On Wed, 18 Jan 2023 03:21:29 GMT, Weijun Wang wrote:
> Verify should go on even if there is no message.
As long as update() is called, even if the argument is empty, message is
initialized.
-
PR: https://git.openjdk.org/jdk/pull/12059
On Wed, 18 Jan 2023 03:21:29 GMT, Weijun Wang wrote:
> Verify should go on even if there is no message.
The test in jdk/sun/security/ec/ed/TestEdDSA.java has a 448 test case on line
160 that sends a blank message "". I would expect that to fail if this is
situation is a bug.
-
P
Verify should go on even if there is no message.
-
Commit messages:
- chmod
- the fix
Changes: https://git.openjdk.org/jdk/pull/12059/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12059&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8300399
Stats: 54 lines in 2 f
On Tue, 17 Jan 2023 23:25:42 GMT, Hai-May Chao wrote:
> Please review the fix to address the problem in keytool -genseckey and
> -importpass.
src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1840:
> 1838: }
> 1839:
> 1840: String[] weakAlgs = new S
Please review the fix to address the problem in keytool -genseckey and
-importpass.
-
Commit messages:
- 8286907: keytool should warn about weak PBE algorithms
Changes: https://git.openjdk.org/jdk/pull/12056/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12056&range=00
I
> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to
> read.
>
> Some changes are made in the choice of algorithms and naming. The intent here
> is to reduce confusion and make the purpose of the test clearer:
>
> - Updated the **enabled** digestAlgorithm in use from SH
On Tue, 17 Jan 2023 22:10:44 GMT, Weijun Wang wrote:
>> @wangweij
>>
>> I initially removed this code, then restored it because I thought the
>> original author might have intended to future-proof the test. It also serves
>> as a sort of documentation of the implicit assumtions the test makes
On Tue, 17 Jan 2023 19:50:46 GMT, Eirik Bjorsnos wrote:
>> test/jdk/jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java line 67:
>>
>>> 65: public static void main(String[] args) throws Exception {
>>> 66:
>>> SecurityUtils.removeFromDisabledAlgs("jdk.jar.disabledAlgorithms",
On Fri, 13 Jan 2023 20:12:56 GMT, Eirik Bjorsnos wrote:
> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to
> read.
>
> Some changes are made in the choice of algorithms and naming. The intent here
> is to reduce confusion and make the purpose of the test clearer:
>
On Tue, 17 Jan 2023 15:08:36 GMT, Weijun Wang wrote:
>> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to
>> read.
>>
>> Some changes are made in the choice of algorithms and naming. The intent
>> here is to reduce confusion and make the purpose of the test clearer:
>
This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to
read.
Some changes are made in the choice of algorithms and naming. The intent here
is to reduce confusion and make the purpose of the test clearer:
- Updated the **enabled** digestAlgorithm in use from SHA1 to SHA256.
On Tue, 17 Jan 2023 18:15:21 GMT, Alan Bateman wrote:
>> Eirik Bjorsnos has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - Make it more clear in the @summary tag that it is the block file that is
>> pending, not the signature file
>> -
> This PR adds test coverage for pending block files in signed JAR files
>
> A signed JAR has pending block files if the block file [RSA, DSA, EC] comes
> before the corresponding signature file [SF] in the JAR.
>
> JarVerifier.processEntry supports processing of such pending block files, but
On Mon, 16 Jan 2023 11:44:36 GMT, Eirik Bjorsnos wrote:
> This PR adds test coverage for pending block files in signed JAR files
>
> A signed JAR has pending block files if the block file [RSA, DSA, EC] comes
> before the corresponding signature file [SF] in the JAR.
>
> JarVerifier.processEn
This PR adds test coverage for pending block files in signed JAR files
A signed JAR has pending block files if the block file [RSA, DSA, EC] comes
before the corresponding signature file [SF] in the JAR.
JarVerifier.processEntry supports processing of such pending block files, but
this code pa
On Tue, 17 Jan 2023 14:07:01 GMT, Weijun Wang wrote:
>> This PR adds test coverage for pending block files in signed JAR files
>>
>> A signed JAR has pending block files if the block file [RSA, DSA, EC] comes
>> before the corresponding signature file [SF] in the JAR.
>>
>> JarVerifier.proces
On Mon, 16 Jan 2023 11:44:36 GMT, Eirik Bjorsnos wrote:
> This PR adds test coverage for pending block files in signed JAR files
>
> A signed JAR has pending block files if the block file [RSA, DSA, EC] comes
> before the corresponding signature file [SF] in the JAR.
>
> JarVerifier.processEn
> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version
> numbers.
> - Removed IllegalRecordVersion.java from ProblemList.txt
>
> Tested with jdk_security and jdk_security3 test groups.
Matthew Donovan has updated the pull request incrementally with one additional
commit
On Sat, 14 Jan 2023 12:02:11 GMT, Eirik Bjorsnos wrote:
>> src/java.base/share/classes/java/util/zip/ZipFile.java line 1748:
>>
>>> 1746: .isBlockOrSF(new String(name, off, len,
>>> UTF_8.INSTANCE)
>>> 1747: .toUpperCase(Locale.ENGLISH)));
>>> 1748:
>>
>> H
On Sat, 14 Jan 2023 12:14:54 GMT, Eirik Bjorsnos wrote:
>> src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java line 980:
>>
>>> 978: * Returns true iff the entry resides directly in the META-INF/
>>> directory
>>> 979: */
>>> 980: private boolean isInMetaInf(ZipEnt
20 matches
Mail list logo
