IrinaSvirkina opened a new issue, #455: URL: https://github.com/apache/mina-sshd/issues/455
### Version 2.7.0 ### Bug description I found that Apache mina 2.7.0+ bouncycastle 2.73.3 + java8 + linux brings javax.crypto.ShortBufferException, so originally I created my question as the bouncycastle issue https://github.com/bcgit/bc-java/issues/1562. Bouncycastle DevTeam replied that this is a bug in Apache mina 2.7.0 and gave [the detailed explanation](https://github.com/bcgit/bc-java/issues/1562#issuecomment-1897597271), so I'm here. ---- I quote [the detailed explanation below](https://github.com/bcgit/bc-java/issues/1562#issuecomment-1897597271): **Title:** Mina's AbstractSessionHelper and BaseCipher are ignoring lengths returned from cipher update and deriving information from the input len rather than what has actually been processed during the update. **Issue:** The issue is the return values from the cipher.update and cipher.doFinal are meaningful and cannot be ignored, particularly in the case, such as with the LTS native layer, where underlying provider maybe buffering output for speed and efficiency reasons. It is pure coincidence that the code works with the regular BC provider. It is simply because it does not buffer, except in very rare cases, that the error has not shown up. **Please raise this issue with the Apache project so they can fix it, we are more than happy to talk to them if they need any further assistance.** **References:** In AbstractSessionHelper: org.apache.sshd.common.session.helpers.AbstractSession#encryptOutgoingBuffer v2.7.0: Line 1324 HEAD: Line 1547 Link: https://github.com/apache/mina-sshd/blob/b040109746ebe2aadf7f040790b4dade6a870e41/sshd-core/src/main/java/org/apache/sshd/common/session/helpers/AbstractSession.java#L1547 blockCount is derived from input rather than what was actually processed because outCipher.update( ... ) returns void. In org.apache.sshd.common.cipher.BaseCipher#update v2.7.0: Line 123 HEAD: Line 121 Link: https://github.com/apache/mina-sshd/blob/b040109746ebe2aadf7f040790b4dade6a870e41/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseCipher.java#L121 Ignores the return value from update and returns void. ### Actual behavior I get javax.crypto.ShortBufferException when use Apache mina 2.7.0+ bouncycastle 2.73.3 + java8 + linux + ED25519 ssh key. ### Expected behavior No javax.crypto.ShortBufferException. ### Relevant log output ```Shell Personally I observe the next exception: Caused by: org.eclipse.jgit.errors.TransportException: g...@mytestgitlab.net:root/TestRepo.git: output buffer too short for input. at org.eclipse.jgit.transport.sshd.SshdSessionFactory.getSession(SshdSessionFactory.java:248) at org.eclipse.jgit.transport.sshd.SshdSessionFactory.getSession(SshdSessionFactory.java:1) at com.bigbrassband.jira.git.services.wizard.WizardConnectionValidator.isSshConnectionValid(WizardConnectionValidator.java:316) ... 303 more Caused by: org.apache.sshd.common.SshException: output buffer too short for input. at org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:126) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:39) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:32) at org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:68) at org.eclipse.jgit.transport.sshd.SshdSession.connect(SshdSession.java:164) at org.eclipse.jgit.transport.sshd.SshdSession.connect(SshdSession.java:99) at org.eclipse.jgit.transport.sshd.SshdSessionFactory.getSession(SshdSessionFactory.java:235) ... 305 more Caused by: org.apache.sshd.common.SshException: output buffer too short for input. at org.apache.sshd.common.session.helpers.AbstractSession.encode(AbstractSession.java:1294) at org.apache.sshd.common.session.helpers.AbstractSession.resolveOutputPacket(AbstractSession.java:983) at org.apache.sshd.common.session.helpers.AbstractSession.doWritePacket(AbstractSession.java:991) at org.apache.sshd.common.session.helpers.AbstractSession.sendPendingPackets(AbstractSession.java:787) at org.apache.sshd.common.session.helpers.AbstractSession.handleNewKeys(AbstractSession.java:749) at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:481) at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:429) at org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1466) at org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:389) at org.eclipse.jgit.internal.transport.sshd.JGitClientSession.messageReceived(JGitClientSession.java:198) at org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64) at org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:359) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:336) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:333) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) at java.security.AccessController.doPrivileged(Native Method) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at sun.nio.ch.Invoker$2.run(Invoker.java:218) at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ... 1 more Caused by: javax.crypto.ShortBufferException: output buffer too short for input. at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineUpdate(BaseBlockCipher.java:1169) at javax.crypto.Cipher.update(Cipher.java:1944) at org.apache.sshd.common.cipher.BaseCipher.update(BaseCipher.java:123) at org.apache.sshd.common.session.helpers.AbstractSession.encryptOutgoingBuffer(AbstractSession.java:1328) at org.apache.sshd.common.session.helpers.AbstractSession.encode(AbstractSession.java:1274) ... 22 more ``` ``` ### Other information My dependency tree shows the next versions of libraries: ``` [INFO] | +- org.eclipse.jgit:org.eclipse.jgit.http.server:jar:5.13.1.202206130422-r:compile [INFO] | +- org.eclipse.jgit:org.eclipse.jgit.ssh.apache:jar:5.13.1.202206130422-r:compile [INFO] | | +- org.apache.sshd:sshd-osgi:jar:2.7.0:compile [INFO] | | +- org.apache.sshd:sshd-sftp:jar:2.7.0:compile [INFO] | | | \- org.apache.sshd:sshd-core:jar:2.7.0:compile [INFO] | | | \- org.apache.sshd:sshd-common:jar:2.7.0:compile [INFO] | +- org.bouncycastle:bcpkix-lts8on:jar:2.73.3:provided [INFO] | | \- org.bouncycastle:bcutil-lts8on:jar:2.73.3:provided (version selected from constraint [2.73.3,2.74.0)) [INFO] | | \- org.bouncycastle:bcprov-lts8on:jar:2.73.3:provided (version selected from constraint [2.73.3,2.74.0)) ``` I see that the latest apache-mina version is 2.11.0, but I think that the bug is still present in the version too. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
