RFR: 8360463: Ambiguity in Cipher.getInstance() specification between NoSuchAlgorithmException and NoSuchPaddingException

Hai-May Chao hchao at openjdk.org
Thu Jul 31 03:49:02 UTC 2025 

On Fri, 25 Jul 2025 23:39:54 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

> This PR is for clarifying the `NoSuchAlgorithmException` and `NoSuchPaddingException` for the `Cipher.getInstance(String transformation, Provider provider)` and `Cipher.getInstance(String transformation, String provider)` methods.
> 
> As stated in `javax.crypto.CipherSpi` class, provider has the flexibility to register their implementations through various sub-transformations. As a result, depending on how the providers register the implementation, it may lead to `NoSuchAlgorithmException` or `NoSuchPaddingException`. For example, the provider A registers to support "AES/CBC/PKCS5Padding" vs provider B registers to support "AES" (but would only accept "CBC" and "PKCS5Padding" as the valid input for setting mode and padding). Calling `Cipher.getInstance(...)` with "AES/CBC/NoPadding" against provider A and B would lead to `NoSuchAlgorithmException` and `NoSuchPaddingException`. This javadoc update hope to make it clear.
> 
> Thanks in advance for the review~
> Valerie

Changes look good with minor suggestions.

src/java.base/share/classes/javax/crypto/Cipher.java line 608:

> 606:      *         {@code NoSuchPaddingException}
> 607:      *
> 608:      * @throws NoSuchPaddingException if a {@code CipherSpi} object

suggest to s/{@code CipherSpi} object/{@code CipherSpi} implementation, consistent with other places.

src/java.base/share/classes/javax/crypto/Cipher.java line 609:

> 607:      *
> 608:      * @throws NoSuchPaddingException if a {@code CipherSpi} object
> 609:      *         from the {@code provider} is found using the algorithm

Suggest to s/from the/from the specified, and to make the same changes in this method at lines #567 and #568, s/the specified provider/the specified {@code provider}.

src/java.base/share/classes/javax/crypto/Cipher.java line 683:

> 681:      *         by the {@code NoSuchPaddingException}
> 682:      *
> 683:      * @throws NoSuchPaddingException if the {@code CipherSpi} object

same suggestion as above.

src/java.base/share/classes/javax/crypto/Cipher.java line 684:

> 682:      *
> 683:      * @throws NoSuchPaddingException if the {@code CipherSpi} object
> 684:      *         from the {@code provider} is found using the algorithm

same suggestion as above.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/26489#issuecomment-3138460401
PR Review Comment: https://git.openjdk.org/jdk/pull/26489#discussion_r2244278144
PR Review Comment: https://git.openjdk.org/jdk/pull/26489#discussion_r2244278400
PR Review Comment: https://git.openjdk.org/jdk/pull/26489#discussion_r2244278505
PR Review Comment: https://git.openjdk.org/jdk/pull/26489#discussion_r2244278565

More information about the security-dev mailing list