-
Bug
-
Resolution: Fixed
-
P2
-
8u131, 9
-
b68
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8098688 | emb-9 | Xuelei Fan | P2 | Resolved | Fixed | team |
| JDK-8208984 | 8u201 | Xuelei Fan | P2 | Resolved | Fixed | b01 |
| JDK-8179532 | 8u192 | Prasadarao Koppula | P2 | Closed | Fixed | b01 |
| JDK-8216922 | emb-8u201 | Xuelei Fan | P2 | Resolved | Fixed | master |
Xuelei Fan:
----------------
Hi,
I got the following exception in a JPRT job:
--------------------
javax.crypto.ShortBufferException: Output buffer must be (at least) 2 bytes long
at
com.oracle.security.ucrypto.NativeGCMCipher.engineDoFinal(NativeGCMCipher.java:381)
at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:830)
... 19 more
---------
The output buffer is allocated dynamically in CipherSpi.bufferCrypt()
---------
javax.crypto.CipherSpi.bufferCrypt(...):
...
int outLenNeeded = engineGetOutputSize(inLen);
...
byte[] outArray = new byte[getTempArraySize(outLenNeeded)];
...
830 n = engineDoFinal(inArray, inOfs, chunk, outArray, 0);
--------
However, the buffer size is not sufficient for the engineDoFinal()
operation.
--------
com.oracle.security.ucrypto.NativeGCMCipher.engineDoFinal(
byte[] in, int inOfs, int inLen,
byte[] out, int outOfs)
...
int len = getOutputSizeByOperation(inLen, true);
380 if (out.length - outOfs < len) {
381 throw new ShortBufferException("Output buffer must be "
382 + "(at least) " + len
383 + " bytes long");
384 }
---------
Any ideas about what the unlying problem?
Thanks,
Xuelei
Valerie Peng replied:
------------------------------
It is probably due to the buffer size calculation. GCM mode has this additional tag data and Ucrypto provider may have to be fine tuned further at certain scenario. I noticed one case of this ShortBufferException when testing external patch regarding an RFE in CipherInput/OutputStream, but has not yet to get the fixes reviewed.
Not sure if it's the same problem since I have not looked at yours. Here is the patch in my workspace that addressed mine.
--- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java
+++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java
@@ -125,9 +125,7 @@
if (ibuffer != null) {
result += ibuffer.size();
}
- if (isDoFinal) {
- result -= tagLen/8;
- }
+ result -= tagLen/8;
}
if (result < 0) {
result = 0;
Xuelei Fan confirmed:
-------------------------------
The patch works!
----------------
Hi,
I got the following exception in a JPRT job:
--------------------
javax.crypto.ShortBufferException: Output buffer must be (at least) 2 bytes long
at
com.oracle.security.ucrypto.NativeGCMCipher.engineDoFinal(NativeGCMCipher.java:381)
at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:830)
... 19 more
---------
The output buffer is allocated dynamically in CipherSpi.bufferCrypt()
---------
javax.crypto.CipherSpi.bufferCrypt(...):
...
int outLenNeeded = engineGetOutputSize(inLen);
...
byte[] outArray = new byte[getTempArraySize(outLenNeeded)];
...
830 n = engineDoFinal(inArray, inOfs, chunk, outArray, 0);
--------
However, the buffer size is not sufficient for the engineDoFinal()
operation.
--------
com.oracle.security.ucrypto.NativeGCMCipher.engineDoFinal(
byte[] in, int inOfs, int inLen,
byte[] out, int outOfs)
...
int len = getOutputSizeByOperation(inLen, true);
380 if (out.length - outOfs < len) {
381 throw new ShortBufferException("Output buffer must be "
382 + "(at least) " + len
383 + " bytes long");
384 }
---------
Any ideas about what the unlying problem?
Thanks,
Xuelei
Valerie Peng replied:
------------------------------
It is probably due to the buffer size calculation. GCM mode has this additional tag data and Ucrypto provider may have to be fine tuned further at certain scenario. I noticed one case of this ShortBufferException when testing external patch regarding an RFE in CipherInput/OutputStream, but has not yet to get the fixes reviewed.
Not sure if it's the same problem since I have not looked at yours. Here is the patch in my workspace that addressed mine.
--- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java
+++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java
@@ -125,9 +125,7 @@
if (ibuffer != null) {
result += ibuffer.size();
}
- if (isDoFinal) {
- result -= tagLen/8;
- }
+ result -= tagLen/8;
}
if (result < 0) {
result = 0;
Xuelei Fan confirmed:
-------------------------------
The patch works!
- backported by
-
JDK-8098688 buffer size calculation issue in NativeGCMCipher
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Closed
-
- relates to
-
-
- Closed
-
