[RFR] JDK-8224997: ChaCha20-Poly1305 TLS cipher suite decryption throws ShortBufferException
Xue-Lei Fan
xuelei.fan at oracle.com
Fri Aug 16 16:36:32 UTC 2019
Good catch!
For the engineGetOutputSize() implementation, as the inputLen parameter is an external input, we may want to ensure it is not too big to integer overflow. The Math.addExact() was used to check the overflow issues. What do you think we keep using the Math.addExact() method, at line 1243 and 1314?
Otherwise, looks fine to me.
Xuelei
----- Original Message -----
From: jamil.j.nimeh at oracle.com
To: security-dev at openjdk.java.net
Sent: Monday, August 12, 2019 12:59:32 PM GMT -08:00 US/Canada Pacific
Subject: [RFR] JDK-8224997: ChaCha20-Poly1305 TLS cipher suite decryption throws ShortBufferException
Hello all,
This fix addresses a problem first found by Netty/Jetty when decrypting
payloads in excess of ~4096 bytes using one of the ChaCha20-Poly1305
cipher suites. The root cause of the issue is not in the TLS code, it
is actually an issue with how ChaCha20-Poly1305 was implementing
CipherSpi.engineGetOutputSize().
The bug was also partially worked around due to changes in CipherSpi
from 8181386, but this properly addresses the output buffer sizing.
Thanks to Adrian Todt and Bradley Wagner for the Catnip and Jetty
support while trying to replicate the issue originally.
Bug: https://bugs.openjdk.java.net/browse/JDK-8224997
Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8224997/webrev.01/
--Jamil
More information about the security-dev
mailing list