On 12/14/2012 12:24 PM, Michael StJohns wrote:
> At 10:48 PM 12/13/2012, Xuelei Fan wrote:
>> We cannot go that far in crypto libraries because of compatibilities.
>> Applications need to take the responsibilities to use proper strength.
>> In crypto library level, we are only able to enforce very
At 10:48 PM 12/13/2012, Xuelei Fan wrote:
>We cannot go that far in crypto libraries because of compatibilities.
>Applications need to take the responsibilities to use proper strength.
>In crypto library level, we are only able to enforce very weak
>algorithms and key sizes restrictions, as MD2 and
Sorry for the late comment -
You might want to consider section 9.1, first paragraph of SP800-38D which
defines the GCM mode. Basically, for FIPS validated implementations, to
prevent accidental reuse, the IV needs to be generated inside the cryptographic
boundary using one of the defined mec
We cannot go that far in crypto libraries because of compatibilities.
Applications need to take the responsibilities to use proper strength.
In crypto library level, we are only able to enforce very weak
algorithms and key sizes restrictions, as MD2 and RSA-512. Otherwise,
those applications that
Does this go far enough?
If you're going with NIST recommendations, anything less that 112 bits of
strength is now considered weak. The guidance is those strengths are
deprecated now, and prohibited after the end of 2013. In addition, SHA1 is
deprecated now and prohibited after 2013 for signa
On 12/14/2012 2:18 AM, Sean Mullan wrote:
> Hi Xuelei,
>
> This looks good, although I was wondering if you considered
> re-generating the test certificates with larger keys? This would allow
> the tests to continue to run in samevm mode.
>
I will look into test cases to replace the certificates
Changeset: 8d7323a9d8ed
Author:dholmes
Date: 2012-12-13 21:18 -0500
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/8d7323a9d8ed
8003632: HPROF class file version java.lang.RuntimeException errors
Reviewed-by: mchung, lancea
! src/share/javavm/export/classfile_constants.h
Changeset: 376d6c1b49e5
Author:jfranck
Date: 2012-12-03 11:16 +0100
URL: http://hg.openjdk.java.net/jdk8/tl/langtools/rev/376d6c1b49e5
8001114: Container annotation is not checked for semantic correctness
Reviewed-by: jjg
! src/share/classes/com/sun/tools/javac/code/Annotations.jav
Looks good to me. Can you add a regression test or is it too hard to
write one?
--Sean
On 12/13/2012 11:24 AM, Vincent Ryan wrote:
Please review these changes to JDK 7 to correct the validation of OCSP
responses when cert
path validation is being performed at a _specific_ time (rather than p
Hi Xuelei,
This looks good, although I was wondering if you considered
re-generating the test certificates with larger keys? This would allow
the tests to continue to run in samevm mode.
--Sean
On 12/11/2012 08:12 PM, Xuelei Fan wrote:
Hi,
Please review the update for JDK-7109274, Consider
Please review these changes to JDK 7 to correct the validation of OCSP
responses when cert
path validation is being performed at a _specific_ time (rather than performed
using the current time).
8004846: Time-specific certpath validation applies to OCSP response validity
period
http://bugs.s
Changeset: ae5d04dbacd6
Author:chegar
Date: 2012-12-13 14:47 +
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ae5d04dbacd6
8003890: corelibs test scripts should pass TESTVMOPTS
Reviewed-by: chegar, alanb
Contributed-by: Mark Sheppard
! test/com/oracle/net/sanity.sh
! test/com
Changeset: c97618a3c8c2
Author:juh
Date: 2012-12-13 09:35 -0500
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c97618a3c8c2
7193792: sun/security/pkcs11/ec/TestECDSA.java failing intermittently
Reviewed-by: vinnie, wetmore
! test/ProblemList.txt
! test/sun/security/pkcs11/ec/TestE
Changeset: 682d2d3ccff5
Author:chegar
Date: 2012-12-13 14:33 +
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/682d2d3ccff5
8004675: Inet6Address.getHostAddress should use string scope identifier where
available
Summary: ...and some minor stylistic cleanup
Reviewed-by: khazra,
The code change looks fine.
Thanks
Max
On 12/13/2012 01:52 AM, Sean Mullan wrote:
The rationale for this fix is the same as the previous review request
[1] to downgrade normative references to
${java.home}/lib/security/java.security.
This change is much smaller and only affects the
javax.secu
Changeset: 775b0050144a
Author:chegar
Date: 2012-12-13 09:55 +
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/775b0050144a
8004925: java/net/Socks/SocksV4Test.java failing on all platforms
Reviewed-by: alanb, dsamersoff
! test/java/net/Socks/SocksV4Test.java
16 matches
Mail list logo