OpenJDK com/sun/crypto/provider/Cipher/AES/TestKATForGCM Error in Native GaloisCounterMode

[pshipton]

Internal build OMR Acceptance - ubu20s390x-svl-rt2-1
com/sun/crypto/provider/Cipher/AES/TestKATForGCM.java

11:46:00  Test #23: byte[].
11:46:00  Test #23: ByteBuffer Heap.
11:46:00  Test #23: ByteBuffer Direct.
11:46:00  Test #23: ByteBuffer Heap.  offset = 2
11:46:00  Test #23: ByteBuffer Direct.  offset = 2
11:46:00  Test #24: byte[].
11:46:00  Failed Test Vector: id = 24, key=1672c3537afa82004c6b8a46f6f0d026, iv=05, pt=null,aad=null, ct=null, tag=8e2ad721f9455f74d8b53d3141f27e8e
11:46:00  STDERR:
11:46:00  java.security.ProviderException: Error in Native GaloisCounterMode
11:46:00  	at java.base/com.sun.crypto.provider.NativeGaloisCounterMode$GCMEncrypt.doFinal(NativeGaloisCounterMode.java:841)
11:46:00  	at java.base/com.sun.crypto.provider.NativeGaloisCounterMode.engineDoFinal(NativeGaloisCounterMode.java:476)
11:46:00  	at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2205)
11:46:00  	at TestKATForGCM.executeArray(TestKATForGCM.java:287)
11:46:00  	at TestKATForGCM.main(TestKATForGCM.java:405)

[pshipton]

https://hyc-runtimes-jenkins.swg-devops.com/job/Test_openjdk11_j9_sanity.openjdk_s390x_linux_Personal_testList_0/27/
ubu20s390x-svl-rt2-1

18:25:36  An OpenSSL error occurred
18:25:36  error:1C80006D:Provider routines::invalid iv length
18:25:36  An OpenSSL error occurred
18:25:36  error:1C80006D:Provider routines::invalid iv length
18:25:36  STDERR:
18:25:36  java.security.ProviderException: Error in Native GaloisCounterMode
18:25:36  	at java.base/com.sun.crypto.provider.NativeGaloisCounterMode.encryptFinal(NativeGaloisCounterMode.java:424)
18:25:36  	at java.base/com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1207)
18:25:36  	at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1142)
18:25:36  	at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:919)
18:25:36  	at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
18:25:36  	at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202)
18:25:36  	at TestKATForGCM.execute(TestKATForGCM.java:267)
18:25:36  	at TestKATForGCM.main(TestKATForGCM.java:308)
18:25:36  	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
18:25:36  	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
18:25:36  	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
18:25:36  	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
18:25:36  	at com.sun.javatest.regtest.agent.MainActionHelper$AgentVMRunnable.run(MainActionHelper.java:312)
18:25:36  	at java.base/java.lang.Thread.run(Thread.java:839)
18:25:36  java.security.ProviderException: Error in Native GaloisCounterMode
18:25:36  	at java.base/com.sun.crypto.provider.NativeGaloisCounterMode.encryptFinal(NativeGaloisCounterMode.java:424)
18:25:36  	at java.base/com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1207)
18:25:36  	at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1142)
18:25:36  	at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:919)
18:25:36  	at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
18:25:36  	at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202)
18:25:36  	at TestKATForGCM.execute(TestKATForGCM.java:267)
18:25:36  	at TestKATForGCM.main(TestKATForGCM.java:308)
18:25:36  	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
18:25:36  	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
18:25:36  	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
18:25:36  	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
18:25:36  	at com.sun.javatest.regtest.agent.MainActionHelper$AgentVMRunnable.run(MainActionHelper.java:312)
18:25:36  	at java.base/java.lang.Thread.run(Thread.java:839)
18:25:36  java.lang.Exception: Test Failed
18:25:36  	at TestKATForGCM.execute(TestKATForGCM.java:300)
18:25:36  	at TestKATForGCM.main(TestKATForGCM.java:308)

18:25:36  STDOUT:
18:25:36  Failed Test Vector: key=1672c3537afa82004c6b8a46f6f0d026, iv=05, pt=null,aad=null, ct=null, tag=8e2ad721f9455f74d8b53d3141f27e8e
18:25:36  Failed Test Vector: key=9f79239f0904eace50784b863e723f6b, iv=d9, pt=bdb0bb10c87965acd34d146171,aad=44db436089327726c5f01139e1f339735c9e85514ccc2f167bad728010fb34a9072a9794c8a5e7361b1d0dbcdc9ac4091e354bb2896561f0486645252e9c78c86beece91bfa4f7cc4a8794ce1f305b1b735efdbf1ed1563c0be0, ct=7e5a7c8dadb3f0c7335b4d9d8d, tag=6b6ef1f53723a89f3bb7c6d043840717

[pshipton]

@jasonkatonica pls take a look.

[KostasTsiounis]

Starting in OpenSSL 3.0.0, a check for minimum length of IV was added (openssl/openssl#11843, https://github.com/slontis/openssl/blob/dca81e1c93836c3f936d4209a4f968ede0d917ff/providers/implementations/ciphers/cipher_aes_gcm.c#L23).

However, after complaints about backwards compatibility, the check was removed (slontis/openssl@c55c7d0).

The change, as seen in the mentioned commit was made on July 14, 2021. The machine that run the test uses the following OpenSSL version: OpenSSL 3.0.0-alpha17 20 May 2021. At that point the commit that removes the check hasn't been picked up yet.

The test should be fine as soon as the OpenSSL version in the machine is updated.

[pshipton]

Opened an infra issue to update the machine(s).

[pshipton]

The machine has been updated to OpenSSL 3.1.3