RFR: 8298865: Excessive memory allocation in CipherOutputStream AEAD decryption [v2]
Anthony Scarpino
ascarpino at openjdk.org
Thu Dec 15 23:36:07 UTC 2022
On Thu, 15 Dec 2022 22:46:47 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Daniel Jeliński has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Fix test failure
>
> src/java.base/share/classes/javax/crypto/CipherOutputStream.java line 95:
>
>> 93: *
>> 94: * If obuffer is null/zero-sized, do not allocate a new buffer.
>> 95: * This reduces allocation for AEAD ciphers that never return data from update
>
> nit: AEAD ciphers do return data for update() calls for encryption. Perhaps we should add "when used for decryption" or some other similar wordings to the above sentence? Same goes for the comment in CipherInputStream class.
> Rest looks fine.
Perhaps it's the way you read the sentence, when I read it bit before your comment, I interpreted the change as an open-ended comment where AEAD may or may not return without being specific. I'm neutral to changing it to specify encryption vs decryption.
-------------
PR: https://git.openjdk.org/jdk/pull/11693
More information about the security-dev
mailing list