RFR: 8322971: KEM.getInstance() should check if a 3rd-party security provider is signed
Weijun Wang
weijun at openjdk.org
Wed Jan 3 20:48:00 UTC 2024
`KEM.getInstance` now checks if the implementation is from a signed provider if it's not builtin to JDK.
Several adjustments to the test:
1. Put one impl in `SunEC` to pretend it's builtin. This is necessary to test for provider selection.
2. When there is no need to choose a provider, use reflection to create a `KEM` object that bypasses the `getInstance` call.
-------------
Commit messages:
- the fix
Changes: https://git.openjdk.org/jdk/pull/17253/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=17253&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8322971
Stats: 119 lines in 4 files changed: 74 ins; 29 del; 16 mod
Patch: https://git.openjdk.org/jdk/pull/17253.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/17253/head:pull/17253
PR: https://git.openjdk.org/jdk/pull/17253
More information about the security-dev
mailing list