archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8298865: Excessive memory allocation in CipherOutputStream AEAD decryption

Browse source 
Reviewed-by: valeriep, ascarpino
This commit is contained in:
Daniel Jeliński 2022-12-20 10:27:33 +00:00
parent dd15d306a6
commit 36de61c460
3 changed files with 159 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/java.base/share/classes/javax/crypto/CipherInputStream.java
View file

@ -106,7 +106,8 @@ public class CipherInputStream extends FilterInputStream {
* The ostart and ofinish indices are reset to 0.
*
* If obuffer is null/zero-sized, do not allocate a new buffer.
* This reduces allocation for AEAD ciphers that never return data from update
* This reduces allocation for authenticated decryption
* that never returns data from update
*
* @param inLen the input length (in bytes)
*/
@ -152,7 +153,7 @@ public class CipherInputStream extends FilterInputStream {
ofinish = cipher.doFinal(obuffer, 0);
} else {
obuffer = cipher.doFinal();
ofinish = obuffer.length;
ofinish = (obuffer != null) ? obuffer.length : 0;
}
} catch (IllegalBlockSizeException | BadPaddingException
| ShortBufferException e) {
@ -167,7 +168,7 @@ public class CipherInputStream extends FilterInputStream {
ensureCapacity(readin);
try {
// initial obuffer is assigned by update/doFinal;
// for AEAD ciphers, obuffer is always null or zero-length here
// for AEAD decryption, obuffer is always null or zero-length here
if (obuffer != null && obuffer.length > 0) {
ofinish = cipher.update(ibuffer, 0, readin, obuffer, ostart);
} else {