RFR: 8244336: Restrict algorithms at JCE layer [v8]
Valerie Peng
valeriep at openjdk.org
Thu Aug 14 01:11:27 UTC 2025
On Sat, 9 Aug 2025 00:15:13 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Address review comments from Artur and updated tests to leverage Utils.runAndCheckException
>
> src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java line 68:
>
>> 66: public static boolean permits(String service, String algo) {
>> 67: String serviceDesc = service + "." + algo;
>> 68: return CryptoHolder.CONSTRAINTS.cachedCheckAlgorithm(serviceDesc);
>
> Efficiency nit: It's better for byte-code if you remove `serviceDesc` and just do the string concatenation in the parameter for `cachedCheckAlgorithm()`. `serviceDesc` causes an unnecessary store op and extra load op.
Interesting, I didn't think of it. Will change. Thanks~
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2274991182
More information about the security-dev
mailing list