JDK-8081792 : buffer size calculation issue in NativeGCMCipher
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 8u131,9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2015-06-03
  • Updated: 2019-01-14
  • Resolved: 2017-07-04
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u192Fixed 9 b68Fixed
Related Reports
Relates :  
Description
Xuelei Fan:
----------------
Hi,

I got the following exception in a JPRT job:
--------------------
javax.crypto.ShortBufferException: Output buffer must be (at least) 2 bytes long
	at
com.oracle.security.ucrypto.NativeGCMCipher.engineDoFinal(NativeGCMCipher.java:381)
	at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:830)
	... 19 more
---------

The output buffer is allocated dynamically in CipherSpi.bufferCrypt()
---------
javax.crypto.CipherSpi.bufferCrypt(...):
     ...
     int outLenNeeded = engineGetOutputSize(inLen);
     ...
     byte[] outArray = new byte[getTempArraySize(outLenNeeded)];
     ...
830  n = engineDoFinal(inArray, inOfs, chunk, outArray, 0);
--------

However, the buffer size is not sufficient for the engineDoFinal()
operation.
--------
com.oracle.security.ucrypto.NativeGCMCipher.engineDoFinal(
        byte[] in, int inOfs, int inLen,
        byte[] out, int outOfs)
     ...
     int len = getOutputSizeByOperation(inLen, true);
380  if (out.length - outOfs < len) {
381      throw new ShortBufferException("Output buffer must be "
382                                     + "(at least) " + len
383                                      + " bytes long");
384  }
---------

Any ideas about what the unlying problem?

Thanks,
Xuelei

Valerie Peng replied:
------------------------------
It is probably due to the buffer size calculation. GCM mode has this additional tag data and Ucrypto provider may have to be fine tuned further at certain scenario. I noticed one case of this ShortBufferException when testing external patch regarding an RFE in CipherInput/OutputStream, but has not yet to get the fixes reviewed.

Not sure if it's the same problem since I have not looked at yours. Here is the patch in my workspace that addressed mine.

--- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java
+++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java
@@ -125,9 +125,7 @@
             if (ibuffer != null) {
                 result += ibuffer.size();
             }
-            if (isDoFinal) {
-                result -= tagLen/8;
-            }
+            result -= tagLen/8;
         }
         if (result < 0) {
             result = 0;

Xuelei Fan confirmed:
-------------------------------
The patch works!
Comments
noreg-other. Existing regression tests (see the nightly failures) can be used instead. http://hg.openjdk.java.net/jdk9/dev/jdk/rev/9443aa6747d6
04-06-2015

This bug causes a few new testing failures. jdk9-dev nightly-b67-2015-06-02 regression report ----------------------------------------------------------------------- NEW FAILURES: --------------------------------------------- javax/net/ssl/SSLEngine/Arrays.java --------------------------------------------- JavaTest Message: Test threw exception: java.security.ProviderException javatestOS=SunOS 5.11 (sparc) hostname=sc11152482.us.oracle.com http://aurora.ru.oracle.com/slot-gw/929743.CORELIBS-JDK-NIGHTLY-JTREG-16/results/workDir/javax/net/ssl/SSLEngine/Arrays.jtr --------------------------------------------- sun/security/ssl/SSLEngineImpl/CloseEngineException.java --------------------------------------------- JavaTest Message: Test threw exception: java.security.ProviderException: Could not determine buffer size javatestOS=SunOS 5.11 (sparc) hostname=sc11152482.us.oracle.com http://aurora.ru.oracle.com/slot-gw/929743.CORELIBS-JDK-NIGHTLY-JTREG-16/results/workDir/sun/security/ssl/SSLEngineImpl/CloseEngineException.jtr --------------------------------------------- sun/security/ssl/SSLEngineImpl/CloseInboundException.java --------------------------------------------- JavaTest Message: Test threw exception: java.security.ProviderException: Could not determine buffer size javatestOS=SunOS 5.11 (sparc) hostname=sc11152482.us.oracle.com http://aurora.ru.oracle.com/slot-gw/929743.CORELIBS-JDK-NIGHTLY-JTREG-16/results/workDir/sun/security/ssl/SSLEngineImpl/CloseInboundException.jtr --------------------------------------------- javax/net/ssl/SSLEngine/ExtendedKeyEngine.java --------------------------------------------- JavaTest Message: Test threw exception: java.security.ProviderException javatestOS=SunOS 5.11 (sparc) hostname=sc11152482.us.oracle.com http://aurora.ru.oracle.com/slot-gw/929743.CORELIBS-JDK-NIGHTLY-JTREG-16/results/workDir/javax/net/ssl/SSLEngine/ExtendedKeyEngine.jtr --------------------------------------------- javax/net/ssl/SSLEngine/NoAuthClientAuth.java --------------------------------------------- JavaTest Message: Test threw exception: java.security.ProviderException: Could not determine buffer size javatestOS=SunOS 5.11 (sparc) hostname=sc11152482.us.oracle.com http://aurora.ru.oracle.com/slot-gw/929743.CORELIBS-JDK-NIGHTLY-JTREG-16/results/workDir/javax/net/ssl/SSLEngine/NoAuthClientAuth.jtr --------------------------------------------- sun/security/ssl/SSLEngineImpl/RehandshakeFinished.java --------------------------------------------- JavaTest Message: Test threw exception: java.security.ProviderException: Could not determine buffer size javatestOS=SunOS 5.11 (sparc) hostname=sc11152482.us.oracle.com http://aurora.ru.oracle.com/slot-gw/929743.CORELIBS-JDK-NIGHTLY-JTREG-16/results/workDir/sun/security/ssl/SSLEngineImpl/RehandshakeFinished.jtr --------------------------------------------- sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java --------------------------------------------- JavaTest Message: Test threw exception: java.security.ProviderException: Could not determine buffer size javatestOS=SunOS 5.11 (sparc) hostname=sc11152482.us.oracle.com http://aurora.ru.oracle.com/slot-gw/929743.CORELIBS-JDK-NIGHTLY-JTREG-16/results/workDir/sun/security/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.jtr --------------------------------------------- sun/security/ssl/SSLEngineImpl/SSLEngineDeadlock.java --------------------------------------------- JavaTest Message: Test threw exception: java.security.ProviderException: Could not determine buffer size javatestOS=SunOS 5.11 (sparc) hostname=sc11152482.us.oracle.com http://aurora.ru.oracle.com/slot-gw/929743.CORELIBS-JDK-NIGHTLY-JTREG-16/results/workDir/sun/security/ssl/SSLEngineImpl/SSLEngineDeadlock.jtr --------------------------------------------- javax/net/ssl/templates/SSLEngineTemplate.java --------------------------------------------- JavaTest Message: Test threw exception: java.security.ProviderException: Could not determine buffer size javatestOS=SunOS 5.11 (sparc) hostname=sc11152482.us.oracle.com http://aurora.ru.oracle.com/slot-gw/929743.CORELIBS-JDK-NIGHTLY-JTREG-16/results/workDir/javax/net/ssl/templates/SSLEngineTemplate.jtr --------------------------------------------- javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java --------------------------------------------- JavaTest Message: Test threw exception: java.security.ProviderException: Could not determine buffer size javatestOS=SunOS 5.11 (sparc) hostname=sc11152482.us.oracle.com http://aurora.ru.oracle.com/slot-gw/929743.CORELIBS-JDK-NIGHTLY-JTREG-16/results/workDir/javax/net/ssl/templates/SSLSocketSSLEngineTemplate.jtr
03-06-2015