Re: RFR [16] [JDK-8248745] Add jarsigner and keytool tests for restricted algorithms
Hi Muneer, Looks good with one minor comment. #58: suggest that the SECURITY_WARNING will also include “and is disabled” at the end to make it clear. Thanks, Hai-May > On Jul 27, 2020, at 9:15 AM, abdul.kolarku...@oracle.com wrote: > > Hi All, > > This is a new test int the area of jarsigner and keytool for the > restricted/disabled algorithms. > > Bug Id - https://bugs.openjdk.java.net/browse/JDK-8248745 > > Webrev - http://cr.openjdk.java.net/~akolarkunnu/8248745/webrev.00/ > > Description: > > Adding a test for key generation, jar signing and verification with all > disabled algorithms and key sizes which are in the property > jdk.jar.disabledAlgorithms. > Covered the scenario of with and without these disabled entries in > jdk.jar.disabledAlgorithms. > > Whenever the entries are in the property jdk.jar.disabledAlgorithms, > corresponding warning or error message should shown, otherwise everything > should work fine without any related error or warning. > > This test covers all entries listed in "jdk.jar.disabledAlgorithms=MD2, MD5, > RSA keySize < 1024, DSA keySize < 1024, include jdk.disabled.namedCurves". In > case of disabled curves, this test covers only one curve secp112r1. > > Tested in Linux, Windows and Mac Osx platforms and all are working fine. > > -Muneer >
RFR 8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
Hi, I'd like to propose a fix for 8251117 [1], on behalf of Zdenek Zambersky (Red Hat employee - OCA signed). Webrev.00: * http://cr.openjdk.java.net/~mbalao/webrevs/8251117/8251117.webrev.00/ As noted in the ticket [1], the fix is about using P11Key::length method for retrieving P11Key sizes when initializing P11Cipher and P11AEADCipher instances. By doing that, we avoid NullPointerExceptions that happens when the P11Key is CKA_SENSITIVE and cannot be extracted in plain (this is the case for NSS software token keys configured in FIPS mode). I found no regressions in sun/security/pkcs11 tests. I've also done manual testing in my NSS-FIPS environment. Thanks, Martin.- -- [1] - https://bugs.openjdk.java.net/browse/JDK-8251117
Re: RFR [16] [JDK-8248745] Add jarsigner and keytool tests for restricted algorithms
Thanks Hai-May for review. Updated the webrev with your comment -http://cr.openjdk.java.net/~akolarkunnu/8248745/webrev.01/ -Muneer On 04/08/20 11:58 pm, Hai-May Chao wrote: Hi Muneer, Looks good with one minor comment. #58: suggest that the SECURITY_WARNING will also include “and is disabled” at the end to make it clear. Thanks, Hai-May On Jul 27, 2020, at 9:15 AM, abdul.kolarku...@oracle.com wrote: Hi All, This is a new test int the area of jarsigner and keytool for the restricted/disabled algorithms. Bug Id - https://bugs.openjdk.java.net/browse/JDK-8248745 Webrev - http://cr.openjdk.java.net/~akolarkunnu/8248745/webrev.00/ Description: Adding a test for key generation, jar signing and verification with all disabled algorithms and key sizes which are in the property jdk.jar.disabledAlgorithms. Covered the scenario of with and without these disabled entries in jdk.jar.disabledAlgorithms. Whenever the entries are in the property jdk.jar.disabledAlgorithms, corresponding warning or error message should shown, otherwise everything should work fine without any related error or warning. This test covers all entries listed in "jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, include jdk.disabled.namedCurves". In case of disabled curves, this test covers only one curve secp112r1. Tested in Linux, Windows and Mac Osx platforms and all are working fine. -Muneer
Re: RFR [16] [JDK-8248745] Add jarsigner and keytool tests for restricted algorithms
Hi Muneer, Updated webrev looks good. Thanks, Hai-May > On Aug 4, 2020, at 7:26 PM, abdul.kolarku...@oracle.com wrote: > > Thanks Hai-May for review. > > Updated the webrev with your comment > -http://cr.openjdk.java.net/~akolarkunnu/8248745/webrev.01/ > > -Muneer > > On 04/08/20 11:58 pm, Hai-May Chao wrote: >> Hi Muneer, >> >> Looks good with one minor comment. >> >> #58: suggest that the SECURITY_WARNING will also include “and is disabled” >> at the end to make it clear. >> >> Thanks, >> Hai-May >> >>> On Jul 27, 2020, at 9:15 AM, abdul.kolarku...@oracle.com wrote: >>> >>> Hi All, >>> >>> This is a new test int the area of jarsigner and keytool for the >>> restricted/disabled algorithms. >>> >>> Bug Id - https://bugs.openjdk.java.net/browse/JDK-8248745 >>> >>> Webrev - http://cr.openjdk.java.net/~akolarkunnu/8248745/webrev.00/ >>> >>> Description: >>> >>> Adding a test for key generation, jar signing and verification with all >>> disabled algorithms and key sizes which are in the property >>> jdk.jar.disabledAlgorithms. >>> Covered the scenario of with and without these disabled entries in >>> jdk.jar.disabledAlgorithms. >>> >>> Whenever the entries are in the property jdk.jar.disabledAlgorithms, >>> corresponding warning or error message should shown, otherwise everything >>> should work fine without any related error or warning. >>> >>> This test covers all entries listed in "jdk.jar.disabledAlgorithms=MD2, >>> MD5, RSA keySize < 1024, DSA keySize < 1024, include >>> jdk.disabled.namedCurves". In case of disabled curves, this test covers >>> only one curve secp112r1. >>> >>> Tested in Linux, Windows and Mac Osx platforms and all are working fine. >>> >>> -Muneer >>>
