FULL PRODUCT VERSION : java version "1.5.0_18" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_18-b02) Java HotSpot(TM) Server VM (build 1.5.0_18-b02, mixed mode) ADDITIONAL OS VERSION INFORMATION : SunOS d05prapp01 5.10 Generic_138888-08 sun4v sparc SUNW,SPARC-Enterprise-T5220 A DESCRIPTION OF THE PROBLEM : Following upgrade from 1.5.0_17 to 1.5.0_18, experienced different errors related to Sun PKCS11 provider. One error was: Caused by java.lang.NullPointerException at sun.security.pkcs11.P11SecureRandom.engineNextBytes (P11SecureRandom.java110) at java.security.SecureRandom.nextBytes(SecureRandom.java413) The application code did not change and simply called SecureRandom.nextBytes. Reverting back to 1.5.0_17 resolved the problem. Also received a related error: java.io.NotSerializableException Could not find token at sun.security.pkcs11.Token$TokenRep.readResolve(Token.java358) Again, the error was not seen after fallback to 1.5.0_17. Looking at the 1.5.0_18 release notes, the fix for bug 6591117 would appear to look suspicious. Created a test program to serialize/deserialize the a SecureRandom object to reproduce the NullPointerException seen in our application. STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Compile and run the source code included below. EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - Doesn't get exception. ACTUAL - Exception received with 1.5.0_18 runtime. No exception with 1.5.0_17 runtime ERROR MESSAGES/STACK TRACES THAT OCCUR : Exception in thread "main" java.lang.NullPointerException at sun.security.pkcs11.P11SecureRandom.engineNextBytes(P11SecureRandom.java:110) at java.security.SecureRandom.nextBytes(SecureRandom.java:413) at pkcs11test.main(pkcs11test.java:15) REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- import java.security.SecureRandom; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; public class pkcs11test { public static void main(String[] args) throws Exception { SecureRandom r = new SecureRandom(); r.setSeed(System.currentTimeMillis()); byte[] buf = new byte[16]; byte[] ser = toByteArray(r); SecureRandom r2 = fromByteArray(ser); r2.nextBytes(buf); System.out.println("Done"); } public static byte[] toByteArray(Object obj) throws Exception { ByteArrayOutputStream out = new ByteArrayOutputStream(1024); ObjectOutputStream outStream = null; ByteArrayOutputStream out = new ByteArrayOutputStream(1024); ObjectOutputStream outStream = null; try { outStream = new ObjectOutputStream(out); outStream.writeObject(obj); return out.toByteArray(); } finally { if (outStream != null) { outStream.close(); } } } public static SecureRandom fromByteArray(byte[] buf) throws Exception { SecureRandom r = null; ByteArrayInputStream is = new ByteArrayInputStream(buf); ObjectInputStream ois = null; try { ois = new ObjectInputStream(is); r = (SecureRandom) ois.readObject(); } finally { if (ois != null) { ois.close(); if (ois != null) { ois.close(); } } return r; } } ---------- END SOURCE ---------- Release Regression From : 5.0u17 The above release value was the last known release where this bug was not reproducible. Since then there has been a regression.
|