8212669: Add note to Cipher javadoc about using full transformation and not relying on defaults

Reviewed-by: xuelei
2018-11-01 16:53:54 -04:00 · 2018-11-01 16:53:54 -04:00 · 30745fe1a8
commit 30745fe1a8
parent 9a043c50f9
1 changed files with 31 additions and 0 deletions
--- a/src/java.base/share/classes/javax/crypto/Cipher.java
+++ b/src/java.base/share/classes/javax/crypto/Cipher.java
@ -492,6 +492,12 @@ public class Cipher {
     * <p> Note that the list of registered providers may be retrieved via
     * the {@link Security#getProviders() Security.getProviders()} method.
     *
+     * @apiNote
+     * It is recommended to use a transformation that fully specifies the
+     * algorithm, mode, and padding. By not doing so, the provider will
+     * use a default for the mode and padding which may not meet the security
+     * requirements of your application.
+     *
     * @implNote
     * The JDK Reference Implementation additionally uses the
     * {@code jdk.security.provider.preferred}
@ -499,6 +505,9 @@ public class Cipher {
     * the preferred provider order for the specified algorithm. This
     * may be different than the order of providers returned by
     * {@link Security#getProviders() Security.getProviders()}.
+     * See also the Cipher Transformations section of the {@extLink
+     * security_guide_jdk_providers JDK Providers} document for information
+     * on the transformation defaults used by JDK providers.
     *
     * @param transformation the name of the transformation, e.g.,
     * <i>AES/CBC/PKCS5Padding</i>.
@ -578,6 +587,17 @@ public class Cipher {
     * <p> Note that the list of registered providers may be retrieved via
     * the {@link Security#getProviders() Security.getProviders()} method.
     *
+     * @apiNote
+     * It is recommended to use a transformation that fully specifies the
+     * algorithm, mode, and padding. By not doing so, the provider will
+     * use a default for the mode and padding which may not meet the security
+     * requirements of your application.
+     *
+     * @implNote
+     * See the Cipher Transformations section of the {@extLink
+     * security_guide_jdk_providers JDK Providers} document for information
+     * on the transformation defaults used by JDK providers.
+     *
     * @param transformation the name of the transformation,
     * e.g., <i>AES/CBC/PKCS5Padding</i>.
     * See the Cipher section in the <a href=
@ -638,6 +658,17 @@ public class Cipher {
     * object is returned.  Note that the specified Provider object
     * does not have to be registered in the provider list.
     *
+     * @apiNote
+     * It is recommended to use a transformation that fully specifies the
+     * algorithm, mode, and padding. By not doing so, the provider will
+     * use a default for the mode and padding which may not meet the security
+     * requirements of your application.
+     *
+     * @implNote
+     * See the Cipher Transformations section of the {@extLink
+     * security_guide_jdk_providers JDK Providers} document for information
+     * on the transformation defaults used by JDK providers.
+     *
     * @param transformation the name of the transformation,
     * e.g., <i>AES/CBC/PKCS5Padding</i>.
     * See the Cipher section in the <a href=