JDK-8168981 : ECDHE_RSA causes RuntimeException in using PKCS#11
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 6u75
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2016-11-01
  • Updated: 2017-04-10
  • Resolved: 2017-04-10
Related Reports
Duplicate :  
JDK-7099228 - Use a PKCS11 config attribute to control encoding of an EC point
Description
Submitter reports issue withJDK6u75 under solaris 11. But under solaris 10 it work well.

Exceptions with stack traces:
----------------------------------------------------------------------------------------
java.lang.RuntimeException: Could not parse key values
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1012)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:485)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:753)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:721)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.unwrap(SSLUtils.java:248)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.doHandshake(SSLUtils.java:359)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doHandshake(SSLReadTask.java:291)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:214)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:267)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:108)
Caused by: java.lang.RuntimeException: Could not parse key values
at sun.security.pkcs11.P11Key$P11ECPublicKey.fetchValues(P11Key.java:1000)
at sun.security.pkcs11.P11Key$P11ECPublicKey.getParams(P11Key.java:1025)
at com.sun.net.ssl.internal.ssl.HandshakeMessage$ECDH_ServerKeyExchange.<init>(HandshakeMessage.java:863)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:696)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:151)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:533)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:952)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.executeDelegatedTask(SSLUtils.java:298)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.doHandshake(SSLUtils.java:373)
... 4 more
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=83, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:544)
at sun.security.util.DerValue.init(DerValue.java:347)
at sun.security.util.DerValue.<init>(DerValue.java:277)
at sun.security.pkcs11.P11Key$P11ECPublicKey.fetchValues(P11Key.java:991)
... 14 more
Comments
Is it possible that JDK-8043634 is an issue here ? It concerns how values are encoded for DerValues. Also relates to interoperability. https://bugs.openjdk.java.net/browse/JDK-8043634 Can submitter test with 6u85 or later ?
09-12-2016