-
Bug
-
Resolution: Fixed
-
P3
-
1.4.0
-
jce1.2.2beta
-
generic
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2109785 | 1.4.0 | Valerie Peng | P3 | Resolved | Fixed | beta3 |
Name: nt126004 Date: 09/11/2001
java version "1.4.0-beta2"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-beta2-b77)
Java HotSpot(TM) Client VM (build 1.4.0-beta2-b77, mixed mode)
The Bug that I am submitting is thrown in the JCE itself, not in any service
provider. The Bug happens with any service provider, instantiated
through javax.crypto.Cipher#getInstance(...)
1. Get some javax.crypto.Cipher through the JCE.
2. Initialize the Cipher.
3. Invoke: encrypt.doFinal(new byte[55]);
At these Point all will be ok. But the javadoc says:
http://java.sun.com/j2se/1.4/docs/api/javax/crypto/Cipher.html#doFinal(byte[],
int, int, byte[])
A call to this method resets this cipher object to the state it was in when
previously initialized via a call to init. That is, the object is reset and
available to encrypt or decrypt (depending on the operation mode that was
specified in the call to init) more data.
4. But if I invoke a second time doFinal(...), like the following method call:
byte[] in = new byte[1024];
byte[] out = new byte[encrypt.getOutputSize(in.length)];
try{
encrypt.doFinal(in, 0, in.length, out);
} catch (ShortBufferException e){
e.printStackTrace();
} catch (IllegalBlockSizeException e){
e.printStackTrace();
} catch (BadPaddingException e){
e.printStackTrace();
}
a java.lang.SecurityException will be thrown, like the following stack trace
will show:
Exception in thread "main" java.lang.SecurityException: Bad cipher state
at javax.crypto.Cipher.a([DashoPro-V2.2-110100.11101B001275])
at javax.crypto.Cipher.doFinal([DashoPro-V2.2-110100.11101B001275])
at JCEBug.main(JCEBug.java:136)
############################################################################
## Begin JCE Bug Example
############################################################################
/* $RCSfile: JCEBug.java,v $
* $Revision: 1.1.1.1 $
* $Date: July 19, 2001 11:54 PM $
* $Author$
* $State$
*
* Created on July 19, 2001 11:54 PM
*
* Copyright (C) 2001 Uwe Guenther <###@###.###>
* All rights reserved.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
*/
import javax.crypto.Cipher;
import java.security.NoSuchProviderException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.BadPaddingException;
import javax.crypto.spec.DESedeKeySpec;
import java.security.InvalidKeyException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.spec.IvParameterSpec;
import java.security.SecureRandom;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.ShortBufferException;
/** JCEBug Class
*
* @author Uwe Guenther <###@###.### >
* @version $Revision: 1.1.1.1 $
*/
public class JCEBug {
/** Creates new JCEBug */
public JCEBug() {
}
/**
* @param args the command line arguments
*/
public static void main (String args[]) {
//Get a DES Cipher.
Cipher encrypt =null;
try{
encrypt = Cipher.getInstance("DESede/CBC/PKCS5Padding", "SunJCE");
} catch (NoSuchProviderException e){
e.printStackTrace();
} catch (NoSuchAlgorithmException e){
e.printStackTrace();
} catch (NoSuchPaddingException e){
e.printStackTrace();
}
//Build a DESedeKeySpec from key.
byte[] key =
{
(byte)0x01, (byte)0x23, (byte)0x45, (byte)0x67,
(byte)0x89, (byte)0xab, (byte)0xcd, (byte)0xef,
(byte)0x23, (byte)0x45, (byte)0x67, (byte)0x89,
(byte)0xab, (byte)0xcd, (byte)0xef, (byte)0x01,
(byte)0x01, (byte)0x23, (byte)0x45, (byte)0x67,
(byte)0x89, (byte)0xab, (byte)0xcd, (byte)0xef
};
DESedeKeySpec keySpec = null;
try{
keySpec = new DESedeKeySpec(key);
} catch (InvalidKeyException e){
e.printStackTrace();
}
//Get a SecretKeyFactory to build a SecretKey from DESedeKeySpec.
SecretKeyFactory factory = null;
try{
factory = SecretKeyFactory.getInstance("DESede", "SunJCE");
} catch (NoSuchProviderException e){
e.printStackTrace();
} catch (NoSuchAlgorithmException e){
e.printStackTrace();
}
//Build a SecretKey from DESedeKeySpec.
SecretKey secretKey = null;
try{
secretKey = factory.generateSecret(keySpec);
} catch (InvalidKeySpecException e){
e.printStackTrace();
}
//Setup IV
byte[] iv =
{
(byte)0x01, (byte)0x23, (byte)0x45, (byte)0x67,
(byte)0x89, (byte)0xab, (byte)0xcd, (byte)0xef
};
IvParameterSpec paramSpec = new IvParameterSpec(iv);
//Init Cipher with SecretKey and IV
try{
encrypt .init(Cipher.ENCRYPT_MODE, secretKey, paramSpec, new
SecureRandom());
} catch (InvalidKeyException e){
e.printStackTrace();
} catch (InvalidAlgorithmParameterException e){
e.printStackTrace();
}
//First encryption with doFinal()
try{
encrypt.doFinal(new byte[55]);
} catch (IllegalBlockSizeException e){
e.printStackTrace();
} catch (BadPaddingException e){
e.printStackTrace();
}
byte[] in = new byte[1024];
byte[] out = new byte[encrypt.getOutputSize(in.length)];
try{
encrypt.doFinal(in, 0, in.length, out);
} catch (ShortBufferException e){
e.printStackTrace();
} catch (IllegalBlockSizeException e){
e.printStackTrace();
} catch (BadPaddingException e){
e.printStackTrace();
}
}
}
############################################################################
## End JCE Bug Example
############################################################################
The sample code will throw the java.lang.SecurityException. I found this bug
when I want to test my own service provider with the JCE, but with the
SunJCE DESede provider the bug behaivior is the same, so I provide this
example code with the SunJCE provider, that shows the bug.
(Review ID: 131520)
======================================================================
- backported by
-
JDK-2109785 Repeated invocation of javax.crypto.Cipher#doFinal(...) throws SecurityException
-
- Resolved
-