-
Bug
-
Resolution: Cannot Reproduce
-
P4
-
None
-
5.0, 6
-
None
-
generic, x86
-
generic, windows_2000, windows_xp
There are two issues in the PKCS12KeyStore:
. if an incorrect password is specified, we get a random decryption failure exception rather than a message saying that the password is incorrect. This is because we first try to decrypt and only then verify the MAC:
===
java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
at java.security.KeyStore.load(KeyStore.java:1174)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:715)
at sun.security.tools.KeyTool.run(KeyTool.java:171)
at sun.security.tools.KeyTool.main(KeyTool.java:165)
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.PKCS12PBECipherCore.b(DashoA13*..)
at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1272)
... 4 more
===
. if an empty password is supplied, we get a failure due to division by zero:
===
java.io.IOException: failed to decrypt safe contents entry: java.lang.ArithmeticException: / by zero
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
at java.security.KeyStore.load(KeyStore.java:1174)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:620)
at sun.security.tools.KeyTool.run(KeyTool.java:171)
at sun.security.tools.KeyTool.main(KeyTool.java:165)
Caused by: java.lang.ArithmeticException: / by zero
at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineInit(DashoA13*..)
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1271)
... 4 more
===
The 2nd part is resolved in 6879539.
. if an incorrect password is specified, we get a random decryption failure exception rather than a message saying that the password is incorrect. This is because we first try to decrypt and only then verify the MAC:
===
java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
at java.security.KeyStore.load(KeyStore.java:1174)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:715)
at sun.security.tools.KeyTool.run(KeyTool.java:171)
at sun.security.tools.KeyTool.main(KeyTool.java:165)
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.PKCS12PBECipherCore.b(DashoA13*..)
at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1272)
... 4 more
===
. if an empty password is supplied, we get a failure due to division by zero:
===
java.io.IOException: failed to decrypt safe contents entry: java.lang.ArithmeticException: / by zero
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
at java.security.KeyStore.load(KeyStore.java:1174)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:620)
at sun.security.tools.KeyTool.run(KeyTool.java:171)
at sun.security.tools.KeyTool.main(KeyTool.java:165)
Caused by: java.lang.ArithmeticException: / by zero
at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
at com.sun.crypto.provider.PKCS12PBECipherCore.a(DashoA13*..)
at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineInit(DashoA13*..)
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1271)
... 4 more
===
The 2nd part is resolved in 6879539.
- duplicates
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
JDK-6879539 enable empty password support for pkcs12 keystore
-
- Closed
-