Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AES/GCM getOutputSize can overestimate space needed #135

Closed
SalusaSecondus opened this issue Dec 4, 2020 · 0 comments · Fixed by #138
Closed

AES/GCM getOutputSize can overestimate space needed #135

SalusaSecondus opened this issue Dec 4, 2020 · 0 comments · Fixed by #138
Assignees
@SalusaSecondus
Labels
Performance Performance improvements

Comments

@SalusaSecondus
Copy link
Contributor

Though Cipher.getOutputSize(int) is permitted to overestimate the amount of space needed, ACCP should avoid doing so. Currently it is assuming that OpenSSL may be caching up to one block internally (due to the internal management of the counter). We should either:

  1. Determine that this isn't the case and we can just return inputLen + tagLength, or
  2. Track bytes handled so far so we can give a completely correct answer.

This will make it easier to use our APIs correctly and also more efficient as callers will not need to allocate extra memory (which then must be truncated.

See AesGcmSpi.engineGetOutputSize(int).
@SalusaSecondus SalusaSecondus added the Performance Performance improvements label Dec 4, 2020
SalusaSecondus added a commit to SalusaSecondus/amazon-corretto-crypto-provider that referenced this issue Dec 18, 2020
@SalusaSecondus
Better output size estimates. Fixes corretto#135
8963083
@SalusaSecondus SalusaSecondus mentioned this issue Dec 18, 2020
Merged
@SalusaSecondus SalusaSecondus self-assigned this Dec 18, 2020
SalusaSecondus added a commit that referenced this issue Dec 22, 2020
@SalusaSecondus
Better output size estimates. Fixes #135
5c04e5d
SalusaSecondus added a commit to SalusaSecondus/amazon-corretto-crypto-provider that referenced this issue Apr 15, 2021
@SalusaSecondus
Merge branch 'develop' into evp_factory. Picks up 1.6.0 version
6e67e13 
* develop:
  Remove dead code and bump patch version
  Add logic to generate a classpath file
  Clarify best practices are local to ACCP
  Improve documentation (corretto#151)
  Update CHANGELOG for 1.6.0 (corretto#148)
  Handle RsaCipher#engineDoFinal with no input bytes (corretto#147)
  Validate that AesGcmSpi#engineInit gets non-null key (corretto#146)
  Move to OpenSSL 1.1.1j (corretto#145)
  Add list of known differences (corretto#137)
  Better output size estimates. Fixes corretto#135
  Move to openssl 1.1.1i (corretto#136)
  Initial commit of the development guide (corretto#134)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SalusaSecondus SalusaSecondus

Labels
Performance Performance improvements
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Better output size estimates. Fixes #135 SalusaSecondus/amazon-corretto-crypto-provider
1 participant
@SalusaSecondus