Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 17
Affects Version/s: None
Component/s: security-libs
Labels:
None

Subcomponent:
javax.crypto
Introduced In Version:

17
Resolved In Build:
b27

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8268837	18	Valerie Peng	P3	Resolved	Fixed	b02

When using the AES KW and KWP ciphers from SunJCE provider, it is observed that unexpected NPE occur calling getIV() and getParameters() if init() is not yet called. When the cipher object has not yet been initialized with init(), the internal iv field has value 'null'. The getIV() should check for null value (meaning iv has not been set as no init() call takes place) before cloning the iv. As for getParameters(), it should also check for null iv and return a default parameters as the javadoc suggested.

backported by

JDK-8268837 SunJCE provider may throw unexpected NPE for un-initialized AES KW/KWP Ciphers

Resolved

relates to

JDK-8248268 Support KWP in addition to KW

Resolved

links to

Commit openjdk/jdk17/ee301596

Review openjdk/jdk17/34

Assignee:: Valerie Peng

Reporter:: Valerie Peng

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2021-06-11 10:44

Updated:: 2025-01-29 09:16

Resolved:: 2021-06-14 13:36

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates