RFR 8212867: Link to DRBG test vectors is redirected to a broken link

Weijun Wang weijun.wang at oracle.com
Thu Oct 25 01:55:58 UTC 2018 

It's a part of @implNote, and I added it there to show this implementation is compliant. I'm OK with removing it. Just like this:

diff --git a/src/java.base/share/classes/java/security/DrbgParameters.java b/src/java.base/share/classes/java/security/DrbgParameters.java
--- a/src/java.base/share/classes/java/security/DrbgParameters.java
+++ b/src/java.base/share/classes/java/security/DrbgParameters.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -225,10 +225,6 @@
  * <p>
  * Calling {@link SecureRandom#generateSeed(int)} will directly read
  * from this system default entropy source.
- * <p>
- * This implementation has passed all tests included in the 20151104 version of
- * <a href="http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgtestvectors.zip">
- * The DRBG Test Vectors</a>.
  *
  * @since 9
  */

Thanks
Max

> On Oct 25, 2018, at 1:54 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> IMHO, this is kind of an odd thing to include in the javadocs, the fact that it passed a bunch of tests. I'd be more inclined to simply remove this sentence and (maybe) instead include it in the JDK Providers Guide, but even then I am not sure it is really necessary.
> 
> --Sean
> 
> On 10/23/18 10:27 PM, Weijun Wang wrote:
>> I'd like to refine the patch a little to
>> *diff --git a/src/java.base/share/classes/java/security/DrbgParameters.java b/src/java.base/share/classes/java/security/DrbgParameters.java*
>> *--- a/src/java.base/share/classes/java/security/DrbgParameters.java*
>> *+++ b/src/java.base/share/classes/java/security/DrbgParameters.java*
>> @@ -1,5 +1,5 @@
>>  /*
>> - * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
>> + * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
>>   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>   *
>>   * This code is free software; you can redistribute it and/or modify it
>> @@ -226,9 +226,9 @@
>>   * Calling {@link SecureRandom#generateSeed(int)} will directly read
>>   * from this system default entropy source.
>>   * <p>
>> - * This implementation has passed all tests included in the 20151104 version of
>> - * <a href="http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgtestvectors.zip">
>> - * The DRBG Test Vectors</a>.
>> + * This implementation has passed the DRBG Test Vectors (published on 2015-11-04) in
>> + * <a href="https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Random-Number-Generators">
>> + * CAVP Testing: Random Number Generators</a>.
>>   *
>>   * @since 9
>>   */
>> While "Cryptographic Algorithm Validation Program" is the main title shown on the page, it looks like the secondary header "CAVP Testing: Random Number Generators" is more precise and matches the URL. I also change the test vectors name to "DRBG Test Vectors" because the section could contain more links to other RNG test vectors.
>> Sorry for the quick update.
>> Thanks
>> Max
>>> On Oct 24, 2018, at 10:18 AM, Weijun Wang <weijun.wang at oracle.com <mailto:weijun.wang at oracle.com>> wrote:
>>> 
>>> Please take a review at the fix below:
>>> 
>>> diff --git a/src/java.base/share/classes/java/security/DrbgParameters.java b/src/java.base/share/classes/java/security/DrbgParameters.java
>>> --- a/src/java.base/share/classes/java/security/DrbgParameters.java
>>> +++ b/src/java.base/share/classes/java/security/DrbgParameters.java
>>> @@ -1,5 +1,5 @@
>>>  /*
>>> - * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
>>> + * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
>>>   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>>   *
>>>   * This code is free software; you can redistribute it and/or modify it
>>> @@ -226,9 +226,9 @@
>>>   * Calling {@link SecureRandom#generateSeed(int)} will directly read
>>>   * from this system default entropy source.
>>>   * <p>
>>> - * This implementation has passed all tests included in the 20151104 version of
>>> - * <a href="http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgtestvectors.zip">
>>> - * The DRBG Test Vectors</a>.
>>> + * This implementation has passed the test vectors (published on 2015-11-04) in
>>> + * <a href="https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Random-Number-Generators">
>>> + * Cryptographic Algorithm Validation Program</a>.
>>>   *
>>>   * @since 9
>>>   */
>>> 
>>> Note that the link does not point to a zip file now. It might be a little rude to link to a 13MB zip file, and a description page is better. The page is quite concise and has a section named "Test Vectors" containing the link to the zip file. The zip file has actually no version info but the content shows the data was generated on 2015-11-04. I'd like to keep the date info in case the test vectors are updated some day.
>>> 
>>> BTW, the zip file itself is exactly the same as before so there is no need to re-test.
>>> 
>>> Thanks
>>> Max

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20181025/a7dcbba4/attachment.htm>

More information about the security-dev mailing list