In java based application some times application would have suddenly stopped running because of the error "Could not determine buffer size". Root cause of the issue is Ucrypto JCE Provider used by the JRE is not able to handle the buffer size for SSL request. This is specially for Solaris OS.
Solution:
We need to comment the uncrypto provider used in the JRE in below location $JAVA_HOME/jre/lib/security/java.security as like below and we need to re order security providers.
Original :
security.provider.1=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/lib/security/ucrypto-solaris.cfg
security.provider.2=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=sun.security.ec.SunEC
security.provider.6=com.sun.net.ssl.internal.ssl.Provider
security.provider.7=com.sun.crypto.provider.SunJCE
security.provider.8=sun.security.jgss.SunProvider
security.provider.9=com.sun.security.sasl.Provider
security.provider.10=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.11=sun.security.smartcardio.SunPCSC
Modified One:
#security.provider.1=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/lib/security/ucrypto-solaris.cfg
security.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
First line is commented in the modified one and order is changed
java.security.ProviderException: Could not determine buffer size at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:843) ~[na:1.8.0_122] at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730) ~[na:1.8.0_122] at javax.crypto.Cipher.doFinal(Cipher.java:2460) ~[na:1.8.0_122] at sun.security.ssl.CipherBox.decrypt(CipherBox.java:535) ~[na:1.8.0_152] at sun.security.ssl.EngineInputRecord.decrypt(EngineInputRecord.java:200) ~[na:1.8.0_152] at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:974) ~[na:1.8.0_152] at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907) ~[na:1.8.0_152] at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[na:1.8.0_152] at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.8.0_152] at com.smarttrade.sl.ssl.AbstractSSLConnection.actualRead(AbstractSSLConnection.java:123) ~[stclient-9.16.0.0.jar:9.16.0.0 build 15299] at com.smarttrade.sl.SocketManager.select(SocketManager.java:434) ~[stclient-9.16.0.0.jar:9.16.0.0 build 15299] at com.smarttrade.sl.SocketManager$1.run(SocketManager.java:110) [stclient-9.16.0.0.jar:9.16.0.0 build 15299] at java.lang.Thread.run(Thread.java:748) [na:1.8.0_152] Caused by: javax.crypto.ShortBufferException: Output buffer must be (at least) 26 bytes long. Got: 12 at com.oracle.security.ucrypto.NativeGCMCipher.engineUpdate(NativeGCMCipher.java:293) ~[ucrypto.jar:1.8.0_131] at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:828) ~[na:1.8.0_122] ... 12 common frames omitted
Solution:
We need to comment the uncrypto provider used in the JRE in below location $JAVA_HOME/jre/lib/security/java.security as like below and we need to re order security providers.
Original :
security.provider.1=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/lib/security/ucrypto-solaris.cfg
security.provider.2=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=sun.security.ec.SunEC
security.provider.6=com.sun.net.ssl.internal.ssl.Provider
security.provider.7=com.sun.crypto.provider.SunJCE
security.provider.8=sun.security.jgss.SunProvider
security.provider.9=com.sun.security.sasl.Provider
security.provider.10=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.11=sun.security.smartcardio.SunPCSC
Modified One:
#security.provider.1=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/lib/security/ucrypto-solaris.cfg
security.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/sunpkcs11-solaris.cfg
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
First line is commented in the modified one and order is changed
0 Comments
Post a Comment