Skip to content

8360463: Ambiguity in Cipher.getInstance() specification between NoSuchAlgorithmException and NoSuchPaddingException #26489

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
+30 −22
Open

8360463: Ambiguity in Cipher.getInstance() specification between NoSuchAlgorithmException and NoSuchPaddingException #26489

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2bedc41
8360463: Ambiguity in Cipher.getInstance() specification between NoSu…
valeriepeng Jul 25, 2025
aa99296
Address review comments from Haimay.
valeriepeng Aug 12, 2025
92ae5bc
Added a missing "specified" for consistency.
valeriepeng Aug 13, 2025
6f19aed
Revised the wording again to avoid referring to NoSuchPaddingException
valeriepeng Aug 21, 2025
e057f88
Update to address Weijun's comment.
valeriepeng Aug 21, 2025
9b2a09f
Applied javadoc changes to getInstance(String) method and made the impl
valeriepeng Aug 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 26 additions & 19 deletions src/java.base/share/classes/javax/crypto/Cipher.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -505,11 +505,11 @@ private static Transform getTransform(Service s,
*
* @throws NoSuchAlgorithmException if {@code transformation}
* is {@code null}, empty, in an invalid format,
* or if no provider supports a {@code CipherSpi}
* implementation for the specified algorithm
* or if a {@code CipherSpi} implementation is not found, or
* is found but does not support the mode
*
* @throws NoSuchPaddingException if {@code transformation}
* contains a padding scheme that is not available
* @throws NoSuchPaddingException if a {@code CipherSpi} implementation
* is found but does not support the padding scheme
*
* @see java.security.Provider
*/
Expand Down Expand Up @@ -555,17 +555,22 @@ public static final Cipher getInstance(String transformation)
failure = e;
}
}
throw new NoSuchAlgorithmException
("Cannot find any provider supporting " + transformation, failure);
if (failure instanceof NoSuchPaddingException nspe) {
throw nspe;
} else {
throw new NoSuchAlgorithmException
("Cannot find any provider supporting " + transformation,
failure);
}
}

/**
* Returns a {@code Cipher} object that implements the specified
* transformation.
*
* <p> A new {@code Cipher} object encapsulating the
* {@code CipherSpi} implementation from the specified provider
* is returned. The specified provider must be registered
* {@code CipherSpi} implementation from the specified {@code provider}
* is returned. The specified {@code provider} must be registered
* in the security provider list.
*
* <p> Note that the list of registered providers may be retrieved via
Expand Down Expand Up @@ -600,14 +605,15 @@ public static final Cipher getInstance(String transformation)
*
* @throws NoSuchAlgorithmException if {@code transformation}
* is {@code null}, empty, in an invalid format,
* or if a {@code CipherSpi} implementation for the
* specified algorithm is not available from the specified
* provider
* or if a {@code CipherSpi} implementation from the specified
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO,
NoSuchAlgorithmException - if transformation is null, empty, in an invalid format, or if a CipherSpi implementation for the specified transformation is not available from the specified provider

The transformation can be linked to the class level mention

A transformation is of the form:
"algorithm/mode/padding" or
"algorithm"

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's important to point out that when a matched (either full or partial) transform is found, not able to set mode throws an NSAE, while not able to set padding throws an NSPE. So NSAE is related on mode availability and NSPE to padding availability. This is why the current PR need to mention mode here.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for clarifying this.

* {@code provider} is not found, or is found but does not support
* the mode
*
* @throws NoSuchPaddingException if {@code transformation}
* contains a padding scheme that is not available
* @throws NoSuchPaddingException if a {@code CipherSpi} implementation
* from the specified {@code provider} is found but does not
* support the padding scheme
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The wording is correct now. Small nit: the NSAE one uses "but does not" and the NSPE one uses "but it does not". You might want to make them the same.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, will do.

*
* @throws NoSuchProviderException if the specified provider is not
* @throws NoSuchProviderException if the specified {@code provider} is not
* registered in the security provider list
*
* @see java.security.Provider
Expand Down Expand Up @@ -673,12 +679,13 @@ private String getProviderName() {
*
* @throws NoSuchAlgorithmException if {@code transformation}
* is {@code null}, empty, in an invalid format,
* or if a {@code CipherSpi} implementation for the
* specified algorithm is not available from the specified
* {@code provider} object
* or if a {@code CipherSpi} implementation from the specified
* {@code provider} is not found, or is found but does not support
* the mode
*
* @throws NoSuchPaddingException if {@code transformation}
* contains a padding scheme that is not available
* @throws NoSuchPaddingException if a {@code CipherSpi} implementation
* from the specified {@code provider} is found but does not
* support the padding scheme
*
* @see java.security.Provider
*/
Expand Down
7 changes: 4 additions & 3 deletions test/jdk/com/sun/crypto/provider/Cipher/ChaCha20/unittest/ChaCha20CipherUnitTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand All @@ -23,7 +23,7 @@

/*
* @test
* @bug 8153029
* @bug 8153029 8360463
* @library /test/lib
* @run main ChaCha20CipherUnitTest
* @summary Unit test for com.sun.crypto.provider.ChaCha20Cipher.
Expand All @@ -38,6 +38,7 @@
import java.util.HexFormat;

import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.ChaCha20ParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
Expand Down Expand Up @@ -87,7 +88,7 @@ private static void checkTransformation(String transformation,
} else {
System.out.println("Expected transformation: " + transformation);
}
} catch (NoSuchAlgorithmException e) {
} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
if (!expected) {
System.out.println("Unexpected transformation: " + transformation);
} else {
Expand Down