On Wed, 14 Apr 2021 03:58:33 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Could someone (perhaps Jamil?) please help review this change? This enhances >> SunPKCS11 provider with ChaCha20-Poly1305 cipher and ChaCha20 key generation >> support. Majority of the regression tests are adapted from the existing ones >> for SunJCE provider's ChaCha20-Poly1305 cipher impl. When testing against >> NSS v3.57, it does not have support for ChaCha20 cipher, thus I did not add >> support for ChaCha20 cipher and the corresponding parameter. >> >> Thanks! >> Valerie > > Valerie Peng has updated the pull request incrementally with one additional > commit since the last revision: > > Fixed an tagLen issue, no key+iv reuse check for decryption, and add > regression test for ChaCha20 SKF. src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java line 225: > 223: } > 224: apAlgo = "ChaCha20-Poly1305"; > 225: spec = new IvParameterSpec(iv); Are there protections further up the call stack that guarantee that iv will be non-null when encrypt == false? I assume there are but I figured I'd ask since a null iv could cause NPE. ------------- PR: https://git.openjdk.java.net/jdk/pull/3420
