RFR: 8305091: Change ChaCha20 cipher init behavior to match AES-GCM
Xue-Lei Andrew Fan
xuelei at openjdk.org
Tue Apr 11 18:18:38 UTC 2023
On Tue, 11 Apr 2023 17:26:25 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
> This fixes an issue where the key/nonce reuse policy for SunJCE ChaCha20 and ChaCha20-Poly1305 was overly strict in enforcing no-reuse when the Cipher was in DECRYPT_MODE. For decryption, this should be allowed and be consistent with the AES-GCM decryption initialization behavior.
>
> - Issue: https://bugs.openjdk.org/browse/JDK-8305091
> - CSR: https://bugs.openjdk.org/browse/JDK-8305822
In the decryption side, does it sound like good to detect and reject key/nonce reuse for security reason(i.e., if key/nonce is reused, the decryption side will not accept the encryption)? Did you known real problems in practice for the key/nonce reuse for decryption?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/13428#issuecomment-1503872733
More information about the security-dev
mailing list