date:20201124

Re: RFR: 8248862: Implement Enhanced Pseudo-Random Number Generators [v3]

2020-11-24 Thread Jim Laskey

On Wed, 18 Nov 2020 00:30:53 GMT, Paul Sandoz  wrote:

>> Jim Laskey has updated the pull request with a new target base due to a 
>> merge or a rebase. The pull request now contains 40 commits:
>> 
>>  - Merge branch 'master' into 8248862
>>  - 8248862: Implement Enhanced Pseudo-Random Number Generators
>>
>>Update package-info.java
>>  - 8248862: Implement Enhanced Pseudo-Random Number Generators
>>
>>Updated RandomGeneratorFactory javadoc.
>>  - 8248862: Implement Enhanced Pseudo-Random Number Generators
>>
>>Updated documentation for RandomGeneratorFactory.
>>  - Merge branch 'master' into 8248862
>>  - Merge branch 'master' into 8248862
>>  - 8248862: Implement Enhanced Pseudo-Random Number Generators
>>
>>Move RandomGeneratorProperty
>>  - Merge branch 'master' into 8248862
>>  - 8248862: Implement Enhanced Pseudo-Random Number Generators
>>
>>Clear up javadoc
>>  - 8248862; Implement Enhanced Pseudo-Random Number Generators
>>
>>remove RandomGeneratorProperty from API
>>  - ... and 30 more: 
>> https://git.openjdk.java.net/jdk/compare/f7517386...6fe94c68
>
> src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 
> 148:
> 
>> 146:  */
>> 147: private static Map> 
>> getFactoryMap() {
>> 148: if (factoryMap == null) {
> 
> `factoryMap` needs to be marked volatile when using the double checked 
> locking idiom.

fixing

> src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 
> 320:
> 
>> 318: }
>> 319: }
>> 320: }
> 
> Add an `assert` statement that `ctor`, `ctorLong` and `ctorBytes` are all 
> non-null?

Only `ctor` is required but yes.

> src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 
> 331:
> 
>> 329:  */
>> 330: private void ensureConstructors() {
>> 331: if (ctor == null) {
> 
> This check occurs outside of the synchronized block, field may need to be 
> marked volatile. Unsure about the other dependent fields. Might need to store 
> values from loop in `getConstructors` in locals and then assign in 
> appropriate order, assigning the volatile field last.

okay

-

PR: https://git.openjdk.java.net/jdk/pull/1273

Integrated: 8243559: Remove root certificates with 1024-bit keys

2020-11-24 Thread Sean Mullan

On Mon, 23 Nov 2020 15:08:13 GMT, Sean Mullan  wrote:

> This change removes five root certificates with 1024-bit RSA public keys from 
> the system-wide `cacerts` keystore. These are older VeriSign and Thawte root 
> CA certificates which are no longer necessary to retain and should have 
> minimal compatibility risk if removed.
> 
> See the CSR for more details: https://bugs.openjdk.java.net/browse/JDK-8256502

This pull request has now been integrated.

Changeset: dbfeb90d
Author:Sean Mullan 
URL:   https://git.openjdk.java.net/jdk/commit/dbfeb90d
Stats: 141 lines in 6 files changed: 1 ins; 138 del; 2 mod

8243559: Remove root certificates with 1024-bit keys

Reviewed-by: weijun

-

PR: https://git.openjdk.java.net/jdk/pull/1387

Re: RFR 8153005: Upgrade the default PKCS12 encryption/MAC algorithms

2020-11-24 Thread Sean Mullan


On 11/24/20 11:28 AM, Weijun Wang wrote:

Is “keystore.pkcs12.*” better? Or, maybe more clear?

See the security properties starting with `keystore.pkcs12` in the 
`java.security` file for detailed information.


"starting with" should be sufficient, I think. No need for the asterisk.

--Sean



Thanks,
Max


On Nov 24, 2020, at 11:23 AM, Sean Mullan  wrote:

On 11/17/20 4:38 PM, Weijun Wang wrote:

On Apr 10, 2020, at 5:03 AM, Weijun Wang  wrote:

Please take a review at

   CSR : 8228481: Upgrade the default PKCS12 encryption/MAC algorithms
  Release note : https://bugs.openjdk.java.net/browse/JDK-8242069

I forget if the release note has been reviewed before. If not, please take a 
look.


I made a few small wording changes and added "keystore.pkcs12" for the security 
properties to look for more information.

--Sean


Thanks,
Max

webrev : http://cr.openjdk.java.net/~weijun/8153005/webrev.00/

The default pkcs12 algorithms are bumped into PBE and HMAC based on SHA-256 and 
AES-256.

Thanks,
Max

Re: RFR 8153005: Upgrade the default PKCS12 encryption/MAC algorithms

2020-11-24 Thread Weijun Wang

Is “keystore.pkcs12.*” better? Or, maybe more clear?

   See the security properties starting with `keystore.pkcs12` in the 
`java.security` file for detailed information. 

Thanks,
Max

> On Nov 24, 2020, at 11:23 AM, Sean Mullan  wrote:
> 
> On 11/17/20 4:38 PM, Weijun Wang wrote:
>>> On Apr 10, 2020, at 5:03 AM, Weijun Wang  wrote:
>>> 
>>> Please take a review at
>>> 
>>>   CSR : 8228481: Upgrade the default PKCS12 encryption/MAC 
>>> algorithms
>>>  Release note : https://bugs.openjdk.java.net/browse/JDK-8242069
>> I forget if the release note has been reviewed before. If not, please take a 
>> look.
> 
> I made a few small wording changes and added "keystore.pkcs12" for the 
> security properties to look for more information.
> 
> --Sean
> 
>> Thanks,
>> Max
>>>webrev : http://cr.openjdk.java.net/~weijun/8153005/webrev.00/
>>> 
>>> The default pkcs12 algorithms are bumped into PBE and HMAC based on SHA-256 
>>> and AES-256.
>>> 
>>> Thanks,
>>> Max
>>>

Re: RFR 8153005: Upgrade the default PKCS12 encryption/MAC algorithms

2020-11-24 Thread Sean Mullan


On 11/17/20 4:38 PM, Weijun Wang wrote:




On Apr 10, 2020, at 5:03 AM, Weijun Wang  wrote:

Please take a review at

   CSR : 8228481: Upgrade the default PKCS12 encryption/MAC algorithms
  Release note : https://bugs.openjdk.java.net/browse/JDK-8242069



I forget if the release note has been reviewed before. If not, please take a 
look.


I made a few small wording changes and added "keystore.pkcs12" for the 
security properties to look for more information.


--Sean



Thanks,
Max


webrev : http://cr.openjdk.java.net/~weijun/8153005/webrev.00/

The default pkcs12 algorithms are bumped into PBE and HMAC based on SHA-256 and 
AES-256.

Thanks,
Max

Re: RFR: 8243559: Remove root certificates with 1024-bit keys [v2]

2020-11-24 Thread Sean Mullan

> This change removes five root certificates with 1024-bit RSA public keys from 
> the system-wide `cacerts` keystore. These are older VeriSign and Thawte root 
> CA certificates which are no longer necessary to retain and should have 
> minimal compatibility risk if removed.
> 
> See the CSR for more details: https://bugs.openjdk.java.net/browse/JDK-8256502

Sean Mullan has updated the pull request incrementally with one additional 
commit since the last revision:

  Add bugid to @bug.

-

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/1387/files
  - new: https://git.openjdk.java.net/jdk/pull/1387/files/dd7a3508..dc1c57e2

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk=1387=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk=1387=00-01

  Stats: 1 line in 1 file changed: 1 ins; 0 del; 0 mod
  Patch: https://git.openjdk.java.net/jdk/pull/1387.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/1387/head:pull/1387

PR: https://git.openjdk.java.net/jdk/pull/1387

Re: RFR: 8248862: Implement Enhanced Pseudo-Random Number Generators [v3]

Integrated: 8243559: Remove root certificates with 1024-bit keys

Re: RFR 8153005: Upgrade the default PKCS12 encryption/MAC algorithms

Re: RFR 8153005: Upgrade the default PKCS12 encryption/MAC algorithms

Re: RFR 8153005: Upgrade the default PKCS12 encryption/MAC algorithms

Re: RFR: 8243559: Remove root certificates with 1024-bit keys [v2]

6 matches

Site Navigation

Mail list logo

Footer information