The JCE spec for Cipher.doFinal states:
"Upon finishing, this method resets this cipher object to the state it was in
when previously initialized via a call to init. That is, the object is reset and
available to encrypt or decrypt (depending on the operation mode that was
specified in the call to init) more data."
However, the various doFinal() methods of the Cipher class reset the cipher to
an uninitialized state. Subsequent calls to update() or doFinal() result in an
IllegalStateException.
The Cipher class contains the following in several doFinal methods:
...
if (state != ENCRYPT_MODE && state != DECRYPT_MODE)
{
throw new IllegalStateException("neither encrypting nor decrypting");
}
state = INITIAL_STATE;
...
The state of the cipher should not be set to INITIAL_STATE after doFinal but
remain either in ENCRYPT_MODE or DECRYPT_MODE. All of the doFinal methods are
affected by this bug.
This is my first bug report here, so please let me know if more information is
needed such as an executable example. I'm also not sure (since I didn't see it
in the bug writing guidelines) whether I sould attach a patch for this bug.
The same problem also exists in the latest Classpath codebase.
--
Summary: doFinal() methods in javax.crypto.Cipher incorrectly
resetting cipher state
Product: gcc
Version: 4.0.1
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libgcj
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: qianzwang at yahoo dot com
CC: gcc-bugs at gcc dot gnu dot org,java-prs at gcc dot gnu
dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23768
