RFR: 8365883: Fix P11Cipher to throw BadPaddingException for PKCS11 CKR_ENCRYPTED_DATA_INVALID error [v2]
Valerie Peng
valeriep at openjdk.org
Tue Feb 3 22:36:31 UTC 2026
On Tue, 3 Feb 2026 11:10:41 GMT, Mikhail Yankelevich <myankelevich at openjdk.org> wrote:
>> Underlying issue: if provider returns `PKCS11Exception: CKR_ENCRYPTED_DATA_INVALID` instead of BadPaddingException - `java.security.ProviderException: doFinal()` is thrown
>
> Mikhail Yankelevich has updated the pull request incrementally with one additional commit since the last revision:
>
> test changes
test/jdk/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java line 103:
> 101: // NOTE: Skip NSS since it reports CKR_DEVICE_ERROR when
> 102: // the data passed to its EncryptUpdate/DecryptUpdate is
> 103: // not multiple of blocks
When I test against the NSS from the artifactory, I observed NSS returns CKR_ENCRYPTED_DATA_LEN_RANGE
when the data passed to DecryptUpdate() is not multiple of blocks, update the comment accordingly?
test/jdk/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java line 108:
> 106: System.out.println("Testing with wrong cipherText length");
> 107: c2.doFinal(cipherText, 0, cipherText.length - 2);
> 108: throw new RuntimeException("Expected IBSE thrown");
The error message should be "Expected IBSE NOT thrown"?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29503#discussion_r2761273003
PR Review Comment: https://git.openjdk.org/jdk/pull/29503#discussion_r2761276757
More information about the security-dev
mailing list