On Tue, 11 Apr 2023 17:26:25 GMT, Jamil Nimeh wrote:
> This fixes an issue where the key/nonce reuse policy for SunJCE ChaCha20 and
> ChaCha20-Poly1305 was overly strict in enforcing no-reuse when the Cipher was
> in DECRYPT_MODE. For decryption, this should be allowed and be consistent
> wit
On Wed, 17 May 2023 03:11:54 GMT, Martin Balao wrote:
>> We would like to propose an implementation for the [JDK-8301553: Support
>> Password-Based Cryptography in
>> SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553) enhancement
>> requirement.
>>
>> In addition to pursuing the requirem
> We would like to propose an implementation for the [JDK-8301553: Support
> Password-Based Cryptography in
> SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553) enhancement
> requirement.
>
> In addition to pursuing the requirement goals and guidelines of
> [JDK-8301553](https://bugs.open
On Wed, 17 May 2023 19:08:26 GMT, Valerie Peng wrote:
>> Martin Balao has updated the pull request with a new target base due to a
>> merge or a rebase. The pull request now contains three commits:
>>
>> - Rebase fix after JDK-8306033. Replace called functions with their new
>> names.
>> - 8
On Fri, 19 May 2023 02:19:00 GMT, Martin Balao wrote:
>> Good
>
> I've just noticed that in this case in particular we can clean it up here but
> we need to save a copy in P11PBEKey because if the key has to be transferred
> to a different P11 token, we need to re-derive from the password, salt
On Thu, 18 May 2023 20:07:37 GMT, Martin Balao wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
>> line 345:
>>
>>> 343: throw new InvalidKeyException("Encoded format must be
>>> RAW");
>>> 344: }
>>> 345: byte
On Fri, 19 May 2023 19:58:10 GMT, Sean Mullan wrote:
>> Mark Powers has updated the pull request incrementally with four additional
>> commits since the last revision:
>>
>> - Ferenc: comments 2 and 4
>> - oops
>> - Sean's comments
>> - added @run
>
> test/jdk/sun/security/tools/jarsigner/V
On Fri, 19 May 2023 20:51:31 GMT, Weijun Wang wrote:
>> test/jdk/sun/security/provider/lms/TestLMS.java line 30:
>>
>>> 28: * @summary tests for HSS/LMS provider
>>> 29: * @modules java.base/sun.security.util
>>> 30: * @run testng/othervm TestLMS
>>
>> Why is the test run with `testng`, can
On Fri, 19 May 2023 20:08:08 GMT, Sean Mullan wrote:
>> Mark Powers has updated the pull request incrementally with four additional
>> commits since the last revision:
>>
>> - Ferenc: comments 2 and 4
>> - oops
>> - Sean's comments
>> - added @run
>
> test/jdk/sun/security/provider/lms/Test
On Fri, 19 May 2023 12:19:56 GMT, Christoph Langer wrote:
>> With this PR we try to be better in loading certificates from the MacOS
>> Keychain into a JDK Trust store.
>>
>> The current implementation after JDK-8278449 would only load/trust
>> certificates from an identity (with private key a
On Fri, 19 May 2023 17:49:07 GMT, Kevin Driver wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request incrementally with two additional
> commits since the last revision:
>
> - fix bug id in test header
> - reworked example in
On Fri, 19 May 2023 16:59:58 GMT, Mark Powers wrote:
>> https://bugs.openjdk.org/browse/JDK-8307794
>
> Mark Powers has updated the pull request incrementally with four additional
> commits since the last revision:
>
> - Ferenc: comments 2 and 4
> - oops
> - Sean's comments
> - added @run
On Tue, 9 May 2023 15:56:02 GMT, Jamil Nimeh wrote:
>> Yes, I noticed that too. I wasn't sure if we needed to make a change there.
>> I opted to leave well-enough alone since nobody was asking for it and it's
>> one less property to keep track of. All of these property sets end up with
>> a
> This set of enhancements extends the allowed syntax for the
> `com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and
> `com.sun.security.crl.readtimeout` System properties. These properties
> retain their current behavior where a purely numeric value is interpreted in
> seconds,
> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
Kevin Driver has updated the pull request incrementally with one additional
commit since the last revision:
rename class and remove bug id from test header
-
Changes:
- all: https://git.openjdk.org/jdk/pull/134
On Fri, 19 May 2023 19:38:09 GMT, Kevin Driver wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
>
> Kevin Driver has updated the pull request incrementally with one additional
> commit since the last revision:
>
> removing block that isn't reached
test/jdk/sun/secu
> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
Kevin Driver has updated the pull request incrementally with one additional
commit since the last revision:
removing block that isn't reached
-
Changes:
- all: https://git.openjdk.org/jdk/pull/13466/files
- n
On Fri, 5 May 2023 17:57:34 GMT, Weijun Wang wrote:
> Update XML Security for Java to 3.0.2. Some change to tests:
>
> 1. A new `HereFunction.java` to test the new security property
> "jdk.xml.dsig.hereFunctionSupported".
> 2. EdDSA does not support `KeyValue`. Use X.509 certificate instead.
T
> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985)
Kevin Driver has updated the pull request incrementally with two additional
commits since the last revision:
- fix bug id in test header
- reworked example into a jtreg test
-
Changes:
- all: https://git.openjd
On Thu, 18 May 2023 15:15:30 GMT, Weijun Wang wrote:
>> Update XML Security for Java to 3.0.2. Some change to tests:
>>
>> 1. A new `HereFunction.java` to test the new security property
>> "jdk.xml.dsig.hereFunctionSupported".
>> 2. EdDSA does not support `KeyValue`. Use X.509 certificate inste
> https://bugs.openjdk.org/browse/JDK-8307794
Mark Powers has updated the pull request incrementally with four additional
commits since the last revision:
- Ferenc: comments 2 and 4
- oops
- Sean's comments
- added @run
-
Changes:
- all: https://git.openjdk.org/jdk/pull/13940
On Fri, 19 May 2023 12:03:54 GMT, Matthew Donovan wrote:
> This PR implements a test to verify that a DTLS server running "out of the
> box" (i.e., DTLSv1.0 disabled in java.security) will not handshake with a
> client requesting DTLSv1.0. The test also implements the opposite: a client
> won'
This PR implements a test to verify that a DTLS server running "out of the box"
(i.e., DTLSv1.0 disabled in java.security) will not handshake with a client
requesting DTLSv1.0. The test also implements the opposite: a client won't
handshake with a server that uses DTLSv1.0.
-
Commi
> With this PR we try to be better in loading certificates from the MacOS
> Keychain into a JDK Trust store.
>
> The current implementation after JDK-8278449 would only load/trust
> certificates from an identity (with private key available) and certificates
> that have explicit trust set in the
> With this PR we try to be better in loading certificates from the MacOS
> Keychain into a JDK Trust store.
>
> The current implementation after JDK-8278449 would only load/trust
> certificates from an identity (with private key available) and certificates
> that have explicit trust set in the
> With this PR we try to be better in loading certificates from the MacOS
> Keychain into a JDK Trust store.
>
> The current implementation after JDK-8278449 would only load/trust
> certificates from an identity (with private key available) and certificates
> that have explicit trust set in the
On Wed, 17 May 2023 13:53:55 GMT, Darragh Clarke wrote:
>> Updated instances of `toLowerCase` and `toUpperCase` in several net and io
>> files to specify `Locale.ROOT` to ensure that case conversion issues don't
>> occur,
>>
>> I didn't add any new tests but ran tier 1-3 with no issues
>
> Dar
On Wed, 17 May 2023 13:53:55 GMT, Darragh Clarke wrote:
>> Updated instances of `toLowerCase` and `toUpperCase` in several net and io
>> files to specify `Locale.ROOT` to ensure that case conversion issues don't
>> occur,
>>
>> I didn't add any new tests but ran tier 1-3 with no issues
>
> Dar
On Thu, 18 May 2023 00:00:58 GMT, Weijun Wang wrote:
> Before your new change, such a certificate is not trusted, because
> `SecTrustSettingsCopyTrustSettings` returns `errSecItemNotFound` so
> `jm_createTrustedCertEntry` is not called at all.
>
> I am not sure if such a certificate is meant t
On Wed, 26 Apr 2023 11:51:23 GMT, Jaikiran Pai wrote:
>> Can I please get a review of this change which proposes to fix the issue
>> reported in https://bugs.openjdk.org/browse/JDK-8301686?
>>
>> The internal implementation of SSLContext caches SSLSession(s). These
>> sessions are for a partic
30 matches
Mail list logo
