RFR: 8244336: Restrict algorithms at JCE layer [v2]
Valerie Peng
valeriep at openjdk.org
Thu Jul 31 06:49:58 UTC 2025
On Wed, 30 Jul 2025 20:13:42 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Address review comments from Sean and Tony.
>
> src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java line 110:
>
>> 108: }
>> 109:
>> 110: return cachedCheckAlgorithm(serviceDesc);
>
> Is this doing a case-insensitive check? I was trying to figure that out, but I think "md2" should still match "MD2" for example.
Yes, the tests do make sure the check is case-insensitive.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2244499867
More information about the security-dev
mailing list