RFR: 8235710: Remove the legacy elliptic curves [v3]
Weijun Wang
weijun at openjdk.java.net
Thu Sep 24 20:44:56 UTC 2020
On Wed, 23 Sep 2020 23:38:03 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> This change removes the native elliptic curves library code; as well as, and calls to that code, tests, and files
>> associated with those libraries. The makefiles have been changed to remove from all source builds of the ec code. The
>> SunEC system property is removed and java.security configurations changed to reflect the removed curves. This will
>> remove the following elliptic curves from SunEC: secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1,
>> secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2,
>> sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1,
>> sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1,
>> X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62
>> prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1 brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
>
> Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision:
>
> change exception for ec keyagreement
> fix supportedcurves in SunEC
src/java.base/share/conf/security/java.security line 636:
> 634: #
> 635: jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
> 636: RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
`jdk.disabled.namedCurves` still exists. If someone decides to add a curve there, shouldn't it be also disabled here?
-------------
PR: https://git.openjdk.java.net/jdk/pull/289
More information about the build-dev
mailing list