RFR: 8283577: SSLEngine.unwrap on read-only input ByteBuffer [v2]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Sat May 14 07:01:55 UTC 2022
On Sat, 14 May 2022 03:29:14 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> Hi,
>>
>> I need a review of this fix to allow a read-only 'src' buffer to be used with SSLEngine.unwrap(). A temporary read-write buffer is created in the SSLCipher operation when a read-only buffer is passed. If the 'src' is read-write, there is no effect on the current operation
>>
>> The PR also includes a CSR for an API implementation note to the SSLEngine.unwrap. The 'src' buffer may be modified during the decryption operation. 'unwrap()' has had this behavior forever, so there is no compatibility issue with this note. Using the 'src' buffer for in-place decryption was a performance decision.
>>
>> Tony
>
> Anthony Scarpino has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains four additional commits since the last revision:
>
> - review update
> - update some nits
> - PR ready
> - Initial
As the specification has been indicate that the input buffer could be updated, what do you think if closing the bug as "Not an issue" (or clarify the spec but no implementation update)? I was just wondering if it really worthy the effort to make the code more complicated.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8462
More information about the security-dev
mailing list