RFR: 8257769: Cipher.getParameters() throws NPE for ChaCha20-Poly1305 [v2]
Valerie Peng
valeriep at openjdk.java.net
Mon Dec 7 19:56:15 UTC 2020
On Mon, 7 Dec 2020 17:50:25 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
>> This fix corrects a problem where ChaCha20-Poly1305 objects prior to init throw NPE when getParameters() is called. It will now generate parameters containing a random nonce on each pre-init call to getParameters(). Post-initialization calls to the getParameters() method will always return the same set of parameters until the next initialization occurs.
>
> Jamil Nimeh has updated the pull request incrementally with one additional commit since the last revision:
>
> pre-init getParameters nonce data is now a local variable
src/java.base/share/classes/com/sun/crypto/provider/ChaCha20Cipher.java line 232:
> 230: // this call should cause a random nonce to be generated, but
> 231: // not attached to the object.
> 232: byte[] nonceData = initialized ? nonce : createRandomNonce(null);
The "initialized" variable is set to false in engineDoFinal() call. So, if users call getParameters() after finish cipher operation, this will return random nonces instead of the one used in previous doFinal operation. Will this be a little un-intuitive?
-------------
PR: https://git.openjdk.java.net/jdk/pull/1644
More information about the security-dev
mailing list