On Thu, 5 Dec 2024 00:57:33 GMT, Valerie Peng <[email protected]> wrote:
>> src/java.base/share/classes/sun/security/provider/MD4.java line 81:
>>
>>> 79: }
>>> 80:
>>> 81: public static MessageDigest getInstance() {
>>
>> Just let it throw the NSAE. There are 2 usages of this method, one will
>> throw an `AssertionError` and one below in `ArcFourCrypto` will propagate it
>> and finally it will get caught in `EncrptionKey::stringToKey` like all other
>> crypto-related exceptions.
>>
>> A little off-topic, `md4Provider` is hardcoded in _this_ file with _this_
>> algorithm and it cannot be removed by a `Security::removeProvider` call by
>> anyone. However, this method could still fail if we introduce any kind of
>> [security providers filter](https://github.com/openjdk/jdk/pull/15539) one
>> day.
>
> nit: copyright year change to 2024? Same goes to other files in this PR.
Oops, fixed.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21908#discussion_r1870489296
