On Thu, 15 Apr 2021 14:25:13 GMT, Jamil Nimeh <jni...@openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Fixed an tagLen issue, no key+iv reuse check for decryption, and add >> regression test for ChaCha20 SKF. > > src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java > line 225: > >> 223: } >> 224: apAlgo = "ChaCha20-Poly1305"; >> 225: spec = new IvParameterSpec(iv); > > Are there protections further up the call stack that guarantee that iv will > be non-null when encrypt == false? I assume there are but I figured I'd ask > since a null iv could cause NPE. Yes, there are checks in engineInit() to ensure that IV must be supplied when init with Cipher.DECRYPT_MODE. I added some more checks for getIV() and getParameters() to TestChaChaPoly.java just to be safe. Also, I added more null checks to this method to ensure that NPE won't happen. ------------- PR: https://git.openjdk.java.net/jdk/pull/3420
