RFR: 8358159: Empty mode/padding in cipher transformations [v3]
Valerie Peng
valeriep at openjdk.org
Wed Jun 4 18:16:51 UTC 2025
On Wed, 4 Jun 2025 18:06:33 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Varada M has updated the pull request incrementally with one additional commit since the last revision:
>>
>> whitespace error fix
>
> src/java.base/share/classes/javax/crypto/Cipher.java line 393:
>
>> 391: this.suffix = suffix.toUpperCase(Locale.ENGLISH);
>> 392: this.mode = ((mode == null) || mode.isEmpty()) ? null : mode;
>> 393: this.pad = ((pad == null) || pad.isEmpty()) ? null : pad;
>
> Thanks for reporting and fixing this issue.
> Since this is an internal class used solely inside `Cipher` class, instead of changing the empty string to null inside the `Transform` constuctor, we can do that before calling `Transform` constructor. Also if one of `mode` or `pad` is empty, then maybe we don't need all 4 `Transform`s.
For exampl, line 457, 458, we can do something like:
String mode = (parts[1].length() == 0 ? null : parts[1]);
String pad = (parts[2].length() == 0 ? null : parts[2]);
When populating the `list `(after line 467), we can skip the Tranform if the required component is missing, e.g.
List<Transform> list = new ArrayList<>(4);
if ((mode != null) && (pad != null)) {
list.add(new Transform(alg, "/" + mode + "/" + pad, null, null));
}
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25547#discussion_r2127172956
More information about the security-dev
mailing list