On Mon, 8 Jan 2024 19:26:37 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> `KEM.getInstance` now checks if the implementation is from a signed provider
>> if it's not builtin to JDK.
>>
>> Several adjustments to the test:
>> 1. Put one impl in `SunEC` to pretend it's builtin. This is necessary to
>> test for provider selection.
>> 2. When there is no need to choose a provider, use reflection to create a
>> `KEM` object that bypasses the `getInstance` call.
>
> test/jdk/javax/crypto/KEM/RSA_KEM.java line 128:
>
>> 126: // To bypass the JCE security provider signature check
>> 127: private static KEM getKemImpl(Provider p) throws Exception {
>> 128: var ctor = KEM.class.getDeclaredConstructor(
>
> How about creating it this way only if `java.runtime.name` system property
> does not contain "OpenJDK"?
I am not sure if other OpenJDK vendors always include the "OpenJDK" name. Or,
can call `getInstance()` and then fallback to this way if there is an exception?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/17253#discussion_r1445320195
