RFR: 8314045: ArithmeticException in GaloisCounterMode [v2]

Anthony Scarpino ascarpino at openjdk.org
Wed Aug 9 23:44:28 UTC 2023


On Wed, 9 Aug 2023 23:15:59 GMT, Liam Miller-Cushon <cushon at openjdk.org> wrote:

>> Please consider this fix for [JDK-8314045](https://bugs.openjdk.org/browse/JDK-8314045), which adds a missing size check to avoid an `ArithmeticException` in `GaloisCounterMode`.
>
> Liam Miller-Cushon has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Check for AEADBadTagException specifically

test/jdk/com/sun/crypto/provider/Cipher/AEAD/GCMShortInput.java line 54:

> 52:             cipher.doFinal(ByteBuffer.allocate(0), ByteBuffer.allocate(0));
> 53:             throw new AssertionError("GeneralSecurityException expected");
> 54:         } catch (GeneralSecurityException e) {

The test should be verifying the exception is AEADBadTagException, not GeneralSecurityException, since that is the issue.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/15212#discussion_r1289342514


More information about the security-dev mailing list