RFR: 8305091: Change ChaCha20 cipher init behavior to match AES-GCM
Daniel Jeliński
djelinski at openjdk.org
Thu May 18 16:57:52 UTC 2023
On Tue, 11 Apr 2023 17:26:25 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
> This fixes an issue where the key/nonce reuse policy for SunJCE ChaCha20 and ChaCha20-Poly1305 was overly strict in enforcing no-reuse when the Cipher was in DECRYPT_MODE. For decryption, this should be allowed and be consistent with the AES-GCM decryption initialization behavior.
>
> - Issue: https://bugs.openjdk.org/browse/JDK-8305091
> - CSR: https://bugs.openjdk.org/browse/JDK-8305822
Thank you for that. This is actually required for decrypting QUIC packets; the QUIC specification permits dropping duplicate packets only after fully decrypting them.
LGTM.
-------------
Marked as reviewed by djelinski (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/13428#pullrequestreview-1433082578
More information about the security-dev
mailing list