Orbeon Forms community mailing list

Cipher exception when encrypting ajax response [SPARC]

classic Classic list List threaded Threaded
7 messages Options
Tars Joris
Reply | Threaded
Open this post in threaded view
|

Cipher exception when encrypting ajax response [SPARC]

Tars Joris
Hi,

We encounter the attached exception when the second ajax response is encrypted : cipher-exception.txt .

java.security.InvalidAlgorithmParameterException: Parameters required for decryption

The first ajax response is correctly encrypted and decrypted, everything works. It is the second encryption that fails (the Cipher instance is reused).

Note that this only happens on a SPARC processor (running the Solaris OS). After investigating the problem, we found that it is related to the Security Provider that is used on SPARC. OracleUcrypto is used instead of SunJCE (SPARC seems to have native support). We are not sure what the exact problem is with this specific provider, but we worked around the problem by preferring SunJCE when it is available (see attached patch orbeon-forms.txt ) .

Did anyone see similar exceptions/problems? And is there a better solution?

Kind regards,

Tars Joris
Inventive Designers
Erik Bruchez
Reply | Threaded
Open this post in threaded view
|

Re: Cipher exception when encrypting ajax response [SPARC]

Erik Bruchez
Administrator
Tars,

It was my understanding that it was allowed to pool and reuse ciphers. Here is what the doc says: [1]

    "initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it"

It wouldn't surprise me is this was an error in the Oracle implementation. Possibly, the bug could be that an encryption cypher cannot be turned into a decryption cypher. Maybe using two separate pools could solve the issue, who knows?

I would say that using SunJCE is probably fine, as it's what's used in most cases.

-Erik

[1] http://docs.oracle.com/javase/6/docs/api/javax/crypto/Cipher.html#init(int, java.security.cert.Certificate)
Tars Joris
Reply | Threaded
Open this post in threaded view
|

Re: Cipher exception when encrypting ajax response [SPARC]

Tars Joris
Hi Erik,

Thanks for your reply. We'll stick with this workaround then for now. Are there any plans to address this in a future release? We like to stay as close to the original codebase as possible.

Kind regards,

Tars Joris
Inventive Designers
Erik Bruchez
Reply | Threaded
Open this post in threaded view
|

Re: Cipher exception when encrypting ajax response [SPARC]

Erik Bruchez
Administrator
Tars,

We have no way to test this as we don't have a SPARC machine. But if you provide and test a fix, we can look at integrating it.

-Erik
Tars Joris
Reply | Threaded
Open this post in threaded view
|

Re: Cipher exception when encrypting ajax response [SPARC]

Tars Joris
Hi Erik,

I created a pull request
https://github.com/orbeon/orbeon-forms/pull/1745

This patch fixes the problem on the SPARC machine where the problem was discovered, and it doesn't seem to cause regressions on Intel.

Kind regards,

Tars Joris
Inventive Designers
Erik Bruchez
Reply | Threaded
Open this post in threaded view
|

Re: Cipher exception when encrypting ajax response [SPARC]

Erik Bruchez
Administrator
Thanks Tars, the fix is committed:

https://github.com/orbeon/orbeon-forms/commit/e6ab84abd743de93467026573c71358082463856

-Erik
Tars Joris
Reply | Threaded
Open this post in threaded view
|

Re: Cipher exception when encrypting ajax response [SPARC]

Tars Joris
Hi Erik,

Thanks a lot for incorporating an improved fix.

Kind regards,

Tars Joris
Inventive Designers
Free forum by Nabble Edit this page