RFR: 8302017: Allocate BadPaddingException only if it will be thrown
David Schlosnagle
duke at openjdk.org
Sat Feb 25 02:42:04 UTC 2023
On Thu, 23 Feb 2023 18:15:35 GMT, Ahmed Muhsin <duke at openjdk.org> wrote:
> This change will move the instantiation of BadPaddingException into the branch of the if statement where it is thrown. This will decrease the overhead of calling `unpadV15` and `unpadOAEP`. Please see the associated work item for past discussions regarding this change.
>
> The build and tier1 tests pass locally on mac-aarch64.
src/java.base/share/classes/sun/security/rsa/RSAPadding.java line 370:
> 368:
> 369: if (bp) {
> 370: throw new BadPaddingException("Decryption error");
I assume the reason it was originally written this way was to ensure both the successful and unsuccessful paths are constant time to avoid timing attacks here, see the comment on method.
I am not a cryptographer but I'm wondering if you could use a preallocated `BadPaddingException` and/or overriding `fillInStackTrace() { return this; }`
https://github.com/openjdk/jdk/blob/caef0a589cb31e97e0ef9e8355d4aa3325908140/src/java.base/share/classes/sun/security/rsa/RSAPadding.java#L331-L333
-------------
PR: https://git.openjdk.org/jdk/pull/12732
More information about the security-dev
mailing list