RFR: 8150530:Improve javax.crypto.BadPaddingException messages
Xuelei Fan
xuelei.fan at oracle.com
Mon Aug 22 10:06:24 UTC 2016
Minor comments:
CipherCore.java
---------------
"... could arise if a bad key or password is used during decryption."
"password" may be confusing for some user cases. This could also happen
if bad key used for encryption. I may just say "could arise if a bad
key used."
RSAPadding.java
---------------
I may prefer to use a sentence for the exception message. For example:
"Data must be shorter than ... bytes, but received ... bytes"
"The pad array length (padded.length) is not the specified pad size
(paddedSize) "
CipherBox.java
--------------
I may not use the internal variable name in the exception message. It
might be easier to read:
496/580: "The padding removed text (newLen bytes) should be bigger than
<blockSize> as explicit IV used."
763/810: "The padding length (padLen) of SSLv3 message should not bigger
than the block size (blockSize)."
934: "Insufficient buffer for AEAD cipher fragment, needs more than
(recordIvSize + tagSize) bytes, but only (bb.remaining()) remains in the
buffer"
P11RSACipher.java
-----------------
360: "The output buffer (outLen bytes) is too small to hold the produced
data (tmpBuffer.length bytes)"
Thanks,
Xuelei
On 8/22/2016 3:56 PM, Seán Coffey wrote:
> Looking to improve some of the messages used in generation of
> BadPaddingException messages. The 'Given final block not properly
> padded' one in particular has caused confusion for some users in the past.
>
> JBS report : https://bugs.openjdk.java.net/browse/JDK-8150530
> webrev : http://cr.openjdk.java.net/~coffeys/webrev.8150530/webrev/
>
More information about the security-dev
mailing list