-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8257769: Cipher.getParameters() throws NPE for ChaCha20-Poly1305 #1644
Conversation
👋 Welcome back jnimeh! A progress list of the required criteria for merging this PR into |
Webrevs
|
src/java.base/share/classes/com/sun/crypto/provider/ChaCha20Cipher.java
Outdated
Show resolved
Hide resolved
src/java.base/share/classes/com/sun/crypto/provider/ChaCha20Cipher.java
Outdated
Show resolved
Hide resolved
@jnimeh This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be:
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 89 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
The test should probably have the bugid added to it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Outside of Cipher.getParameters(), there are other direct references of nonce which may lead to NPE which we should fix also. Inside engineGetIV(), it should check for null nonce before directly calling clone().
src/java.base/share/classes/com/sun/crypto/provider/ChaCha20Cipher.java
Outdated
Show resolved
Hide resolved
Mailing list message from Bernd Eckenfels on security-dev: BTW stupid - somewhat related - question, why does the nonce to be parsed out of a DER blob, shouldn?t there be an getter on the Parameter Spec object? Many protocols would need the raw array, is there a matching spec - or should we add one? Gruss On Mon, 7 Dec 2020 19:53:27 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
Unintuitive is a charitable way to put it. After doFinal the Cipher technically isn't in an uninitialized state per the spec, it's supposed to be in the state it would be immediately following init(). So the wrong behavior would happen in this use case. Will fix. ------------- PR: https://git.openjdk.java.net/jdk/pull/1644 |
Mailing list message from Jamil Nimeh on security-dev: Hi Bernd, it's not a stupid question at all.? I think what you might be But both getParameters() and getIV() were doing the wrong thing --Jamil On 12/7/2020 5:19 PM, Bernd Eckenfels wrote: |
Mailing list message from Jamil Nimeh on security-dev: Oh, one other thing in case you weren't talking about this in the --Jamil On 12/7/2020 5:39 PM, Jamil Nimeh wrote:
-------------- next part -------------- |
/integrate |
@jnimeh Since your change was applied there have been 89 commits pushed to the
Your commit was automatically rebased without conflicts. Pushed as commit 500ab45. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
This fix corrects a problem where ChaCha20-Poly1305 objects prior to init throw NPE when getParameters() is called. It will now generate parameters containing a random nonce on each pre-init call to getParameters(). Post-initialization calls to the getParameters() method will always return the same set of parameters until the next initialization occurs.
Progress
Issue
Reviewers
Download
$ git fetch https://git.openjdk.java.net/jdk pull/1644/head:pull/1644
$ git checkout pull/1644