-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
6, 8u321, 11.0.14-oracle
-
x86
-
windows_xp
FULL PRODUCT VERSION :
1.6.0 update 2
ADDITIONAL OS VERSION INFORMATION :
Windows XP 5.1.2600
A DESCRIPTION OF THE PROBLEM :
doFinal(clearBuffer, outBuffer) fails when outputbuffer has a position > 0
and :
1 - data to encrypt is > 4096 bytes in length
2 - input and output buffer are backed by the same array
3 - the buffer has been allocated using Direct mode.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Check code sample.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Empty output
ACTUAL -
********* corrupted index 4096 -102 vs 74
********* corrupted index 4097 113 vs -14
********* corrupted index 4098 18 vs 36
********* corrupted index 4099 -112 vs -51
********* corrupted index 4100 49 vs -104
********* corrupted index 4101 -7 vs 98
********* corrupted index 4102 -77 vs 79
********* corrupted index 4103 -82 vs 46
********* corrupted index 4104 -108 vs 96
********* corrupted index 4105 111 vs -16
********* corrupted index 4106 -60 vs 83
********* corrupted index 4107 124 vs 118
********* corrupted index 4108 -107 vs 96
********* corrupted index 4109 -85 vs 69
********* corrupted index 4110 112 vs -43
********* corrupted index 4111 105 vs -70
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
package test;
import java.nio.ByteBuffer;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
public class EncryptionBug {
// set this buffer to at least 4096 bytes for the bug to appear
static int BUFFER_LENGTH = 4111;
//set this offset to >0 for the bug to appear
static int OUTPUT_OFFSET = 4;
public static void main(String[] args) {
byte[] encryptionKey = new byte[16];
new Random().nextBytes(encryptionKey);
Cipher cipherEncrypt;
try {
SecretKeySpec skeySpec = new SecretKeySpec(encryptionKey, "AES");
cipherEncrypt = Cipher.getInstance("AES");
Cipher cipherDecrypt = Cipher.getInstance("AES");
cipherEncrypt.init(Cipher.ENCRYPT_MODE, skeySpec);
cipherDecrypt.init(Cipher.DECRYPT_MODE, skeySpec);
byte data[] = new byte[BUFFER_LENGTH];
new Random().nextBytes(data);
ByteBuffer outBuffer = ByteBuffer.allocateDirect(65536);
ByteBuffer clearBuffer = outBuffer.duplicate();
clearBuffer.put(data);
clearBuffer.flip();
outBuffer.position(OUTPUT_OFFSET);
int length = cipherEncrypt.doFinal(clearBuffer, outBuffer);
byte[] encryptedBuffer = new byte[length];
for (int i = 0; i < encryptedBuffer.length; i++) {
encryptedBuffer[i] = outBuffer.get(OUTPUT_OFFSET + i);
}
byte encryptedDirect[] = cipherEncrypt.doFinal(data);
for (int i = 0; i < encryptedBuffer.length; i++) {
if (encryptedDirect[i] != encryptedBuffer[i]) {
System.out.println("********* corrupted index " + i + " "
+ encryptedBuffer[i] + " vs " + encryptedDirect[i]);
}
}
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Do not advance the output buffer position, or use a non direct bytebuffer.
1.6.0 update 2
ADDITIONAL OS VERSION INFORMATION :
Windows XP 5.1.2600
A DESCRIPTION OF THE PROBLEM :
doFinal(clearBuffer, outBuffer) fails when outputbuffer has a position > 0
and :
1 - data to encrypt is > 4096 bytes in length
2 - input and output buffer are backed by the same array
3 - the buffer has been allocated using Direct mode.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Check code sample.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Empty output
ACTUAL -
********* corrupted index 4096 -102 vs 74
********* corrupted index 4097 113 vs -14
********* corrupted index 4098 18 vs 36
********* corrupted index 4099 -112 vs -51
********* corrupted index 4100 49 vs -104
********* corrupted index 4101 -7 vs 98
********* corrupted index 4102 -77 vs 79
********* corrupted index 4103 -82 vs 46
********* corrupted index 4104 -108 vs 96
********* corrupted index 4105 111 vs -16
********* corrupted index 4106 -60 vs 83
********* corrupted index 4107 124 vs 118
********* corrupted index 4108 -107 vs 96
********* corrupted index 4109 -85 vs 69
********* corrupted index 4110 112 vs -43
********* corrupted index 4111 105 vs -70
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
package test;
import java.nio.ByteBuffer;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
public class EncryptionBug {
// set this buffer to at least 4096 bytes for the bug to appear
static int BUFFER_LENGTH = 4111;
//set this offset to >0 for the bug to appear
static int OUTPUT_OFFSET = 4;
public static void main(String[] args) {
byte[] encryptionKey = new byte[16];
new Random().nextBytes(encryptionKey);
Cipher cipherEncrypt;
try {
SecretKeySpec skeySpec = new SecretKeySpec(encryptionKey, "AES");
cipherEncrypt = Cipher.getInstance("AES");
Cipher cipherDecrypt = Cipher.getInstance("AES");
cipherEncrypt.init(Cipher.ENCRYPT_MODE, skeySpec);
cipherDecrypt.init(Cipher.DECRYPT_MODE, skeySpec);
byte data[] = new byte[BUFFER_LENGTH];
new Random().nextBytes(data);
ByteBuffer outBuffer = ByteBuffer.allocateDirect(65536);
ByteBuffer clearBuffer = outBuffer.duplicate();
clearBuffer.put(data);
clearBuffer.flip();
outBuffer.position(OUTPUT_OFFSET);
int length = cipherEncrypt.doFinal(clearBuffer, outBuffer);
byte[] encryptedBuffer = new byte[length];
for (int i = 0; i < encryptedBuffer.length; i++) {
encryptedBuffer[i] = outBuffer.get(OUTPUT_OFFSET + i);
}
byte encryptedDirect[] = cipherEncrypt.doFinal(data);
for (int i = 0; i < encryptedBuffer.length; i++) {
if (encryptedDirect[i] != encryptedBuffer[i]) {
System.out.println("********* corrupted index " + i + " "
+ encryptedBuffer[i] + " vs " + encryptedDirect[i]);
}
}
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Do not advance the output buffer position, or use a non direct bytebuffer.
- duplicates
-
-
- Closed
-
- relates to
-
-
- Closed
-