RFR: 8358159: Empty mode/padding in cipher transformations [v4]
Valerie Peng
valeriep at openjdk.org
Thu Jun 5 21:25:55 UTC 2025
On Thu, 5 Jun 2025 11:30:42 GMT, Varada M <varadam at openjdk.org> wrote:
>> Omitting the mode/padding in a transformation string eg: "AES/ /NoPadding" throws NoSuchAlgorithmException.
>> This patch restores the behavior by ensuring that empty mode or padding strings are interpreted as null.
>>
>> Testing done for : tier1 - fastdebug level (AIX)
>>
>> JBS: [JDK-8358159](https://bugs.openjdk.org/browse/JDK-8358159)
>
> Varada M has updated the pull request incrementally with one additional commit since the last revision:
>
> 8358159: Empty mode/padding in cipher transformations
src/java.base/share/classes/javax/crypto/Cipher.java line 460:
> 458: String pad = (parts[2].length() == 0 ? null : parts[2]);
> 459:
> 460: if ((mode == null || mode.isEmpty()) && (pad == null || pad.isEmpty())) {
The `mode.isEmpty()` and `pad.isEmpty()` should always be `false` since line 457 and 458 already converted empty String to `null`, right? Looks redundant to me and can be removed.
src/java.base/share/classes/javax/crypto/Cipher.java line 471:
> 469: }
> 470: list.add(new Transform(alg, "/" + mode, null, pad));
> 471: list.add(new Transform(alg, "//" + pad, mode, null));
For these two lines, also do similar check as line 467? E.g. check mode to be non-null for line 470 and check pad to be non-null for line 471.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25547#discussion_r2130435820
PR Review Comment: https://git.openjdk.org/jdk/pull/25547#discussion_r2130442953
More information about the security-dev
mailing list