RFR: 8255410: Add ChaCha20 and Poly1305 support to SunPKCS11 provider [v3]
Valerie Peng
valeriep at openjdk.java.net
Thu Apr 22 23:55:29 UTC 2021
On Thu, 15 Apr 2021 14:25:13 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Fixed an tagLen issue, no key+iv reuse check for decryption, and add regression test for ChaCha20 SKF.
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java line 225:
>
>> 223: }
>> 224: apAlgo = "ChaCha20-Poly1305";
>> 225: spec = new IvParameterSpec(iv);
>
> Are there protections further up the call stack that guarantee that iv will be non-null when encrypt == false? I assume there are but I figured I'd ask since a null iv could cause NPE.
Yes, there are checks in engineInit() to ensure that IV must be supplied when init with Cipher.DECRYPT_MODE. I added some more checks for getIV() and getParameters() to TestChaChaPoly.java just to be safe.
Also, I added more null checks to this method to ensure that NPE won't happen.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3420
More information about the security-dev
mailing list