8237219: Disabling the native SunEC implementation

Anthony Scarpino anthony.scarpino at oracle.com
Tue Mar 3 18:42:58 UTC 2020


On 3/3/20 8:55 AM, Xuelei Fan wrote:
> SunEC.java:
> 
>    59         String s = System.getProperty("jdk.sunec.disableNative");
>    60         if (s != null && s.equalsIgnoreCase("false")) {
>    61             disableNative = false;
>    62         }
> 
> Do you want to get the property value in the privileged block so that it 
> works if security manager enabled?

Sean?

> 
> Per line 60, native is disabled if the property is set to value other 
> than "false'.  It would be nice to describe the behavior in the CSR.

ok

> 
> 
> Xuelei
> 
> On 3/2/2020 4:40 PM, Anthony Scarpino wrote:
>> Hi
>>
>> I need a review of the CSR and webrev for disabling by default the 
>> native SunEC curves from the API.  With the recent verification 
>> changes in JDK-8237218, SunJCE is long dependent on the native code 
>> for verifying the constant-time curves.  This disabling can be undone 
>> with setting a  system property, jdk.sunec.disableNative.  I'm doing a 
>> simultaneous review as changes for one  will likely affect the other.
>>
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8238911
>> webrev: https://cr.openjdk.java.net/~ascarpino/8237219/
>>
>> The curves affected are:
>> secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, 
>> secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, 
>> sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, 
>> sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, 
>> sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, 
>> X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 
>> c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, 
>> X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 
>> prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1 
>> brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
>>
>> Tony



More information about the security-dev mailing list