diff --git a/CHANGELOG.md b/CHANGELOG.md index 731e3162..7dca93d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ method. ### Patches * Add version gating to some tests introduced in 1.5.0 [PR #128](https://github.com/corretto/amazon-corretto-crypto-provider/pull/128) * More accurate output size estimates from `Cipher.getOutputSize()` [PR #138](https://github.com/corretto/amazon-corretto-crypto-provider/pull/138) +* Validate that `AesGcmSpi` receives a non-null key on init to prevent unncessarily late NPE [PR #146](https://github.com/corretto/amazon-corretto-crypto-provider/pull/146) ## 1.5.0 ### Breaking Change Warning diff --git a/src/com/amazon/corretto/crypto/provider/AesGcmSpi.java b/src/com/amazon/corretto/crypto/provider/AesGcmSpi.java index 023df3c1..90a9bef4 100644 --- a/src/com/amazon/corretto/crypto/provider/AesGcmSpi.java +++ b/src/com/amazon/corretto/crypto/provider/AesGcmSpi.java @@ -294,6 +294,10 @@ protected synchronized void engineInit(int opMode, Key key, SecureRandom secureR protected synchronized void engineInit( int jceOpMode, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom ) throws InvalidKeyException, InvalidAlgorithmParameterException { + if (key == null) { + throw new InvalidKeyException("Key can't be null"); + } + final GCMParameterSpec spec; if (algorithmParameterSpec instanceof GCMParameterSpec) { spec = (GCMParameterSpec) algorithmParameterSpec; diff --git a/tst/com/amazon/corretto/crypto/provider/test/AesTest.java b/tst/com/amazon/corretto/crypto/provider/test/AesTest.java index 0dbe5c9a..610c0568 100644 --- a/tst/com/amazon/corretto/crypto/provider/test/AesTest.java +++ b/tst/com/amazon/corretto/crypto/provider/test/AesTest.java @@ -23,9 +23,11 @@ import java.security.GeneralSecurityException; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; +import java.security.Key; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.Security; +import java.security.spec.AlgorithmParameterSpec; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -579,6 +581,25 @@ public void test_initParameters() throws Throwable { assertArrayEquals(PLAINTEXT, decrypted); } + @SuppressWarnings("ConstantConditions") + @Test + public void test_initNullKey() throws Throwable { + assumeMinimumVersion("1.6.0", AmazonCorrettoCryptoProvider.INSTANCE); + jceC.init(Cipher.ENCRYPT_MODE, key); + + final Key key = null; + AlgorithmParameters params = jceC.getParameters(); + AlgorithmParameterSpec spec = params.getParameterSpec(GCMParameterSpec.class); + SecureRandom random = TestUtil.MISC_SECURE_RANDOM.get(); + + assertThrows(InvalidKeyException.class, () -> amznC.init(Cipher.ENCRYPT_MODE, key)); + assertThrows(InvalidKeyException.class, () -> amznC.init(Cipher.ENCRYPT_MODE, key, params)); + assertThrows(InvalidKeyException.class, () -> amznC.init(Cipher.ENCRYPT_MODE, key, params, random)); + assertThrows(InvalidKeyException.class, () -> amznC.init(Cipher.ENCRYPT_MODE, key, random)); + assertThrows(InvalidKeyException.class, () -> amznC.init(Cipher.ENCRYPT_MODE, key, spec)); + assertThrows(InvalidKeyException.class, () -> amznC.init(Cipher.ENCRYPT_MODE, key, spec, random)); + } + @Test public void test_bufferOverflows() throws Throwable { final SecureRandom rnd = TestUtil.MISC_SECURE_RANDOM.get();