8358159: Empty mode/padding in cipher transformations

Reviewed-by: amitkumar, valeriep

src/java.base/share/classes/javax/crypto/Cipher.java

@@ -454,19 +454,25 @@ public class Cipher {
         String[] parts = tokenizeTransformation(transformation);
 
         String alg = parts[0];
-        String mode = parts[1];
-        String pad = parts[2];
+        String mode = (parts[1].length() == 0 ? null : parts[1]);
+        String pad = (parts[2].length() == 0 ? null : parts[2]);
 
-        if ((mode.length() == 0) && (pad.length() == 0)) {
+        if ((mode == null) && (pad == null)) {
             // Algorithm only
             Transform tr = new Transform(alg, "", null, null);
             return Collections.singletonList(tr);
         } else {
             // Algorithm w/ at least mode or padding or both
             List<Transform> list = new ArrayList<>(4);
-            list.add(new Transform(alg, "/" + mode + "/" + pad, null, null));
-            list.add(new Transform(alg, "/" + mode, null, pad));
-            list.add(new Transform(alg, "//" + pad, mode, null));
+            if ((mode != null) && (pad != null)) {
+                list.add(new Transform(alg, "/" + mode + "/" + pad, null, null));
+            }
+            if (mode != null) {
+                list.add(new Transform(alg, "/" + mode, null, pad));
+            }
+            if (pad != null) {
+                list.add(new Transform(alg, "//" + pad, mode, null));
+            }
             list.add(new Transform(alg, "", mode, pad));
             return list;
         }

test/jdk/javax/crypto/Cipher/TestEmptyModePadding.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2025 IBM Corporation. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8358159
+ * @summary test that the Cipher.getInstance() handles
+ * transformations with empty mode and/or padding
+ * @run main TestEmptyModePadding
+ */
+
+
+import java.security.*;
+import javax.crypto.*;
+
+public class TestEmptyModePadding {
+
+    public static void main(String[] args) throws Exception {
+        Provider provider = Security.getProvider(System.getProperty("test.provider.name", "SunJCE"));
+
+        test("AES", provider);
+        test("AES/ECB/PKCS5Padding", provider);
+        test("AES//PKCS5Padding", provider);        // Empty mode
+        test("AES/CBC/", provider);                 // Empty padding
+        test("AES/ /NoPadding", provider);          // Mode is a space
+        test("AES/CBC/ ", provider);                // Padding is a space
+        test("AES/ / ", provider);                  // Both mode and padding are spaces
+        test("AES//", provider);                    // Both mode and padding are missing
+
+    }
+
+    private static void test(String transformation, Provider provider) throws Exception {
+        Cipher c = Cipher.getInstance(transformation, provider);
+    }
+}