RFR: 8244336: Restrict algorithms at JCE layer

Anthony Scarpino ascarpino at openjdk.org
Fri Jul 25 01:01:56 UTC 2025 

On Fri, 18 Jul 2025 01:44:33 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

> This enhancement introduces a new security property "jdk.crypto.disabledAlgorithms" which can be leveraged to disable algorithms for JCE/JCA crypto services. For now, only Cipher, KeyStore, MessageDigest, and Signature services support this new security property. The support can be expanded later to cover more services if needed. Note that this security property is meant to disable algorithms irrespective of providers. If the algorithm is found to be disabled, it will be rejected before reaching out to provider(s) for the corresponding implementation(s).
> 
> A few implementation notes:
> 1) The specified security property value is lazily loaded and all changes after it's been loaded are ignored. Invalid entries, e.g. wrong syntax, are ignored and removed. The algorithm name check is case-insensitive. If a disabled algorithm is known to has an object identifier (oid) by JDK, this oid and its aliases is also added to the disabled services.
> 2) The algorithm name checking impl is based on the sun.security.util.AlgorithmConstraints class, but without the decomposing and different constraints.
> 3) The hardwiring of NONEwithRSA signature to RSA/ECB/PKCS1Padding cipher in java.security.Signature class is removed. Instead, this is moved to the provider level, i.e. SunJCE and SunPKCS11 provider are changed to claim the NONEwithRSA signature support. Disabling one will not affect the other. 
> 
> CSR will be filed once the review is wrapping up.
> 
> Thanks~
> Valerie

src/java.base/share/classes/com/sun/crypto/provider/RSACipherAdaptor.java line 37:

> 35: import java.security.InvalidAlgorithmParameterException;
> 36: import java.security.InvalidParameterException;
> 37: import java.security.ProviderException;

not used

src/java.base/share/classes/com/sun/crypto/provider/RSACipherAdaptor.java line 43:

> 41: import javax.crypto.BadPaddingException;
> 42: import javax.crypto.IllegalBlockSizeException;
> 43: import javax.crypto.NoSuchPaddingException;

not used

src/java.base/share/classes/javax/crypto/Cipher.java line 370:

> 368:                                    "missing mode and/or padding-"
> 369:                                    + transformation);
> 370: 

extra line intentional?

src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java line 36:

> 34: import java.util.Set;
> 35: import java.util.concurrent.ConcurrentHashMap;
> 36: import sun.security.util.KnownOIDs;

This import isn't needed since `KnownOIDs` in the same package.

src/java.base/share/classes/sun/security/util/KnownOIDs.java line 186:

> 184:     // RSASecurity
> 185:     // PKCS1 1.2.840.113549.1.1.*
> 186:     PKCS1("1.2.840.113549.1.1", "RSA", false), // RSA KeyPairGenerator and KeyFactory

With you specifying a new "RSA" stdName in the `RSA` enum, do we really need a `"RSA", false` here?  After doing an internet search on the OID, it looks like "PKCS-1" maybe more appropriate.

src/java.base/share/conf/security/java.security line 775:

> 773: 
> 774: #
> 775: # Algorithm restrictions for Java Crypto API services

Since this is a title, an empty comment line between this and the start of the description would be appropriate.

src/java.base/share/conf/security/java.security line 776:

> 774: #
> 775: # Algorithm restrictions for Java Crypto API services
> 776: # The syntax of the disabled services string is described as follows:

Before you get into the syntax, I think you should explain what the feature is and how it is triggered, such as, `getInstance()`.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2229859202
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2229859346
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2220011949
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2229663944
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2229631993
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2229636323
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2229645390

More information about the security-dev mailing list