For empty cipher text, SunJCE returns empty plain text when decrypting with padding enabled. This is despite the fact that cipher text with padding is always at least 16 bytes. AWS-LC has a different behavior: EVP_CipherFinal fails when no input is passed during decryption with PKCS7Padding. For compatibility reasons, we follow SunJCE's approach.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Description of changes:
For empty cipher text, SunJCE returns empty plain text when decrypting with padding enabled. This is despite the fact that cipher text with padding is always at least 16 bytes. AWS-LC has a different behavior:
EVP_CipherFinal
fails when no input is passed during decryption with PKCS7Padding. For compatibility reasons, we follow SunJCE's approach.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.