Mercurial > hg > openjdk > jdk6 > jdk
changeset 1835:01d60f0cbf30
8201756: Improve cipher inputs
Summary: Clarify spec of CipherInputStream in Javadoc comments
Reviewed-by: ascarpino
| author | apetcher |
|---|---|
| date | Mon, 23 Apr 2018 12:01:46 -0400 |
| parents | bfbb31220c42 |
| children | 3dde65b3b78d |
| files | src/share/classes/javax/crypto/CipherInputStream.java |
| diffstat | 1 files changed, 8 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/javax/crypto/CipherInputStream.java Tue Jul 10 16:56:22 2018 +0100 +++ b/src/share/classes/javax/crypto/CipherInputStream.java Mon Apr 23 12:01:46 2018 -0400 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -50,6 +50,13 @@ * that are not thrown by its ancestor classes. In particular, the * <code>skip</code> method skips, and the <code>available</code> * method counts only data that have been processed by the encapsulated Cipher. + * This class may catch BadPaddingException and other exceptions thrown by + * failed integrity checks during decryption. These exceptions are not + * re-thrown, so the client may not be informed that integrity checks + * failed. Because of this behavior, this class may not be suitable + * for use with decryption in an authenticated mode of operation (e.g. GCM). + * Applications that require authenticated encryption can use the Cipher API + * directly as an alternative to using this class. * * <p> It is crucial for a programmer using this class not to use * methods that are not defined or overriden in this class (such as a