Use of OpenSSL as JCE security provider if available on system

Steve Groeger GROEGES at uk.ibm.com
Fri Mar 15 15:31:05 UTC 2019 

Martin, 

> 1) Is this integrated to the JCE crypto providers framework or does it 
work separately?
No, this is not currently integrated into the JCE crypto providers 
framework. 
The implementation we currently have integrates into the existing JCE 
providers and it defaults to using the OpenSSL libraries, if they are 
found and can be used, otherwise it drops back to the existing 
implementation provided with the JDK. As I stated previously the entire 
use of the the OpenSSL library can be enabled / disabled as well as the 
use of specific OpenSSL algorithms using java runtime options.

> 2) Which algorithms are under scope?
The OpenSSL algorithms we have currently done this work for are RSA, CMC, 
GCM and Digest. 

Thanks
Steve Groeger
IBM Runtime Technologies
Hursley, Winchester
Tel: (44) 1962 816911  Mobex: 279990  Mobile: 07718 517 129
Fax (44) 1962 816800
Lotus Notes: Steve Groeger/UK/IBM
Internet: groeges at uk.ibm.com

Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU



From:   Martin Balao <mbalao at redhat.com>
To:     security-dev at openjdk.java.net
Date:   15/03/2019 13:35
Subject:        Re: Use of OpenSSL as JCE security provider if available 
on system
Sent by:        "security-dev" <security-dev-bounces at openjdk.java.net>



Hi Steve,

This looks interesting.

I have a couple of questions:

1) Is this integrated to the JCE crypto providers framework or does it
work separately? The properties "jdk.nativeCrypto" and
"jdk.nativeDigest" made me think it's not.

2) Which algorithms are under scope?

Kind regards,
Martin.-




Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598. 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190315/b988f786/attachment.htm>

More information about the security-dev mailing list