Bug 1868754
Summary: | java-11-openjdk / rhel-8 / FIPS: Ciphers remain in broken state (unusable), after supplied with wrongly sized buffer | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | zzambers | ||||
Component: | java-11-openjdk | Assignee: | Martin Balao <mbalao> | ||||
Status: | CLOSED ERRATA | QA Contact: | OpenJDK QA <java-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 8.3 | CC: | ahughes, jandrlik, lmiksik, mbalao, pmikova | ||||
Target Milestone: | rc | ||||||
Target Release: | 8.0 | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | java-11-openjdk-11.0.8.10-6.el8 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 1868759 (view as bug list) | Environment: | |||||
Last Closed: | 2020-11-04 02:43:55 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1868759 | ||||||
Attachments: |
|
Description
zzambers
2020-08-13 17:57:39 UTC
Created attachment 1711353 [details]
CipherBreak.java
Reproducer
I looked a bit at this issue, and I think the problem could actually be in NSS library iteself. Exception (CKR_DATA_LEN_RANGE) is thrown by C_EncryptUpdate [1]. Documentation I have found on the internet says [2]: "A call to C_EncryptUpdate which results in an error other than CKR_BUFFER_TOO_SMALL terminates the current encryption operation." I may be reading it wrong, but it seems to me, that if CKR_DATA_LEN_RANGE should have terminated the current operation, subsequent operations should not be showing CKR_OPERATION_ACTIVE. I was just wondering if calling reset with true would make any difference... [3] [1] https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/4687075d8ccf/src/share/classes/sun/security/pkcs11/P11Cipher.java#l581 [2] https://www.cryptsoft.com/pkcs11doc/v220/pkcs11__all_8h.html#aC_EncryptUpdate [3] https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/4687075d8ccf/src/share/classes/sun/security/pkcs11/P11Cipher.java#l628 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (java-11-openjdk bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4657 |