RFR: JDK-8308398 Move SunEC crypto provider into java.base

[Anthony Scarpino]

On Sat, 17 Jun 2023 13:10:35 GMT, Alan Bateman <alanb at openjdk.org> wrote:

> > This moves the SunEC JCE Provider (Elliptic Curve) into java.base. EC has always been separate from the base module/pkg because of its dependence on a native library. That library was removed in JDK 16.
> 
> The proposed changes look okay, meaning it should be okay to have the SunEC provider in java.base. However, the motivation isn't clear as there isn't an issue with JCE providers in java.base using native code. I know there were non-technical issues with libsunec in the past but that would haven't prevent the SunEC code form being compiled into java.base.
> 

>From what I was told, the native library was one of the reasons it was not in the base pkg before modularization and just remained so afterwards.

> I assume the main implications of the change is that 3rd party JCE providers signed with an EC certificate can now be deployed on the module path. Another way to solve that issue is that delay verification of signed JARs until the boot layer is created - if we did that, would you still want to move the SunEC provider into java.base? Maybe you want it in java.base so there is an alternative to RSA in all run-time images?

Just before this review went out I tried JDK-8215932.  At this point, I'm unable to reproduce the original problem with EC JCE signed jars.  I talked to the submitter and at this point I'm not sure if JDK-8215932 was incorrect or it was fixed elsewhere. That doesn't reduce the motivation to remove the module.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/14457#issuecomment-1596540890