8237219: Disabling the native SunEC implementation
Sean Mullan
sean.mullan at oracle.com
Tue Mar 3 16:34:34 UTC 2020
Wouldn't it be better to throw an Exception when you call
Signature.initSign/Verify() and KeyAgreement.init() rather than waiting
until you sign/verify or generateSecret? This way you bail out early
before you start processing data.
Also, throwing a ProviderException (a RuntimeException) could be a
behavioral change that an application may not be prepared for. We have
never done a very good job of documenting when ProviderException can be
thrown by the JCE APIs, however. But we should think about this and
whether maybe you want to throw InvalidKeyException instead which is
already specified in the throws clause of the init methods. In any case
it should be documented as a potential compatibility issue in the CSR.
Did you consider documenting the system property in the API javadocs for
Signature, KeyPairGenerator, KeyAgreement? I realize this is specific to
the SunEC provider, but this would help users know how to enable the
system property (on the hopefully rare case) they get an exception and
still want to use one of these curves. It could be something like:
@implNote By default, the SunEC provider throws ...Exception if the key
is using a legacy curve. Set the {@systemProperty
jdk.sunec.disableNative} to {@code false} to disable this behavior.
--Sean
On 3/2/20 7:40 PM, Anthony Scarpino wrote:
> Hi
>
> I need a review of the CSR and webrev for disabling by default the
> native SunEC curves from the API. With the recent verification changes
> in JDK-8237218, SunJCE is long dependent on the native code for
> verifying the constant-time curves. This disabling can be undone with
> setting a system property, jdk.sunec.disableNative. I'm doing a
> simultaneous review as changes for one will likely affect the other.
>
> CSR: https://bugs.openjdk.java.net/browse/JDK-8238911
> webrev: https://cr.openjdk.java.net/~ascarpino/8237219/
>
> The curves affected are:
> secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1,
> secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1,
> sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1,
> sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1,
> sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62
> c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62
> c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62
> prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62
> prime239v3, brainpoolP256r1 brainpoolP320r1, brainpoolP384r1,
> brainpoolP512r1
>
> Tony
More information about the security-dev
mailing list