Possible bug with JDK12 and ChaCha ciphers

Jamil Nimeh jamil.j.nimeh at oracle.com
Thu May 23 19:04:45 UTC 2019


It did help some, yes.  I'm trying to get to a point where I can 
reproduce the issue because it isn't immediately clear why that last 
record is causing the ShortBufferException.  I'm hoping there's a way to 
do that without having to hit that discord server.  Ideally I'd need to 
turn this into some kind of regression test that more easily isolates 
the issue.

--Jamil

On 5/23/2019 11:24 AM, Norman Maurer wrote:
> Hi there,
>
>
> Did the debug log help at all or should I try to gather more 
> informations from the user ?
>
> Bye
> Norman
>
>
>> On 17. May 2019, at 21:26, Norman Maurer 
>> <norman.maurer at googlemail.com <mailto:norman.maurer at googlemail.com>> 
>> wrote:
>>
>> The user did capture the log here:
>>
>> https://hasteb.in/ucalevob.makefile
>>
>> Hopefully it is helpful,
>>
>> Norman
>>
>>
>>> On 17. May 2019, at 20:38, Norman Maurer 
>>> <norman.maurer at googlemail.com <mailto:norman.maurer at googlemail.com>> 
>>> wrote:
>>>
>>> Unfortunately I am very busy atm so it may take me a few days. I 
>>> asked the original reported of the issue to provide some in the 
>>> netty issue tracker. I will come back to you.
>>>
>>> Bye
>>> Norman
>>>
>>>
>>>> On 17. May 2019, at 20:27, Xuelei Fan <xuelei.fan at oracle.com 
>>>> <mailto:xuelei.fan at oracle.com>> wrote:
>>>>
>>>> Hi Norman,
>>>>
>>>> If you are able to reproduce this issue, would you mind post the 
>>>> JSSE debug log (by using Java System Property, "javax.net.debug=all")?
>>>>
>>>> Please feel free to submit a bug.
>>>>
>>>> Thanks & Regards,
>>>> Xuelei
>>>>
>>>> On 5/17/2019 11:02 AM, Norman Maurer wrote:
>>>>> Hi there,
>>>>> We recently received a bug report in netty when JDK12 is used with 
>>>>> ChaCha chiphers:
>>>>> https://github.com/netty/netty/issues/9150
>>>>> Basically it seems like there is a problem in how it uses the 
>>>>> ByteBuffer internally:
>>>>> |Caused by: java.lang.RuntimeException: 
>>>>> javax.crypto.ShortBufferException: Output buffer too small at 
>>>>> java.base/com.sun.crypto.provider.ChaCha20Cipher.engineDoFinal(ChaCha20Cipher.java:703) 
>>>>> at 
>>>>> java.base/javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:826) 
>>>>> at 
>>>>> java.base/javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730) 
>>>>> at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2503) at 
>>>>> java.base/sun.security.ssl.SSLCipher$T12CC20P1305ReadCipherGenerator$CC20P1305ReadCipher.decrypt(SSLCipher.java:2188) 
>>>>> at 
>>>>> java.base/sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:240) 
>>>>> at 
>>>>> java.base/sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:197) 
>>>>> at 
>>>>> java.base/sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160) 
>>>>> at 
>>>>> java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108) 
>>>>> at 
>>>>> java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681) 
>>>>> at 
>>>>> java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636) 
>>>>> at 
>>>>> java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454) 
>>>>> ... 25 common frames omitted Caused by: 
>>>>> javax.crypto.ShortBufferException: Output buffer too small at 
>>>>> java.base/com.sun.crypto.provider.ChaCha20Cipher$EngineAEADDec.doFinal(ChaCha20Cipher.java:1360) 
>>>>> at 
>>>>> java.base/com.sun.crypto.provider.ChaCha20Cipher.engineDoFinal(ChaCha20Cipher.java:701)|
>>>>> Unfortunately I have no standalone reproducer yet but I just 
>>>>> wanted to bring it up here in case it helps.
>>>>> It only happens on JDK12 it seems. Check the Netty issue for more 
>>>>> details…
>>>>> Bye
>>>>> Norman
>>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20190523/3d4d749a/attachment-0001.html>


More information about the security-dev mailing list