[security-dev 00389]: Re: Cleaning up crypto support]

Brad Wetmore Bradford.Wetmore at Sun.COM
Thu Nov 6 18:36:00 UTC 2008


I got brought into a high priority escalation for the last couple weeks, 
I'm think I'm finally coming to the end and will respond then.  I owe 
several responses.

This really has been an insane couple of months.

Brad


Mark Wielaard wrote:
> Hi,
> 
> On Thu, 2008-10-02 at 11:49 +0200, Mark Wielaard wrote:
>> On Thu, 2008-09-25 at 20:56 +0200, Mark Wielaard wrote:
>>> I believe this version is pretty clean. And it should be simple to
>>> verify that it works correctly now since all unnecessary code is just
>>> thrown out. Of course I threw all the crypto and security tests at it
>>> that I could find and all happily passed. I did alter the TestUtil class
>>> so that it always checks all algorithms and full keys.
>>>
>>> It would be nice to push this in OpenJDK proper so there is less
>>> divergence and so the GPLed version always has full crypto support
>>> enabled.
>>>
>>> If you still want to support a ClosedJDK with restricted crypto support
>>> then all you have to do it provide your own Cipher and JceSecurity
>>> class, plus any of the now removed auxiliary classes JarVerfifier and
>>> JceSecurityManager. Everything else can be the same between the free
>>> openjdk and proprietary closedjdk.
>>>
>>> Please let me know if you would need any help integrating this.
>>> I did already push it into icedtea6.
>> I didn't see any replies to this yet. Please do let me know if I can
>> help in any way to get this pushed forward faster.
> 
> It seems this is working out good for the GNU/Linux distros based on the
> latest IcedTea6 releases, so getting this upstream would be nice.
> Anything I can do to help with that?
> 
> Thanks,
> 
> Mark
> 




More information about the security-dev mailing list