8268621: SunJCE provider may throw unexpected NPE for un-initialized AES KW/KWP Ciphers

Reviewed-by: xuelei
2025-08-26 14:24:46 +02:00 · 2021-06-14 20:34:44 +00:00 · 2021-06-14 20:34:44 +00:00 · ee3015968d
commit ee3015968d
parent 702e3ff054
4 changed files with 47 additions and 16 deletions
--- a/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrap.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrap.java
@ -41,7 +41,7 @@ import static com.sun.crypto.provider.KWUtil.*;
 class AESKeyWrap extends FeedbackCipher {

    // default integrity check value (icv) if iv is not supplied
-    private static final byte[] ICV1 = { // SEMI_BLKSIZE long
+    static final byte[] ICV1 = { // SEMI_BLKSIZE long
        (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6,
        (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6
    };
--- a/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java
@ -42,7 +42,7 @@ import static com.sun.crypto.provider.KWUtil.*;
 class AESKeyWrapPadded extends FeedbackCipher {

    // default integrity check value (icv) if iv is not supplied
-    private static final byte[] ICV2 = { // SEMI_BLKSIZE/2 long
+    static final byte[] ICV2 = { // SEMI_BLKSIZE/2 long
        (byte) 0xA6, (byte) 0x59, (byte) 0x59, (byte) 0xA6,
    };

--- a/src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java
@ -161,6 +161,7 @@ abstract class KeyWrapCipher extends CipherSpi {
    }

    // internal cipher object which does the real work.
+    // AESKeyWrap for KW, AESKeyWrapPadded for KWP
    private final FeedbackCipher cipher;

    // internal padding object; null if NoPadding
@ -279,13 +280,15 @@ abstract class KeyWrapCipher extends CipherSpi {
    }

    /**
-     * Returns the initialization vector (IV).
+     * Returns the initialization vector (IV) in a new buffer.
     *
-     * @return the user-specified iv or null if default iv is used.
+     * @return the user-specified iv, or null if the underlying algorithm does
+     * not use an IV, or if the IV has not yet been set.
     */
    @Override
    protected byte[] engineGetIV() {
-        return cipher.getIV().clone();
+        byte[] iv = cipher.getIV();
+        return (iv == null? null : iv.clone());
    }

    // actual impl for various engineInit(...) methods
@ -623,13 +626,18 @@ abstract class KeyWrapCipher extends CipherSpi {
    /**
     * Returns the parameters used with this cipher.
     *
-     * @return AlgorithmParameters object containing IV.
+     * @return AlgorithmParameters object containing IV, or null if this cipher
+     * does not use any parameters.
     */
    @Override
    protected AlgorithmParameters engineGetParameters() {
        AlgorithmParameters params = null;

        byte[] iv = cipher.getIV();
+        if (iv == null) {
+            iv = (cipher instanceof AESKeyWrap?
+                    AESKeyWrap.ICV1 : AESKeyWrapPadded.ICV2);
+        }
        try {
            params = AlgorithmParameters.getInstance("AES");
            params.init(new IvParameterSpec(iv));