RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v5]

Valerie Peng valeriep at openjdk.java.net
Tue Mar 15 20:40:45 UTC 2022


On Mon, 14 Mar 2022 21:18:56 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Update again and undo DSA changes
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java line 101:
> 
>> 99:         // set default key sizes and apply our own algorithm-specific limits
>> 100:         // override lower limit to disallow unsecure keys being generated
>> 101:         // override upper limit to deter DOS attack
> 
> Not a P11 expert, but I assume `algorithm` here is already guaranteed to be in uppercase?

Yes, for P11KeyPairGenerator, its algorithm values are all in uppercase. I verified it with an existing regression test.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7652



More information about the security-dev mailing list