PING 2: [7u80] Request for review for CR 4963723: Implement SHA-224

Seán Coffey sean.coffey at oracle.com
Wed Jan 14 18:10:36 UTC 2015


Andrew,

Can I ask what the status of the 7044060 patch is like for jdk7u ? Is it 
also ready for review ?
7044060: Need to support NSA Suite B Cryptography algorithms

Some argue that the benefits of the 4963723/SHA-224 fix are minor 
without the above bug fix also being ready. I presume there are settings 
on the Apache webserver that allow it to still accept DH keys of less 
than 2048 bits. Is that the case ?

regards,
Sean.

On 08/01/15 19:08, Seán Coffey wrote:
> Thanks for the code reviews Valerie.
>
> Andrew - looks like you need to submit new review with 7169496. Note 
> that you still need to file for approval once code review is complete 
> : http://openjdk.java.net/projects/jdk7u/groundrules.html
>
> I'm just being cautious on this one given the possible behavioural 
> impact, the docs impact and the QA impact. A CCC may be required. I 
> can help on that front - I'lll know more by next week.
>
> regards,
> Sean.
>
> On 08/01/2015 01:54, Valerie Peng wrote:
>> Changes on Tests look fine.
>> Regards,
>> Valerie
>>
>> On 1/7/2015 3:30 PM, Valerie Peng wrote:
>>>
>>> I looked through the source changes and they look fine, except that 
>>> the following related fix should also be combined for completeness:
>>>
>>> 7169496: Problem with the SHA-224 support for SunMSCAPI provider
>>> webrev for 7169496: 
>>> http://cr.openjdk.java.net/~valeriep/7169496/webrev.00/
>>>
>>> As for the test changes, I am still looking at them. Will let you 
>>> know once I am done.
>>> Thanks,
>>> Valerie
>>>
>>> On 12/23/2014 8:13 AM, Andrew Hughes wrote:
>>>> ----- Original Message -----
>>>>> Valerie Peng (original author) is probably best suited to 
>>>>> reviewing this
>>>>> but I think she's out of the office the moment and back next week. 
>>>>> Let's
>>>>> hope we can get an update/review then.
>>>>>
>>>> Hi,
>>>>
>>>> Any movement on this? It's been three months.
>>>>
>>>> Thanks.
>>>>
>>>>> regards,
>>>>> Sean.
>>>>>
>>>>> On 01/10/2014 16:11, Andrew Hughes wrote:
>>>>>> ----- Original Message -----
>>>>>>> ----- Original Message -----
>>>>>>>> Code changes generally require two approvals: codereview, 
>>>>>>>> performed by a
>>>>>>>> reviewer, (in this case from security-dev) and push approval, 
>>>>>>>> performed
>>>>>>>> by a gatekeeper. Given your email template matches the push 
>>>>>>>> approval
>>>>>>>> template I understood that you intended the latter. Generally 
>>>>>>>> speaking
>>>>>>>> codereview requests would say "Request for review" as opposed to
>>>>>>>> "Request for approval" so a reviewer could overlook your mail 
>>>>>>>> if you
>>>>>>>> intended the former.
>>>>>>>>
>>>>>>>>        -Rob
>>>>>>>>
>>>>>>>> On 18/09/14 00:21, Andrew Hughes wrote:
>>>>>>>>> ----- Original Message -----
>>>>>>>>>> Hi Andrew,
>>>>>>>>>>
>>>>>>>>>> Sorry to be a pest, but given the scope of the change I'd 
>>>>>>>>>> feel more
>>>>>>>>>> comfortable with an explicit codereview for the backport.
>>>>>>>>>>
>>>>>>>>>>         -Rob
>>>>>>>>>>
>>>>>>>>>> On 17/09/14 18:32, Andrew Hughes wrote:
>>>>>>>>>>> This is the first of three backports to 7u designed to 
>>>>>>>>>>> retain SSL
>>>>>>>>>>> compatibility with servers implemented in other languages 
>>>>>>>>>>> switching
>>>>>>>>>>> to larger key sizes (notably DH>=2048 in Apache 2.4.7 [0]).
>>>>>>>>>>>
>>>>>>>>>>> This patch is a per-requisite of the patch which brings NSA 
>>>>>>>>>>> Suite B
>>>>>>>>>>> support to 7. It applies largely unchanged, bar the following:
>>>>>>>>>>>
>>>>>>>>>>> * Copyright header adjustment
>>>>>>>>>>> * Removal of change to java.security.spec.MGF1ParameterSpec 
>>>>>>>>>>> to avoid
>>>>>>>>>>> introducing a new public variable. The SHA-224 variant is 
>>>>>>>>>>> constructed
>>>>>>>>>>> directly in com.sun.crypto.provider.OAEPParameters instead.
>>>>>>>>>>> * A change to OAEPParameters is dropped as it was already 
>>>>>>>>>>> incorporated
>>>>>>>>>>> in the backport of 7180907&  8049480 (addition of SHA-224 to
>>>>>>>>>>> convertToStandardName)
>>>>>>>>>>>
>>>>>>>>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-4963723
>>>>>>>>>>> Webrev: 
>>>>>>>>>>> http://cr.openjdk.java.net/~andrew/jdk7u/4963723/webrev.01/
>>>>>>>>>>>
>>>>>>>>>>> [0] https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
>>>>>>>>>>>
>>>>>>>>>>> Ok to push?
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>> Which is what I asked for, no?
>>>>>>>>>
>>>>>>>>> If I wasn't waiting on a review first, I'd have pushed the 
>>>>>>>>> change.
>>>>>>> This was the only applicable template on:
>>>>>>>
>>>>>>> http://openjdk.java.net/projects/jdk7u/
>>>>>>>
>>>>>>> Anyway, now including security-dev for review.
>>>>>>> -- 
>>>>>>> Andrew :)
>>>>>>>
>>>>>>> Free Java Software Engineer
>>>>>>> Red Hat, Inc. (http://www.redhat.com)
>>>>>>>
>>>>>>> PGP Key: 248BDC07 (https://keys.indymedia.org/)
>>>>>>> Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07
>>>>>>>
>>>>>>>
>>>>>> Ping. Any movement on this?
>>>>>
>



More information about the security-dev mailing list