RFR: 8360463: Ambiguity in Cipher.getInstance() specification between NoSuchAlgorithmException and NoSuchPaddingException [v6]

Valerie Peng valeriep at openjdk.org
Fri Aug 22 21:48:09 UTC 2025


> This PR is for clarifying the `NoSuchAlgorithmException` and `NoSuchPaddingException` for the `Cipher.getInstance(String transformation, Provider provider)` and `Cipher.getInstance(String transformation, String provider)` methods.
> 
> As stated in `javax.crypto.CipherSpi` class, provider has the flexibility to register their implementations through various sub-transformations. As a result, depending on how the providers register the implementation, it may lead to `NoSuchAlgorithmException` or `NoSuchPaddingException`. For example, the provider A registers to support "AES/CBC/PKCS5Padding" vs provider B registers to support "AES" (but would only accept "CBC" and "PKCS5Padding" as the valid input for setting mode and padding). Calling `Cipher.getInstance(...)` with "AES/CBC/NoPadding" against provider A and B would lead to `NoSuchAlgorithmException` and `NoSuchPaddingException`. This javadoc update hope to make it clear.
> 
> Thanks in advance for the review~
> Valerie

Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:

  Applied javadoc changes to getInstance(String) method and made the impl
  to match the javadoc

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/26489/files
  - new: https://git.openjdk.org/jdk/pull/26489/files/e057f88a..9b2a09f7

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=26489&range=05
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=26489&range=04-05

  Stats: 15 lines in 2 files changed: 6 ins; 0 del; 9 mod
  Patch: https://git.openjdk.org/jdk/pull/26489.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/26489/head:pull/26489

PR: https://git.openjdk.org/jdk/pull/26489


More information about the security-dev mailing list