RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v5]
Valerie Peng
valeriep at openjdk.java.net
Tue Mar 15 20:40:45 UTC 2022
On Mon, 14 Mar 2022 21:18:56 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Update again and undo DSA changes
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java line 101:
>
>> 99: // set default key sizes and apply our own algorithm-specific limits
>> 100: // override lower limit to disallow unsecure keys being generated
>> 101: // override upper limit to deter DOS attack
>
> Not a P11 expert, but I assume `algorithm` here is already guaranteed to be in uppercase?
Yes, for P11KeyPairGenerator, its algorithm values are all in uppercase. I verified it with an existing regression test.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7652
More information about the security-dev
mailing list