 21 02:54:54 UTC 2021
On Wed, 19 May 2021 19:20:20 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision:
>>
>> cleanup
>
> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 402:
>
>> 400: }
>> 401: try {
>> 402: ArrayUtil.nullAndBoundsCheck(input, inputOffset, inputLen);
>
> Why is only this ArrayUtil.nullAndBoundsCheck(...) present in this engineDoFinal(...)? There are other engineUpdate/engineDoFinal() calls which also have input array, offset, and length. Shouldn't this check be added there as well? If the crypto engine check is separated out into a separate method, e.g. checkEngine(), then you don't have to explicitly release the crypto engine (as on line 405) and can just call checkEngine() after all the input validation has passed.
yeah these checks are a bit all over the place.. I'll rework them
-------------
PR: https://git.openjdk.java.net/jdk/pull/4072
More information about the security-dev
mailing list