Code review request: 7197245: Eliminate sun.security.ssl.JsseJce dependency on sun.security.ec

Stephen Flores stephen.flores at oracle.com
Wed Sep 12 13:13:14 PDT 2012


Vincent,

It seems like we are work on same area, except I have a larger scope.

The JSSE is not the only package to have sun.security.ec dependencies, 
PKCS 11 has them plus the Public and private key class and the EC unit 
test. I have same type of changes in mind so I can remove the duplicate 
classes in rt.jar.

CR 7194075: Various classes of sunec.jar are duplicated in rt.jar

The main difference is that I moved the decode and encode point method 
out to a new class sun.security.util.ECUtil to avoid duplication and 
since PKCS11 would need the same changes JSSE for ECParameters and 
NamedCurve and to minimize the changes in JSSE and PKCS11, I just 
changed ECParmeters and NamedCurve to ECUtil and put the new code that 
uses the ECGenParameterSpec in the ECUtil for both packages to use.

I moved all of static lookup methods in ECParameters, NamedCurve and the 
curve repository to separate class (CurveDB). This made ECParameters and 
NamedCurve cleaner and easier work on (there was some ECParameters cleanup.

PKCS needed to get curve by key size so a create a new 
AlgorithmParameterSpec for that.

I have not tried to compile my code yet, but here is a webrev:

  http://cr.openjdk.java.net/~sflores/7194075/webrev-suggested-fix-0/

It does not include the make file changes need to the rt.jar duplication 
or the change to the EC unit test to use the list of supported curves 
that the SunECEntries has already, (I have to write code to parser list) 
and have the unit test use ECGenParameterSpec instead of ECParameterSpec.

Steve.


On 09/11/2012 12:22 PM, Vincent Ryan wrote:
>
> Hello Brad,
>
> Please review these changes to eliminate the dependency between the
> SunJSSE provider and the ECParameters and NamedCurve classes in the
> SunEC provider.
>
> http://cr.openjdk.java.net/~vinnie/7197245/webrev.00/
>
> Thanks.



More information about the security-dev mailing list