Merge pull request #1531 from Sreekala-Gopakumar/1524PBKDF2

Add "-Djdk.nativePBKDF2=false" to control the behaviour of native PBKDF2

Author: pshipton

docs/djdknativecrypto.md

@@ -47,6 +47,7 @@ OpenSSL support is enabled by default for the following algorithms:
 - GCM
 - MD5
 - PBE cipher
+- PBKDF2
 - RSA
 - SHA-224
 - SHA-256
@@ -77,6 +78,7 @@ If you want to turn off the algorithms individually, use the following system pr
 - [`-Djdk.nativeECKeyGen`](djdknativeeckeygen.md)
 - [`-Djdk.nativeGCM`](djdknativegcm.md)
 - [`-Djdk.nativePBE`](djdknativepbe.md)
+- [`-Djdk.nativePBKDF2`](djdknativepbkdf2.md)
 - [`-Djdk.nativeRSA`](djdknativersa.md)
 - ![Start of content that applies to Java 11 (LTS) and later](cr/java11plus.png) [`-Djdk.nativeXDHKeyAgreement`](djdknativexdhkeyagreement.md)
 - [`-Djdk.nativeXDHKeyGen`](djdknativexdhkeygen.md) ![End of content that applies to Java 11 (LTS) and later](cr/java_close_lts.png)

docs/djdknativepbkdf2.md

@@ -0,0 +1,46 @@
+<!--
+* Copyright (c) 2017, 2025 IBM Corp. and others
+*
+* This program and the accompanying materials are made
+* available under the terms of the Eclipse Public License 2.0
+* which accompanies this distribution and is available at
+* https://www.eclipse.org/legal/epl-2.0/ or the Apache
+* License, Version 2.0 which accompanies this distribution and
+* is available at https://www.apache.org/licenses/LICENSE-2.0.
+*
+* This Source Code may also be made available under the
+* following Secondary Licenses when the conditions for such
+* availability set forth in the Eclipse Public License, v. 2.0
+* are satisfied: GNU General Public License, version 2 with
+* the GNU Classpath Exception [1] and GNU General Public
+* License, version 2 with the OpenJDK Assembly Exception [2].
+*
+* [1] https://www.gnu.org/software/classpath/license.html
+* [2] https://openjdk.org/legal/assembly-exception.html
+*
+* SPDX-License-Identifier: EPL-2.0 OR Apache-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0 OR GPL-2.0-only WITH OpenJDK-assembly-exception-1.0
+-->
+
+# -Djdk.nativePBKDF2
+
+This option enables or disables OpenSSL native cryptographic support for the PBKDF2 (Password based key derivation) algorithm.
+
+## Syntax
+
+        -Djdk.nativePBKDF2=[true|false]
+
+
+| Setting           | value    | Default                                                                        |
+|-------------------|----------|:------------------------------------------------------------------------------:|
+| `-Djdk.nativePBKDF2` | true     | :fontawesome-solid-check:{: .yes aria-hidden="true"}<span class="sr-only">yes</span> |
+| `-Djdk.nativePBKDF2` | false    |                                                                                |
+
+## Explanation
+
+OpenSSL support is enabled by default for the PBKDF2 algorithm. If you want to turn off support for this algorithm only, set this option to `false`. To turn off support for this and other algorithms, see the [`-Djdk.nativeCrypto`](djdknativecrypto.md) system property command line option.
+
+## See also
+
+- [What's new in version 0.53.0](version0.53.md#openssl-support-added-for-pbkdf2-algorithm)
+
+<!-- ==== END OF TOPIC ==== djdknativepbkdf2.md ==== -->

docs/openssl.md

@@ -23,7 +23,7 @@
 
 # OpenSSL
 
-OpenJDK uses the in-built Java™ cryptographic implementation by default but Eclipse OpenJ9™ also provides some support for the OpenSSL cryptographic library. OpenSSL is an open source cryptographic toolkit for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which is well established and used with many enterprise applications. Because it is a native library, OpenSSL might provide better performance. To use OpenSSL cryptographic acceleration, install OpenSSL 1.0.x, 1.1.x, or 3.x on your system. The OpenSSL V1.0.x, V1.1.x, and V3.x implementations are currently supported for the Digest, CBC, GCM, RSA, ECDH key agreement, PBE, and EC key generation algorithms. The OpenSSL V1.1.x and V3.x implementations are also supported for the ChaCha20 cipher, ChaCha20-Poly1305 cipher, and ECDSA signature algorithms. The OpenSSL V1.1.1 onwards implementations are supported for the XDH key agreement and XDH key generation algorithms.
+OpenJDK uses the in-built Java™ cryptographic implementation by default but Eclipse OpenJ9™ also provides some support for the OpenSSL cryptographic library. OpenSSL is an open source cryptographic toolkit for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which is well established and used with many enterprise applications. Because it is a native library, OpenSSL might provide better performance. To use OpenSSL cryptographic acceleration, install OpenSSL 1.0.x, 1.1.x, or 3.x on your system. The OpenSSL V1.0.x, V1.1.x, and V3.x implementations are currently supported for the Digest, CBC, GCM, RSA, ECDH key agreement, PBE, PBKDF2, and EC key generation algorithms. The OpenSSL V1.1.x and V3.x implementations are also supported for the ChaCha20 cipher, ChaCha20-Poly1305 cipher, and ECDSA signature algorithms. The OpenSSL V1.1.1 onwards implementations are supported for the XDH key agreement and XDH key generation algorithms.
 
 On Linux® and AIX® operating systems, the OpenSSL 1.0.x, 1.1.x, or 3.x library is expected to be found on the system path. If you use a package manager to install OpenSSL, the system path will be updated automatically. On Windows™ and MacOS® the OpenSSL 3.x library is bundled. Later levels of some Linux operating systems also bundle OpenSSL 3.x.
 
@@ -44,6 +44,7 @@ Each algorithm can be disabled individually by setting the following system prop
 - To turn off **EC key generation**, set [`-Djdk.nativeECKeyGen=false`](djdknativeeckeygen.md)
 - To turn off **GCM**, set [`-Djdk.nativeGCM=false`](djdknativegcm.md)
 - To turn of **PBE cipher**, set [`-Djdk.nativePBE=false`](djdknativepbe.md)
+- To turn off **PBKDF2** (Password based key derivation), set [`-Djdk.nativePBKDF2=false`](djdknativepbkdf2.md)
 - To turn off **RSA**, set [`-Djdk.nativeRSA=false`](djdknativersa.md)
 - ![Start of content that applies to Java 11 (LTS) and later](cr/java11plus.png) To turn off **XDH key agreement**, set [`-Djdk.nativeXDHKeyAgreement=false`](djdknativexdhkeyagreement.md)
 - To turn off **XDH key generation**, set [`-Djdk.nativeXDHKeyGen=false`](djdknativexdhkeygen.md) ![End of content that applies to Java 11 (LTS) and later](cr/java_close_lts.png)

docs/version0.53.md

@@ -0,0 +1,47 @@
+<!--
+* Copyright (c) 2017, 2025 IBM Corp. and others
+*
+* This program and the accompanying materials are made
+* available under the terms of the Eclipse Public License 2.0
+* which accompanies this distribution and is available at
+* https://www.eclipse.org/legal/epl-2.0/ or the Apache
+* License, Version 2.0 which accompanies this distribution and
+* is available at https://www.apache.org/licenses/LICENSE-2.0.
+*
+* This Source Code may also be made available under the
+* following Secondary Licenses when the conditions for such
+* availability set forth in the Eclipse Public License, v. 2.0
+* are satisfied: GNU General Public License, version 2 with
+* the GNU Classpath Exception [1] and GNU General Public
+* License, version 2 with the OpenJDK Assembly Exception [2].
+*
+* [1] https://www.gnu.org/software/classpath/license.html
+* [2] https://openjdk.org/legal/assembly-exception.html
+*
+* SPDX-License-Identifier: EPL-2.0 OR Apache-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0 OR GPL-2.0-only WITH OpenJDK-assembly-exception-1.0
+-->
+
+# What's new in version 0.53.0
+
+The following new features and notable changes since version 0.51.0 are included in this release:
+
+- [New binaries and changes to supported environments](#binaries-and-supported-environments)
+- [OpenSSL support added for PBKDF2 algorithm](#openssl-support-added-for-pbkdf2-algorithm)
+
+## Features and changes
+
+### Binaries and supported environments
+
+Eclipse OpenJ9&trade; release 0.53.0 supports OpenJDK 8, 11, 17, and 21.
+
+To learn more about support for OpenJ9 releases, including OpenJDK levels and platform support, see [Supported environments](openj9_support.md).
+
+### OpenSSL support added for PBKDF2 algorithm
+
+OpenSSL native cryptographic support is added for the Password based key derivation (PBKDF2) algorithm, providing improved cryptographic performance. OpenSSL support is enabled by default for the PBKDF2 algorithm. If you want to turn off support for the PBKDF2 algorithm, set the [`-Djdk.nativePBKDF2`](djdknativepbkdf2.md) system property to `false`.
+
+## Known problems and full release information
+
+To see known problems and a complete list of changes between Eclipse OpenJ9 v0.51.0 and v0.53.0 releases, see the [Release notes](https://github.com/eclipse-openj9/openj9/blob/master/doc/release-notes/0.53/0.53.md).
+
+<!-- ==== END OF TOPIC ==== version0.53.md ==== -->

mkdocs.yml

@@ -101,6 +101,7 @@ nav:
 
     - "Release notes" :
         - "Overview"                                                             : openj9_releases.md
+        - "Version 0.53.0"                                                       : version0.53.md
         - "Version 0.51.0"                                                       : version0.51.md
         - "Version 0.49.0"                                                       : version0.49.md
         - "Version 0.48.0"                                                       : version0.48.md
@@ -271,6 +272,7 @@ nav:
             - "-Djdk.nativeECKeyGen"                                             : djdknativeeckeygen.md
             - "-Djdk.nativeGCM"                                                  : djdknativegcm.md
             - "-Djdk.nativePBE"                                                  : djdknativepbe.md
+            - "-Djdk.nativePBKDF2"                                               : djdknativepbkdf2.md
             - "-Djdk.nativeRSA"                                                  : djdknativersa.md
             - "-Djdk.nativeXDHKeyAgreement"                                      : djdknativexdhkeyagreement.md
             - "-Djdk.nativeXDHKeyGen"                                            : djdknativexdhkeygen.md