Loading...

XML

Word

Printable

Type: Sub-task
Resolution: Delivered
Priority: P4
Fix Version/s: 22
Affects Version/s: 17.0.13-oracle, 21.0.5-oracle, 22
Component/s: security-libs
Labels:

Subcomponent:
javax.crypto

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8337215	21.0.5-oracle	Marc Palmerjohnson	P4	Resolved	Delivered
JDK-8337218	17.0.13-oracle	Marc Palmerjohnson	P4	Resolved	Delivered

When instantiating a third-party security provider's implementation (class) of a `KEM` algorithm, the framework will determine the provider's codebase (JAR file) and verify its signature. In this way, JCA authenticates the provider and ensures that only providers signed by a trusted entity can be plugged into the JCA. This is consistent with other JCE service classes, such as `Cipher`, `Mac`, `KeyAgreement`, and others.

backported by

JDK-8337215 Release Note: KEM.getInstance() Should Check If a Third-Party Security Provider Is Signed

Resolved

JDK-8337218 Release Note: KEM.getInstance() Should Check If a Third-Party Security Provider Is Signed

Resolved

Assignee:: Weijun Wang

Reporter:: Weijun Wang

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024-01-03 12:03

Updated:: 2024-09-27 06:36

Resolved:: 2024-01-11 05:50

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates