RFR: 8273977: Reduce unnecessary BadPaddingExceptions in RSAPadding
Aleksey Shipilev
shade at openjdk.java.net
Wed Nov 3 19:03:23 UTC 2021
On Mon, 20 Sep 2021 08:38:18 GMT, Lari Hotari <duke at openjdk.java.net> wrote:
> ### Motivation
>
> When profiling an application that uses JWT token authentication, it was noticed that a high number of `javax.crypto.BadPaddingException`s were created. When investigating the code in RSAPadding, one can see that BadPaddingException is created in all cases, also on the success path:
> https://github.com/openjdk/jdk/blob/dc7f452acbe3afa5aa6e31d316bd5e669c86d6f6/src/java.base/share/classes/sun/security/rsa/RSAPadding.java#L369-L375
>
> ### Modifications
>
> Inline the unnecessary local variable to prevent creating the exception on the success path.
Submitted the bug for it, [JDK-8273977](https://bugs.openjdk.java.net/browse/JDK-8273977). Please change the PR title to "8273977: Reduce unnecessary BadPaddingExceptions in RSAPadding" to get bots hooked properly.
Regarding the changes themselves, I think the key thing here is the method comment: "Note that we want to make it a constant-time operation", which is probably why this exception is always unconditionally created. Security folks need to say for sure.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5581
More information about the security-dev
mailing list