JDK-8322971 : KEM.getInstance() should check if a 3rd-party security provider is signed
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 21,22,23
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2024-01-03
  • Updated: 2024-08-20
  • Resolved: 2024-01-11
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17 JDK 21 JDK 22 JDK 23
17.0.0.1Fixed 21.0.5-oracleFixed 22Fixed 23 b06Fixed
Related Reports
CSR :  
JDK-8322974 - KEM.getInstance() should check if a 3rd-party security provider is signed
Relates :  
JDK-8297878 - KEM: Implementation
Relates :  
JDK-8301034 - JEP 452: Key Encapsulation Mechanism API
Sub Tasks
JDK-8322972 :  
Release Note: `KEM.getInstance()` Should Check If a Third-Party Security Provider Is Signed - Resolved
JDK-8322973 :  
Update the Security Guide for this change - Resolved
Description
Similar to other JCE crypto services like Cipher, Mac, and KeyAgreement, when a KEM object is instantiated from a 3rd party security provider, it should make sure the provider is loaded from a signed JAR.
Comments
[jdk21u-fix-request] Approval Request from Andrew Hughes Fix for the handling of KEM implementations from third parties. The fix is already in the 17.0.0.1 reference implementation, so 21u should have it too. Backport was clean.
03-08-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk21u-dev/pull/893 Date: 2024-08-03 16:25:50 +0000
03-08-2024
Hi [~gnu-andrew] , I noticed you created a 21u-dev pull request but I do not see it here in the comments - is that another JBS bug ? Will you do the 21u-dev backport ?
11-07-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk17u-dev/pull/2518 Date: 2024-06-03 00:36:33 +0000
09-07-2024
[jdk17u-fix-request] Approval Request from Weijun Wang Backporting KEM API to jdk17u-dev which is already integrated injdk17u-ri
03-06-2024
Fix Request [17.0.0.1] This change is needed for the Maintenance Release 1 of the Java SE 17. See JDK-8297878 for details.
19-04-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-ri/pull/1 Date: 2024-04-18 14:41:59 +0000
18-04-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk22/pull/61 Date: 2024-01-11 13:56:19 +0000
11-01-2024
Changeset: 9fd855ed Author: Weijun Wang <weijun@openjdk.org> Date: 2024-01-11 13:45:40 +0000 URL: https://git.openjdk.org/jdk/commit/9fd855ed477bb0849ce5c774854844deec0f4c6b
11-01-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/17253 Date: 2024-01-03 20:41:06 +0000
03-01-2024