Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption #1780

Closed

Conversation

asgibbons
Copy link

@asgibbons asgibbons commented Feb 27, 2023

Backporting because this change results in ~3x performance improvement in AES-CTR.

Risk is low. Tested with tier1 and benchmark.

The PR does not backport cleanly. The buffer name was changed, but functionally remains the same.


Progress

  • Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue

Issue

  • JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u-dev pull/1780/head:pull/1780
$ git checkout pull/1780

Update a local copy of the PR:
$ git checkout pull/1780
$ git pull https://git.openjdk.org/jdk11u-dev pull/1780/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 1780

View PR using the GUI difftool:
$ git pr show -t 1780

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk11u-dev/pull/1780.diff

@bridgekeeper
Copy link

bridgekeeper bot commented Feb 27, 2023

👋 Welcome back sgibbons! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot changed the title Backport 409382ba4b43bf48ed0086020dd20641effd35b6 8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption Feb 27, 2023
@openjdk
Copy link

openjdk bot commented Feb 27, 2023

This backport pull request has now been updated with issue from the original commit.

@openjdk openjdk bot added backport rfr Pull request is ready for review labels Feb 27, 2023
@mlbridge
Copy link

mlbridge bot commented Feb 27, 2023

Copy link
Contributor

@RealCLanger RealCLanger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@RealCLanger
Copy link
Contributor

can you please run GHA

@openjdk
Copy link

openjdk bot commented Feb 27, 2023

@asgibbons This change now passes all automated pre-integration checks.

After integration, the commit message for the final commit will be:

8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption

Reviewed-by: clanger

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 16 new commits pushed to the master branch:

  • 0748e2a: 8303432: Bump update version for OpenJDK: jdk-11.0.20
  • 8a726af: 8264299: Create implementation of native accessibility peer for ScrollPane and ScrollBar Java Accessibility roles
  • 915ac57: 8302000: [11u] A subtle race condition during jdk11u build
  • 125cf5a: 8295530: Update Zlib Data Compression Library to Version 1.2.13
  • de6d2c9: 8190492: Remove SSLv2Hello and SSLv3 from default enabled TLS protocols
  • 2405ca6: 8299520: TestPrintXML.java output error messages in case compare fails
  • bd9c2fb: 8290197: test/jdk/java/nio/file/Files/probeContentType/Basic.java fails on some systems for the ".rar" extension
  • 15bdc4d: 8235448: code cleanup in SSLContextImpl.java
  • 5802a9a: 8245654: Add Certigna Root CA
  • 86b8ea8: 8295777: java/net/httpclient/ConnectExceptionTest.java should not rely on system resolver
  • ... and 6 more: https://git.openjdk.org/jdk11u-dev/compare/cfb05cb26d1b16fc12c2ba2486d00b8ebacc04da...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@RealCLanger) but any other Committer may sponsor as well.

➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration).

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Feb 27, 2023
@asgibbons
Copy link
Author

Noob here - what is GHA?

@RealCLanger
Copy link
Contributor

Noob here - what is GHA?

GHA= GitHub Actions. You have to enable it in your repository fork. Then you will also be able to trigger the run for your PR branch.

@asgibbons
Copy link
Author

Thanks @RealCLanger. I triggered a run and will integrate when complete.

Copy link
Contributor

@RealCLanger RealCLanger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm after your merges the resulting change looks incorrect.

@openjdk openjdk bot removed the ready Pull request is ready to be integrated label Mar 1, 2023
@asgibbons
Copy link
Author

@RealCLanger - Sorry for the churn. I had a slight mixup in the myriad of JDK trees I'm concurrently maintaining. I fixed the issue and manual testing along with tier1 testing have successfully completed.

Please review and approve if this is acceptable.

@sviswa7
Copy link

sviswa7 commented Mar 2, 2023

@ascarpino Could you please help review this backport CR?

Copy link
Contributor

@RealCLanger RealCLanger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had a closer look now. Overall it seems ok. Could you maybe rename outWithPadding to internalOutput? That would bring the code closer to head and seems the more logical name for the buffer. Thanks.

System.arraycopy(outWithPadding, 0, output, outputOffset, outLen);
// decrypt mode. Zero out output data that's not required
Arrays.fill(outWithPadding, (byte) 0x00);
if(outWithPadding != null) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a space after if

@@ -968,9 +974,9 @@ private void endDoFinal() {
}
}

private int unpad(int outLen, byte[] outWithPadding)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here the variable should remain outWithPadding.

throws BadPaddingException {
int padStart = padding.unpad(outWithPadding, 0, outLen);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here.

@RealCLanger
Copy link
Contributor

Thanks. This looks good. I'll run it through SAP'S nightlies and will hopefully approve tomorrow when no regressions spotted.

@asgibbons
Copy link
Author

Thank you very much @RealCLanger !

@ascarpino
Copy link
Contributor

The backport looks consistent with what was put in recent releases.

@ascarpino
Copy link
Contributor

Something that should be verified is that this doesn't expose failed auth tag decrypted GCM data or other GCM decryption. There maybe some unexpected differences as this change was after GCM separated from CipherCore in 17. I believe GCM still uses CipherCore in 11.

@asgibbons
Copy link
Author

Thanks, @ascarpino. Are there any tests I can run to verify that no GCM data have been exposed? It appears to me that there's one place where decrypted data could be leaked (ShortBufferException), but this is the same in newer versions.

Copy link
Contributor

@RealCLanger RealCLanger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good from my perspective now. SAP tests passed. Can't say anything to the GCM topic brought up by @ascarpino, though.

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Mar 7, 2023
@asgibbons
Copy link
Author

@ascarpino I have been looking to see whether any data could be potentially leaked as a result of my change and cannot envision such a scenario. It appears to me that my change is functionally identical to what it would be without the change. Can you please provide more details? Thanks.

@asgibbons
Copy link
Author

I believe there is no additional risk to data leakage as the result of this change, so I'm proposing integration. Thanks.

/integrate

@openjdk openjdk bot added the sponsor Pull request is ready to be sponsored label Mar 9, 2023
@openjdk
Copy link

openjdk bot commented Mar 9, 2023

@asgibbons
Your change (at version 9b7ef4a) is now ready to be sponsored by a Committer.

@RealCLanger
Copy link
Contributor

I believe there is no additional risk to data leakage as the result of this change, so I'm proposing integration. Thanks.

/integrate

ok

/sponsor

@openjdk
Copy link

openjdk bot commented Mar 10, 2023

Going to push as commit 479ddb6.
Since your change was applied there have been 18 commits pushed to the master branch:

  • 7d89919: 8289301: P11Cipher should not throw out of bounds exception during padding
  • 80615a6: 8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation
  • 0748e2a: 8303432: Bump update version for OpenJDK: jdk-11.0.20
  • 8a726af: 8264299: Create implementation of native accessibility peer for ScrollPane and ScrollBar Java Accessibility roles
  • 915ac57: 8302000: [11u] A subtle race condition during jdk11u build
  • 125cf5a: 8295530: Update Zlib Data Compression Library to Version 1.2.13
  • de6d2c9: 8190492: Remove SSLv2Hello and SSLv3 from default enabled TLS protocols
  • 2405ca6: 8299520: TestPrintXML.java output error messages in case compare fails
  • bd9c2fb: 8290197: test/jdk/java/nio/file/Files/probeContentType/Basic.java fails on some systems for the ".rar" extension
  • 15bdc4d: 8235448: code cleanup in SSLContextImpl.java
  • ... and 8 more: https://git.openjdk.org/jdk11u-dev/compare/cfb05cb26d1b16fc12c2ba2486d00b8ebacc04da...master

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot added the integrated Pull request has been integrated label Mar 10, 2023
@openjdk openjdk bot closed this Mar 10, 2023
@openjdk openjdk bot removed ready Pull request is ready to be integrated rfr Pull request is ready for review sponsor Pull request is ready to be sponsored labels Mar 10, 2023
@openjdk
Copy link

openjdk bot commented Mar 10, 2023

@RealCLanger @asgibbons Pushed as commit 479ddb6.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport integrated Pull request has been integrated
4 participants