RFR: 8244336: Restrict algorithms at JCE layer [v2]
Valerie Peng
valeriep at openjdk.org
Thu Jul 31 06:49:57 UTC 2025
On Wed, 30 Jul 2025 19:53:04 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Address review comments from Sean and Tony.
>
> src/java.base/share/classes/java/security/Signature.java line 411:
>
>> 409: ("no such provider: " + provider);
>> 410: }
>> 411: return getInstanceRSA(p);
>
> What would be the reason for removal of this code? We should update this methods description as it no longer throws `IllegalArgumentException` and `NoSuchProviderException`
This block (line 401-412 in original version) is removed as it's related to the special handling of `NONEwithRSA` signature using the built-in `CipherAdaptor` class. Instead of special handling this inside the `java.security.Signature` class, it is now shifted to the JDK providers.
The method still throws `IllegalArgumentException` and `NoSuchProviderException` as they are thrown by `sun.security.jca.GetInstance` class which is used after this removed block.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2244497458
More information about the security-dev
mailing list