Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8081792

buffer size calculation issue in NativeGCMCipher

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      b68
    • Verification:
      Verified

      Backports

        Description

        Xuelei Fan:
        ----------------
        Hi,

        I got the following exception in a JPRT job:
        --------------------
        javax.crypto.ShortBufferException: Output buffer must be (at least) 2 bytes long
        at
        com.oracle.security.ucrypto.NativeGCMCipher.engineDoFinal(NativeGCMCipher.java:381)
        at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:830)
        ... 19 more
        ---------

        The output buffer is allocated dynamically in CipherSpi.bufferCrypt()
        ---------
        javax.crypto.CipherSpi.bufferCrypt(...):
             ...
             int outLenNeeded = engineGetOutputSize(inLen);
             ...
             byte[] outArray = new byte[getTempArraySize(outLenNeeded)];
             ...
        830 n = engineDoFinal(inArray, inOfs, chunk, outArray, 0);
        --------

        However, the buffer size is not sufficient for the engineDoFinal()
        operation.
        --------
        com.oracle.security.ucrypto.NativeGCMCipher.engineDoFinal(
                byte[] in, int inOfs, int inLen,
                byte[] out, int outOfs)
             ...
             int len = getOutputSizeByOperation(inLen, true);
        380 if (out.length - outOfs < len) {
        381 throw new ShortBufferException("Output buffer must be "
        382 + "(at least) " + len
        383 + " bytes long");
        384 }
        ---------

        Any ideas about what the unlying problem?

        Thanks,
        Xuelei

        Valerie Peng replied:
        ------------------------------
        It is probably due to the buffer size calculation. GCM mode has this additional tag data and Ucrypto provider may have to be fine tuned further at certain scenario. I noticed one case of this ShortBufferException when testing external patch regarding an RFE in CipherInput/OutputStream, but has not yet to get the fixes reviewed.

        Not sure if it's the same problem since I have not looked at yours. Here is the patch in my workspace that addressed mine.

        --- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java
        +++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java
        @@ -125,9 +125,7 @@
                     if (ibuffer != null) {
                         result += ibuffer.size();
                     }
        - if (isDoFinal) {
        - result -= tagLen/8;
        - }
        + result -= tagLen/8;
                 }
                 if (result < 0) {
                     result = 0;

        Xuelei Fan confirmed:
        -------------------------------
        The patch works!

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                xuelei Xuelei Fan
                Reporter:
                xuelei Xuelei Fan
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - 5 minutes
                    5m
                    Remaining:
                    Remaining Estimate - 5 minutes
                    5m
                    Logged:
                    Time Spent - Not Specified
                    Not Specified