On 3/3/20 1:42 PM, Anthony Scarpino wrote:
On 3/3/20 8:55 AM, Xuelei Fan wrote:
SunEC.java:
59 String s = System.getProperty("jdk.sunec.disableNative");
60 if (s != null && s.equalsIgnoreCase("false")) {
61 disableNative = false;
62 }
Do you want to get the property value in the privileged block so that
it works if security manager enabled?
Sean?
Yes, you can just use
sun.security.action.GetPropertyAction.privilegedGetProperty().
--Sean
Per line 60, native is disabled if the property is set to value other
than "false'. It would be nice to describe the behavior in the CSR.
ok
Xuelei
On 3/2/2020 4:40 PM, Anthony Scarpino wrote:
Hi
I need a review of the CSR and webrev for disabling by default the
native SunEC curves from the API. With the recent verification
changes in JDK-8237218, SunJCE is long dependent on the native code
for verifying the constant-time curves. This disabling can be undone
with setting a system property, jdk.sunec.disableNative. I'm doing
a simultaneous review as changes for one will likely affect the other.
CSR: https://bugs.openjdk.java.net/browse/JDK-8238911
webrev: https://cr.openjdk.java.net/~ascarpino/8237219/
The curves affected are:
secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1,
secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1,
sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1,
sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1,
sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1,
X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62
c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1,
X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62
prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1
brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
Tony
