RFR: JDK-8290532: Adjust PKCS11Exception and handle more PKCS11 error codes
The issue https://bugs.openjdk.org/browse/JDK-8282538 gave an example of the following PKCS11 exception (see attached jtr files of that bug) : Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: 0xCE534351 Unfortunately the error code 0xCE534351 is currently not in the RV/errorMap table of PKCS11Exception, That's why we get this hex code and no more descriptive output, this could be improved. - Commit messages: - JDK-8290532 Changes: https://git.openjdk.org/jdk/pull/9555/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=9555&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8290532 Stats: 5 lines in 1 file changed: 3 ins; 0 del; 2 mod Patch: https://git.openjdk.org/jdk/pull/9555.diff Fetch: git fetch https://git.openjdk.org/jdk pull/9555/head:pull/9555 PR: https://git.openjdk.org/jdk/pull/9555
Re: RFR: JDK-8290532: Adjust PKCS11Exception and handle more PKCS11 error codes
On Tue, 19 Jul 2022 13:14:17 GMT, Matthias Baesken wrote: > The issue https://bugs.openjdk.org/browse/JDK-8282538 gave an example of the > following PKCS11 exception (see attached jtr files of that bug) : > > Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: 0xCE534351 > > Unfortunately the error code 0xCE534351 is currently not in the RV/errorMap > table of PKCS11Exception, That's why we get this > hex code and no more descriptive output, this could be improved. Btw. there are for most (all?) pkcs11 error/return codes good error descriptions available here http://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.html (5.1 Function return values) ; should we maybe extend the exception message with a short text - PR: https://git.openjdk.org/jdk/pull/9555
RFR: JDK-8155039 Simplify code to setup SSLContextImpl and TrustManagerFactoryImpl
https://bugs.openjdk.org/browse/JDK-8155039 - Commit messages: - fourth iteration - third iteration - second iteration - first iteration Changes: https://git.openjdk.org/jdk/pull/9542/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=9542&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8155039 Stats: 85 lines in 4 files changed: 48 ins; 29 del; 8 mod Patch: https://git.openjdk.org/jdk/pull/9542.diff Fetch: git fetch https://git.openjdk.org/jdk pull/9542/head:pull/9542 PR: https://git.openjdk.org/jdk/pull/9542
Re: RFR: JDK-8155039 Simplify code to setup SSLContextImpl and TrustManagerFactoryImpl
On Mon, 18 Jul 2022 17:53:56 GMT, Mark Powers wrote: > https://bugs.openjdk.org/browse/JDK-8155039 I'm not sure if this is worth doing. It looks like after the code change each of the 2 constructors is only used once by one of the 2 new `privilegedGetFileInputStream` methods, and then each new method is only used once in JSSE. Also, the `SecurityManager` API including these `doPrivileged` calls were deprecated for removal in JDK 17. I doubt spending more time tuning them makes us any good. - PR: https://git.openjdk.org/jdk/pull/9542
Re: RFR: JDK-8155039 Simplify code to setup SSLContextImpl and TrustManagerFactoryImpl
On Mon, 18 Jul 2022 17:53:56 GMT, Mark Powers wrote: > https://bugs.openjdk.org/browse/JDK-8155039 Can't say I disagree. That would leave removing the unused method from TrustManagerFactoryImpl.java and a couple of typos. - PR: https://git.openjdk.org/jdk/pull/9542
Re: RFR: JDK-8155039 Simplify code to setup SSLContextImpl and TrustManagerFactoryImpl
On Mon, 18 Jul 2022 17:53:56 GMT, Mark Powers wrote: > https://bugs.openjdk.org/browse/JDK-8155039 We can do them in a separate cleanup and close this one with Will-Not-Fix. Otherwise, you need to change the title of this bug to "cleanup something" and a historian will find it confusing on what was determined. - PR: https://git.openjdk.org/jdk/pull/9542
Re: RFR: JDK-8290532: Adjust PKCS11Exception and handle more PKCS11 error codes
On Tue, 19 Jul 2022 13:14:17 GMT, Matthias Baesken wrote: > The issue https://bugs.openjdk.org/browse/JDK-8282538 gave an example of the > following PKCS11 exception (see attached jtr files of that bug) : > > Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: 0xCE534351 > > Unfortunately the error code 0xCE534351 is currently not in the RV/errorMap > table of PKCS11Exception, That's why we get this > hex code and no more descriptive output, this could be improved. None of the 3 proposed error codes in this PR is in the standard PKCS#11 header files - two of them are vendor specific. For vendor specific error code, such direct mapping may be incorrect. As for CKR_COPY_PROHIBITED, I can't find any reference in your cited PKCS#11 spec above. Do you have other standard source for it? - PR: https://git.openjdk.org/jdk/pull/9555
Re: RFR: 8288568: Reduce runtime of java.security microbenchmarks [v2]
On Fri, 17 Jun 2022 12:24:50 GMT, Claes Redestad wrote: >> - Reduce forks, iteration, runtime to reduce runtime while maintaining high >> data quality on typical benchmarking hosts. >> >> Reduces runtime from estimated 10+ hours to 54 minutes. > > Claes Redestad has updated the pull request incrementally with one additional > commit since the last revision: > > Copyrights, apply consistent settings to PermissionsImplies test/micro/org/openjdk/bench/java/security/SSLHandshake.java line 56: > 54: @Warmup(iterations = 5, time = 1) > 55: @Measurement(iterations = 5, time = 1) > 56: @Fork(value = 3) should the `@Warmup`, `@Measurement`, and `@Fork` be removed from the `doHandshake()` benchmark on lines 115-117 below so that these take effect? https://github.com/openjdk/jdk/blob/c2cbeb3ee875936c98bb15ec32d692f7d866df76/test/micro/org/openjdk/bench/java/security/SSLHandshake.java#L111-L115 - PR: https://git.openjdk.org/jdk/pull/9189
Re: RFR: 8289275: Remove incorrect __declspec(dllimport) attributes from pointers in jdk.crypto.cryptoki [v4]
On Thu, 14 Jul 2022 02:48:07 GMT, Julian Waters wrote: >> Several instances of function pointers in jdk.crypto.cryptoki are marked >> with the dllimport attribute, which should only be applied to symbol >> declarations, of which a typedef'd function pointer is not. This would only >> be useful if a function pointer defined in the linked dll is desired to be >> imported, not if the pointer itself is created locally and used to store a >> function address. In addition to being incorrect, at least on the versions >> of Visual C++ the JDK supports today, it is also redundant; Typically they >> are used to avoid an indirect stub that jumps to the proper entry in the >> import address table, but usage of these typedefs involves loading the >> address of a function and directly (Usually through GetProcAddress, even in >> other cases it would simply be set to the address of a function anyway) >> assigning it to the pointer before immediately dispatching when called, >> which bypasses this procedure entirely and makes the attribute pointless. > > Julian Waters has updated the pull request incrementally with one additional > commit since the last revision: > > Revert changes to pkcs11.h Marked as reviewed by valeriep (Reviewer). - PR: https://git.openjdk.org/jdk/pull/9353
[jdk19] Integrated: 8278274: Update nroff pages in JDK 19 before RC
On Sun, 17 Jul 2022 22:44:02 GMT, David Holmes wrote: > Please review these changes to the nroff manpage files so that they match > their markdown sources that Oracle maintains. > > All pages at a minimum have 19-ea replaced with 19, and copyright set to 2022 > if needed. Additionally: > > The Java manpage was missing updates from: > - [JDK-8282018](https://bugs.openjdk.org/browse/JDK-8282018): Add captions to > tables on java man page. > > The Java manpage has slight formatting differences from: > - [JDK-8262004](https://bugs.openjdk.org/browse/JDK-8262004): Classpath > separator: Man page says semicolon; should be colon on Linux > - [JDK-8236569](https://bugs.openjdk.org/browse/JDK-8236569): -Xss not > multiple of 4K does not work for the main thread on macOS > > The Java manpage has a typo fixed in mainline by > [JDK-8279047](https://bugs.openjdk.org/browse/JDK-8279047) (for JDK 20) > > > The keytool manpage was missing updates from: > - [JDK-8282014](https://bugs.openjdk.org/browse/JDK-8282014): Add captions to > tables on keytool man page. > - [JDK-8267319](https://bugs.openjdk.org/browse/JDK-8267319): Use larger > default key sizes and algorithms based on CNSA > > The jar manpage was missing updates from: > - [JDK-8278764](https://bugs.openjdk.org/browse/JDK-8278764): jar and jmod > man pages need the new --date documenting from CSR > [JDK-8277755](https://bugs.openjdk.org/browse/JDK-8277755) > > The jarsigner manpage was missing updates from: > - [JDK-8282015](https://bugs.openjdk.org/browse/JDK-8282015): Add captions to > tables on jarsigner man page. > - [JDK-8267319](https://bugs.openjdk.org/browse/JDK-8267319): Use larger > default key sizes and algorithms based on CNSA > > The javadoc manpage was missing updates from: > - [JDK-8279034](https://bugs.openjdk.org/browse/JDK-8279034): Update man page > for javadoc `--date` option > > The jmod manpage was missing updates from: > - [JDK-8278764](https://bugs.openjdk.org/browse/JDK-8278764): jar and jmod > man pages need the new --date documenting from CSR > [JDK-8277755](https://bugs.openjdk.org/browse/JDK-8277755) > > The jpackage manpage was missing updates from: > - [JDK-8285146](https://bugs.openjdk.org/browse/JDK-8285146): Document > jpackage resource dir feature > - [JDK-8284695](https://bugs.openjdk.org/browse/JDK-8284695): Update jpackage > man pages for JDK 19 > - [JDK-8284209](https://bugs.openjdk.org/browse/JDK-8284209): Replace > remaining usages of 'a the' in source code > > The jshell manpage was missing updates from: > - [JDK-8282016](https://bugs.openjdk.org/browse/JDK-8282016): Add captions to > tables on jshell man page. This pull request has now been integrated. Changeset: 618f3a82 Author:David Holmes URL: https://git.openjdk.org/jdk19/commit/618f3a82a4d45cdb66b86259ae60dd1c322b987b Stats: 515 lines in 28 files changed: 431 ins; 16 del; 68 mod 8278274: Update nroff pages in JDK 19 before RC Reviewed-by: jjg - PR: https://git.openjdk.org/jdk19/pull/145
Re: [jdk19] RFR: 8278274: Update nroff pages in JDK 19 before RC
On Mon, 18 Jul 2022 23:27:58 GMT, David Holmes wrote: >> src/java.base/share/man/keytool.1 line 456: >> >>> 454: \f[CB]PrivateKeyEntry\f[R] for the signer that already exists in the >>> 455: keystore. >>> 456: This option is used to sign the certificate with the signer?s private >> >> Not a problem with this PR as such, but we still have a `?` character in the >> output. > > Yeah I spotted that too, but it would need to be fixed in source and nroff. > Must be some kind of "smart quote" from an editor. Do you think this needs to > be fixed or just handle it in mainline? Filed [JDK-8290626](https://bugs.openjdk.org/browse/JDK-8290626). It can easily be fixed before RDP2. - PR: https://git.openjdk.org/jdk19/pull/145
Re: RFR: JDK-8290532: Adjust PKCS11Exception and handle more PKCS11 error codes
On Tue, 19 Jul 2022 20:37:09 GMT, Valerie Peng wrote: > None of the 3 proposed error codes in this PR is in the standard PKCS#11 > header files - two of them are vendor specific. For vendor specific error > code, such direct mapping may be incorrect. As for CKR_COPY_PROHIBITED, I > can't find any reference in your cited PKCS#11 spec above. Do you have other > standard source for it? Hi Valerie, yes 0xCE534351L and 0xCE534352L are vendor specific but I added them because we got those (well the first one) in our jtreg test (please see JDK-8282538 for a detailled description, we got the same on RHEL9 instead of CentOS). So they are rather common errors on Linux I think and it would be nice to have them. The CKR_COPY_PROHIBITED seems to be deprecated, see this discussion https://lists.oasis-open.org/archives/pkcs11/201306/msg00073.html ; so maybe we do not need it any more these days. The older documentation still mentions it http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/cs01/pkcs11-base-v2.40-cs01.html . - PR: https://git.openjdk.org/jdk/pull/9555
