RFR: 8366833: Poly1305 does not always correctly update position for array-backed ByteBuffers after processMultipleBlocks [v2]

Ferenc Rakoczi duke at openjdk.org
Thu Sep 4 08:44:45 UTC 2025


On Thu, 4 Sep 2025 06:16:05 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> This fix resolves an issue where the `Cipher.updateAAD(ByteBuffer)` method, when used on a ChaCha20-Poly1305 Cipher, may throw an exception due to an offset calculation error.  This occurs when the ByteBuffer is array-backed, and when the buffer passed into the method is a slice of another array-backed buffer and that slice begins at a non-zero offset in the parent ByteBuffer.
>> 
>> Credit and thanks to @jaikiran for finding the issue and providing reproducer code.
>
> Jamil Nimeh has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Remove unneeded comments

test/jdk/com/sun/crypto/provider/Cipher/ChaCha20/UpdateAADTest.java line 115:

> 113: 
> 114:             try {
> 115:                 cipher.updateAAD(buffer);

Shouldn't we also check that the cipher's state is what we expected after this update?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/27081#discussion_r2321298530


More information about the security-dev mailing list