RFR: JDK-8308398 Move SunEC crypto provider into java.base
Alan Bateman
alanb at openjdk.org
Tue Jun 20 10:52:18 UTC 2023
On Tue, 13 Jun 2023 20:36:28 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
> Hi,
>
> I need a code review for moving the contents of the jdk.crypto.ec module into java.base. This moves the SunEC JCE Provider (Elliptic Curve) into java.base. EC has always been separate from the base module/pkg because of its dependence on a native library. That library was removed in JDK 16. An empty jdk.crypto.ec module will remain for compatibility, but marked as deprecated with the intent to be removed in a future release.
>
> There should be no compatibility risk for application using EC through JCE. There are no public API changes to EC, XEC, and EdDSA classes . Applications that unwisely accessing internal EC classes will need to use the java.base module.
>
> Thanks
>
> Tony
test/jdk/sun/security/ec/ecModuleCheck.java line 43:
> 41: throw new AssertionError("jdk.crypto.ec module does not exist");
> 42: }
> 43: System.out.println("jdk.crypto.ec module exists");
`@modules jdk.crypto.ec` in the test description means this test will not be selected/executed if the jdk.crypto.ec is not the run-time image. It also means the test with run with `--add-modules jdk.crypto.ec` which is not what you want. I think this is closer to what you want in this test:
assertTrue(ModuleFinder.ofSystem().find("jdk.crypto.ec").isPresent());
assertFalse(ModuleLayer.boot().findModule("jdk.crypto.ec").isPresent());
This tests that the jdk.crypto.ec is observable but is not resolved.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/14457#discussion_r1235086798
More information about the security-dev
mailing list