Something pulling in crypto?

Bryce McKinlay mckinlay@redhat.com
Wed Jul 12 18:53:00 GMT 2006 

Could you try putting a breakpoint on 
java.security.Security.loadProviders(), and getting a backtrace from 
there? That should tell you what is pulling in the security code.

libgcj's java.lang.VMCompiler does use MD5 to compute signatures for 
bytecode, but this calls the MD5 provider directly rather than going 
through getInstance()/loadProviders().

Bryce


Andrew Cowie wrote:
> I get the following warning out of my unit tests (and the app too) when
> I create the app as a native executable with GCJ 4.1.1:
>
> WARNING: Error loading security provider gnu.javax.crypto.jce.GnuCrypto: java.lang.ClassNotFoundException: gnu.javax.crypto.jce.GnuCrypto not found in gnu.gcj.runtime.SystemClassLoader{urls=[file:./], parent=gnu.gcj.runtime.ExtensionClassLoader{urls=[], parent=null}}
> WARNING: Error loading security provider gnu.javax.crypto.jce.GnuSasl: java.lang.ClassNotFoundException: gnu.javax.crypto.jce.GnuSasl not found in gnu.gcj.runtime.SystemClassLoader{urls=[file:./], parent=gnu.gcj.runtime.ExtensionClassLoader{urls=[], parent=null}}
> WARNING: Error loading security provider gnu.javax.net.ssl.provider.Jessie: java.lang.ClassNotFoundException: gnu.javax.net.ssl.provider.Jessie not found in gnu.gcj.runtime.SystemClassLoader{urls=[file:./], parent=gnu.gcj.runtime.ExtensionClassLoader{urls=[], parent=null}}
> WARNING: Error loading security provider gnu.javax.security.auth.callback.GnuCallbacks: java.lang.ClassNotFoundException: gnu.javax.security.auth.callback.GnuCallbacks not found in gnu.gcj.runtime.SystemClassLoader{urls=[file:./], parent=gnu.gcj.runtime.ExtensionClassLoader{urls=[], parent=null}}
>
> An Exception is being thrown right after this, but unfortunately it's on
> the other side of a client/server connection and it's getting swallowed
> (ie I get back something called ObjectNotStorableException from db4o
> which can be caused by all sorts of wacko problems and I'm not slick
> enough with gdb to get a backtrace, sorry).
>
> On IRC last night someone suggested that maybe the classes in
> classpath.security are being loaded just for kicks. While the idea of
> software doing things for fun doesn't bother me, if this is true perhaps
> we could find some other amusement to keep it distracted?
>
> AfC
> London
>
> P.S. If someone is motivated enough to want to track this down and wants
> my code to do so, I can certainly point you to it, but it's perhaps best
> done in a pair session when we're both online and I can help you over
> any speed bumps (and fix the HACKING docs in the process).
>
>

More information about the Java mailing list