RFR: 8322971: KEM.getInstance() should check if a 3rd-party security provider is signed
Matthew Donovan
mdonovan at openjdk.org
Thu Jan 4 14:02:22 UTC 2024
On Wed, 3 Jan 2024 20:41:06 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> `KEM.getInstance` now checks if the implementation is from a signed provider if it's not builtin to JDK.
>
> Several adjustments to the test:
> 1. Put one impl in `SunEC` to pretend it's builtin. This is necessary to test for provider selection.
> 2. When there is no need to choose a provider, use reflection to create a `KEM` object that bypasses the `getInstance` call.
src/java.base/share/classes/javax/crypto/KEM.java line 545:
> 543: List<Provider.Service> allowed = new ArrayList<>();
> 544: for (Provider.Service s : list) {
> 545: if (!JceSecurity.canUseProvider(s.getProvider())) {
Is there a test that verifies a provider won't be used if it's not signed?
Should there also be a test that verifies that a provider signed with an unknown key is rejected?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17253#discussion_r1441779736
More information about the security-dev
mailing list