On Tue, 28 Jun 2022 13:20:53 GMT, zzambers <d...@openjdk.org> wrote: >> SunPkcs11 provider throws out of bounds exception during encryption when >> specific conditions are met. >> >> Exception: >> >> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: Array >> index out of range: 32 >> at java.base/java.util.Arrays.rangeCheck(Arrays.java:725) >> at java.base/java.util.Arrays.fill(Arrays.java:3308) >> at >> jdk.crypto.cryptoki/sun.security.pkcs11.P11Cipher$PKCS5Padding.setPaddingBytes(P11Cipher.java:96) >> at >> jdk.crypto.cryptoki/sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:813) >> at >> jdk.crypto.cryptoki/sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:585) >> at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2417) >> ... >> >> >> Details: >> This problems happens when reqBlockUpdates is true and implUpdate, which >> does not end on block boundary, is performed followed by final implUpdate, >> which ends exactly on block boundary. In that case final implUpdate fills >> padBuffer and then just returns. [1] Following implDoFinal then tries to add >> padding and throws OOB exception. Problem is, that in this case (input is >> multiple of block size) whole padding block should be added, but there is no >> space for it in padBuffer causing OOB exception. >> >> Solution: >> Solution is to detect this case (implDoFinal is called with full padBuffer) >> and to perform additional C_EncryptUpdate to free up padBuffer so that >> padBuffer can than be used to add whole new padding block. >> >> [1] >> https://github.com/openjdk/jdk/blob/d4eeeb82cb2288973a6a247c54513f7e1c6b58f0/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java#L622 > > zzambers has updated the pull request incrementally with one additional > commit since the last revision: > > Bug number and copyright date
I have fixed all the issues, jdk_security tests passed for me (with these changes). Thanks ------------- PR: https://git.openjdk.org/jdk/pull/9310
