RFR: 8255410: Add ChaCha20 and Poly1305 support to SunPKCS11 provider [v3]

Valerie Peng valeriep at openjdk.java.net
Thu Apr 22 23:55:29 UTC 2021

On Thu, 15 Apr 2021 14:25:13 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>   Fixed an tagLen issue, no key+iv reuse check for decryption, and add regression test for ChaCha20 SKF.
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java line 225:
>> 223:                 }
>> 224:                 apAlgo = "ChaCha20-Poly1305";
>> 225:                 spec = new IvParameterSpec(iv);
> Are there protections further up the call stack that guarantee that iv will be non-null when encrypt == false?  I assume there are but I figured I'd ask since a null iv could cause NPE.

Yes, there are checks in engineInit() to ensure that IV must be supplied when init with Cipher.DECRYPT_MODE. I added some more checks for getIV() and getParameters() to TestChaChaPoly.java just to be safe.
Also, I added more null checks to this method to ensure that NPE won't happen.


PR: https://git.openjdk.java.net/jdk/pull/3420

More information about the security-dev mailing list