RFR: 8244336: Restrict algorithms at JCE layer [v2]
Valerie Peng
valeriep at openjdk.org
Thu Jul 31 01:58:02 UTC 2025
On Wed, 30 Jul 2025 17:09:18 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Address review comments from Sean and Tony.
>
> src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java line 57:
>
>> 55: }
>> 56:
>> 57: public static final boolean permits(String service, String algo) {
>
> 'static' method declared 'final'
Will fix,
> src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java line 124:
>
>> 122: }
>> 123:
>> 124: // Return false if algorithm is found in the disabledAlgorithms Set.
>
> s/disabledAlgorithms /disabledServices
Ok.
> src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java line 140:
>
>> 138: return result;
>> 139: }
>> 140: // We won't check patterns if algorithm check fails.
>
> Looks like this comment was copied from `DisabledAlgorithmConstraints`. It should be removed as there is no pattern checking here.
Yes, it's modified from `DisabledAlgorithmConstraints`. Will remove.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2244177868
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2244177559
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2244175280
More information about the security-dev
mailing list