Integrated: 8322971: KEM.getInstance() should check if a 3rd-party security provider is signed
Weijun Wang
weijun at openjdk.org
Thu Jan 11 13:48:37 UTC 2024
On Wed, 3 Jan 2024 20:41:06 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> `KEM.getInstance` now checks if the implementation is from a signed provider if it's not builtin to JDK.
>
> Several adjustments to the test:
> 1. Put one impl in `SunEC` to pretend it's builtin. This is necessary to test for provider selection.
> 2. When there is no need to choose a provider, use reflection to create a `KEM` object that bypasses the `getInstance` call.
This pull request has now been integrated.
Changeset: 9fd855ed
Author: Weijun Wang <weijun at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/9fd855ed477bb0849ce5c774854844deec0f4c6b
Stats: 119 lines in 4 files changed: 74 ins; 29 del; 16 mod
8322971: KEM.getInstance() should check if a 3rd-party security provider is signed
Reviewed-by: mullan, valeriep
-------------
PR: https://git.openjdk.org/jdk/pull/17253
More information about the security-dev
mailing list