JDK-6687322 : Security changes in 6u5p violate javax.crypto.Cipher.doFinal spec.
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 6u5p
  • Priority: P1
  • Status: Closed
  • Resolution: Duplicate
  • OS: solaris
  • CPU: sparc
  • Submitted: 2008-04-11
  • Updated: 2012-03-22
  • Resolved: 2008-04-11
Related Reports
Duplicate :  
Relates :  
Relates :  
Description
JCK: JCK-runtime-6a alt. bundle
J2SE: FAIL - 6u5p b01, PASS 6u5,  6u4p
Platform[s]: FAIL -  solaris-sparc, probably other platforms too
switch/Mode: FAIL - -server

Some JCK api/javax_crypto/Cipher tests fail since 6u5p due to changes of behavior which are undeclared in spec.

Since 6u5p method javax.crypto.Cipher.doFinal can throw java.security.ProviderException. This behavior is undeclared in spec http://java.sun.com/javase/6/docs/api/javax/crypto/Cipher.html#doFinal(byte[],%20int,%20int,%20byte[]).

According to spec it should be IllegalStateException


steps to reproduce:
run 
/export/JDK/jre1.6.0_05/bin/java -showversion -server -Djava.awt.headless=true -Xfuture -classpath /net/stt-13.russia/export/stt/jck_promotions/6a/fcs/alt2/binaries/JCK-runtime-6a/classes -Djava.security.policy=/net/stt-13.russia/export/stt/jck_promotions/6a/fcs/alt2/binaries/JCK-runtime-6a/lib/jck.policy javasoft.sqe.tests.api.javax.crypto.Cipher.doFinal1Tests -TestCaseID ALL

it will report:
java version "1.6.0_05-p"
Java(TM) SE Runtime Environment (build 1.6.0_05-p-b01)
OpenJDK Server VM (build 12.0-b02, mixed mode)

KeyGenerator was used to generate key for algorithm : AES
KeyGenerator was used to generate key for algorithm : DES
KeyGenerator was used to generate key for algorithm : BlowFish
SecretKeyFactory was used to generate key for algorithm : PBEWithMD5AndDES
***No SPI or Cipher does not support the algorithm DSA
doFinal1Tests001: Passed. doFinal() successful for all algorithms
***No SPI or Cipher does not support the algorithm DSA
doFinal1Tests002: Passed. doFinal() successful for all algorithms
doFinal1Tests003: Unexpected exception received.
java.security.ProviderException: doFinal() failed
        at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:704)
        at sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:476)
        at sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:459)
        at javax.crypto.Cipher.doFinal(DashoA13*..)
        at javasoft.sqe.tests.api.javax.crypto.Cipher.doFinal1Tests.checkDoFinalDecryption(doFinal1Tests.java:84)
        at javasoft.sqe.tests.api.javax.crypto.Cipher.doFinal1Tests.doFinal1Tests003(doFinal1Tests.java:281)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at javasoft.sqe.javatest.lib.MultiTest.invokeTestCase(MultiTest.java:406)
        at javasoft.sqe.javatest.lib.MultiTest.run(MultiTest.java:195)
        at javasoft.sqe.javatest.lib.MultiTest.run(MultiTest.java:127)
        at javasoft.sqe.tests.api.javax.crypto.Cipher.doFinal1Tests.main(doFinal1Tests.java:341)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ENCRYPTED_DATA_LEN_RANGE
        at sun.security.pkcs11.wrapper.PKCS11.C_DecryptFinal(Native Method)
        at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:691)
        ... 13 more

doFinal1Tests003: Failed. Unexpected Exception: java.security.ProviderException: doFinal() failed, with algorithm: AES, in decrypt mode.
***No SPI or Cipher does not support the algorithm DSA
doFinal1Tests004: Passed. Expected Exception IllegalStateException thrown for all algorithms.
STATUS:Failed.test cases: 4; passed: 3; failed: 1; first test case failure: doFinal1Tests003

Comments
EVALUATION The right exception here is IllegalBlockSizeException instead of ProviderException. This is a duplicate of 6682417.
11-04-2008