RFR: 8293779: redundant checking in AESCrypt.makeSessionKey() method [v3]
Daniel Jeliński
djelinski at openjdk.org
Thu Sep 15 05:25:12 UTC 2022
On Thu, 15 Sep 2022 05:09:06 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>>> > Actually, NM, init still has to call MessageDigest.isEqual so eliminating keys of invalid length before that is probably more efficient.
>>>
>>> The key should be valid for common cases. For valid key, it is more efficient to have the checking in makeSessionKey() as there is less checking. For invalid key, it is more efficient to have the checking before calling MessageDigest.isEqual(). Exception itself is costly, I would prefer to have better performance for common cases (valid key).
>>>
>>> I updated the patch before I read the comment. Please let me know your preference. I'm fine to rollback if you prefer the old patch.
>>
>> Yes, I think your current fix should be fine too. No need to rollback.
>
> Speaking of MessageDigest.isEqual, we don't need constant time comparison here. We could use Arrays.equals for some extra performance.
Actually, never mind that. We need constant time comparison to avoid leaking information about differences between old and new key. Sorry for the noise.
-------------
PR: https://git.openjdk.org/jdk/pull/10263
More information about the security-dev
mailing list