RFR: 8322971: KEM.getInstance() should check if a 3rd-party security provider is signed
Weijun Wang
weijun at openjdk.org
Thu Jan 4 14:19:23 UTC 2024
On Thu, 4 Jan 2024 13:59:38 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:
>> `KEM.getInstance` now checks if the implementation is from a signed provider if it's not builtin to JDK.
>>
>> Several adjustments to the test:
>> 1. Put one impl in `SunEC` to pretend it's builtin. This is necessary to test for provider selection.
>> 2. When there is no need to choose a provider, use reflection to create a `KEM` object that bypasses the `getInstance` call.
>
> src/java.base/share/classes/javax/crypto/KEM.java line 545:
>
>> 543: List<Provider.Service> allowed = new ArrayList<>();
>> 544: for (Provider.Service s : list) {
>> 545: if (!JceSecurity.canUseProvider(s.getProvider())) {
>
> Is there a test that verifies a provider won't be used if it's not signed?
>
> Should there also be a test that verifies that a provider signed with an unknown key is rejected?
Thanks, I'll think about it. That said, OpenJDK builds usually do not perform this check so such tests will not be added in this repository.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17253#discussion_r1441797410
More information about the security-dev
mailing list