RFR: 8255557: Decouple GCM from CipherCore [v3]
Anthony Scarpino
ascarpino at openjdk.java.net
Fri May 21 03:10:36 UTC 2021
On Fri, 21 May 2021 02:51:05 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 402:
>>
>>> 400: }
>>> 401: try {
>>> 402: ArrayUtil.nullAndBoundsCheck(input, inputOffset, inputLen);
>>
>> Why is only this ArrayUtil.nullAndBoundsCheck(...) present in this engineDoFinal(...)? There are other engineUpdate/engineDoFinal() calls which also have input array, offset, and length. Shouldn't this check be added there as well? If the crypto engine check is separated out into a separate method, e.g. checkEngine(), then you don't have to explicitly release the crypto engine (as on line 405) and can just call checkEngine() after all the input validation has passed.
>
> yeah these checks are a bit all over the place.. I'll rework them
So I think I only need to add a check to the engineDoFinal() that did not have a check before.
-------------
PR: https://git.openjdk.java.net/jdk/pull/4072
More information about the security-dev
mailing list