keithc-ca
commented
8 months ago Jenkins compile amac jdk17
Closed jasonkatonica closed 8 months ago
keithc-ca
commented
8 months ago Jenkins compile amac jdk17
When using the ChaCha20 algorothms and an input and output buffer overlaps we should ensure that a copy of the input buffer is made before encrypting or decrypting. This ensures that OpenSSL is able to process this data. OpenSSL does not allow for overlapping input and output buffers when performing operations on data for the ChaCha20 algorithm.
The values returned when getting the output size for a crypto operation were also found to be incorrect. This update matches the logic that is within the ChaCha20Cipher.java file for calculating the output sizes.
Encoded key material was found to be left in memory under the right conditions. This memory should be zeroed to avoid a copy of the key from residing in memory for longer then necessary. This addition was noticed when comparing the NativeChaCha20Cipher class to the ChaCha20Cipher class. The method getEncodedKey now will zero out the copy of the key before throwing an exception.
Each of these changes fix the two failing tests reported in issue 18703.