[security-dev 00386]: Re: Cleaning up crypto support

Mark Wielaard mark at klomp.org
Thu Nov 6 14:17:15 UTC 2008


Hi,

On Thu, 2008-10-02 at 11:49 +0200, Mark Wielaard wrote:
> On Thu, 2008-09-25 at 20:56 +0200, Mark Wielaard wrote:
> > I believe this version is pretty clean. And it should be simple to
> > verify that it works correctly now since all unnecessary code is just
> > thrown out. Of course I threw all the crypto and security tests at it
> > that I could find and all happily passed. I did alter the TestUtil class
> > so that it always checks all algorithms and full keys.
> > 
> > It would be nice to push this in OpenJDK proper so there is less
> > divergence and so the GPLed version always has full crypto support
> > enabled.
> > 
> > If you still want to support a ClosedJDK with restricted crypto support
> > then all you have to do it provide your own Cipher and JceSecurity
> > class, plus any of the now removed auxiliary classes JarVerfifier and
> > JceSecurityManager. Everything else can be the same between the free
> > openjdk and proprietary closedjdk.
> > 
> > Please let me know if you would need any help integrating this.
> > I did already push it into icedtea6.
> 
> I didn't see any replies to this yet. Please do let me know if I can
> help in any way to get this pushed forward faster.

It seems this is working out good for the GNU/Linux distros based on the
latest IcedTea6 releases, so getting this upstream would be nice.
Anything I can do to help with that?

Thanks,

Mark




More information about the security-dev mailing list