On Tue, 20 Aug 2024 23:40:32 GMT, Anthony Scarpino
wrote:
>> Hi
>>
>> This change is to improve TLS 1.3 session resumption by allowing a TLS
>> server to send more than one resumption ticket per connection and clients to
>> store more. Resumption is a quick way to use an existing TLS session
On Mon, 19 Aug 2024 21:39:17 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 202:
>>
>>> 200: salts = anExtractThenExpand.salts();
>>> 201: // we should be able to combine these Lists of keys into
>>> single
On Mon, 19 Aug 2024 21:39:06 GMT, Kevin Driver wrote:
>> Valerie is correct. I might have confused algorithm name and format name.
>
> Addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/48395b86ba8e1cda663ae326e06ae2556f4b905a.
> Please indicate if this is resolved.
Yes, resolved
On Fri, 16 Aug 2024 19:29:36 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 369:
>>
>>> 367: throw new RuntimeException(sbe);
>>> 368: }
>>> 369: }
>>
>> `tLength` may not be necessary. Variable
On Fri, 16 Aug 2024 21:13:34 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 338:
>>
>>> 336: // Calculate the number of rounds of HMAC that are needed to
>>> 337: // meet the requested data. Then set up the buffers
On Mon, 19 Aug 2024 21:38:50 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 328:
>>
>>> 326: *
>>> 327: * @throws InvalidKeyException
>>> 328: * if an invalid key was provided through the {@code
>>> HkdfParamete
> Can someone help review this fix? Changed the required-mechanism check by
> checking if the particular mechanism is inside the list of enabled supported
> mechanisms. This should be more reliable than calling C_GetMechanismInfo(..)
> on the required mechanism given vendors may return various s
On Mon, 19 Aug 2024 21:38:42 GMT, Kevin Driver wrote:
>> I think Valerie is right. In case a Mac implementation is picky on the key
>> algorithm name.
>
> Addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/48395b86ba8e1cda663ae326e06ae2556f4b905a.
> Please indicate if this is res
On Fri, 16 Aug 2024 21:13:07 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 284:
>>
>>> 282: * the input keying material used for the HKDF-Extract
>>> operation.
>>> 283: * @param salt
>>> 284: * the salt va
> Hi
>
> This change is to improve TLS 1.3 session resumption by allowing a TLS server
> to send more than one resumption ticket per connection and clients to store
> more. Resumption is a quick way to use an existing TLS session to establish
> another session by avoiding the long TLS full han
On Fri, 16 Aug 2024 21:12:39 GMT, Kevin Driver wrote:
>> Well, I don't share your comments/reason on why SecretKey is needed.
>
> A portion of this one is addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/c6f491cd05c76088e6431b2ba9d4ab42b29e4055.
Yes, the renaming part is resolve
On Fri, 16 Aug 2024 21:12:02 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 242:
>>
>>> 240: }
>>> 241: throw new InvalidAlgorithmParameterException(
>>> 242: "an HKDF could not be initialized with the g
On Fri, 16 Aug 2024 21:11:43 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 86:
>>
>>> 84: *
>>> 85: * @throws InvalidAlgorithmParameterException
>>> 86: * if the information contained within the {@code
>>> KDFP
On Fri, 16 Aug 2024 21:10:54 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line
>> 428:
>>
>>> 426: *
>>> 427: * Note: {@code addIKMValue} and {@code addSaltValue} may be
>>> called
>>> 428: * afterward to supply ad
On Mon, 19 Aug 2024 21:38:06 GMT, Kevin Driver wrote:
>> Numerous comments elsewhere in the code illustrate what's happening. Is your
>> concern for readers of the javadoc? This is probably a valid suggestion.
>
> Addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/48395b86ba8e1cda
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
>
> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
Kevin Driver
On Wed, 14 Aug 2024 01:57:40 GMT, Valerie Peng wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> addressed several review comments, namely: - renaming the getParameters
>> method - renaming the AlgorithmParameterSpe
On Thu, 1 Aug 2024 22:54:35 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 304:
>>
>>> 302: * if no {@code Provider} supports a {@code KDFSpi}
>>> implementation for
>>> 303: * the specified algorithm
>>> 304: * @throws InvalidAlgorithm
On Mon, 19 Aug 2024 19:26:19 GMT, Daniel Jeliński wrote:
>> Anthony Scarpino has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - revert to synchronized
>> - code review changes
>
> src/java.base/share/classes/sun/security/util/Cache.java
On Fri, 16 Aug 2024 21:07:17 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 245:
>>
>>> 243: }
>>> 244:
>>> 245: private static boolean isNullOrEmpty(Collection c) {
>>
>> This appears to not be used.
>
> Addressed in
>
On Fri, 16 Aug 2024 21:05:48 GMT, Kevin Driver wrote:
>> +1, clearer to just state "xxx does not use configuration parameters" or
>> something similar where xxx is the HKDF algorithm name.
>
> Addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/c6f491cd05c76088e6431b2ba9d4ab42b29e4
On Fri, 16 Aug 2024 21:05:32 GMT, Kevin Driver wrote:
>> Like the above method, I suggested "KDFParameters must be specified." I'm
>> fine if you choose Valerie's suggestion
>
> Addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/c6f491cd05c76088e6431b2ba9d4ab42b29e4055.
> Pleas
On Tue, 20 Aug 2024 09:07:54 GMT, Pavel Rappo wrote:
>> Justin Lu has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Replace InputStreamReader with BufferedReader
>
> src/jdk.jartool/share/classes/sun/tools/jar/resources/jar_pt_BR.propertie
On Wed, 13 Sep 2023 17:38:28 GMT, Justin Lu wrote:
>> JDK .properties files still use ISO-8859-1 encoding with escape sequences.
>> It would improve readability to see the native characters instead of escape
>> sequences (especially for the L10n process). The majority of files changed
>> are l
24 matches
Mail list logo
