On Mon, 15 May 2023 19:59:13 GMT, Aleksey Shipilev wrote:
> One of our services has a hot path with AES/GCM cipher reuse. The JDK code
> reinitializes the session key on that path, and
> [JDK-8308105](https://bugs.openjdk.org/browse/JDK-8308105) shows up
> prominently there.
>
> Fixing [JDK-8
On Tue, 16 May 2023 09:18:57 GMT, Aleksey Shipilev wrote:
>> One of our services has a hot path with AES/GCM cipher reuse. The JDK code
>> reinitializes the session key on that path, and
>> [JDK-8308105](https://bugs.openjdk.org/browse/JDK-8308105) shows up
>> prominently there.
>>
>> Fixing
On Wed, 17 May 2023 13:53:55 GMT, Darragh Clarke wrote:
>> Updated instances of `toLowerCase` and `toUpperCase` in several net and io
>> files to specify `Locale.ROOT` to ensure that case conversion issues don't
>> occur,
>>
>> I didn't add any new tests but ran tier 1-3 with no issues
>
> Dar
On Fri, 12 May 2023 21:09:01 GMT, Cesar Soares Lucas
wrote:
>> Can I please get reviews for this PR?
>>
>> The most common and frequent use of NonEscaping Phis merging object
>> allocations is for debugging information. The two graphs below show numbers
>> for Renaissance and DaCapo benchmar
On Thu, 18 May 2023 20:10:04 GMT, Martin Balao wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
>> line 362:
>>
>>> 360: session = token.getObjSession();
>>> 361: CK_MECHANISM ckMech;
>>> 362: char[] password = keyS
On Thu, 18 May 2023 23:28:24 GMT, Kevin Driver wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request incrementally with one additional
> commit since the last revision:
>
> whitespace adjustments
New code LGTM, minus the one
On Thu, 18 May 2023 22:33:30 GMT, Bradford Wetmore wrote:
>> > src="https://github.com/openjdk/jdk/assets/1783591/c549e612-5ec7-47ce-add5-828cf79c31d9";>
>
> Slacked with Kevin and pointed out locations.
Slacked with Kevin and resolved my concern.
-
PR Review Comment: https://git.o
> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
Kevin Driver has updated the pull request incrementally with one additional
commit since the last revision:
whitespace adjustments
-
Changes:
- all: https://git.openjdk.org/jdk/pull/13466/files
- new: https:/
On Thu, 18 May 2023 22:02:55 GMT, Kevin Driver wrote:
>> This might be something on your end @bradfordwetmore. I opened this in my
>> IDE and went to the end of the line... It was right under the "String
>> clientAlias" capital "S".
>
> src="https://github.com/openjdk/jdk/assets/1783591/c549e6
On Thu, 18 May 2023 21:52:37 GMT, Bradford Wetmore wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> all review comments applied
>
> src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line 385:
>
>
On Thu, 18 May 2023 22:00:35 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line
>> 385:
>>
>>> 383: X509ExtendedKeyManager km =
>>> chc.sslContext.getX509KeyManager();
>>> 384: String clientAlias = null;
>>> 385:
>>
>
On Thu, 18 May 2023 17:49:07 GMT, Kevin Driver wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request incrementally with one additional
> commit since the last revision:
>
> all review comments applied
src/java.base/share/cla
On Fri, 12 May 2023 16:23:53 GMT, Weijun Wang wrote:
> When parsing a byte array to a private or public key, it's now converted to a
> `ByteArrayInputStream` and the parser does not report an error if there are
> extra bytes at the end.
This pull request has now been integrated.
Changeset: 14
On Thu, 18 May 2023 14:48:58 GMT, Weijun Wang wrote:
>> When parsing a byte array to a private or public key, it's now converted to
>> a `ByteArrayInputStream` and the parser does not report an error if there
>> are extra bytes at the end.
>
> Weijun Wang has updated the pull request incrementa
On Wed, 17 May 2023 19:00:47 GMT, Valerie Peng wrote:
>> Martin Balao has updated the pull request with a new target base due to a
>> merge or a rebase. The pull request now contains three commits:
>>
>> - Rebase fix after JDK-8306033. Replace called functions with their new
>> names.
>> - 8
On Wed, 17 May 2023 18:57:41 GMT, Valerie Peng wrote:
>> Martin Balao has updated the pull request with a new target base due to a
>> merge or a rebase. The pull request now contains three commits:
>>
>> - Rebase fix after JDK-8306033. Replace called functions with their new
>> names.
>> - 8
On Wed, 17 May 2023 18:45:06 GMT, Valerie Peng wrote:
>> Martin Balao has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains three additional
>> commit
On Wed, 17 May 2023 18:44:08 GMT, Valerie Peng wrote:
>> Martin Balao has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains three additional
>> commit
On Tue, 16 May 2023 23:42:08 GMT, Valerie Peng wrote:
>> Martin Balao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> 8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #1)
>>
>> Co-authored-by: Francisco Ferrari
On Thu, 18 May 2023 18:23:53 GMT, Roger Riggs wrote:
>> Brian Burkhalter has updated the pull request with a new target base due to
>> a merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains seven additional
>> com
> Replace `{@code ...}` patterns and the like with `{@snippet
> lang=java : ...}`.
Brian Burkhalter has updated the pull request incrementally with one additional
commit since the last revision:
8308016: Address reviewer comments since previous commit
-
Changes:
- all: https:/
On Thu, 18 May 2023 16:18:02 GMT, Andrey Turbanov wrote:
>> Ferenc Rakoczi has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> More input checks.
>
> src/java.base/share/classes/sun/security/provider/HSS.java line 410:
>
>> 408: fin
> Implement support for Leighton-Micali Signatures (LMS) as described in RFC
> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with
> SHA-256/192 parameters recommended.
Ferenc Rakoczi has updated the pull request incrementally with one additional
commit since the last revisio
On Wed, 17 May 2023 20:51:29 GMT, Brian Burkhalter wrote:
>> Replace `{@code ...}` patterns and the like with `{@snippet
>> lang=java : ...}`.
>
> Brian Burkhalter has updated the pull request with a new target base due to a
> merge or a rebase. The incremental webrev excludes the unrelated cha
On Thu, 18 May 2023 18:16:49 GMT, Daniel Jeliński wrote:
> Here you go:
@djelinski Thank you!
-
PR Comment: https://git.openjdk.org/jdk/pull/13428#issuecomment-1553459091
On Tue, 11 Apr 2023 17:26:25 GMT, Jamil Nimeh wrote:
> This fixes an issue where the key/nonce reuse policy for SunJCE ChaCha20 and
> ChaCha20-Poly1305 was overly strict in enforcing no-reuse when the Cipher was
> in DECRYPT_MODE. For decryption, this should be allowed and be consistent
> wit
On Thu, 18 May 2023 17:49:07 GMT, Kevin Driver wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request incrementally with one additional
> commit since the last revision:
>
> all review comments applied
Marked as reviewed by x
On Thu, 18 May 2023 16:55:05 GMT, Daniel Jeliński wrote:
> the QUIC specification permits dropping duplicate packets only after fully
> decrypting them.
May I have a reference, for example the section number, of the specification?
-
PR Comment: https://git.openjdk.org/jdk/pull/134
On Thu, 18 May 2023 17:49:07 GMT, Kevin Driver wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request incrementally with one additional
> commit since the last revision:
>
> all review comments applied
Marked as reviewed by m
> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
Kevin Driver has updated the pull request incrementally with one additional
commit since the last revision:
all review comments applied
-
Changes:
- all: https://git.openjdk.org/jdk/pull/13466/files
- new: ht
On Thu, 18 May 2023 16:58:50 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java
>> line 290:
>>
>>> 288: shc.peerSupportedAuthorities = spec.getAuthorities();
>>> 289: } catch (IllegalArgumentException iae) {
> The KEM API and DHKEM impl. Note that this PR uses new methods in
> https://github.com/openjdk/jdk/pull/13250.
Weijun Wang has updated the pull request with a new target base due to a merge
or a rebase. The incremental webrev excludes the unrelated changes brought in
by the merge/rebase. The
On Thu, 18 May 2023 16:42:45 GMT, Xue-Lei Andrew Fan wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> review comments addressed
>
> src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java
>
On Thu, 18 May 2023 16:48:34 GMT, Xue-Lei Andrew Fan wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> review comments addressed
>
> src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java
>
On Wed, 17 May 2023 15:50:13 GMT, Roger Riggs wrote:
>> src/java.base/share/classes/java/io/RandomAccessFile.java line 904:
>>
>>> 902: * {@code b7}, and {@code b8,} where:
>>> 903: * {@snippet lang=java :
>>> 904: * 0 <= b1, b2, b3, b4, b5, b6, b7, b8 <= 255,
>>
>> Same:
> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
Kevin Driver has updated the pull request incrementally with one additional
commit since the last revision:
optimize imports and change toString
-
Changes:
- all: https://git.openjdk.org/jdk/pull/13466/files
On Thu, 18 May 2023 16:15:39 GMT, Kevin Driver wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request incrementally with one additional
> commit since the last revision:
>
> review comments addressed
src/java.base/share/class
On Tue, 11 Apr 2023 17:26:25 GMT, Jamil Nimeh wrote:
> This fixes an issue where the key/nonce reuse policy for SunJCE ChaCha20 and
> ChaCha20-Poly1305 was overly strict in enforcing no-reuse when the Cipher was
> in DECRYPT_MODE. For decryption, this should be allowed and be consistent
> wit
On Thu, 18 May 2023 16:15:39 GMT, Kevin Driver wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request incrementally with one additional
> commit since the last revision:
>
> review comments addressed
src/java.base/share/class
On Thu, 18 May 2023 16:15:39 GMT, Kevin Driver wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request incrementally with one additional
> commit since the last revision:
>
> review comments addressed
src/java.base/share/class
On Wed, 17 May 2023 20:01:26 GMT, Ferenc Rakoczi wrote:
>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC
>> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with
>> SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has updated the pull request
On Wed, 17 May 2023 15:49:27 GMT, Xue-Lei Andrew Fan wrote:
>>> Do you have any plans to write a test? If not, the bug needs a `noreg`
>>> label.
>>
>> As discussed internally, the test that surfaced this issue will be
>> incorporated into regular testing. I have added `noreg-other` since none
> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
Kevin Driver has updated the pull request incrementally with one additional
commit since the last revision:
review comments addressed
-
Changes:
- all: https://git.openjdk.org/jdk/pull/13466/files
- new: http
On Thu, 18 May 2023 12:42:20 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java
>> line 126:
>>
>>> 124: }
>>> 125:
>>> 126: X500Principal[] getAuthorities() throws
>>> IllegalArgumentException {
>>
>> IAE is unchecked
On Wed, 17 May 2023 20:01:26 GMT, Ferenc Rakoczi wrote:
>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC
>> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with
>> SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has updated the pull request
On Thu, 18 May 2023 13:18:12 GMT, Sean Mullan wrote:
>> https://bugs.openjdk.org/browse/JDK-8307794
>
> test/jdk/sun/security/tools/jarsigner/DisableLMS.java line 26:
>
>> 24: /*
>> 25: * @test
>> 26: * @bug JDK-8307794
>
> I think the bug here should be what it is testing, which is the HSS/L
> Update XML Security for Java to 3.0.2. Some change to tests:
>
> 1. A new `HereFunction.java` to test the new security property
> "jdk.xml.dsig.hereFunctionSupported".
> 2. EdDSA does not support `KeyValue`. Use X.509 certificate instead.
Weijun Wang has updated the pull request incrementally
> When parsing a byte array to a private or public key, it's now converted to a
> `ByteArrayInputStream` and the parser does not report an error if there are
> extra bytes at the end.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
a
> Update XML Security for Java to 3.0.2. Some change to tests:
>
> 1. A new `HereFunction.java` to test the new security property
> "jdk.xml.dsig.hereFunctionSupported".
> 2. EdDSA does not support `KeyValue`. Use X.509 certificate instead.
Weijun Wang has updated the pull request incrementally
On Thu, 18 May 2023 07:18:04 GMT, Aleksey Shipilev wrote:
> > jdk_security or tier2.
>
> Gotcha, I already tested both, see "Additional Testing" section in PR.
Thanks!
-
PR Comment: https://git.openjdk.org/jdk/pull/13996#issuecomment-1553126729
On Thu, 18 May 2023 04:04:17 GMT, Xue-Lei Andrew Fan wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> rework based upon code review comments
>
> src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExt
On Thu, 18 May 2023 13:39:10 GMT, Weijun Wang wrote:
>> Update XML Security for Java to 3.0.2. Some change to tests:
>>
>> 1. A new `HereFunction.java` to test the new security property
>> "jdk.xml.dsig.hereFunctionSupported".
>> 2. EdDSA does not support `KeyValue`. Use X.509 certificate inste
On Tue, 16 May 2023 01:10:10 GMT, Weijun Wang wrote:
>> Update XML Security for Java to 3.0.2. Some change to tests:
>>
>> 1. A new `HereFunction.java` to test the new security property
>> "jdk.xml.dsig.hereFunctionSupported".
>> 2. EdDSA does not support `KeyValue`. Use X.509 certificate inste
> Update XML Security for Java to 3.0.2. Some change to tests:
>
> 1. A new `HereFunction.java` to test the new security property
> "jdk.xml.dsig.hereFunctionSupported".
> 2. EdDSA does not support `KeyValue`. Use X.509 certificate instead.
Weijun Wang has updated the pull request with a new tar
On Thu, 11 May 2023 19:06:59 GMT, Mark Powers wrote:
> https://bugs.openjdk.org/browse/JDK-8307794
test/jdk/sun/security/tools/jarsigner/DisableLMS.java line 26:
> 24: /*
> 25: * @test
> 26: * @bug JDK-8307794
I think the bug here should be what it is testing, which is the HSS/LMS
implement
On Wed, 17 May 2023 21:54:20 GMT, Kevin Driver wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request incrementally with one additional
> commit since the last revision:
>
> rework based upon code review comments
src/java.bas
On Thu, 18 May 2023 03:51:55 GMT, Xue-Lei Andrew Fan wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> rework based upon code review comments
>
> src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExt
On Wed, 17 May 2023 13:53:55 GMT, Darragh Clarke wrote:
>> Updated instances of `toLowerCase` and `toUpperCase` in several net and io
>> files to specify `Locale.ROOT` to ensure that case conversion issues don't
>> occur,
>>
>> I didn't add any new tests but ran tier 1-3 with no issues
>
> Dar
On Wed, 17 May 2023 13:53:55 GMT, Darragh Clarke wrote:
>> Updated instances of `toLowerCase` and `toUpperCase` in several net and io
>> files to specify `Locale.ROOT` to ensure that case conversion issues don't
>> occur,
>>
>> I didn't add any new tests but ran tier 1-3 with no issues
>
> Dar
On Thu, 11 May 2023 19:06:59 GMT, Mark Powers wrote:
> https://bugs.openjdk.org/browse/JDK-8307794
I suggest the following:
1. Separate the data from the code and put the data to the end of the files
(e.g. create a " TestCase[] testCases;" array and let the TestCase class handle
the creation
On Thu, 18 May 2023 07:16:31 GMT, Xue-Lei Andrew Fan wrote:
> jdk_security or tier2.
Gotcha, I already tested both, see "Additional Testing" section in PR.
-
PR Comment: https://git.openjdk.org/jdk/pull/13996#issuecomment-1552619095
On Thu, 18 May 2023 06:44:10 GMT, Aleksey Shipilev wrote:
> > Looks good to me. Please make sure the security regression testing passed.
>
> Thanks! By "security regression testing" that you mean `jdk_security`, or
> something else?
jdk_security or tier2.
-
PR Comment: https://gi
62 matches
Mail list logo
