Re: RFC: GNU Crypto and Jessie (again)

[Casey Marshall]

On Jan 22, 2006, at 3:19 PM, Mark Wielaard wrote:

> Hi Casey,
>
> On Sat, 2006-01-21 at 19:06 -0800, Casey Marshall wrote:
> > I've finished splitting GNU Crypto along "weak" and "strong" lines,
> > reformatted the code in GNU Crypto, and added the correct copyright
> > headers to all the files. The resulting patch, and zip file of new
> > files is here:
> >
> >    <http://metastatic.org/source/gnu-crypto-jessie-2.patch.txt>
> >    <http://metastatic.org/source/gnu-crypto-jessie-2.zip>
> >
> > You need both files; the patch is against a recent Classpath CVS
> > snapshot, and does contain a few miscellaneous fixes outside of
> > supporting GNU Crypto and Jessie, to make sure SSL connections
> > actually work. The zip file can be unpacked in the toplevel Classpath
> > directory. There are no changes to the build system (I don't know if
> > the GCJ support needs changing at all; I don't use it, so I can't  
> > tell).
>
> Nice work! I quickly tried it out and it seems to work (or at least  
> not
> break anything, I didn't try very hard yet). Just make sure you don't
> accidentially override the gnu/javax/security/auth/login files with  
> some
> other version (although it looks what you have is what is in CVS).

The zip file might have real in-CVS sources as well as to-be- 
committed stuff (thanks to a scorched-earth method of adding files to  
it). The checkin will only modify files in the patch file.

> It might actually import cleanly into libgcj, but don't worry about
> that. If anything needs changing we will do that with the next merge.
>
> > There is still some code duplication here and there, say when two
> > different implementations (like RSA encryption and signatures) use
> > their own Key classes. The duplication isn't major, however, and we
> > can sort it out later on.
>
> Could you make a list and file a bug report about the duplicates? I  
> saw
> there are multiple implementations of MD5 and SHA1 now (you commented
> them out in Gnu provider, was that deliberate?)

Yeah, it won't work to have both implementations in the provider,  
anyway (the second one added would just override the first). I didn't  
remove the old MD5 or SHA-1 classes because I know some code uses  
those classes directly (I think in GCJ, there may be others). The  
versions from GNU Crypto should be faster, or at least just as fast;  
we did put effort into optimizing these hashes.

> >  Some things, like Diffie Hellman, are
> > duplicated, but not in a clean way --- Classpath's DH implementation
> > is written to the JCE API, while GNU Crypto's is not (and, the latter
> > is used by Jessie). Again, I hope these issues aren't blockers,
> > because I'd like to get this merged as soon as possible, lest my
> > schedule block me from finally doing it.
>
> I don't think so. If you can make sure that there are bug reports for
> these issues then I think you should commit this now.

Sure. I'll file bugs about any issues I know about.

> Could you also add a little note to the NEWS file about this?

OK.

Thanks.