Please review CR 8048356 Secure Random provider tests

raghu k.nair raghu.k.nair at oracle.com
Wed Aug 27 10:32:52 UTC 2014


Hi Bernd,
  Thanks for looking into it. my comments in-line.
On 8/27/2014 2:57 PM, Bernd Eckenfels wrote:
> Hello,
>
> Since the topic is interesting to me I took a look. Have some nits or 
> points to discuss: The testProvider() function seems to be missnamed, 
> it actually checks the default Implementation (for the right 
> provider). Maybe testDefaultProvider()?
>
Yes you are right . I will rename the testname.
> i would also remove the elses, especially as they print different 
> Passed messages. Just one print line after the guards.
Agree on this.
>
> BTW, i think it is very common for java code to request SHA1Prng 
> unconditionally (with and without provider=sun) i would add that to 
> all OS as a test.
This is already covered by test  - 
sun/security/provider/SeedGenerator/SeedGeneratorChoice.java
>
> I also wonder if this would be the right place to test the strong 
> secure random getter as well?
>
Those tests are already covered Java Compatibility tests . That is the 
reason it is omitted from this test.
> what about testing the sorting logic (based on the egd url property) I 
> think this is still implemented, even with the different seeding modes 
> for Native.
>
This covered by some of the existing tests
sun/security/provider/SecureRandom/StrongSeedReader.java ,
test/closed/sun/security/provider/SecureRandom/SeederRace.java
sun/security/provider/SeedGenerator/SeedGeneratorChoice.java

Thanks,
Raghu
> Gruss
> Bernd
>
> -- 
> http://bernd.eckenfels.net
> ------------------------------------------------------------------------
> Von: raghu k.nair <mailto:raghu.k.nair at oracle.com>
> Gesendet: ‎27.‎08.‎2014 11:00
> An: Bradford Wetmore <mailto:bradford.wetmore at oracle.com>
> Cc: security-dev at openjdk.java.net <mailto:security-dev at openjdk.java.net>
> Betreff: Please review CR 8048356 Secure Random provider tests
>
> Hi Brad,
>  Could you please help in reviewing the following test.
>
> webrev: http://cr.openjdk.java.net/~tyan/raghu/8048356/webrev01/ 
> <http://cr.openjdk.java.net/%7Etyan/raghu/8048356/webrev01/>
> Bug : JDK-8048356 <https://bugs.openjdk.java.net/browse/JDK-8048356>
>
> Thanks,
> Raghu Nair

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20140827/8a4ef327/attachment-0001.html>


More information about the security-dev mailing list