Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8268621

SunJCE provider may throw unexpected NPE for un-initialized AES KW/KWP Ciphers

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • P3
    • Resolution: Fixed
    • None
    • 17
    • security-libs
    • None
    • 17
    • b27

    Backports

      Description

        When using the AES KW and KWP ciphers from SunJCE provider, it is observed that unexpected NPE occur calling getIV() and getParameters() if init() is not yet called. When the cipher object has not yet been initialized with init(), the internal iv field has value 'null'. The getIV() should check for null value (meaning iv has not been set as no init() call takes place) before cloning the iv. As for getParameters(), it should also check for null iv and return a default parameters as the javadoc suggested.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8268837 SunJCE provider may throw unexpected NPE for un-initialized AES KW/KWP Ciphers

            • P3 - Major loss of function.
            • Resolved
            relates to

            Enhancement - null JDK-8248268 Support KWP in addition to KW

            • P3 - Major loss of function.
            • Resolved
            links to

            Commit Commit openjdk/jdk17/ee301596

            Review Review openjdk/jdk17/34

            Activity

              People

                valeriep Valerie Peng
                valeriep Valerie Peng
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: