JDK-6682411 : JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 7
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: solaris
  • CPU: generic
  • Submitted: 2008-03-31
  • Updated: 2011-05-17
  • Resolved: 2011-05-17
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u14Fixed 7 b26Fixed
Description
The current PKCS5Padding implementation in SunPKCS11 provider assumes that there is at least one padding byte available. However, this assumption isn't true when the user calles doFinal() without any data in decrypt mode. Certain classes, e.g. javax.crypto.CipherInput/OutputStream, use an empty doFinal() call as a way to discard the remaining data when its close() is called.

For scenarios like this, the method should throw BadPaddingException instead of ArrayIndexOutOfBoundException.

Comments
EVALUATION will fix
2008-03-31