missing ecc curves

[codespotx]

lookaside jdk has only 3 ecc curves, openjdk has 61.

links to compare according source (CurveDB.java):

https://github.com/ojdkbuild/lookaside_java-1.8.0-openjdk/blob/master/jdk/src/share/classes/sun/security/ec/CurveDB.java

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/a71d26266469/src/share/classes/sun/security/ec/CurveDB.java

[ojdkbuild]

Hi,

I don't have an explanation for this except "we are shipping the same as shipped in RHEL". I tried to find out the reason in the past but was unable to get the clear answer. I can suggest bringing this topic to Fedora/RHEL bugtracker. Also some discussion (but little details) are in this bug [1].

Closing as "notabug".

PS: in case if you are experimenting with different curves, I once wrote a utility for that, hopefully it may be useful [2].

[1] http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2390
[2] https://github.com/akashche/keystore-generator

[codespotx]

hi alex,
i am aware that these files come "somehow" from redhat.

the link on https://github.com/ojdkbuild/lookaside_java-1.8.0-openjdk/
https://git.centos.org/summary/?r=rpms/java-1.8.0-openjdk is empty and not helpful.

my assumption was that you are interested in tracking this down (and that you have some more insight)

update: bug 2390 is not answered correctly. these "improvements" in icedtea are more than questionable. how much more useless changes were done?

regards,
csp

[ojdkbuild]

Hi,

i am aware that these files come "somehow" from redhat.

the link on https://github.com/ojdkbuild/lookaside_java-1.8.0-openjdk/
https://git.centos.org/summary/?r=rpms/java-1.8.0-openjdk is empty and not helpful.

M, that link is correct, but require some background knowledge about RPM packaging. In short words:

• this repo is a "dist-git" repo, RPM builder checkouts it as a first step of building jdk RPM
• actual source code of the package (jdk sources in this case) are not stored inside that repo though, but in a special place for big binaries called "lookaside cache"; metadata file points to sources tarball [1]
• for windows builds such tarballs are imported into git repositories (with "looakside" prefix and into "looakside" branch); some details on this process [2]
• these sources are initially imported into CentOS infrastructure from RHEL7 (CentOS is the only way to get public RHEL7 sources [3])
• usually such source tarballs are "pristine" (contains exactly the same code as in upstream repo; that code may be patched during RPM build - for windows such patches are imported into "lookaside_" repos in "master" branch), but EC named curves is a special case; they are deleted during tarball bundling [4]

my assumption was that you are interested in tracking this down (and that you have some more insight)

Link [4] above should explain it, there sources are checked out from hg.openjdk.java.net and then EC curves are deleted before the sources are bundled. Thus when such tarball is imported into this project - there are no traces of deleted curves (as an opposite to normal patches, that can be inspected in master branch of a "lookaside_" repos).

HTH

[1] https://git.centos.org/blob/rpms!java-1.8.0-openjdk/c4ba7e1edd179ed5fb3ee72cd5a6eccc00fa1e20/.java-1.8.0-openjdk.metadata
[2] https://github.com/ojdkbuild/ojdkbuild/wiki/LookasideRepos
[3] https://lwn.net/Articles/603865/
[4] http://pkgs.fedoraproject.org/cgit/rpms/java-1.8.0-openjdk.git/tree/generate_source_tarball.sh#n116

[ojdkbuild]

This should no longer be the case for both CentOS ([1], [2]) and Windows - all EC curves are included now.