JDK-8001284 : Buffer problems with SunPKCS11-Solaris and CKM_AES_CTR
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 7
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: solaris
  • CPU: generic
  • Submitted: 2012-10-22
  • Updated: 2013-09-12
  • Resolved: 2013-05-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8
8 b91Fixed
Related Reports
Relates :  
Description
SYNOPSIS
--------
Buffer problems with SunPKCS11-Solaris and CKM_AES_CTR

OPERATING SYSTEM
----------------
Solaris 10/11

FULL JDK VERSION
----------------
Java 7 (tested with 7u7)

PROBLEM DESCRIPTION
---------------------------------------
We have a testcase that fails on machines where the CKM_AES_CTR mechanism is available via the SunPKCS11-Solaris provider. The same testcase passes with other providers (e.g. SunJCE, and XYZ providers).

We have seen different manifestations of the problem on different levels of Solaris. On Solaris 10 we see failures like this:

Exception in thread "main" java.lang.RuntimeException: java.security.ProviderException: javax.crypto.ShortBufferException
        at test.TestEncryption.drainStream(TestEncryption.java:51)
        at test.TestEncryption.main(TestEncryption.java:34)
Caused by: java.security.ProviderException: javax.crypto.ShortBufferException
        at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:488)
        at javax.crypto.Cipher.update(Cipher.java:1754)
        at javax.crypto.CipherInputStream.getMoreData(CipherInputStream.java:120)
        at javax.crypto.CipherInputStream.read(CipherInputStream.java:224)
        at javax.crypto.CipherInputStream.read(CipherInputStream.java:200)
        at test.TestEncryption.drainStream(TestEncryption.java:42)
        ... 1 more
Caused by: javax.crypto.ShortBufferException
        at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:595)
        at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:496)
        at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:484)
        ... 6 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_BUFFER_TOO_SMALL
        at sun.security.pkcs11.wrapper.PKCS11.C_DecryptUpdate(Native Method)
        at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:583)
        ... 8 more

and on Solaris 11 we see the following:

Exception in thread "main" java.lang.RuntimeException:                
java.lang.ArrayIndexOutOfBoundsException                              
        at test.TestEncryption.drainStream(TestEncryption.java:122)  
        at test.TestEncryption.main(TestEncryption.java:105)          
Caused by: java.lang.ArrayIndexOutOfBoundsException                  
        at java.lang.System.arraycopy(Native Method)                  
        at sun.security.pkcs11.P11Util.convert(P11Util.java:106)      
        at                                                            
sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:485)        
        at javax.crypto.Cipher.update(Cipher.java:1753)              
        at                                                            
javax.crypto.CipherInputStream.getMoreData(CipherInputStream.java:120)
        at                                                            
javax.crypto.CipherInputStream.read(CipherInputStream.java:224)      
        at                                                            
javax.crypto.CipherInputStream.read(CipherInputStream.java:200)      
        at test.TestEncryption.drainStream(TestEncryption.java:113)  
        ... 1 more
       
I understand that the JDK's provider in this case is a thin wrapper around the native Solaris PKCS library, so this may be an issue in the Solaris OS rather than the JDK.

TESTCASE
-----------------
Attached

REPRODUCTION INSTRUCTIONS
-------------------------
1. Ensure that the CKM_AES_CTR mechanism is available to user-level
   applications by checking the output of "cryptoadm list -m". We were
   not able to access this provider on a T1 box (but we could on a T3
   box).
2. Compile and run the attached testcase.
3. Observe a failure/Exception, as described in the Description above.

WORKAROUND
----------
Specify the SunJCE provider explicitly in the code. This works, but it is not acceptable because it is not platform neutral (i.e. this fails on other vendors JDKs). 
Comments
P11Cipher.updateLength(inLen) returns the largest length that is on a blocksize boundary. In the case above, inLen is 65; therefore, it returns 64. That is fine for update when it's a block cipher, but for a stream cipher we need to return the whole inLen
05-04-2013

Some of the findings don't reflect the appearance of userland CTR support in Solaris PKCS11 as it differed from s10 update and s11. If I recall correctly, at shipping time, T2 and T3 provided hardware support for CTR, but not software support. T1 does not have a symmetric crypto unit to do hardware support. I believe for the s10 update for T4, CTR may have been added. S11 has always had CTR in software.
27-03-2013