RFR: 8298865: Excessive memory allocation in CipherOutputStream AEAD decryption [v2]

Daniel Jeliński djelinski at openjdk.org
Fri Dec 16 08:03:36 UTC 2022


On Thu, 15 Dec 2022 23:33:21 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> src/java.base/share/classes/javax/crypto/CipherOutputStream.java line 95:
>> 
>>> 93:      *
>>> 94:      * If obuffer is null/zero-sized, do not allocate a new buffer.
>>> 95:      * This reduces allocation for AEAD ciphers that never return data from update
>> 
>> nit: AEAD ciphers do return data for update() calls for encryption. Perhaps we should add "when used for decryption" or some other similar wordings to the above sentence? Same goes for the comment in CipherInputStream class.
>> Rest looks fine.
>
> Perhaps it's the way you read the sentence, when I read it bit before your comment, I interpreted the change as an open-ended comment where AEAD may or may not return without being specific.  I'm neutral to changing it to specify encryption vs decryption.

That's a good suggestion; I changed the wording now. What do you think?

-------------

PR: https://git.openjdk.org/jdk/pull/11693



More information about the security-dev mailing list