[9] RFR: 8141039: Test Task: Develop new tests for JEP 273: DRBG-Based SecureRandom Implementations

Wang Weijun weijun.wang at oracle.com
Thu May 19 07:49:29 UTC 2016


SerializedTest.java:

140: s/Atleast/At least/

51: I don't think TRY_FOR is needed, you can only check once.

Everything else is fine.

Thanks
Max

> On May 19, 2016, at 3:16 PM, Sibabrata Sahoo <sibabrata.sahoo at oracle.com> wrote:
> 
> Hi Max,
> 
> Here is the updated webrev: http://cr.openjdk.java.net/~ssahoo/8141039/webrev.04/
> 
> Changes included:
> - Added new cases in ApiTest.java to address " nextBytes(.., DrbgParameters.nextBytes(-1, *true*, ..)) " and " reseed(DrbgParameters.reseed(true,..)) "
> - Decoration comments defined bellow.
> - Removed unnecessary checkException() call.
> 
> 
> - I have not addressed using " Supplier<SecureRandom> " because some of API method throws checked exception.
> - Also I am thinking the test case for SHA1PRNG bug inside SerializedSeedTest.java, still a valid case for other DRBG. So I am keeping the file unchanged.
> 
> Thanks,
> Siba
> 
> -----Original Message-----
> From: Wang Weijun 
> Sent: Wednesday, May 18, 2016 1:37 PM
> To: Sibabrata Sahoo
> Cc: security-dev at openjdk.java.net
> Subject: Re: [9] RFR: 8141039: Test Task: Develop new tests for JEP 273: DRBG-Based SecureRandom Implementations
> 
> ApiTest.java:
> 
> - Please move line 128-130 (the System.out.println) line before line 127, so that if getInstance() fails, we can see what parameters are failing.
> 
> - Useless line 69.
> 
> - Inside verifyAPI(), you call nextBytes(.., DrbgParameters.nextBytes(-1, false, ..)). Can you also call nextBytes(.., DrbgParameters.nextBytes(-1, *true*, ..))? It should fail unless the instantiation parameters has PR_AND_RESEED. You can use Capability::supportsPredictionResistance to check it. Same with reseed(DrbgParameters.reseed(true,..)).
> 
> - Can you use Supplier<SecureRandom> instead of creating a new RunnableCode type? Same in GetInstanceTest.java.
> 
> - If matchExc always calls checkException, why not use a single method? Same in GetInstanceTest.java.
> 
> - SUCESS is not final, you shouldn't use ALL CAPITAL letters for it. Same in GetInstanceTest.java.
> 
> SerializedSeedTest.java:
> 
> - The SHA1PRNG bug is fixed and has its own regression test. You can remove related codes here.
> 
> Thanks
> Max
> 
>> On May 17, 2016, at 4:13 PM, Sibabrata Sahoo <sibabrata.sahoo at oracle.com> wrote:
>> 
>> Hi Max,
>> 
>> Here is the updated webrev: http://cr.openjdk.java.net/~ssahoo/8141039/webrev.03/
>> I misinterpreted your previous comment that the following change is only applicable to getInstanceTest.java and not applicable to ApiTest.java.
>> 
>> The change includes,
>> - ApiTest.java moved to " java/security/SecureRandom ".
>> - Removed reference to MoreDrbgParameters from ApiTest.java
>> 
>> Thanks,
>> Siba
> 




More information about the security-dev mailing list