8237219: Disabling the native SunEC implementation

Sean Mullan sean.mullan at oracle.com
Thu Mar 19 19:23:16 UTC 2020


On 3/12/20 2:23 AM, Anthony Scarpino wrote:
> Another webrev update with Max's recent comments.
> https://cr.openjdk.java.net/~ascarpino/8237219/webrev.03
> 
> Also I still need a reviewer for the CSR.

For the CSR, I think the Compatibility Kind should be "Behavioral" and 
the Scope "JDK".

Can you list in the Specification section the APIs that will now throw 
an Exception when the native library is disabled and what that Exception 
is? The code diffs, while fine to leave in, seem a bit too raw to 
understand exactly what the behavior change is.

Also, I think the specification section should provide a description of 
the system property, what the default value is and how the 
implementation handles case sensitivity and syntax errors (does it throw 
an Exception, ignore invalid values, etc).

--Sean

> 
> thanks
> 
> Tony
> 
> On 3/2/20 4:40 PM, Anthony Scarpino wrote:
>> Hi
>>
>> I need a review of the CSR and webrev for disabling by default the 
>> native SunEC curves from the API.  With the recent verification 
>> changes in JDK-8237218, SunJCE is long dependent on the native code 
>> for verifying the constant-time curves.  This disabling can be undone 
>> with setting a  system property, jdk.sunec.disableNative.  I'm doing a 
>> simultaneous review as changes for one  will likely affect the other.
>>
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8238911
>> webrev: https://cr.openjdk.java.net/~ascarpino/8237219/
>>
>> The curves affected are:
>> secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, 
>> secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, 
>> sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, 
>> sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, 
>> sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, 
>> X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 
>> c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, 
>> X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 
>> prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1 
>> brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
>>
>> Tony
> 


More information about the security-dev mailing list