jdk Udiff src/share/classes/com/sun/crypto/provider/FeedbackCipher.java

src/share/classes/com/sun/crypto/provider/FeedbackCipher.java

8012900: CICO ignores AAD in GCM mode

@@ -131,12 +131,13 @@
      * @param plain the input buffer with the data to be encrypted
      * @param plainOffset the offset in <code>plain</code>
      * @param plainLen the length of the input data
      * @param cipher the buffer for the encryption result
      * @param cipherOffset the offset in <code>cipher</code>
+     * @return the number of bytes placed into <code>cipher</code>
      */
-    abstract void encrypt(byte[] plain, int plainOffset, int plainLen,
+    abstract int encrypt(byte[] plain, int plainOffset, int plainLen,
                           byte[] cipher, int cipherOffset);
     /**
      * Performs encryption operation for the last time.
      *
      * <p>NOTE: For cipher feedback modes which does not perform

@@ -152,13 +153,12 @@
      * @param cipherOffset the offset in <code>cipher</code>
      * @return the number of bytes placed into <code>cipher</code>
      */
      int encryptFinal(byte[] plain, int plainOffset, int plainLen,
                       byte[] cipher, int cipherOffset)
-         throws IllegalBlockSizeException {
-         encrypt(plain, plainOffset, plainLen, cipher, cipherOffset);
-         return plainLen;
+         throws IllegalBlockSizeException, ShortBufferException {
+         return encrypt(plain, plainOffset, plainLen, cipher, cipherOffset);
      }
     /**
      * Performs decryption operation.
      *
      * <p>The input <code>cipher</code>, starting at <code>cipherOffset</code>

@@ -172,12 +172,13 @@
      * @param cipher the input buffer with the data to be decrypted
      * @param cipherOffset the offset in <code>cipher</code>
      * @param cipherLen the length of the input data
      * @param plain the buffer for the decryption result
      * @param plainOffset the offset in <code>plain</code>
+     * @return the number of bytes placed into <code>plain</code>
      */
-    abstract void decrypt(byte[] cipher, int cipherOffset, int cipherLen,
+    abstract int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
                           byte[] plain, int plainOffset);
 
     /**
      * Performs decryption operation for the last time.
      *

@@ -194,13 +195,13 @@
      * @param plainOffset the offset in <code>plain</code>
      * @return the number of bytes placed into <code>plain</code>
      */
      int decryptFinal(byte[] cipher, int cipherOffset, int cipherLen,
                       byte[] plain, int plainOffset)
-         throws IllegalBlockSizeException, AEADBadTagException {
-         decrypt(cipher, cipherOffset, cipherLen, plain, plainOffset);
-         return cipherLen;
+         throws IllegalBlockSizeException, AEADBadTagException,
+         ShortBufferException {
+         return decrypt(cipher, cipherOffset, cipherLen, plain, plainOffset);
      }
 
     /**
      * Continues a multi-part update of the Additional Authentication
      * Data (AAD), using a subset of the provided buffer. If this

@@ -226,6 +227,17 @@
      * @since 1.8
      */
     void updateAAD(byte[] src, int offset, int len) {
         throw new IllegalStateException("No AAD accepted");
     }
+
+    /**
+     * @return the number of bytes that are buffered internally inside
+     * this FeedbackCipher instance.
+     * @since 1.8
+     */
+    int getBufferedLength() {
+        // Currently only AEAD cipher impl, e.g. GCM, buffers data
+        // internally during decryption mode
+        return 0;
+    }
 }