On Tue, 3 Feb 2026 11:10:41 GMT, Mikhail Yankelevich <[email protected]>
wrote:
>> Underlying issue: if provider returns `PKCS11Exception:
>> CKR_ENCRYPTED_DATA_INVALID` instead of BadPaddingException -
>> `java.security.ProviderException: doFinal()` is thrown
>
> Mikhail Yankelevich has updated the pull request incrementally with one
> additional commit since the last revision:
>
> test changes
test/jdk/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java line 103:
> 101: // NOTE: Skip NSS since it reports CKR_DEVICE_ERROR
> when
> 102: // the data passed to its
> EncryptUpdate/DecryptUpdate is
> 103: // not multiple of blocks
When I test against the NSS from the artifactory, I observed NSS returns
CKR_ENCRYPTED_DATA_LEN_RANGE
when the data passed to DecryptUpdate() is not multiple of blocks, update the
comment accordingly?
test/jdk/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java line 108:
> 106: System.out.println("Testing with wrong
> cipherText length");
> 107: c2.doFinal(cipherText, 0, cipherText.length
> - 2);
> 108: throw new RuntimeException("Expected IBSE
> thrown");
The error message should be "Expected IBSE NOT thrown"?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29503#discussion_r2761273003
PR Review Comment: https://git.openjdk.org/jdk/pull/29503#discussion_r2761276757
