RFR: 8297972: Poly1305 Endianness on ByteBuffer not enforced [v2]
Volodymyr Paprotski
duke at openjdk.org
Thu Jan 19 18:30:04 UTC 2023
> Per rfc7539 Section 2.5, "Read the block as a little-endian number."
>
> sun.security.util.math.intpoly.IntegerPolynomial1305 enforces this on input when input is provided as `[]byte` but not when input is in `ByteBuffer`
>
> Tested with `Poly1305IntrinsicFuzzTest.java` from https://github.com/openjdk/jdk/pull/11338 which compares Poly1305 MAC between `ByteBuffer` and `[]byte`
Volodymyr Paprotski has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
- remove workaround from test
- Merge remote-tracking branch 'origin/master' into endian-poly1305
- enforce reading input as little_endian numbers
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/11463/files
- new: https://git.openjdk.org/jdk/pull/11463/files/db17dd19..e21c845b
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=11463&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=11463&range=00-01
Stats: 119592 lines in 3135 files changed: 60780 ins; 42414 del; 16398 mod
Patch: https://git.openjdk.org/jdk/pull/11463.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/11463/head:pull/11463
PR: https://git.openjdk.org/jdk/pull/11463
More information about the security-dev
mailing list