RFR: 8360463: Ambiguity in Cipher.getInstance() specification between NoSuchAlgorithmException and NoSuchPaddingException

Valerie Peng valeriep at openjdk.org
Tue Aug 12 23:56:11 UTC 2025 

On Thu, 31 Jul 2025 03:44:27 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> This PR is for clarifying the `NoSuchAlgorithmException` and `NoSuchPaddingException` for the `Cipher.getInstance(String transformation, Provider provider)` and `Cipher.getInstance(String transformation, String provider)` methods.
>> 
>> As stated in `javax.crypto.CipherSpi` class, provider has the flexibility to register their implementations through various sub-transformations. As a result, depending on how the providers register the implementation, it may lead to `NoSuchAlgorithmException` or `NoSuchPaddingException`. For example, the provider A registers to support "AES/CBC/PKCS5Padding" vs provider B registers to support "AES" (but would only accept "CBC" and "PKCS5Padding" as the valid input for setting mode and padding). Calling `Cipher.getInstance(...)` with "AES/CBC/NoPadding" against provider A and B would lead to `NoSuchAlgorithmException` and `NoSuchPaddingException`. This javadoc update hope to make it clear.
>> 
>> Thanks in advance for the review~
>> Valerie
>
> src/java.base/share/classes/javax/crypto/Cipher.java line 609:
> 
>> 607:      *
>> 608:      * @throws NoSuchPaddingException if a {@code CipherSpi} object
>> 609:      *         from the {@code provider} is found using the algorithm
> 
> Suggest to s/from the/from the specified, and to make the same changes in this method at lines #567 and #568, s/the specified provider/the specified {@code provider}.

Sure, will change~

> src/java.base/share/classes/javax/crypto/Cipher.java line 683:
> 
>> 681:      *         by the {@code NoSuchPaddingException}
>> 682:      *
>> 683:      * @throws NoSuchPaddingException if the {@code CipherSpi} object
> 
> same suggestion as above.

Yes

> src/java.base/share/classes/javax/crypto/Cipher.java line 684:
> 
>> 682:      *
>> 683:      * @throws NoSuchPaddingException if the {@code CipherSpi} object
>> 684:      *         from the {@code provider} is found using the algorithm
> 
> same suggestion as above.

Yes

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26489#discussion_r2271635504
PR Review Comment: https://git.openjdk.org/jdk/pull/26489#discussion_r2271641203
PR Review Comment: https://git.openjdk.org/jdk/pull/26489#discussion_r2271641724

More information about the security-dev mailing list