-
CSR
-
Resolution: Approved
-
P4
-
None
-
behavioral
-
low
-
CTR, CTS and GCM modes do not require padding. So, it should be rare for this problem to be encountered. If it did occur, it is better to error out early instead of proceed as usual and return wrong result.
-
Other
-
Implementation
The changes have been integrated into JDK14 as a bug fix. This retroactive CSR is filed for reviewing the integrated changes.
Summary
Change SunJCE provider to throw NoSuchAlgorithmException or NoSuchPaddingException when CTR, CTS and GCM modes are requested with PKCS5Padding for a Cipher instance. Prior to the fix, it silently ignored the requested PKCS5Padding and proceeded as if no padding is requested.
Problem
SunJCE provider does not support padding to be used with CTR, CTS and GCM modes. For other paddings, SunJCE provider will throw exception indicating that these modes can only be used with "NoPadding". However, for PKCS5Padding, it fails to throw exception and instead ignores the PKCS5Padding request and proceeds. This is inconsistent and misleading.
Solution
Change SunJCE provider to throw exception for PKCS5Padding just like other paddings when CTR, CTS, and GCM modes are requested for a Cipher instance. Depending on the call sequence and call path, NoSuchAlgorithmException or NoSuchPaddingException will be thrown.
Specification
No public javadoc changes. The provider fix and other relevant changes can be found at: http://cr.openjdk.java.net/~valeriep/8180392/webrev.00/ for reference.
- csr of
-
JDK-8180392 SunJCE provider should throw exceptions for unsupported mode and padding combinations
-
- Resolved
-