People believed Java Serialization was secure for a long time, I had
arguments about that too, long before it was public knowledge, until it
wasn't, then it couldn't be fixed fast enough to keep up with
vulnerabilities.
You nonchalantly plan to remove the SM infrastructure while blocking us
f
Please undeprecate DomainController interface, AccessController,
AccessControlContext and Subject methods, while removing the remaining
methods in JEP411.
Just document that these methods don't do anything by default, and use
the null object pattern where appropriate.
Deprecation is causing
Maybe I had the wrong Subject?
I'm still trying to figure out how to migrate before removal of
deprecated API's.
1. Our software architecture is designed and currently relies on
classes in JEP411 for authorisation decisions.
2. It's not possible for our software to have security bolted on a
On Thu, 9 Feb 2023 21:26:50 GMT, Kevin Driver wrote:
> Updated this `template` file to not fail silently on `canUseProvider` check
> in debug mode to provide additional information to aid in debugging.
>
> See: https://bugs.openjdk.org/browse/JDK-8178806
This pull request has now been integrat
On Thu, 9 Feb 2023 22:15:07 GMT, Kevin Driver wrote:
>> Updated this `template` file to not fail silently on `canUseProvider` check
>> in debug mode to provide additional information to aid in debugging.
>>
>> See: https://bugs.openjdk.org/browse/JDK-8178806
>
> Kevin Driver has updated the pul
On Thu, 9 Feb 2023 22:16:49 GMT, Valerie Peng wrote:
>> resolved
>
> Also, may just rely on the toString() impl instead of separate handling of
> getClass() and getMessage()?
That change was already in the previous commit.
-
PR: https://git.openjdk.org/jdk/pull/12504
On Thu, 9 Feb 2023 22:10:31 GMT, Kevin Driver wrote:
>> I thought about this, but logically they are not related...
>>
>> I can definitely combine, but I made this choice for readability. What do
>> you think?
>
> resolved
Also, may just rely on the toString() impl instead of separate handlin
On Thu, 9 Feb 2023 21:47:17 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/JceSecurity.java.template line 240:
>>
>>> 238: Exception e = getVerificationResult(p);
>>> 239: if (debug != null) {
>>> 240: if(e != null) {
>>
>> line 239 and 240 can
> Updated this `template` file to not fail silently on `canUseProvider` check
> in debug mode to provide additional information to aid in debugging.
>
> See: https://bugs.openjdk.org/browse/JDK-8178806
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Thu, 9 Feb 2023 21:45:35 GMT, Valerie Peng wrote:
>> Updated this `template` file to not fail silently on `canUseProvider` check
>> in debug mode to provide additional information to aid in debugging.
>>
>> See: https://bugs.openjdk.org/browse/JDK-8178806
>
> src/java.base/share/classes/java
On Thu, 9 Feb 2023 21:26:50 GMT, Kevin Driver wrote:
> Updated this `template` file to not fail silently on `canUseProvider` check
> in debug mode to provide additional information to aid in debugging.
>
> See: https://bugs.openjdk.org/browse/JDK-8178806
src/java.base/share/classes/javax/crypt
Updated this `template` file to not fail silently on `canUseProvider` check in
debug mode to provide additional information to aid in debugging.
See: https://bugs.openjdk.org/browse/JDK-8178806
-
Commit messages:
- 8178806: Better exception logging in crypto code
Changes: https://
Please review this change to increase the default Diffie-Hellman group size
used in the key exchange method of TLS_DHE cipher suites from 1024-bit to
2048-bit. This issue does not affect TLS 1.3.
See the CSR for more details on the rationale for this change and the expected
compatibility risk (
On Wed, 1 Feb 2023 21:28:25 GMT, Rajan Halade wrote:
> This fix adds Certigna root CA to cacerts trust store.
This pull request has now been integrated.
Changeset: 8c87a674
Author:Rajan Halade
URL:
https://git.openjdk.org/jdk/commit/8c87a67419b91f254ed7e4dd8ac8d294b8c4735e
Stats:
On Mon, 9 Jan 2023 12:19:27 GMT, Matthew Donovan wrote:
> Refactored the code a little bit and updated the test for changes to the TLS
> state machine.
This pull request has now been integrated.
Changeset: 7fd440d9
Author:Matthew Donovan
Committer: Rajan Halade
URL:
https://git.op
On Wed, 1 Feb 2023 14:46:28 GMT, Sean Mullan wrote:
> This change adds a system property that can be used to enable/disable the XML
> Signature secure validation mode. This is useful for enabling/disabling the
> mode at runtime. The system property will supersede and have the same name as
> th
On Thu, 9 Feb 2023 11:46:42 GMT, Eirik Bjorsnos wrote:
> > In addition to - or instead of - an `equals` shortcut then if coders are
> > the same we could use `ArraysSupport.mismatch` which should get similar
> > speed and help more generally.
>
> ..and if String had (an optimized) mismatch met
> After finding a hash match, getEntryPos needs to compare the lookup name up
> to the encoded entry name in the CEN. This comparison is done by decoding the
> entry name into a String. The names can then be compared using the String
> API. This decoding step adds a significat cost to this metho
On Thu, 9 Feb 2023 11:39:18 GMT, Claes Redestad wrote:
> Yes, I'll file a PR to see if we can make `startsWith` a bit sharper
Thanks! I pushed the change to ZipCoder.compare.
> In addition to - or instead of - an `equals` shortcut then if coders are the
> same we could use `ArraysSupport.misma
> After finding a hash match, getEntryPos needs to compare the lookup name up
> to the encoded entry name in the CEN. This comparison is done by decoding the
> entry name into a String. The names can then be compared using the String
> API. This decoding step adds a significat cost to this metho
On Wed, 8 Feb 2023 16:36:16 GMT, Eirik Bjorsnos wrote:
>> After finding a hash match, getEntryPos needs to compare the lookup name up
>> to the encoded entry name in the CEN. This comparison is done by decoding
>> the entry name into a String. The names can then be compared using the
>> String
On Thu, 9 Feb 2023 11:17:54 GMT, Eirik Bjorsnos wrote:
> It helps... a lot!
I guess an update to String.startsWith should be handled separately from this
PR.
If startsWith will be optimized, then I'm happy to update this PR to use
startsWith as you suggested. Then ZipCoder will speed up for f
On Thu, 9 Feb 2023 11:07:17 GMT, Claes Redestad wrote:
> Could be interesting to see if special-casing `startsWith` to call `equals`
> when possible would help:
It helps... a lot!
Benchmark (size) Mode CntScore Error Units
ZipFileGetEntry.getEntryHit
On Wed, 8 Feb 2023 16:36:16 GMT, Eirik Bjorsnos wrote:
>> After finding a hash match, getEntryPos needs to compare the lookup name up
>> to the encoded entry name in the CEN. This comparison is done by decoding
>> the entry name into a String. The names can then be compared using the
>> String
On Thu, 9 Feb 2023 10:05:06 GMT, Claes Redestad wrote:
> Should be a win and avoids the need for a new mismatch method here.
Interestingly, this is not a win:
PR:
Benchmark (size) Mode CntScore Error Units
ZipFileGetEntry.getEntryHit 512 avgt
On Wed, 8 Feb 2023 16:36:16 GMT, Eirik Bjorsnos wrote:
>> After finding a hash match, getEntryPos needs to compare the lookup name up
>> to the encoded entry name in the CEN. This comparison is done by decoding
>> the entry name into a String. The names can then be compared using the
>> String
On Wed, 8 Feb 2023 16:36:16 GMT, Eirik Bjorsnos wrote:
>> After finding a hash match, getEntryPos needs to compare the lookup name up
>> to the encoded entry name in the CEN. This comparison is done by decoding
>> the entry name into a String. The names can then be compared using the
>> String
27 matches
Mail list logo
