-
Bug
-
Resolution: Fixed
-
P3
-
5.0, 6u16
-
b89
-
sparc
-
solaris_10
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2190779 | 6u21 | Mala Bankal | P2 | Closed | Fixed | b02 |
| JDK-2191898 | 6u20-rev | Mala Bankal | P2 | Closed | Fixed | b03 |
| JDK-2190320 | 6u19-rev | Mala Bankal | P2 | Resolved | Fixed | b05 |
| JDK-2188720 | 6u18-rev | Mala Bankal | P2 | Resolved | Fixed | b09 |
| JDK-2190517 | OpenJDK6 | Valerie Peng | P3 | Resolved | Fixed | b21 |
| JDK-2188719 | 5.0u25 | Mala Bankal | P2 | Closed | Fixed | b02 |
FULL PRODUCT VERSION :
java version "1.5.0_18"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_18-b02)
Java HotSpot(TM) Server VM (build 1.5.0_18-b02, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
SunOS d05prapp01 5.10 Generic_138888-08 sun4v sparc SUNW,SPARC-Enterprise-T5220
A DESCRIPTION OF THE PROBLEM :
Following upgrade from 1.5.0_17 to 1.5.0_18, experienced different errors related to Sun PKCS11 provider. One error was:
Caused by java.lang.NullPointerException
at sun.security.pkcs11.P11SecureRandom.engineNextBytes
(P11SecureRandom.java110)
at java.security.SecureRandom.nextBytes(SecureRandom.java413)
The application code did not change and simply called SecureRandom.nextBytes. Reverting back to 1.5.0_17 resolved the problem.
Also received a related error:
java.io.NotSerializableException Could not find token
at sun.security.pkcs11.Token$TokenRep.readResolve(Token.java358)
Again, the error was not seen after fallback to 1.5.0_17.
Looking at the 1.5.0_18 release notes, the fix for bug 6591117 would appear to look suspicious.
Created a test program to serialize/deserialize the a SecureRandom object to reproduce the NullPointerException seen in our application.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Compile and run the source code included below.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Doesn't get exception.
ACTUAL -
Exception received with 1.5.0_18 runtime. No exception with 1.5.0_17 runtime
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" java.lang.NullPointerException
at sun.security.pkcs11.P11SecureRandom.engineNextBytes(P11SecureRandom.java:110)
at java.security.SecureRandom.nextBytes(SecureRandom.java:413)
at pkcs11test.main(pkcs11test.java:15)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.security.SecureRandom;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
public class pkcs11test {
public static void main(String[] args) throws Exception {
SecureRandom r = new SecureRandom();
r.setSeed(System.currentTimeMillis());
byte[] buf = new byte[16];
byte[] ser = toByteArray(r);
SecureRandom r2 = fromByteArray(ser);
r2.nextBytes(buf);
System.out.println("Done");
}
public static byte[] toByteArray(Object obj) throws Exception {
ByteArrayOutputStream out = new ByteArrayOutputStream(1024);
ObjectOutputStream outStream = null;
ByteArrayOutputStream out = new ByteArrayOutputStream(1024);
ObjectOutputStream outStream = null;
try {
outStream = new ObjectOutputStream(out);
outStream.writeObject(obj);
return out.toByteArray();
} finally {
if (outStream != null) {
outStream.close();
}
}
}
public static SecureRandom fromByteArray(byte[] buf) throws Exception {
SecureRandom r = null;
ByteArrayInputStream is = new ByteArrayInputStream(buf);
ObjectInputStream ois = null;
try {
ois = new ObjectInputStream(is);
r = (SecureRandom) ois.readObject();
} finally {
if (ois != null) {
ois.close();
if (ois != null) {
ois.close();
}
}
return r;
}
}
---------- END SOURCE ----------
Release Regression From : 5.0u17
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
java version "1.5.0_18"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_18-b02)
Java HotSpot(TM) Server VM (build 1.5.0_18-b02, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
SunOS d05prapp01 5.10 Generic_138888-08 sun4v sparc SUNW,SPARC-Enterprise-T5220
A DESCRIPTION OF THE PROBLEM :
Following upgrade from 1.5.0_17 to 1.5.0_18, experienced different errors related to Sun PKCS11 provider. One error was:
Caused by java.lang.NullPointerException
at sun.security.pkcs11.P11SecureRandom.engineNextBytes
(P11SecureRandom.java110)
at java.security.SecureRandom.nextBytes(SecureRandom.java413)
The application code did not change and simply called SecureRandom.nextBytes. Reverting back to 1.5.0_17 resolved the problem.
Also received a related error:
java.io.NotSerializableException Could not find token
at sun.security.pkcs11.Token$TokenRep.readResolve(Token.java358)
Again, the error was not seen after fallback to 1.5.0_17.
Looking at the 1.5.0_18 release notes, the fix for bug 6591117 would appear to look suspicious.
Created a test program to serialize/deserialize the a SecureRandom object to reproduce the NullPointerException seen in our application.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Compile and run the source code included below.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Doesn't get exception.
ACTUAL -
Exception received with 1.5.0_18 runtime. No exception with 1.5.0_17 runtime
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" java.lang.NullPointerException
at sun.security.pkcs11.P11SecureRandom.engineNextBytes(P11SecureRandom.java:110)
at java.security.SecureRandom.nextBytes(SecureRandom.java:413)
at pkcs11test.main(pkcs11test.java:15)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.security.SecureRandom;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
public class pkcs11test {
public static void main(String[] args) throws Exception {
SecureRandom r = new SecureRandom();
r.setSeed(System.currentTimeMillis());
byte[] buf = new byte[16];
byte[] ser = toByteArray(r);
SecureRandom r2 = fromByteArray(ser);
r2.nextBytes(buf);
System.out.println("Done");
}
public static byte[] toByteArray(Object obj) throws Exception {
ByteArrayOutputStream out = new ByteArrayOutputStream(1024);
ObjectOutputStream outStream = null;
ByteArrayOutputStream out = new ByteArrayOutputStream(1024);
ObjectOutputStream outStream = null;
try {
outStream = new ObjectOutputStream(out);
outStream.writeObject(obj);
return out.toByteArray();
} finally {
if (outStream != null) {
outStream.close();
}
}
}
public static SecureRandom fromByteArray(byte[] buf) throws Exception {
SecureRandom r = null;
ByteArrayInputStream is = new ByteArrayInputStream(buf);
ObjectInputStream ois = null;
try {
ois = new ObjectInputStream(is);
r = (SecureRandom) ois.readObject();
} finally {
if (ois != null) {
ois.close();
if (ois != null) {
ois.close();
}
}
return r;
}
}
---------- END SOURCE ----------
Release Regression From : 5.0u17
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
- backported by
-
JDK-2188720 PKCS#11 A SecureRandom and a serialization error following installation of 1.5.0_18
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
(1 backported by)