-
Bug
-
Resolution: Duplicate
-
P2
-
None
-
8, 9
-
x86_64
-
solaris_10
FULL PRODUCT VERSION :
java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
SunOS solaris 5.11 11.3 i86pc i386 i86pc
A DESCRIPTION OF THE PROBLEM :
When using GCM ciphers on solaris the following exception is generated frequently. This looks like https://bugs.openjdk.java.net/browse/JDK-8081792 but on JDK8.
22:10:10,490 ERROR [org.xnio.listener] (default I/O-1) XNIO001007: A channel event listener threw an exception: java.security.ProviderException: Could not determine buffer size
at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:843)
at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
at javax.crypto.Cipher.doFinal(Cipher.java:2460)
at sun.security.ssl.CipherBox.decrypt(CipherBox.java:535)
at sun.security.ssl.EngineInputRecord.decrypt(EngineInputRecord.java:200)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:974)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at io.undertow.protocols.ssl.ALPNHackSSLEngine.unwrap(ALPNHackSSLEngine.java:265)
at io.undertow.server.protocol.http.ALPNLimitingSSLEngine.unwrap(ALPNLimitingSSLEngine.java:137)
at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:730)
at io.undertow.protocols.ssl.SslConduit.read(SslConduit.java:567)
at io.undertow.conduits.IdleTimeoutConduit.read(IdleTimeoutConduit.java:202)
at org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127)
at io.undertow.server.protocol.framed.AbstractFramedChannel.receive(AbstractFramedChannel.java:368)
at io.undertow.server.protocol.http2.Http2ReceiveListener.handleEvent(Http2ReceiveListener.java:108)
at io.undertow.server.protocol.http2.Http2ReceiveListener.handleEvent(Http2ReceiveListener.java:59)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:932)
at io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:913)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1129)
at io.undertow.protocols.ssl.SslConduit$1.run(SslConduit.java:168)
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:588)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:468)
Caused by: javax.crypto.ShortBufferException: Output buffer must be (at least) 11 bytes long. Got: 2
at com.oracle.security.ucrypto.NativeGCMCipher.engineUpdate(NativeGCMCipher.java:293)
at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:828
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Connect to an SSL endpoint on solaris using a GCM cipher
REPRODUCIBILITY :
This bug can be reproduced often.
CUSTOMER SUBMITTED WORKAROUND :
Remove the ucrypto provider.
java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
SunOS solaris 5.11 11.3 i86pc i386 i86pc
A DESCRIPTION OF THE PROBLEM :
When using GCM ciphers on solaris the following exception is generated frequently. This looks like https://bugs.openjdk.java.net/browse/JDK-8081792 but on JDK8.
22:10:10,490 ERROR [org.xnio.listener] (default I/O-1) XNIO001007: A channel event listener threw an exception: java.security.ProviderException: Could not determine buffer size
at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:843)
at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
at javax.crypto.Cipher.doFinal(Cipher.java:2460)
at sun.security.ssl.CipherBox.decrypt(CipherBox.java:535)
at sun.security.ssl.EngineInputRecord.decrypt(EngineInputRecord.java:200)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:974)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at io.undertow.protocols.ssl.ALPNHackSSLEngine.unwrap(ALPNHackSSLEngine.java:265)
at io.undertow.server.protocol.http.ALPNLimitingSSLEngine.unwrap(ALPNLimitingSSLEngine.java:137)
at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:730)
at io.undertow.protocols.ssl.SslConduit.read(SslConduit.java:567)
at io.undertow.conduits.IdleTimeoutConduit.read(IdleTimeoutConduit.java:202)
at org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127)
at io.undertow.server.protocol.framed.AbstractFramedChannel.receive(AbstractFramedChannel.java:368)
at io.undertow.server.protocol.http2.Http2ReceiveListener.handleEvent(Http2ReceiveListener.java:108)
at io.undertow.server.protocol.http2.Http2ReceiveListener.handleEvent(Http2ReceiveListener.java:59)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:932)
at io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:913)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1129)
at io.undertow.protocols.ssl.SslConduit$1.run(SslConduit.java:168)
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:588)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:468)
Caused by: javax.crypto.ShortBufferException: Output buffer must be (at least) 11 bytes long. Got: 2
at com.oracle.security.ucrypto.NativeGCMCipher.engineUpdate(NativeGCMCipher.java:293)
at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:828
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Connect to an SSL endpoint on solaris using a GCM cipher
REPRODUCIBILITY :
This bug can be reproduced often.
CUSTOMER SUBMITTED WORKAROUND :
Remove the ucrypto provider.
- duplicates
-
JDK-8179532 buffer size calculation issue in NativeGCMCipher
-
- Closed
-
- relates to
-
-
- Closed
-