Hi Max, Thanks for your review. I’ve updated webrev with your comment.
Hai-May > On Apr 7, 2020, at 8:13 PM, Weijun Wang <[email protected]> wrote: > > Everything looks fine, except a very tiny issue: > > 1332 private String verifyWithWeak(PublicKey key) { > 1333 if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) { > 1334 if (LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) { > 1335 int kLen = KeyUtil.getKeySize(key); > 1336 if (kLen >= 0) { > 1337 return String.format(rb.getString("key.bit"), kLen); > 1338 } else { > 1339 return rb.getString("unknown.size"); > 1340 } > 1341 } else { > 1342 weakPublicKey = key; > 1343 legacyAlg |= 8; > 1344 return String.format(rb.getString("key.bit.weak"), > KeyUtil.getKeySize(key)); > 1345 } > 1346 } else { > 1347 disabledAlgFound = true; > 1348 return String.format(rb.getString("key.bit.disabled"), > KeyUtil.getKeySize(key)); > 1349 } > 1350 } > > You can move line 1335 before line 1334 since the size is also used in the > else block on lines 1342-1344. > > Thanks, > Max > >> On Apr 6, 2020, at 12:51 AM, Hai-May Chao <[email protected]> wrote: >> >> Here is the webrev: >> >> http://cr.openjdk.java.net/~weijun/8172404/webrev.00/ >> >> Thanks, >> Hai-May >> >> >>> On Apr 4, 2020, at 11:41 PM, Hai-May Chao <[email protected]> wrote: >>> >>> Hi, >>> >>> I'd like to request a review for: >>> >>> Bug: https://bugs.openjdk.java.net/browse/JDK-8172404 >>> CSR: https://bugs.openjdk.java.net/browse/JDK-8238640 >>> >>> It’d be useful to start warning users that certain algorithms and key >>> lengths are becoming weak, so that users could begin transition away from >>> them before they are actually disabled. A new security property named >>> jdk.security.legacyAlgorithms is added to the java.security file to list >>> the legacy algorithms. The keytool and jarsigner tools are enhanced to >>> enforce the new property and to emit the warning messages when legacy >>> algorithms are used. >>> >>> Thanks, >>> Hai-May >> >
