From dde76394d5fd7fa4b40fef5516acca3d24df4ee5 Mon Sep 17 00:00:00 2001 From: Sean Coffey Date: Wed, 24 Aug 2016 17:57:20 +0100 Subject: [PATCH] 8150530: Improve javax.crypto.BadPaddingException messages Reviewed-by: xuelei --- .../com/sun/crypto/provider/CipherCore.java | 5 +++-- .../classes/sun/security/rsa/RSAPadding.java | 7 ++++-- .../classes/sun/security/ssl/CipherBox.java | 22 ++++++++++++++----- .../sun/security/pkcs11/P11RSACipher.java | 4 +++- 4 files changed, 27 insertions(+), 11 deletions(-) diff --git a/jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java b/jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java index 592ec411407..106ee91392c 100644 --- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java +++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java @@ -986,8 +986,9 @@ final class CipherCore { if (padding != null) { int padStart = padding.unpad(outWithPadding, 0, outLen); if (padStart < 0) { - throw new BadPaddingException("Given final block not " - + "properly padded"); + throw new BadPaddingException("Given final block not " + + "properly padded. Such issues can arise if a bad key " + + "is used during decryption."); } outLen = padStart; } diff --git a/jdk/src/java.base/share/classes/sun/security/rsa/RSAPadding.java b/jdk/src/java.base/share/classes/sun/security/rsa/RSAPadding.java index d236c346d87..d757a192b81 100644 --- a/jdk/src/java.base/share/classes/sun/security/rsa/RSAPadding.java +++ b/jdk/src/java.base/share/classes/sun/security/rsa/RSAPadding.java @@ -253,7 +253,8 @@ public final class RSAPadding { public byte[] pad(byte[] data) throws BadPaddingException { if (data.length > maxDataSize) { throw new BadPaddingException("Data must be shorter than " - + (maxDataSize + 1) + " bytes"); + + (maxDataSize + 1) + " bytes but received " + + data.length + " bytes."); } switch (type) { case PAD_NONE: @@ -281,7 +282,9 @@ public final class RSAPadding { */ public byte[] unpad(byte[] padded) throws BadPaddingException { if (padded.length != paddedSize) { - throw new BadPaddingException("Decryption error"); + throw new BadPaddingException("Decryption error." + + "The padded array length (" + padded.length + + ") is not the specified padded size (" + paddedSize + ")"); } switch (type) { case PAD_NONE: diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/CipherBox.java b/jdk/src/java.base/share/classes/sun/security/ssl/CipherBox.java index 57a3e1e8aa6..2056d2fe7a2 100644 --- a/jdk/src/java.base/share/classes/sun/security/ssl/CipherBox.java +++ b/jdk/src/java.base/share/classes/sun/security/ssl/CipherBox.java @@ -493,7 +493,9 @@ final class CipherBox { if (protocolVersion.useTLS11PlusSpec()) { if (newLen < blockSize) { - throw new BadPaddingException("invalid explicit IV"); + throw new BadPaddingException("The length after " + + "padding removal (" + newLen + ") should be larger " + + "than <" + blockSize + "> since explicit IV used"); } } } @@ -504,7 +506,6 @@ final class CipherBox { } } - /* * Decrypts a block of data, returning the size of the * resulting block if padding was required. position and limit @@ -575,7 +576,9 @@ final class CipherBox { // check the explicit IV of TLS v1.1 or later if (protocolVersion.useTLS11PlusSpec()) { if (newLen < blockSize) { - throw new BadPaddingException("invalid explicit IV"); + throw new BadPaddingException("The length after " + + "padding removal (" + newLen + ") should be larger " + + "than <" + blockSize + "> since explicit IV used"); } // reset the position to the end of the decrypted data @@ -756,7 +759,9 @@ final class CipherBox { // so accept that as well // v3 does not require any particular value for the other bytes if (padLen > blockSize) { - throw new BadPaddingException("Invalid SSLv3 padding"); + throw new BadPaddingException("Padding length (" + + padLen + ") of SSLv3 message should not be bigger " + + "than the block size (" + blockSize + ")"); } } return newLen; @@ -802,7 +807,9 @@ final class CipherBox { // so accept that as well // v3 does not require any particular value for the other bytes if (padLen > blockSize) { - throw new BadPaddingException("Invalid SSLv3 padding"); + throw new BadPaddingException("Padding length (" + + padLen + ") of SSLv3 message should not be bigger " + + "than the block size (" + blockSize + ")"); } } @@ -925,7 +932,10 @@ final class CipherBox { case AEAD_CIPHER: if (bb.remaining() < (recordIvSize + tagSize)) { throw new BadPaddingException( - "invalid AEAD cipher fragment"); + "Insufficient buffer remaining for AEAD cipher " + + "fragment (" + bb.remaining() + "). Needs to be " + + "more than or equal to IV size (" + recordIvSize + + ") + tag size (" + tagSize + ")"); } // initialize the AEAD cipher for the unique IV diff --git a/jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11RSACipher.java b/jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11RSACipher.java index 58a4e2f545d..164ae0c6c02 100644 --- a/jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11RSACipher.java +++ b/jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11RSACipher.java @@ -358,7 +358,9 @@ final class P11RSACipher extends CipherSpi { System.arraycopy(buffer, 0, tmpBuffer, 0, bufOfs); tmpBuffer = p11.C_Sign(session.id(), tmpBuffer); if (tmpBuffer.length > outLen) { - throw new BadPaddingException("Output buffer too small"); + throw new BadPaddingException( + "Output buffer (" + outLen + ") is too small to " + + "hold the produced data (" + tmpBuffer.length + ")"); } System.arraycopy(tmpBuffer, 0, out, outOfs, tmpBuffer.length); n = tmpBuffer.length;