Re: RFR: 8244336: Restrict algorithms at JCE layer [v2]

Wed, 30 Jul 2025 12:08:24 -0700 

On Wed, 30 Jul 2025 07:25:57 GMT, Valerie Peng <[email protected]> wrote:

>> This enhancement introduces a new security property 
>> "jdk.crypto.disabledAlgorithms" which can be leveraged to disable algorithms 
>> for JCE/JCA crypto services. For now, only Cipher, KeyStore, MessageDigest, 
>> and Signature services support this new security property. The support can 
>> be expanded later to cover more services if needed. Note that this security 
>> property is meant to disable algorithms irrespective of providers. If the 
>> algorithm is found to be disabled, it will be rejected before reaching out 
>> to provider(s) for the corresponding implementation(s).
>> 
>> A few implementation notes:
>> 1) The specified security property value is lazily loaded and all changes 
>> after it's been loaded are ignored. Invalid entries, e.g. wrong syntax, are 
>> ignored and removed. The algorithm name check is case-insensitive. If a 
>> disabled algorithm is known to has an object identifier (oid) by JDK, this 
>> oid and its aliases is also added to the disabled services.
>> 2) The algorithm name checking impl is based on the 
>> sun.security.util.AlgorithmConstraints class, but without the decomposing 
>> and different constraints.
>> 3) The hardwiring of NONEwithRSA signature to RSA/ECB/PKCS1Padding cipher in 
>> java.security.Signature class is removed. Instead, this is moved to the 
>> provider level, i.e. SunJCE and SunPKCS11 provider are changed to claim the 
>> NONEwithRSA signature support. Disabling one will not affect the other. 
>> 
>> CSR will be filed once the review is wrapping up.
>> 
>> Thanks~
>> Valerie
>
> Valerie Peng has updated the pull request incrementally with one additional 
> commit since the last revision:
> 
>   Address review comments from Sean and Tony.

test/jdk/java/security/MessageDigest/TestDisabledAlgorithms.java line 75:

> 73: 
> 74:         boolean shouldThrow = Boolean.valueOf(args[1]);
> 75:         Security.getProperty(PROP_NAME).equalsIgnoreCase("false");

Same as above, result of this statement is ignored.

test/jdk/java/security/Signature/TestDisabledAlgorithms.java line 75:

> 73: 
> 74:         boolean shouldThrow = Boolean.valueOf(args[1]);
> 75:         Security.getProperty(PROP_NAME).equalsIgnoreCase("false");

Same as above.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2243623975
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2243624450

Reply via email to