RFR: 8343622: AesDkCrypto.stringToKey should not return null [v4]
Weijun Wang
weijun at openjdk.org
Thu Dec 5 01:29:42 UTC 2024
On Thu, 5 Dec 2024 00:57:33 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/provider/MD4.java line 81:
>>
>>> 79: }
>>> 80:
>>> 81: public static MessageDigest getInstance() {
>>
>> Just let it throw the NSAE. There are 2 usages of this method, one will throw an `AssertionError` and one below in `ArcFourCrypto` will propagate it and finally it will get caught in `EncrptionKey::stringToKey` like all other crypto-related exceptions.
>>
>> A little off-topic, `md4Provider` is hardcoded in _this_ file with _this_ algorithm and it cannot be removed by a `Security::removeProvider` call by anyone. However, this method could still fail if we introduce any kind of [security providers filter](https://github.com/openjdk/jdk/pull/15539) one day.
>
> nit: copyright year change to 2024? Same goes to other files in this PR.
Oops, fixed.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21908#discussion_r1870489296
More information about the security-dev
mailing list