RFR 8155847: SHA groups needed for jdk.security.provider.preferred
Anthony Scarpino
anthony.scarpino at oracle.com
Tue May 17 21:04:27 UTC 2016
On 05/17/2016 01:09 PM, Valerie Peng wrote:
> Hi Tony,
>
> Here are some comments/questions:
> <ProviderList.java>
> - make PreferredEntry class static? Are these fields accessed directly
> by other classes? If not, then we can mark them private?
Yes they can be private and the class static.
> - "alternateName" should be "alternativeNames" now that it contains
> multiple values?
sure
> - In the match method, ls it really necessary to print value of (t,a) on
> line 739 for all alternateName values? It's already printed out earlier.
removing that part of the debug is fine.
> - with the current webrev, the Group.XXX entries will have type = null,
> algorithm = null, its toString() will print out [, null: provName].
> Doesn't seem quite right? Maybe it's worthwhile to keep the type and
> algorithm but then detect and special handling it in the match()?
I was trying to avoid using another variable, but I admit the debug
prints suffer without a boolean. I added a boolean called "group" that
will be the check.
>
> <PreferredProviderTest.java>
> - line 81 - 85, shouldn't it be "SunJCE" instead of "SUN"? Would this
> not lead to a test failure?
Yes.. thanks..
>
> <java.security>
> - So, as we add more algorithms, say RSA or DSA signatures using
> SHA-512/224 or SHA-3 family of digests to the default list of providers,
> then we update the values here again (Currently, Group.SHA2 contains
> different values to the rest of SHA2 application (Hmac, Signature)
> groups) and again file CCCs for this? Would this limit our capability to
> add more algorithms to update releases?
We would have to file a CCC for the change to the config, but there
would be no problems with adding to updates. Anything that doesn't
match a preferred provider entry is passed onto the normal security
provider list for processing.
>
> Thanks,
> Valerie
>
> On 5/11/2016 3:46 PM, Anthony Scarpino wrote:
>> Hi
>>
>> I need a review of my changes to jdk.security.preferred.provider to
>> add Groups. This makes it a lot cleaner for support a group of
>> algorithms that are very similar, such as SHA2 (aka SHA224, SHA256,
>> SHA384, ... )
>>
>> http://cr.openjdk.java.net/~ascarpino/8155847/webrev/
>>
>> thanks
>>
>> Tony
More information about the security-dev
mailing list