RFR: 8360463: Ambiguity in Cipher.getInstance() specification between NoSuchAlgorithmException and NoSuchPaddingException [v3]
Valerie Peng
valeriep at openjdk.org
Wed Aug 20 05:28:41 UTC 2025
On Tue, 19 Aug 2025 23:59:09 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> I wonder if we should list NSPE before NSAE, since NSAE refers to it.
>
> Or, can we just say NSAE is thrown when the specified algorithm and mode are not supported?
Yes, it makes sense to list NSPE before NSAE.
As for the NSAE vs NSPE, it's somewhat complicated due to the various provider registrations documented in the javax.crypto.CipherSpi class. There could be situations which NSAE is thrown besides the unsupported algorithm and/or mode. E.g. provider supports the algorithm and mode and a different padding scheme and registers the support through full transformation instead of only the algorithm and mode. The former case leads to NSAE vs the other one leads to NSPE.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/26489#issuecomment-3204239679
More information about the security-dev
mailing list