RFR[9] 8062731: Cipher object can be created without calling Cipher.getInstance

Valerie Peng valerie.peng at oracle.com
Mon Jan 23 20:28:49 UTC 2017


Hi Brad,

Would you have time to review this? I changed the code to base the trust 
decision on the immediate caller of Cipher(CipherSpi, Provider, String). 
In addition, the specified Provider object is only taken into account 
when it shares the same origin (codebase or module) with the caller.

Webrev: http://cr.openjdk.java.net/~valeriep/8062731/webrev.00/

Thanks,

Valerie



More information about the security-dev mailing list