RFR: 8358159: Empty mode/padding in cipher transformations [v3]
Valerie Peng
valeriep at openjdk.org
Wed Jun 4 18:09:54 UTC 2025
On Wed, 4 Jun 2025 10:37:28 GMT, Varada M <varadam at openjdk.org> wrote:
>> Omitting the mode/padding in a transformation string eg: "AES/ /NoPadding" throws NoSuchAlgorithmException.
>> This patch restores the behavior by ensuring that empty mode or padding strings are interpreted as null.
>>
>> Testing done for : tier1 - fastdebug level (AIX)
>>
>> JBS: [JDK-8358159](https://bugs.openjdk.org/browse/JDK-8358159)
>
> Varada M has updated the pull request incrementally with one additional commit since the last revision:
>
> whitespace error fix
src/java.base/share/classes/javax/crypto/Cipher.java line 393:
> 391: this.suffix = suffix.toUpperCase(Locale.ENGLISH);
> 392: this.mode = ((mode == null) || mode.isEmpty()) ? null : mode;
> 393: this.pad = ((pad == null) || pad.isEmpty()) ? null : pad;
Thanks for reporting and fixing this issue.
Since this is an internal class used solely inside `Cipher` class, instead of changing the empty string to null inside the `Transform` constuctor, we can do that before calling `Transform` constructor. Also if one of `mode` or `pad` is empty, then maybe we don't need all 4 `Transform`s.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25547#discussion_r2127160213
More information about the security-dev
mailing list