Re: RFR: 8248862: Implement Enhanced Pseudo-Random Number Generators [v3]
On Wed, 18 Nov 2020 00:30:53 GMT, Paul Sandoz wrote: >> Jim Laskey has updated the pull request with a new target base due to a >> merge or a rebase. The pull request now contains 40 commits: >> >> - Merge branch 'master' into 8248862 >> - 8248862: Implement Enhanced Pseudo-Random Number Generators >> >>Update package-info.java >> - 8248862: Implement Enhanced Pseudo-Random Number Generators >> >>Updated RandomGeneratorFactory javadoc. >> - 8248862: Implement Enhanced Pseudo-Random Number Generators >> >>Updated documentation for RandomGeneratorFactory. >> - Merge branch 'master' into 8248862 >> - Merge branch 'master' into 8248862 >> - 8248862: Implement Enhanced Pseudo-Random Number Generators >> >>Move RandomGeneratorProperty >> - Merge branch 'master' into 8248862 >> - 8248862: Implement Enhanced Pseudo-Random Number Generators >> >>Clear up javadoc >> - 8248862; Implement Enhanced Pseudo-Random Number Generators >> >>remove RandomGeneratorProperty from API >> - ... and 30 more: >> https://git.openjdk.java.net/jdk/compare/f7517386...6fe94c68 > > src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line > 148: > >> 146: */ >> 147: private static Map> >> getFactoryMap() { >> 148: if (factoryMap == null) { > > `factoryMap` needs to be marked volatile when using the double checked > locking idiom. fixing > src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line > 320: > >> 318: } >> 319: } >> 320: } > > Add an `assert` statement that `ctor`, `ctorLong` and `ctorBytes` are all > non-null? Only `ctor` is required but yes. > src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line > 331: > >> 329: */ >> 330: private void ensureConstructors() { >> 331: if (ctor == null) { > > This check occurs outside of the synchronized block, field may need to be > marked volatile. Unsure about the other dependent fields. Might need to store > values from loop in `getConstructors` in locals and then assign in > appropriate order, assigning the volatile field last. okay - PR: https://git.openjdk.java.net/jdk/pull/1273
Integrated: 8243559: Remove root certificates with 1024-bit keys
On Mon, 23 Nov 2020 15:08:13 GMT, Sean Mullan wrote: > This change removes five root certificates with 1024-bit RSA public keys from > the system-wide `cacerts` keystore. These are older VeriSign and Thawte root > CA certificates which are no longer necessary to retain and should have > minimal compatibility risk if removed. > > See the CSR for more details: https://bugs.openjdk.java.net/browse/JDK-8256502 This pull request has now been integrated. Changeset: dbfeb90d Author:Sean Mullan URL: https://git.openjdk.java.net/jdk/commit/dbfeb90d Stats: 141 lines in 6 files changed: 1 ins; 138 del; 2 mod 8243559: Remove root certificates with 1024-bit keys Reviewed-by: weijun - PR: https://git.openjdk.java.net/jdk/pull/1387
Re: RFR 8153005: Upgrade the default PKCS12 encryption/MAC algorithms
On 11/24/20 11:28 AM, Weijun Wang wrote: Is “keystore.pkcs12.*” better? Or, maybe more clear? See the security properties starting with `keystore.pkcs12` in the `java.security` file for detailed information. "starting with" should be sufficient, I think. No need for the asterisk. --Sean Thanks, Max On Nov 24, 2020, at 11:23 AM, Sean Mullan wrote: On 11/17/20 4:38 PM, Weijun Wang wrote: On Apr 10, 2020, at 5:03 AM, Weijun Wang wrote: Please take a review at CSR : 8228481: Upgrade the default PKCS12 encryption/MAC algorithms Release note : https://bugs.openjdk.java.net/browse/JDK-8242069 I forget if the release note has been reviewed before. If not, please take a look. I made a few small wording changes and added "keystore.pkcs12" for the security properties to look for more information. --Sean Thanks, Max webrev : http://cr.openjdk.java.net/~weijun/8153005/webrev.00/ The default pkcs12 algorithms are bumped into PBE and HMAC based on SHA-256 and AES-256. Thanks, Max
Re: RFR 8153005: Upgrade the default PKCS12 encryption/MAC algorithms
Is “keystore.pkcs12.*” better? Or, maybe more clear? See the security properties starting with `keystore.pkcs12` in the `java.security` file for detailed information. Thanks, Max > On Nov 24, 2020, at 11:23 AM, Sean Mullan wrote: > > On 11/17/20 4:38 PM, Weijun Wang wrote: >>> On Apr 10, 2020, at 5:03 AM, Weijun Wang wrote: >>> >>> Please take a review at >>> >>> CSR : 8228481: Upgrade the default PKCS12 encryption/MAC >>> algorithms >>> Release note : https://bugs.openjdk.java.net/browse/JDK-8242069 >> I forget if the release note has been reviewed before. If not, please take a >> look. > > I made a few small wording changes and added "keystore.pkcs12" for the > security properties to look for more information. > > --Sean > >> Thanks, >> Max >>>webrev : http://cr.openjdk.java.net/~weijun/8153005/webrev.00/ >>> >>> The default pkcs12 algorithms are bumped into PBE and HMAC based on SHA-256 >>> and AES-256. >>> >>> Thanks, >>> Max >>>
Re: RFR 8153005: Upgrade the default PKCS12 encryption/MAC algorithms
On 11/17/20 4:38 PM, Weijun Wang wrote: On Apr 10, 2020, at 5:03 AM, Weijun Wang wrote: Please take a review at CSR : 8228481: Upgrade the default PKCS12 encryption/MAC algorithms Release note : https://bugs.openjdk.java.net/browse/JDK-8242069 I forget if the release note has been reviewed before. If not, please take a look. I made a few small wording changes and added "keystore.pkcs12" for the security properties to look for more information. --Sean Thanks, Max webrev : http://cr.openjdk.java.net/~weijun/8153005/webrev.00/ The default pkcs12 algorithms are bumped into PBE and HMAC based on SHA-256 and AES-256. Thanks, Max
Re: RFR: 8243559: Remove root certificates with 1024-bit keys [v2]
> This change removes five root certificates with 1024-bit RSA public keys from > the system-wide `cacerts` keystore. These are older VeriSign and Thawte root > CA certificates which are no longer necessary to retain and should have > minimal compatibility risk if removed. > > See the CSR for more details: https://bugs.openjdk.java.net/browse/JDK-8256502 Sean Mullan has updated the pull request incrementally with one additional commit since the last revision: Add bugid to @bug. - Changes: - all: https://git.openjdk.java.net/jdk/pull/1387/files - new: https://git.openjdk.java.net/jdk/pull/1387/files/dd7a3508..dc1c57e2 Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk=1387=01 - incr: https://webrevs.openjdk.java.net/?repo=jdk=1387=00-01 Stats: 1 line in 1 file changed: 1 ins; 0 del; 0 mod Patch: https://git.openjdk.java.net/jdk/pull/1387.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/1387/head:pull/1387 PR: https://git.openjdk.java.net/jdk/pull/1387