corretto / amazon-corretto-crypto-provider

The Amazon Corretto Crypto Provider is a collection of high-performance cryptographic implementations exposed via standard JCA/JCE interfaces.
Apache License 2.0
236 stars 55 forks source link

Make ACCP compatible with SunJCE when decrypting empty array with CBC with padding #382

Closed amirhosv closed 5 months ago

amirhosv commented 5 months ago

Description of changes:

For empty cipher text, SunJCE returns empty plain text when decrypting with padding enabled. This is despite the fact that cipher text with padding is always at least 16 bytes. AWS-LC has a different behavior: EVP_CipherFinal fails when no input is passed during decryption with PKCS7Padding. For compatibility reasons, we follow SunJCE's approach.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.