8360463: Ambiguity in Cipher.getInstance() specification between NoSuchAlgorithmException and NoSuchPaddingException #26489
Conversation
…chAlgorithmException and NoSuchPaddingException
|
👋 Welcome back valeriep! A progress list of the required criteria for merging this PR into |
|
@valeriepeng This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 794 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
|
@valeriepeng The following label will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command. |
|
/csr |
|
@valeriepeng has indicated that a compatibility and specification (CSR) request is needed for this pull request. @valeriepeng please create a CSR request for issue JDK-8360463 with the correct fix version. This pull request cannot be integrated until the CSR request is approved. |
Webrevs
|
|
Changes look good with minor suggestions. |
| * | ||
| * @throws NoSuchPaddingException if {@code transformation} | ||
| * contains a padding scheme that is not available | ||
| * @throws NoSuchPaddingException if a {@code CipherSpi} object |
There was a problem hiding this comment.
Sure, will change~
| * @throws NoSuchPaddingException if {@code transformation} | ||
| * contains a padding scheme that is not available | ||
| * @throws NoSuchPaddingException if a {@code CipherSpi} object | ||
| * from the {@code provider} is found using the algorithm |
There was a problem hiding this comment.
Sure, will change~
| * | ||
| * @throws NoSuchPaddingException if {@code transformation} | ||
| * contains a padding scheme that is not available | ||
| * @throws NoSuchPaddingException if the {@code CipherSpi} object |
There was a problem hiding this comment.
same suggestion as above.
| * @throws NoSuchPaddingException if {@code transformation} | ||
| * contains a padding scheme that is not available | ||
| * @throws NoSuchPaddingException if the {@code CipherSpi} object | ||
| * from the {@code provider} is found using the algorithm |
There was a problem hiding this comment.
same suggestion as above.
|
Is it worth demonstrating the different behaviors with a test? |
This is covered by existing TCK test and thus the request for clarification. This is provider-specific, i.e. depending on how provider registers its implementation, it may leads to different exceptions. Given that the difference is only the type of exception, e.g. |
|
I wonder if we should list NSPE before NSAE, since NSAE refers to it. Or, can we just say NSAE is thrown when the specified algorithm and mode are not supported? |
|
Also, is this consistent among other security providers? |
I see your point to list NSPE before NSAE. However, it seems that the exceptions are currently ordered alphabetically... Given the NSAE under As for the NSAE vs NSPE, it's somewhat complicated due to the various provider registrations documented in the javax.crypto.CipherSpi class. There could be situations which NSAE is thrown besides the unsupported algorithm and/or mode. E.g. provider supports the algorithm and mode and a different padding scheme and registers the support through full transformation instead of only the algorithm and mode. The former case leads to NSAE vs the other one leads to NSPE. |
Whether it's NSAE or NSPE depends on how security provider registers the support. The updated wording in the PR reflects the current JCA behavior, i.e. Cipher lookup, and should be consistent across providers. |
in NoSuchAlgorithmException
| * contains a padding scheme that is not available | ||
| * @throws NoSuchPaddingException if a {@code CipherSpi} implementation | ||
| * from the specified {@code provider} is found but it does not | ||
| * support the padding scheme |
There was a problem hiding this comment.
The wording is correct now. Small nit: the NSAE one uses "but does not" and the NSPE one uses "but it does not". You might want to make them the same.
| * or if a {@code CipherSpi} implementation for the | ||
| * specified algorithm is not available from the specified | ||
| * provider | ||
| * or if a {@code CipherSpi} implementation from the specified |
There was a problem hiding this comment.
IMO,
NoSuchAlgorithmException - if transformation is null, empty, in an invalid format, or if a CipherSpi implementation for the specified transformation is not available from the specified provider
The transformation can be linked to the class level mention
A transformation is of the form:
"algorithm/mode/padding" or
"algorithm"
There was a problem hiding this comment.
It's important to point out that when a matched (either full or partial) transform is found, not able to set mode throws an NSAE, while not able to set padding throws an NSPE. So NSAE is related on mode availability and NSPE to padding availability. This is why the current PR need to mention mode here.
to match the javadoc
| System.out.println("Expected transformation: " + transformation); | ||
| } | ||
| } catch (NoSuchAlgorithmException e) { | ||
| } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { |
There was a problem hiding this comment.
I think it would be good to enhance this test to distinguish between the expected exceptions for each transformation.
There was a problem hiding this comment.
Well, which exception is thrown depends on which provider is used and how it registers its implementations. Pinpointing the exact Exception would require running the test against a specific provider which we know how the implementations are registered. Without tying the test to a specific provider, existing transformations in this test may lead to either NSAE or NSPE, thus I just add NSPE to the catch clause. I can add more transformations which would lead to only NSAE assuming this is what you want to see?
There was a problem hiding this comment.
I think it is ok to assume the JDK provider configuration has not been changed.
Wouldn't "ChaCha20/None/PKCS5Padding" and ""ChaCha20-Poly1305/None/PKCS5Padding"" always throw NoSuchPaddingException, assuming the current JDK configuration is not changed? Maybe instead of passing a boolean expected parameter, you could pass the expected Exception, or null if none expected.
There was a problem hiding this comment.
Yes, I have adopted your suggestion.
| ("Cannot find any provider supporting " + transformation, failure); | ||
| if (failure instanceof NoSuchPaddingException nspe) { | ||
| throw nspe; | ||
| } else { |
There was a problem hiding this comment.
Small nit, you don't need the else block here.
| checkTransformation("ChaCha20-Poly1305/ECB/NoPadding", false); | ||
| checkTransformation("ChaCha20-Poly1305/None/PKCS5Padding", false); | ||
| checkTransformation("ChaCha20/ECB/NoPadding", Expected.NSAE_OR_NSPE); | ||
| checkTransformation("ChaCha20/None/PKCS5Padding", Expected.NSAE_OR_NSPE); |
There was a problem hiding this comment.
Isn't this always going to throw NSPE given the current provider configuration? Also, same comment on line 88.
There was a problem hiding this comment.
I can explicit specify SunJCE provider in the getInstance(...) call and then match the specific exception based on its impl.
exception per Sean's suggestion
|
Release Note is filed @ https://bugs.openjdk.org/browse/JDK-8367577 |
Made a couple of edits but otherwise looks fine. Also, you can use markdown instead of html, if you like. |
Is it common to use italics instead of |
| * transformation | ||
| * | ||
| * @throws NoSuchAlgorithmException if {@code transformation} | ||
| * is {@code null}, empty, in an invalid format, |
There was a problem hiding this comment.
Not related to this change, but do we need an "or" before "in an valid format"?
There was a problem hiding this comment.
Hmm, how about this?
@throws NoSuchAlgorithmException if {@code transformation}
is {@code null}, empty or in an invalid format,
or if a {@code CipherSpi} implementation is not found or
is found but does not support the mode
There was a problem hiding this comment.
A semi-colon (instead of a comma) after "format" might also help separate the 2 main error conditions:
@throws NoSuchAlgorithmException if {@code transformation}
is {@code null}, empty or in an invalid format;
or if a {@code CipherSpi} implementation is not found or
is found but does not support the mode
There was a problem hiding this comment.
Sure, will use this. Thanks for the suggestions @wangweij @seanjmullan
There was a problem hiding this comment.
Now that we are using semi-colon, do we dare add back the commas?
There was a problem hiding this comment.
Don't think it makes a significant difference.
|
/integrate |
|
Going to push as commit 5c596e2.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
|
@valeriepeng Pushed as commit 5c596e2. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
5 participants
This PR is for clarifying the
NoSuchAlgorithmExceptionandNoSuchPaddingExceptionfor theCipher.getInstance(String transformation, Provider provider)andCipher.getInstance(String transformation, String provider)methods.As stated in
javax.crypto.CipherSpiclass, provider has the flexibility to register their implementations through various sub-transformations. As a result, depending on how the providers register the implementation, it may lead toNoSuchAlgorithmExceptionorNoSuchPaddingException. For example, the provider A registers to support "AES/CBC/PKCS5Padding" vs provider B registers to support "AES" (but would only accept "CBC" and "PKCS5Padding" as the valid input for setting mode and padding). CallingCipher.getInstance(...)with "AES/CBC/NoPadding" against provider A and B would lead toNoSuchAlgorithmExceptionandNoSuchPaddingException. This javadoc update hope to make it clear.Thanks in advance for the review~
Valerie
Progress
Issues
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/26489/head:pull/26489$ git checkout pull/26489Update a local copy of the PR:
$ git checkout pull/26489$ git pull https://git.openjdk.org/jdk.git pull/26489/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 26489View PR using the GUI difftool:
$ git pr show -t 26489Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/26489.diff
Using Webrev
Link to Webrev Comment