On Thu, 24 Jul 2025 21:36:58 GMT, Anthony Scarpino <ascarp...@openjdk.org>
wrote:
>> This enhancement introduces a new security property
>> "jdk.crypto.disabledAlgorithms" which can be leveraged to disable algorithms
>> for JCE/JCA crypto services. For now, only Cipher, KeyStore, MessageDigest,
>> and Signature services support this new security property. The support can
>> be expanded later to cover more services if needed. Note that this security
>> property is meant to disable algorithms irrespective of providers. If the
>> algorithm is found to be disabled, it will be rejected before reaching out
>> to provider(s) for the corresponding implementation(s).
>>
>> A few implementation notes:
>> 1) The specified security property value is lazily loaded and all changes
>> after it's been loaded are ignored. Invalid entries, e.g. wrong syntax, are
>> ignored and removed. The algorithm name check is case-insensitive. If a
>> disabled algorithm is known to has an object identifier (oid) by JDK, this
>> oid and its aliases is also added to the disabled services.
>> 2) The algorithm name checking impl is based on the
>> sun.security.util.AlgorithmConstraints class, but without the decomposing
>> and different constraints.
>> 3) The hardwiring of NONEwithRSA signature to RSA/ECB/PKCS1Padding cipher in
>> java.security.Signature class is removed. Instead, this is moved to the
>> provider level, i.e. SunJCE and SunPKCS11 provider are changed to claim the
>> NONEwithRSA signature support. Disabling one will not affect the other.
>>
>> CSR will be filed once the review is wrapping up.
>>
>> Thanks~
>> Valerie
>
> src/java.base/share/classes/sun/security/util/KnownOIDs.java line 186:
>
>> 184: // RSASecurity
>> 185: // PKCS1 1.2.840.113549.1.1.*
>> 186: PKCS1("1.2.840.113549.1.1", "RSA", false), // RSA KeyPairGenerator
>> and KeyFactory
>
> With you specifying a new "RSA" stdName in the `RSA` enum, do we really need
> a `"RSA", false` here? After doing an internet search on the OID, it looks
> like "PKCS-1" maybe more appropriate.
The reason for `"RSA", false` is because the `KnownOIDs.stdName()` is meant to
return the user-friendly standard algorithm name and the crypto services using
this PKCS1 OID is `RSA` KeyPairGenerator and KeyFactory. Existing regression
test doesn't cover this particular scenario and I feel it's safer to not
changing this unless it is known to cause a problem.
> src/java.base/share/conf/security/java.security line 775:
>
>> 773:
>> 774: #
>> 775: # Algorithm restrictions for Java Crypto API services
>
> Since this is a title, an empty comment line between this and the start of
> the description would be appropriate.
Yes, I will add one.
> src/java.base/share/conf/security/java.security line 776:
>
>> 774: #
>> 775: # Algorithm restrictions for Java Crypto API services
>> 776: # The syntax of the disabled services string is described as follows:
>
> Before you get into the syntax, I think you should explain what the feature
> is and how it is triggered, such as, `getInstance()`.
Will do.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2241443431
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2241445300
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2241446396
