Possible bug with JDK12 and ChaCha ciphers

Xuelei Fan xuelei.fan at oracle.com
Fri May 17 18:27:46 UTC 2019 

Hi Norman,

If you are able to reproduce this issue, would you mind post the JSSE 
debug log (by using Java System Property, "javax.net.debug=all")?

Please feel free to submit a bug.

Thanks & Regards,
Xuelei

On 5/17/2019 11:02 AM, Norman Maurer wrote:
> Hi there,
> 
> We recently received a bug report in netty when JDK12 is used with 
> ChaCha chiphers:
> 
> https://github.com/netty/netty/issues/9150
> 
> Basically it seems like there is a problem in how it uses the ByteBuffer 
> internally:
> 
> 
> |Caused by: java.lang.RuntimeException: 
> javax.crypto.ShortBufferException: Output buffer too small at 
> java.base/com.sun.crypto.provider.ChaCha20Cipher.engineDoFinal(ChaCha20Cipher.java:703) 
> at java.base/javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:826) at 
> java.base/javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730) at 
> java.base/javax.crypto.Cipher.doFinal(Cipher.java:2503) at 
> java.base/sun.security.ssl.SSLCipher$T12CC20P1305ReadCipherGenerator$CC20P1305ReadCipher.decrypt(SSLCipher.java:2188) 
> at 
> java.base/sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:240) 
> at 
> java.base/sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:197) 
> at 
> java.base/sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160) 
> at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108) 
> at 
> java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681) 
> at 
> java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636) 
> at 
> java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454) 
> ... 25 common frames omitted Caused by: 
> javax.crypto.ShortBufferException: Output buffer too small at 
> java.base/com.sun.crypto.provider.ChaCha20Cipher$EngineAEADDec.doFinal(ChaCha20Cipher.java:1360) 
> at 
> java.base/com.sun.crypto.provider.ChaCha20Cipher.engineDoFinal(ChaCha20Cipher.java:701)|
> 
> 
> 
> Unfortunately I have no standalone reproducer yet but I just wanted to 
> bring it up here in case it helps.
> 
> It only happens on JDK12 it seems. Check the Netty issue for more details…
> 
> 
> Bye
> Norman
>

More information about the security-dev mailing list