RFR: 8359388: Stricter checking for cipher transformations
Valerie Peng
valeriep at openjdk.org
Fri Jun 13 17:36:51 UTC 2025
Based on the javadoc of `javax.crypto.Cipher` class, the cipher transformation should be either "algorithm/mode/padding" or
"algorithm". When parsing the transformation, space(s) is trimmed off and empty strings are considered as "unspecified". This PR adds checks to ensure that transformations with empty "mode" and/or "padding" value in the "algorithm/mode/padding" form leads to `NoSuchAlgorithmException`. This reverts some changes made in [https://bugs.openjdk.org/browse/JDK-8358159](https://bugs.openjdk.org/browse/JDK-8358159) which allows empty mode and/or padding in the transformations.
Tier1 - 3 Mach5 job: https://mach5.us.oracle.com/mdash/jobs/vpeng-jdkOh3-20250613-0441-29515109
JCK javax_crypto and java_security Mach5 job: https://mach5.us.oracle.com/mdash/jobs/vpeng-jdkOh3-20250613-0624-29519811
Thanks in advance for the review~
-------------
Commit messages:
- 8359388: Stricter checking for cipher transformations
Changes: https://git.openjdk.org/jdk/pull/25808/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=25808&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8359388
Stats: 87 lines in 2 files changed: 39 ins; 13 del; 35 mod
Patch: https://git.openjdk.org/jdk/pull/25808.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/25808/head:pull/25808
PR: https://git.openjdk.org/jdk/pull/25808
More information about the security-dev
mailing list