RFR: 8244336: Restrict algorithms at JCE layer [v8]

Valerie Peng valeriep at openjdk.org
Thu Aug 14 01:11:27 UTC 2025


On Sat, 9 Aug 2025 00:15:13 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Address review comments from Artur and updated tests to leverage Utils.runAndCheckException
>
> src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java line 68:
> 
>> 66:     public static boolean permits(String service, String algo) {
>> 67:         String serviceDesc = service + "." + algo;
>> 68:         return CryptoHolder.CONSTRAINTS.cachedCheckAlgorithm(serviceDesc);
> 
> Efficiency nit:  It's better for byte-code if you remove `serviceDesc` and just do the string concatenation in the parameter for `cachedCheckAlgorithm()`.  `serviceDesc` causes an unnecessary store op and extra load op.

Interesting, I didn't think of it. Will change. Thanks~

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2274991182


More information about the security-dev mailing list