8237219: Disabling the native SunEC implementation
Anthony Scarpino
anthony.scarpino at oracle.com
Thu Mar 19 21:46:11 UTC 2020
On 3/19/20 12:23 PM, Sean Mullan wrote:
> On 3/12/20 2:23 AM, Anthony Scarpino wrote:
>> Another webrev update with Max's recent comments.
>> https://cr.openjdk.java.net/~ascarpino/8237219/webrev.03
>>
>> Also I still need a reviewer for the CSR.
>
> For the CSR, I think the Compatibility Kind should be "Behavioral" and
> the Scope "JDK".
>
> Can you list in the Specification section the APIs that will now throw
> an Exception when the native library is disabled and what that Exception
> is? The code diffs, while fine to leave in, seem a bit too raw to
> understand exactly what the behavior change is.
>
> Also, I think the specification section should provide a description of
> the system property, what the default value is and how the
> implementation handles case sensitivity and syntax errors (does it throw
> an Exception, ignore invalid values, etc).
>
> --Sean
Updated
>
>>
>> thanks
>>
>> Tony
>>
>> On 3/2/20 4:40 PM, Anthony Scarpino wrote:
>>> Hi
>>>
>>> I need a review of the CSR and webrev for disabling by default the
>>> native SunEC curves from the API. With the recent verification
>>> changes in JDK-8237218, SunJCE is long dependent on the native code
>>> for verifying the constant-time curves. This disabling can be undone
>>> with setting a system property, jdk.sunec.disableNative. I'm doing
>>> a simultaneous review as changes for one will likely affect the other.
>>>
>>> CSR: https://bugs.openjdk.java.net/browse/JDK-8238911
>>> webrev: https://cr.openjdk.java.net/~ascarpino/8237219/
>>>
>>> The curves affected are:
>>> secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1,
>>> secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1,
>>> sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1,
>>> sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1,
>>> sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1,
>>> X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62
>>> c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1,
>>> X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62
>>> prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1
>>> brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
>>>
>>> Tony
>>
More information about the security-dev
mailing list