Code Review Requests for 7196382 and 8010134

Valerie (Yu-Ching) Peng valerie.peng at oracle.com
Fri Apr 26 23:29:22 UTC 2013 

Xuelei,

I have updated the webrev for 7196382 so it uses the key size range info 
from the underlying PKCS library for key size checking:
http://cr.openjdk.java.net/~valeriep/7196382/webrev.01/

Thanks,
Valerie

On 04/25/13 10:59, Valerie (Yu-Ching) Peng wrote:
> Xuelei,
>
> Thanks for the review and comments.
>
> Supposedly, we don't have to have default parameters for all valid key 
> sizes.
> The pre-generated default parameters are for the most-commonly used 
> keysizes.
> As for the rest of supported key sizes, the needed parameters will be 
> generated at runtime upon request.
>
> Well, I don't quite like the current approach of hardcoding ranges 
> inside the checkKeySize(...) method.
> There is a way to query the supported keysize ranges from the PKCS11 
> library and I think that should be the values that we base the key 
> size check on, plus any additional algorithm-specific check (e.g. 
> multiples of 64 bits) that can't be expressed through the ranges. I am 
> still testing out the changes. Will post an updated webrev for 7196382 
> once I am done testing...
>
> Thanks!
> Valerie
>
> On 04/18/13 21:45, Xuelei Fan wrote:
>> On 4/19/2013 10:43 AM, Valerie (Yu-Ching) Peng wrote:
>>> Xuelei,
>>>
>>> Do you have time to review the following two fixes?
>>> 7196382: PKCS11 provider should support 2048-bit DH
>>> 8010134: A finalizer in sun.security.pkcs11.wrapper.PKCS11 perhaps
>>> should be protected
>>>
>>> The first one removes the hardcoded limit of 1024 for DH and the second
>>> one is making the finalize() method protected.
>>>
>>> Webrevs:
>>> http://cr.openjdk.java.net/~valeriep/7196382/webrev.00/
>> Looks fine.
>>
>> Do we plan to support DH keys bwteen 1024 and 2048 with default (null)
>> parameters, for example 1536, in PKCS11 provider?  Recently, I run into
>> a case that uses DH public keys of 1536 bits. I was wondering we may
>> also want to support more.
>>
>>> http://cr.openjdk.java.net/~valeriep/8010134/webrev.00/
>> Looks fine.
>>
>> Xuelei
>>
>>> Thanks!
>>> Valerie
>

More information about the security-dev mailing list