On Sat, 7 Jun 2025 05:24:40 GMT, Sebastian Stenzel <d...@openjdk.org> wrote:
>> The class documentation in javax.crypto.Cipher could better describe AEAD
>> and reuse. The current class description example is outdated as GCM
>> encryption does not allow resets. The doc should state that reset() may not
>> be possible with some algorithms or providers and that an
>> InvalidAlgorithmParameterException is thrown
>
> src/java.base/share/classes/javax/crypto/Cipher.java line 117:
>
>> 115: * forgery attacks due to Key and IV uniqueness requirements.
>> 116: * An {@link IllegalStateException} will be thrown when calling {@code
>> update}
>> 117: * or {@code doFinal} methods when a reset did not occur.
>
> It might be helpful to describe what to do instead:
>
> When reset is not possible, you don't need to dispose the cipher object.
> Instead you can call init again with a different key/nonce.
I suggest appending the sentence: "{@code init} may re-initialize the {@code
Cipher} object with new parameters".
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25399#discussion_r2136696481
