Allow ChaCha20 cipher reuse with same key/IV or without init after decryption #661
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
KostasTsiounis
force-pushed
the
chacha20_reuse
branch
3 times, most recently
from
430656d to
d86c417
Compare
keithc-ca
requested changes
Sep 27, 2023
closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java
Outdated
Show resolved
Hide resolved
closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java
Outdated
Show resolved
Hide resolved
closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java
Outdated
Show resolved
Hide resolved
closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java
Outdated
Show resolved
Hide resolved
closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java
Outdated
Show resolved
Hide resolved
closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java
Outdated
Show resolved
Hide resolved
closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java
Show resolved
Hide resolved
closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java
Outdated
Show resolved
Hide resolved
closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java
Outdated
Show resolved
Hide resolved
closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java
Outdated
Show resolved
Hide resolved
KostasTsiounis
force-pushed
the
chacha20_reuse
branch
from
15ffbfa to
75426be
Compare
keithc-ca
reviewed
Sep 27, 2023
closed/src/java.base/share/classes/com/sun/crypto/provider/NativeChaCha20Cipher.java
Outdated
Show resolved
Hide resolved
The expected behaviour for reuse of NativeChaCha20Cipher for decryption is altered to match the existing Sun implementation in ChaCha20Cipher, as updated in OpenJDK21. The following scenarios are now allowed for decryption: - Reinitialize with same key + nonce - Update AAD after a successful doFinal() without reinitializing - Update AAD after an AEADBadTagException Those scenarios are not allowed (i.e., an exception is thrown) in OpenJDK20 and earlier. Signed-off by: Kostas Tsiounis <kostas.tsiounis@ibm.com>
KostasTsiounis
force-pushed
the
chacha20_reuse
branch
from
0c5dfba to
3cce53a
Compare
|
Jenkins compile amac jdknext |
|
Testing underway in https://openj9-jenkins.osuosl.org/job/Grinder/2945/. |
babsingh
added a commit
to babsingh/aqa-tests
that referenced
this pull request
Oct 17, 2023
JDK-next (JDK22) fix: ibmruntimes/openj9-openjdk-jdk#661 JDK21 fix: ibmruntimes/openj9-openjdk-jdk21#50 Closes: eclipse-openj9/openj9#17632 Signed-off-by: Babneet Singh <sbabneet@ca.ibm.com>
babsingh
added a commit
to babsingh/aqa-tests
that referenced
this pull request
Oct 17, 2023
JDK-next (JDK22) fix: ibmruntimes/openj9-openjdk-jdk#661 JDK21 fix: ibmruntimes/openj9-openjdk-jdk21#50 Closes: eclipse-openj9/openj9#17632 Signed-off-by: Babneet Singh <sbabneet@ca.ibm.com>
smlambert
pushed a commit
to adoptium/aqa-tests
that referenced
this pull request
Oct 17, 2023
JDK-next (JDK22) fix: ibmruntimes/openj9-openjdk-jdk#661 JDK21 fix: ibmruntimes/openj9-openjdk-jdk21#50 Closes: eclipse-openj9/openj9#17632 Signed-off-by: Babneet Singh <sbabneet@ca.ibm.com>
llxia
pushed a commit
to llxia/aqa-tests
that referenced
this pull request
Nov 22, 2023
JDK-next (JDK22) fix: ibmruntimes/openj9-openjdk-jdk#661 JDK21 fix: ibmruntimes/openj9-openjdk-jdk21#50 Closes: eclipse-openj9/openj9#17632 Signed-off-by: Babneet Singh <sbabneet@ca.ibm.com>
llxia
pushed a commit
to llxia/aqa-tests
that referenced
this pull request
Nov 22, 2023
JDK-next (JDK22) fix: ibmruntimes/openj9-openjdk-jdk#661 JDK21 fix: ibmruntimes/openj9-openjdk-jdk21#50 Closes: eclipse-openj9/openj9#17632 Signed-off-by: Babneet Singh <sbabneet@ca.ibm.com>
pshipton
pushed a commit
to adoptium/aqa-tests
that referenced
this pull request
Nov 22, 2023
JDK-next (JDK22) fix: ibmruntimes/openj9-openjdk-jdk#661 JDK21 fix: ibmruntimes/openj9-openjdk-jdk21#50 Closes: eclipse-openj9/openj9#17632 Signed-off-by: Babneet Singh <sbabneet@ca.ibm.com>
tajila
pushed a commit
to tajila/openj9-openjdk-jdk
that referenced
this pull request
Mar 27, 2024
Fix CVE-2023-2004 in freetype 2.12.1
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The expected behaviour for reuse of
NativeChaCha20Cipherfor decryption is altered to match the existing Sun implementation inChaCha20Cipher, as updated in OpenJDK21.The following scenarios are now allowed for decryption:
AADafter a successfuldoFinal()without reinitializingAADafter anAEADBadTagExceptionThose scenarios are not allowed (i.e., an exception is thrown) in OpenJDK20 and earlier.
This fix addresses the failures mentioned in issue eclipse-openj9/openj9#17632
Signed-off by: Kostas Tsiounis kostas.tsiounis@ibm.com