RFR: 8244336: Restrict algorithms at JCE layer [v2]
Valerie Peng
valeriep at openjdk.org
Thu Jul 31 07:09:00 UTC 2025
On Wed, 30 Jul 2025 15:33:45 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Address review comments from Sean and Tony.
>
> src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java line 83:
>
>> 81: }
>> 82: String service = dk.substring(0, idx);
>> 83: String algo = dk.substring(idx + 1);
>
> You should check for invalid syntax such as ".algo" or "service."
Definitely, thanks for the good catch~
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2244534464
More information about the security-dev
mailing list