changeset 52397:7b20c27b2ccb

8212669: Add note to Cipher javadoc about using full transformation and not relying on defaults Reviewed-by: xuelei
author mullan
date Thu, 01 Nov 2018 16:53:54 -0400
parents 5ea020bcaa0d
children 0edcab6e7f59
files src/java.base/share/classes/javax/crypto/Cipher.java
diffstat 1 files changed, 31 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/javax/crypto/Cipher.java	Thu Nov 01 17:56:01 2018 +0100
+++ b/src/java.base/share/classes/javax/crypto/Cipher.java	Thu Nov 01 16:53:54 2018 -0400
@@ -492,6 +492,12 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @apiNote
+     * It is recommended to use a transformation that fully specifies the
+     * algorithm, mode, and padding. By not doing so, the provider will
+     * use a default for the mode and padding which may not meet the security
+     * requirements of your application.
+     *
      * @implNote
      * The JDK Reference Implementation additionally uses the
      * {@code jdk.security.provider.preferred}
@@ -499,6 +505,9 @@
      * the preferred provider order for the specified algorithm. This
      * may be different than the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
+     * See also the Cipher Transformations section of the {@extLink
+     * security_guide_jdk_providers JDK Providers} document for information
+     * on the transformation defaults used by JDK providers.
      *
      * @param transformation the name of the transformation, e.g.,
      * <i>AES/CBC/PKCS5Padding</i>.
@@ -578,6 +587,17 @@
      * <p> Note that the list of registered providers may be retrieved via
      * the {@link Security#getProviders() Security.getProviders()} method.
      *
+     * @apiNote
+     * It is recommended to use a transformation that fully specifies the
+     * algorithm, mode, and padding. By not doing so, the provider will
+     * use a default for the mode and padding which may not meet the security
+     * requirements of your application.
+     *
+     * @implNote
+     * See the Cipher Transformations section of the {@extLink
+     * security_guide_jdk_providers JDK Providers} document for information
+     * on the transformation defaults used by JDK providers.
+     *
      * @param transformation the name of the transformation,
      * e.g., <i>AES/CBC/PKCS5Padding</i>.
      * See the Cipher section in the <a href=
@@ -638,6 +658,17 @@
      * object is returned.  Note that the specified Provider object
      * does not have to be registered in the provider list.
      *
+     * @apiNote
+     * It is recommended to use a transformation that fully specifies the
+     * algorithm, mode, and padding. By not doing so, the provider will
+     * use a default for the mode and padding which may not meet the security
+     * requirements of your application.
+     *
+     * @implNote
+     * See the Cipher Transformations section of the {@extLink
+     * security_guide_jdk_providers JDK Providers} document for information
+     * on the transformation defaults used by JDK providers.
+     *
      * @param transformation the name of the transformation,
      * e.g., <i>AES/CBC/PKCS5Padding</i>.
      * See the Cipher section in the <a href=