On Tue, 11 Apr 2023 17:26:25 GMT, Jamil Nimeh <jni...@openjdk.org> wrote:
> This fixes an issue where the key/nonce reuse policy for SunJCE ChaCha20 and > ChaCha20-Poly1305 was overly strict in enforcing no-reuse when the Cipher was > in DECRYPT_MODE. For decryption, this should be allowed and be consistent > with the AES-GCM decryption initialization behavior. > > - Issue: https://bugs.openjdk.org/browse/JDK-8305091 > - CSR: https://bugs.openjdk.org/browse/JDK-8305822 In the decryption side, does it sound like good to detect and reject key/nonce reuse for security reason(i.e., if key/nonce is reused, the decryption side will not accept the encryption)? Did you known real problems in practice for the key/nonce reuse for decryption? ------------- PR Comment: https://git.openjdk.org/jdk/pull/13428#issuecomment-1503872733