RFR: 8343622: AesDkCrypto.stringToKey should not return null [v3]
Valerie Peng
valeriep at openjdk.org
Thu Dec 5 01:02:44 UTC 2024
On Tue, 5 Nov 2024 15:54:12 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> add cause to exception
>
> src/java.base/share/classes/sun/security/provider/MD4.java line 81:
>
>> 79: }
>> 80:
>> 81: public static MessageDigest getInstance() {
>
> Just let it throw the NSAE. There are 2 usages of this method, one will throw an `AssertionError` and one below in `ArcFourCrypto` will propagate it and finally it will get caught in `EncrptionKey::stringToKey` like all other crypto-related exceptions.
>
> A little off-topic, `md4Provider` is hardcoded in _this_ file with _this_ algorithm and it cannot be removed by a `Security::removeProvider` call by anyone. However, this method could still fail if we introduce any kind of [security providers filter](https://github.com/openjdk/jdk/pull/15539) one day.
nit: copyright year change to 2024? Same goes to other files in this PR.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21908#discussion_r1870472230
More information about the security-dev
mailing list