On Wed, 3 Jan 2024 20:41:06 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> `KEM.getInstance` now checks if the implementation is from a signed provider
> if it's not builtin to JDK.
>
> Several adjustments to the test:
> 1. Put one impl in `SunEC` to pretend it's builtin. This is necessary to test
> for provider selection.
> 2. When there is no need to choose a provider, use reflection to create a
> `KEM` object that bypasses the `getInstance` call.
test/jdk/javax/crypto/KEM/RSA_KEM.java line 128:
> 126: // To bypass the JCE security provider signature check
> 127: private static KEM getKemImpl(Provider p) throws Exception {
> 128: var ctor = KEM.class.getDeclaredConstructor(
How about creating it this way only if `java.runtime.name` system property does
not contain "OpenJDK"?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17253#discussion_r1445230838
