From e55124041e0181ca14ed95dc5f94d404b7900029 Mon Sep 17 00:00:00 2001 From: Valerie Peng Date: Fri, 23 Jan 2026 19:46:40 +0000 Subject: [PATCH] 8375549: ConcurrentModificationException if jdk.crypto.disabledAlgorithms has multiple entries with known oid Reviewed-by: mullan, coffeys --- .../util/CryptoAlgorithmConstraints.java | 8 ++-- .../crypto/Cipher/TestDisabledWithOids.java | 47 +++++++++++++++++++ 2 files changed, 52 insertions(+), 3 deletions(-) create mode 100644 test/jdk/javax/crypto/Cipher/TestDisabledWithOids.java diff --git a/src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java b/src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java index a8649106a38..ad3beab350f 100644 --- a/src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java +++ b/src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2025, 2026, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -82,8 +82,10 @@ public class CryptoAlgorithmConstraints extends AbstractAlgorithmConstraints { CryptoAlgorithmConstraints(String propertyName) { super(null); disabledServices = getAlgorithms(propertyName, true); - debug("Before " + Arrays.deepToString(disabledServices.toArray())); - for (String dk : disabledServices) { + String[] entries = disabledServices.toArray(new String[0]); + debug("Before " + Arrays.deepToString(entries)); + + for (String dk : entries) { int idx = dk.indexOf("."); if (idx < 1 || idx == dk.length() - 1) { // wrong syntax: missing "." or empty service or algorithm diff --git a/test/jdk/javax/crypto/Cipher/TestDisabledWithOids.java b/test/jdk/javax/crypto/Cipher/TestDisabledWithOids.java new file mode 100644 index 00000000000..d1d9fa7a5bb --- /dev/null +++ b/test/jdk/javax/crypto/Cipher/TestDisabledWithOids.java @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2026, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8375549 + * @summary Test JCE layer algorithm restriction using algorithms w/ oids + * @library /test/lib + * @run main/othervm -Djdk.crypto.disabledAlgorithms=Cipher.DES,Cipher.RSA/ECB/PKCS1Padding TestDisabledWithOids + * @run main/othervm -Djdk.crypto.disabledAlgorithms=Cipher.RSA/ECB/PKCS1Padding,Cipher.DES TestDisabledWithOids + */ +import java.security.NoSuchAlgorithmException; +import javax.crypto.Cipher; +import jdk.test.lib.Utils; + +public class TestDisabledWithOids { + public static void main(String[] args) throws Exception { + String algo1 = "RSA/ECB/PKCS1Padding"; + String algo2 = "DES"; + + Utils.runAndCheckException(() -> Cipher.getInstance(algo1), + NoSuchAlgorithmException.class); + Utils.runAndCheckException(() -> Cipher.getInstance(algo2), + NoSuchAlgorithmException.class); + System.out.println("Done"); + } +}