7194075: Various classes of sunec.jar are duplicated in rt.jar
Stephen Flores
stephen.flores at oracle.com
Wed Dec 19 16:51:43 PST 2012
Xuelei,
Sorry, for the delayed response, I have been working in another area.
Comments below:
On 12/09/2012 10:07 PM, Xuelei Fan wrote:
> Hi Stephen,
>
> The update in JsseJce.java update the behaviors of SunJSSE provider.
> Need more time to evaluate the impact.
>
> For a particular standard named curve of EC, I think the ECParameterSpec
> does not change in different providers. I was wondering, is it
> necessary to bind the ECParameterSpec with a particular provider? in
> ECUtil, you have methods like this one:
>
> ECParameterSpec getECParameterSpec(Provider p, ECParameterSpec spec)
>
> I think it converts from one ECParameterSpec object to another
> ECParameterSpec object. What's the usage of this method?
>
From what I can see of the code, the caller is checking to see the
curve is supported. I did not change what was being done, but changed
code path from a direct call into the sun.security.ec package to call
into java.security packages.
The provider parameter is there because to be provider independent,
since the calling JSSE had already obtained the EC provider it intends
to use, so I did not want to use the default provider.
> And this one:
> ECParameterSpec getECParameterSpec(Provider p, String name)
>
> For named curves, is it possible to make methods like this one to be
> provider independent?
>
Again, a calling class will have already obtained the EC provider they
intend to use.
Steve.
> Regards,
> Xuelei
>
>
> On 11/27/2012 11:21 AM, Stephen Flores wrote:
>> Vincent, Sean,
>>
>> Please review the fix for:
>>
>> CR 7194075: Various classes of sunec.jar are duplicated in rt.jar
>>
>> http://cr.openjdk.java.net/~sflores/7194075/webrev-1/
>>
>> Changes:
>>
>> *Changed/renamed any of methods that did not support the public API to
>> package private.
>>
>> *Moved the decode and encode point methods out of ECParameters to a new
>> class sun.security.util.ECUtil.
>>
>> *Changed any "new byte[], System.arraycopy" blocks in ECUtil point
>> methods to Arrays.copyOfRange.
>>
>> *Added a new AlgorithmParameterSpec in sun.security.util to get curves
>> by key size, for PKCS11 to use.
>>
>> *Moved all of static lookup methods in ECParameters, NamedCurve and the
>> curve repository to separate class (CurveDB). This made ECParameters and
>> NamedCurve cleaner and easier work on (there was some ECParameters cleanup.
>>
>> *In JSSE and PKCS11 and changed the references to ECParmeters and
>> NamedCurve to the ECUtil which has utility methods that use the public
>> APIs.
>>
>> *Changed to the EC unit test to use the list of supported curves in the
>> property that the SunEC provider has already.
>>
>> *Changed SunECEntries to build the list of supported curves property
>> from the collection in CurveDB.
>>
>> *Changed the JDK makefiles to not duplicate EC classes in rt.jar.
>>
>> Thanks,
>>
>> Steve.
>
More information about the security-dev
mailing list