Xuelei Fan:
----------------
Hi,
I got the following exception in a JPRT job:
--------------------
javax.crypto.ShortBufferException: Output buffer must be (at least) 2 bytes long
at
com.oracle.security.ucrypto.NativeGCMCipher.engineDoFinal(NativeGCMCipher.java:381)
at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:830)
... 19 more
---------
The output buffer is allocated dynamically in CipherSpi.bufferCrypt()
---------
javax.crypto.CipherSpi.bufferCrypt(...):
...
int outLenNeeded = engineGetOutputSize(inLen);
...
byte[] outArray = new byte[getTempArraySize(outLenNeeded)];
...
830 n = engineDoFinal(inArray, inOfs, chunk, outArray, 0);
--------
However, the buffer size is not sufficient for the engineDoFinal()
operation.
--------
com.oracle.security.ucrypto.NativeGCMCipher.engineDoFinal(
byte[] in, int inOfs, int inLen,
byte[] out, int outOfs)
...
int len = getOutputSizeByOperation(inLen, true);
380 if (out.length - outOfs < len) {
381 throw new ShortBufferException("Output buffer must be "
382 + "(at least) " + len
383 + " bytes long");
384 }
---------
Any ideas about what the unlying problem?
Thanks,
Xuelei
Valerie Peng replied:
------------------------------
It is probably due to the buffer size calculation. GCM mode has this additional tag data and Ucrypto provider may have to be fine tuned further at certain scenario. I noticed one case of this ShortBufferException when testing external patch regarding an RFE in CipherInput/OutputStream, but has not yet to get the fixes reviewed.
Not sure if it's the same problem since I have not looked at yours. Here is the patch in my workspace that addressed mine.
--- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java
+++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java
@@ -125,9 +125,7 @@
if (ibuffer != null) {
result += ibuffer.size();
}
- if (isDoFinal) {
- result -= tagLen/8;
- }
+ result -= tagLen/8;
}
if (result < 0) {
result = 0;
Xuelei Fan confirmed:
-------------------------------
The patch works!