RFR: 8360463: Ambiguity in Cipher.getInstance() specification between NoSuchAlgorithmException and NoSuchPaddingException [v5]

Weijun Wang weijun at openjdk.org
Fri Aug 22 15:49:55 UTC 2025


On Fri, 22 Aug 2025 05:30:43 GMT, Krushna948 <duke at openjdk.org> wrote:

>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Update to address Weijun's comment.
>
> src/java.base/share/classes/javax/crypto/Cipher.java line 603:
> 
>> 601:      * @throws NoSuchAlgorithmException if {@code transformation}
>> 602:      *         is {@code null}, empty, in an invalid format,
>> 603:      *         or if a {@code CipherSpi} implementation from the specified
> 
> IMO, 
> NoSuchAlgorithmException - if transformation is null, empty, in an invalid format, or if a CipherSpi implementation for the specified **transformation** is not available from the specified provider
> 
> The **transformation** can be linked to the class level mention 
> 
> A transformation is of the form:
> "algorithm/mode/padding" or
> "algorithm"

It's important to point out that when a matched (either full or partial) transform is found, not able to set mode throws an NSAE, while not able to set padding throws an NSPE. So NSAE is related on mode availability and NSPE to padding availability. This is why the current PR need to mention mode here.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26489#discussion_r2294090994


More information about the security-dev mailing list