Code review request: 7197245: Eliminate sun.security.ssl.JsseJce dependency on sun.security.ec

Vincent Ryan vincent.x.ryan at oracle.com
Mon Sep 17 06:42:40 PDT 2012


Hello Stephen,

We have crossed paths on this one.

My original intention was just to address a static dependency in the Jigsaw module containing JSSE. However
now it seems better to adopt your broader solution. I have discarded my changeset and closed CR 7197245 as a duplicate of CR 7194075.

Thanks.



On 12 Sep 2012, at 21:13, Stephen Flores wrote:

> Vincent,
> 
> It seems like we are work on same area, except I have a larger scope.
> 
> The JSSE is not the only package to have sun.security.ec dependencies, PKCS 11 has them plus the Public and private key class and the EC unit test. I have same type of changes in mind so I can remove the duplicate classes in rt.jar.
> 
> CR 7194075: Various classes of sunec.jar are duplicated in rt.jar
> 
> The main difference is that I moved the decode and encode point method out to a new class sun.security.util.ECUtil to avoid duplication and since PKCS11 would need the same changes JSSE for ECParameters and NamedCurve and to minimize the changes in JSSE and PKCS11, I just changed ECParmeters and NamedCurve to ECUtil and put the new code that uses the ECGenParameterSpec in the ECUtil for both packages to use.
> 
> I moved all of static lookup methods in ECParameters, NamedCurve and the curve repository to separate class (CurveDB). This made ECParameters and NamedCurve cleaner and easier work on (there was some ECParameters cleanup.
> 
> PKCS needed to get curve by key size so a create a new AlgorithmParameterSpec for that.
> 
> I have not tried to compile my code yet, but here is a webrev:
> 
> http://cr.openjdk.java.net/~sflores/7194075/webrev-suggested-fix-0/
> 
> It does not include the make file changes need to the rt.jar duplication or the change to the EC unit test to use the list of supported curves that the SunECEntries has already, (I have to write code to parser list) and have the unit test use ECGenParameterSpec instead of ECParameterSpec.
> 
> Steve.
> 
> 
> On 09/11/2012 12:22 PM, Vincent Ryan wrote:
>> 
>> Hello Brad,
>> 
>> Please review these changes to eliminate the dependency between the
>> SunJSSE provider and the ECParameters and NamedCurve classes in the
>> SunEC provider.
>> 
>> http://cr.openjdk.java.net/~vinnie/7197245/webrev.00/
>> 
>> Thanks.




More information about the security-dev mailing list