RFR: 8371864: GaloisCounterMode.implGCMCrypt0 AVX512/AVX2 intrinsics stubs cause AES-GCM encryption failure for certain payload sizes [v3]
Jiangli Zhou
jiangli at openjdk.org
Thu Nov 20 05:12:25 UTC 2025
On Thu, 20 Nov 2025 05:06:08 GMT, Jiangli Zhou <jiangli at openjdk.org> wrote:
>> test/jdk/com/sun/crypto/provider/Cipher/AES/TestAesGcmIntrinsic.java line 96:
>>
>>> 94: byte[] message = randBytes(messageSize);
>>> 95: try {
>>> 96: byte[] ciphertext = gcmEncrypt(key, message, aad);
>>
>> I believe it makes sense to check that round-trip is successful, e.g. that `decrypt(encrypt(message)) == message`. Currently we implicitly rely on exceptions being thrown from the incorrectly executing code, which is IMO too weak -- in the boundary conditions like these, there might be bugs that _do not_ manifest in visible exceptions, and just the encryption is subtly broken.
>
> That's a good idea. I added decrypt part and the check as suggested.
With the changes, there were more common parts in the test. I moved common code into helper methods.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28363#discussion_r2544350223
More information about the security-dev
mailing list