[8u] RFR 8035166: Remove dependency on EC classes from pkcs11 provider

Andrew Hughes gnu.andrew at redhat.com
Thu Dec 3 16:36:44 UTC 2020


On 19:30 Thu 03 Dec     , Alexander Scherbatiy wrote:
> Hello,
> 
> Could you review the backport of JDK-8035166 to 8u.
> This backport was requested during review [1] of
>    JDK-8233228 Disable weak named curves by default in TLS, CertPath, and
> Signed JAR
> 
> Bug: https://bugs.openjdk.java.net/browse/JDK-8035166
> 11u patch: https://hg.openjdk.java.net/jdk-updates/jdk11u/rev/daa21271c03b
> 8u webrev: http://cr.openjdk.java.net/~alexsch/sercher/8035166/webrev.00
> 
> The classes ECParameters, NamedCurve, and CurveDB needs to be moved from
> sun.security.ec package
> to sun.security.util for JDK-8233228 because sun.security.ec is placed in
> sunec.jar and these classes are not accessible
> from ConstraintsParameters, DisabledAlgorithmConstraints which are stored in
> rt.jar.
> 
> 8035166 backport to 8u (compared to 11u):
> * Manual merge in ConstraintsParameters.java (XECKey, NamedParameterSpec are
> not available in 8u).
> * files java.security-<platform> are separate in each platform, applied
> identical changes in all
> * context differences in multiple files
> 
> The tests compact3, java_security, java_security_infra, needs_jdk, and
> needs_jre were run.
> 
> In total they contain the following security and crypto tests:
>   sun/security/tools/jarsigner/*
>   com/sun/crypto/provider/*
>   com/sun/security/*
>   java/security/*
>   javax/crypto/*
>   javax/net/ssl/*
>   javax/security/*
>   javax/xml/crypto/*
>   sun/security/*
>   security/infra/java/security/*
> 
> The are no new failures comparing to the build without the fix.
> 
> [1]
> https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-December/013164.html
> 
> Thanks,
> Alexander.
> 

It's still not been explained why these changes are required for JDK-8233228.
Can you please answer that question? There may be no need for this backport
if JDK-8233228 can be done another way.

Thanks,
-- 
Andrew :)

Senior Free Java Software Engineer
OpenJDK Package Owner
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222


More information about the jdk8u-dev mailing list