On Wed, 17 May 2023 20:09:50 GMT, Xue-Lei Andrew Fan wrote:
> Looks good to me. Please make sure the security regression testing passed.
Thanks! By "security regression testing" that you mean `jdk_security`, or
something else?
-
PR Comment: https://git.openjdk.org/jdk/pull/13996#i
On Wed, 17 May 2023 21:54:20 GMT, Kevin Driver wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request incrementally with one additional
> commit since the last revision:
>
> rework based upon code review comments
Similar comm
On Wed, 17 May 2023 08:06:56 GMT, Christoph Langer wrote:
>> With this PR we try to be better in loading certificates from the MacOS
>> Keychain into a JDK Trust store.
>>
>> The current implementation after JDK-8278449 would only load/trust
>> certificates from an identity (with private key a
On Fri, 12 May 2023 20:14:56 GMT, Sean Mullan wrote:
>> Kevin Driver has refreshed the contents of this pull request, and previous
>> commits have been removed. Incremental views are not available.
>
> Do you have any plans to write a test? If not, the bug needs a `noreg` label.
@seanjmullan @X
> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
Kevin Driver has updated the pull request incrementally with one additional
commit since the last revision:
rework based upon code review comments
-
Changes:
- all: https://git.openjdk.org/jdk/pull/13466/files
On Wed, 17 May 2023 12:42:32 GMT, Matthias Baesken wrote:
>> Christoph Langer has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Check return code of SecTrustSettingsCopyTrustSettings and address review
>> comments
>
> src/java.base/macosx
On Wed, 17 May 2023 20:49:34 GMT, Weijun Wang wrote:
> No matter what `SecTrustSettingsCopyTrustSettings` returns, you will always
> call `jm_createTrustedCertEntry`. This means if I add a self-signed
> certificate but has not added any trusted settings onto it, it will be always
> trusted. Is
On Wed, 17 May 2023 17:34:42 GMT, Sean Mullan wrote:
> Please don't integrate this until I or someone from my team reviews it.
> Thanks.
Sure.
-
PR Comment: https://git.openjdk.org/jdk/pull/13945#issuecomment-1552088991
On Wed, 17 May 2023 08:06:56 GMT, Christoph Langer wrote:
>> With this PR we try to be better in loading certificates from the MacOS
>> Keychain into a JDK Trust store.
>>
>> The current implementation after JDK-8278449 would only load/trust
>> certificates from an identity (with private key a
> Replace `{@code ...}` patterns and the like with `{@snippet
> lang=java : ...}`.
Brian Burkhalter has updated the pull request with a new target base due to a
merge or a rebase. The incremental webrev excludes the unrelated changes
brought in by the merge/rebase. The pull request contains sev
On Tue, 16 May 2023 09:18:57 GMT, Aleksey Shipilev wrote:
>> One of our services has a hot path with AES/GCM cipher reuse. The JDK code
>> reinitializes the session key on that path, and
>> [JDK-8308105](https://bugs.openjdk.org/browse/JDK-8308105) shows up
>> prominently there.
>>
>> Fixing
On Tue, 16 May 2023 09:18:57 GMT, Aleksey Shipilev wrote:
>> One of our services has a hot path with AES/GCM cipher reuse. The JDK code
>> reinitializes the session key on that path, and
>> [JDK-8308105](https://bugs.openjdk.org/browse/JDK-8308105) shows up
>> prominently there.
>>
>> Fixing
> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
Kevin Driver has updated the pull request with a new target base due to a merge
or a rebase. The incremental webrev excludes the unrelated changes brought in
by the merge/rebase. The pull request contains six additional commits
> Implement support for Leighton-Micali Signatures (LMS) as described in RFC
> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with
> SHA-256/192 parameters recommended.
Ferenc Rakoczi has updated the pull request incrementally with one additional
commit since the last revisio
On Wed, 17 May 2023 03:11:54 GMT, Martin Balao wrote:
>> We would like to propose an implementation for the [JDK-8301553: Support
>> Password-Based Cryptography in
>> SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553) enhancement
>> requirement.
>>
>> In addition to pursuing the requirem
On Wed, 17 May 2023 18:14:38 GMT, Sean Mullan wrote:
>> When parsing a byte array to a private or public key, it's now converted to
>> a `ByteArrayInputStream` and the parser does not report an error if there
>> are extra bytes at the end.
>
> src/java.base/share/classes/sun/security/pkcs/PKCS8
On Wed, 17 May 2023 18:51:11 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/sun/security/pkcs/PKCS8Key.java line 99:
>>
>>> 97: } catch (IOException e) {
>>> 98: throw new InvalidKeyException("IOException: " +
>>> 99: e.getMessage());
>>
>> How ab
Please find here a change that revisits usage of monitors in the HttpClient.
With Virtual Threads now part of the platform it should be possible to pass a
newVirtualThreadPerTaskExecutor to the HttpClient. Logging, when called from a
synchronized block, can cause the carrier thread to get pinned
On Wed, 17 May 2023 12:57:15 GMT, Aleksey Shipilev wrote:
> @XueleiFan, or anyone else, please take a look?
I will have a look, but I may need more time.
-
PR Comment: https://git.openjdk.org/jdk/pull/13996#issuecomment-1551895053
> The KEM API and DHKEM impl. Note that this PR uses new methods in
> https://github.com/openjdk/jdk/pull/13250.
Weijun Wang has updated the pull request with a new target base due to a merge
or a rebase. The incremental webrev excludes the unrelated changes brought in
by the merge/rebase. The
On Fri, 12 May 2023 16:23:53 GMT, Weijun Wang wrote:
> When parsing a byte array to a private or public key, it's now converted to a
> `ByteArrayInputStream` and the parser does not report an error if there are
> extra bytes at the end.
src/java.base/share/classes/sun/security/pkcs/PKCS8Key.ja
On Wed, 17 May 2023 08:06:56 GMT, Christoph Langer wrote:
>> With this PR we try to be better in loading certificates from the MacOS
>> Keychain into a JDK Trust store.
>>
>> The current implementation after JDK-8278449 would only load/trust
>> certificates from an identity (with private key a
> Replace `{@code ...}` patterns and the like with `{@snippet
> lang=java : ...}`.
Brian Burkhalter has updated the pull request incrementally with one additional
commit since the last revision:
8308016: Reinstate @snippet for RandomAccessFile::readLong
-
Changes:
- all: https
https://bugs.openjdk.org/browse/JDK-8307794
-
Commit messages:
- added more tests
- remove carriage return
- micro benchmark and jarsigner test
- Ferenc's comments
- Max's comments
- iteration 2
- iteration 1
Changes: https://git.openjdk.org/jdk/pull/13940/files
Webrev: https
On Sun, 14 May 2023 05:50:20 GMT, Tagir F. Valeev wrote:
>> Brian Burkhalter has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> 8308016: Remove ellipses ("...") from snippets
>
> src/java.base/share/classes/java/io/RandomAccessFile.java lin
On Fri, 12 May 2023 20:29:47 GMT, Kevin Driver wrote:
>> Do you have any plans to write a test? If not, the bug needs a `noreg` label.
>
>> Do you have any plans to write a test? If not, the bug needs a `noreg` label.
>
> As discussed internally, the test that surfaced this issue will be
> inco
> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
Kevin Driver has updated the pull request with a new target base due to a merge
or a rebase. The pull request now contains five commits:
- update copyright
- reworking the fix in light of encouragement to change the problemati
On Wed, 17 May 2023 10:41:57 GMT, Daniel Jeliński wrote:
>> Darragh Clarke has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - Update
>> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
>>
>>Co-autho
> Updated instances of `toLowerCase` and `toUpperCase` in several net and io
> files to specify `Locale.ROOT` to ensure that case conversion issues don't
> occur,
>
> I didn't add any new tests but ran tier 1-3 with no issues
Darragh Clarke has updated the pull request incrementally with two ad
On Wed, 17 May 2023 07:10:49 GMT, Ferenc Rakoczi wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> to and length and comments
>
> src/java.base/share/classes/javax/crypto/KEM.java line 233:
>
>> 231: *
On Tue, 16 May 2023 09:18:57 GMT, Aleksey Shipilev wrote:
>> One of our services has a hot path with AES/GCM cipher reuse. The JDK code
>> reinitializes the session key on that path, and
>> [JDK-8308105](https://bugs.openjdk.org/browse/JDK-8308105) shows up
>> prominently there.
>>
>> Fixing
On Wed, 17 May 2023 08:06:56 GMT, Christoph Langer wrote:
>> With this PR we try to be better in loading certificates from the MacOS
>> Keychain into a JDK Trust store.
>>
>> The current implementation after JDK-8278449 would only load/trust
>> certificates from an identity (with private key a
On Wed, 17 May 2023 11:15:41 GMT, Ferenc Rakoczi wrote:
>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC
>> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with
>> SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has updated the pull request
On Mon, 15 May 2023 08:38:54 GMT, Adam Sotona wrote:
> Package `jdk.internal.classfile.java.lang.constant` containing `ModuleDesc`
> and `PackageDesc` become obsolete after
> [JDK-8306729](https://bugs.openjdk.org/browse/JDK-8306729).
> All references to `jdk.internal.classfile.java.lang.const
On Wed, 17 May 2023 08:06:56 GMT, Christoph Langer wrote:
>> With this PR we try to be better in loading certificates from the MacOS
>> Keychain into a JDK Trust store.
>>
>> The current implementation after JDK-8278449 would only load/trust
>> certificates from an identity (with private key a
When using the clang compiler to build OpenJDk on Linux, we encounter various
"warnings as errors".
They can be fixed with small changes.
-
Commit messages:
- 8308286 Fix clang warnings in linux code
Changes: https://git.openjdk.org/jdk/pull/14033/files
Webrev: https://webrevs.ope
> Implement support for Leighton-Micali Signatures (LMS) as described in RFC
> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with
> SHA-256/192 parameters recommended.
Ferenc Rakoczi has updated the pull request incrementally with one additional
commit since the last revisio
On Tue, 16 May 2023 10:38:52 GMT, Darragh Clarke wrote:
> Updated instances of `toLowerCase` and `toUpperCase` in several net and io
> files to specify `Locale.ROOT` to ensure that case conversion issues don't
> occur,
>
> I didn't add any new tests but ran tier 1-3 with no issues
src/java.ba
On Wed, 17 May 2023 07:36:33 GMT, Matthias Baesken wrote:
> Yes this seems to be the case. Could you maybe add a one liner comment to
> libosxsecurity/KeystoreImpl.m (near to the user and admin domain handling)
> summarizing what you said? And I still prefer checking the return values of
> the
> With this PR we try to be better in loading certificates from the MacOS
> Keychain into a JDK Trust store.
>
> The current implementation after JDK-8278449 would only load/trust
> certificates from an identity (with private key available) and certificates
> that have explicit trust set in the
On Wed, 17 May 2023 07:14:06 GMT, Christoph Langer wrote:
> > Hi Christoph, I do not see any reference to kSecTrustSettingsDomainSystem
> > in your coding. Handling at least kSecTrustSettingsDomainUser and
> > kSecTrustSettingsDomainAdmin is good but I am not sure about
> > kSecTrustSettingsDo
On Tue, 16 May 2023 07:46:37 GMT, Matthias Baesken wrote:
> Hi Christoph, I do not see any reference to kSecTrustSettingsDomainSystem in
> your coding. Handling at least kSecTrustSettingsDomainUser and
> kSecTrustSettingsDomainAdmin is good but I am not sure about
> kSecTrustSettingsDomainSyst
On Tue, 16 May 2023 16:28:26 GMT, Weijun Wang wrote:
>> The KEM API and DHKEM impl. Note that this PR uses new methods in
>> https://github.com/openjdk/jdk/pull/13250.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> to and
43 matches
Mail list logo
