8237219: Disabling the native SunEC implementation
Xuelei Fan
xuelei.fan at oracle.com
Tue Mar 3 16:55:32 UTC 2020
SunEC.java:
59 String s = System.getProperty("jdk.sunec.disableNative");
60 if (s != null && s.equalsIgnoreCase("false")) {
61 disableNative = false;
62 }
Do you want to get the property value in the privileged block so that it
works if security manager enabled?
Per line 60, native is disabled if the property is set to value other
than "false'. It would be nice to describe the behavior in the CSR.
Xuelei
On 3/2/2020 4:40 PM, Anthony Scarpino wrote:
> Hi
>
> I need a review of the CSR and webrev for disabling by default the
> native SunEC curves from the API. With the recent verification changes
> in JDK-8237218, SunJCE is long dependent on the native code for
> verifying the constant-time curves. This disabling can be undone with
> setting a system property, jdk.sunec.disableNative. I'm doing a
> simultaneous review as changes for one will likely affect the other.
>
> CSR: https://bugs.openjdk.java.net/browse/JDK-8238911
> webrev: https://cr.openjdk.java.net/~ascarpino/8237219/
>
> The curves affected are:
> secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1,
> secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1,
> sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1,
> sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1,
> sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62
> c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62
> c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62
> prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62
> prime239v3, brainpoolP256r1 brainpoolP320r1, brainpoolP384r1,
> brainpoolP512r1
>
> Tony
More information about the security-dev
mailing list