[8u] RFR 8035166: Remove dependency on EC classes from pkcs11 provider
Alexander Scherbatiy
alexander.scherbatiy at bell-sw.com
Thu Dec 3 16:30:11 UTC 2020
Hello,
Could you review the backport of JDK-8035166 to 8u.
This backport was requested during review [1] of
JDK-8233228 Disable weak named curves by default in TLS, CertPath,
and Signed JAR
Bug: https://bugs.openjdk.java.net/browse/JDK-8035166
11u patch: https://hg.openjdk.java.net/jdk-updates/jdk11u/rev/daa21271c03b
8u webrev: http://cr.openjdk.java.net/~alexsch/sercher/8035166/webrev.00
The classes ECParameters, NamedCurve, and CurveDB needs to be moved from
sun.security.ec package
to sun.security.util for JDK-8233228 because sun.security.ec is placed
in sunec.jar and these classes are not accessible
from ConstraintsParameters, DisabledAlgorithmConstraints which are
stored in rt.jar.
8035166 backport to 8u (compared to 11u):
* Manual merge in ConstraintsParameters.java (XECKey, NamedParameterSpec
are not available in 8u).
* files java.security-<platform> are separate in each platform, applied
identical changes in all
* context differences in multiple files
The tests compact3, java_security, java_security_infra, needs_jdk, and
needs_jre were run.
In total they contain the following security and crypto tests:
sun/security/tools/jarsigner/*
com/sun/crypto/provider/*
com/sun/security/*
java/security/*
javax/crypto/*
javax/net/ssl/*
javax/security/*
javax/xml/crypto/*
sun/security/*
security/infra/java/security/*
The are no new failures comparing to the build without the fix.
[1]
https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-December/013164.html
Thanks,
Alexander.
More information about the jdk8u-dev
mailing list