On Thu, 4 Jan 2024 13:59:38 GMT, Matthew Donovan <mdono...@openjdk.org> wrote:
>> `KEM.getInstance` now checks if the implementation is from a signed provider
>> if it's not builtin to JDK.
>>
>> Several adjustments to the test:
>> 1. Put one impl in `SunEC` to pretend it's builtin. This is necessary to
>> test for provider selection.
>> 2. When there is no need to choose a provider, use reflection to create a
>> `KEM` object that bypasses the `getInstance` call.
>
> src/java.base/share/classes/javax/crypto/KEM.java line 545:
>
>> 543: List<Provider.Service> allowed = new ArrayList<>();
>> 544: for (Provider.Service s : list) {
>> 545: if (!JceSecurity.canUseProvider(s.getProvider())) {
>
> Is there a test that verifies a provider won't be used if it's not signed?
>
> Should there also be a test that verifies that a provider signed with an
> unknown key is rejected?
Thanks, I'll think about it. That said, OpenJDK builds usually do not perform
this check so such tests will not be added in this repository.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17253#discussion_r1441797410
