On Wed, 28 Aug 2024 16:42:38 GMT, Ferenc Rakoczi wrote:
>> In preparation for the new PQC algorithms implementations, internal XOF
>> (eXtendable Output Function) methods are added to the SHAKE128 and SHAKE256
>> implementations.
>
> Ferenc Rakoczi has updated the pull request incrementally wit
On Thu, 5 Sep 2024 20:20:28 GMT, Sean Mullan wrote:
>> I don't like the silent mode. If no one uses that key name, then everything
>> is fine anyway. Otherwise, if someone really sets it, it's very likely they
>> will want to read it somewhere and expect a non `null` value.
>>
>> Can we just s
On Wed, 28 Aug 2024 16:42:38 GMT, Ferenc Rakoczi wrote:
>> In preparation for the new PQC algorithms implementations, internal XOF
>> (eXtendable Output Function) methods are added to the SHAKE128 and SHAKE256
>> implementations.
>
> Ferenc Rakoczi has updated the pull request incrementally wit
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
>
> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
Kevin Driver
On Tue, 3 Sep 2024 20:36:08 GMT, Weijun Wang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> change impl class to use byte arrays rather than SecretKey objects where
>> possible
>
> test/jdk/com/sun/crypto/provide
On Thu, 5 Sep 2024 17:42:17 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 367:
>>
>>> 365: "newInstance failed for the provided "
>>> 366: + "kdfParameters"));
>>> 367: continue;
>>
>> G
On Wed, 4 Sep 2024 15:32:47 GMT, Kevin Driver wrote:
>> In the `catch (NoSuchAlgorithmException e)` block, you assign a brand new
>> exception to `lastException` and info in `e` is lost. What does `e` look
>> like? Can you directly assign it to `lastException`?
>
> The reason I create a new NSA
On Thu, 5 Sep 2024 19:23:04 GMT, Sean Mullan wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> change impl class to use byte arrays rather than SecretKey objects where
>> possible
>
> src/java.base/share/classes/jav
On Thu, 5 Sep 2024 22:36:59 GMT, Kevin Driver wrote:
>> My personal opinion is that this adds complexity which is unnecessary. The
>> `Arrays.copyOf` solution reads more simply and GC will take care of any
>> extra allocation once it goes out of scope. I appreciate the alternate fix,
>> but in
On Thu, 5 Sep 2024 15:15:31 GMT, Viktor Klang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> change impl class to use byte arrays rather than SecretKey objects where
>> possible
>
> src/java.base/share/classes/co
On Thu, 5 Sep 2024 17:39:56 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 358:
>>
>>> 356: }
>>> 357:
>>> 358: return Arrays.copyOf(kdfOutput, outLen);
>>
>> Here is an alternative solution which does not need `A
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
>
> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
Kevin Driver
On Wed, 4 Sep 2024 16:10:50 GMT, Hai-May Chao wrote:
> Given the changes to the System.console() behavior, where it no longer
> returns null when a write pipe is connected to the Java process, keytool
> needs to be updated to determine whether an interactive terminal is attached.
This pull req
On Fri, 16 Aug 2024 16:13:17 GMT, Weijun Wang wrote:
>> Francisco Ferrari Bihurriet has updated the pull request incrementally with
>> one additional commit since the last revision:
>>
>> Code review and additional changes
>>
>> Throw an IllegalArgumentException exception if Security.get
On Wed, 4 Sep 2024 22:08:22 GMT, Weijun Wang wrote:
>> Given the changes to the System.console() behavior, where it no longer
>> returns null when a write pipe is connected to the Java process, keytool
>> needs to be updated to determine whether an interactive terminal is attached.
>
> Do you n
On Thu, 5 Sep 2024 17:58:08 GMT, Hai-May Chao wrote:
>> Given the changes to the System.console() behavior, where it no longer
>> returns null when a write pipe is connected to the Java process, keytool
>> needs to be updated to determine whether an interactive terminal is attached.
>
> Hai-May
On Fri, 30 Aug 2024 23:26:12 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Fri, 30 Aug 2024 23:26:12 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Thu, 5 Sep 2024 15:43:29 GMT, Viktor Klang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> change impl class to use byte arrays rather than SecretKey objects where
>> possible
>
> src/java.base/share/classes/ja
On Wed, 4 Sep 2024 15:23:51 GMT, Maurizio Cimadamore
wrote:
> Scoped methods are critical methods in the FFM API where memory is accessed
> in a potentially unsafe way. When closing shared arenas, we look at threads
> in the middle of a scoped operation involving that arena, and if we find one
On Thu, 5 Sep 2024 16:27:42 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update setResponse in testcase
>
> test/jdk/sun/security/tools/keytool/TestImportPass.java line 37:
>
>> 35: public clas
> Given the changes to the System.console() behavior, where it no longer
> returns null when a write pipe is connected to the Java process, keytool
> needs to be updated to determine whether an interactive terminal is attached.
Hai-May Chao has updated the pull request incrementally with one add
On Thu, 5 Sep 2024 15:50:42 GMT, Viktor Klang wrote:
>> Well, I am not so sure, I've sent you pointers separately regarding lazy
>> initialization and the relevant concurrency pointers.
>
> I'd recommend documenting above this line what function the lock is intending
> to serve, and by each of
On Tue, 3 Sep 2024 20:44:01 GMT, Kevin Driver wrote:
>> It looks like `Arrays.copyOf()` is still called unconditionally?
>
> After relocating the length enforcement to hkdfExpand, as suggested, I did
> consider this, but I'm not sure what gain this check really provides in
> practice. Are you c
On Tue, 3 Sep 2024 20:12:00 GMT, Valerie Peng wrote:
>> See:
>> https://github.com/openjdk/jdk/pull/20301/commits/25c17b26231b2b63bab9193fe29c7c258f96a31f
>
> Not entirely addressed. Please see new comments.
See other reply. Resolving this comment to consolidate discussion.
-
PR R
On Wed, 4 Sep 2024 23:02:29 GMT, Valerie Peng wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> change impl class to use byte arrays rather than SecretKey objects where
>> possible
>
> src/java.base/share/classes/co
On Thu, 5 Sep 2024 15:54:24 GMT, Viktor Klang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> change impl class to use byte arrays rather than SecretKey objects where
>> possible
>
> src/java.base/share/classes/ja
On Thu, 5 Sep 2024 15:12:55 GMT, Viktor Klang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> change impl class to use byte arrays rather than SecretKey objects where
>> possible
>
> src/java.base/share/classes/co
On Tue, 3 Sep 2024 22:10:44 GMT, Weijun Wang wrote:
>> Addressed in
>> https://github.com/openjdk/jdk/pull/20301/commits/6b7a75da2ebb1cc9d95628018d756e2ce2162768.
>> Please review and confirm if resolved.
>
> The new paragraph is a little too long. Something like "Users provide request
> param
On Wed, 4 Sep 2024 16:10:50 GMT, Hai-May Chao wrote:
> Given the changes to the System.console() behavior, where it no longer
> returns null when a write pipe is connected to the Java process, keytool
> needs to be updated to determine whether an interactive terminal is attached.
test/jdk/sun/
On Thu, 5 Sep 2024 09:59:51 GMT, Jaikiran Pai wrote:
> Hello Fernando, I'm not familiar with this test or the area, but if this
> change is just to make available jtreg logs (in a separate file) to allow for
> debugging a currently intermittent test failure, then there are ways to
> change the
> The test javax/net/ssl/DTLS/DTLSRehandshakeTest.java runs multiple scenarios,
> generating a large amount of logging as a result. Since Jtreg truncates the
> output when it becomes too large, the logs are often not useful for debugging
> in case of failure.
>
> This PR updates the DTLS maxOut
On Fri, 30 Aug 2024 23:26:12 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Tue, 3 Sep 2024 20:16:23 GMT, Valerie Peng wrote:
>> @valeriepeng:
>>
>> I did some research. Based upon what I have seen, no `volatile` keyword is
>> required here. This is also consistent with the `Cipher` API, for example.
>>
>> @ascarpino:
>>
>> I looked up `ReentrantLock`s, and I’m n
On Fri, 30 Aug 2024 23:26:12 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Wed, 4 Sep 2024 20:01:31 GMT, Artur Barashev wrote:
> https://bugs.openjdk.org/browse/JDK-8329959
This pull request has now been integrated.
Changeset: 59c4649b
Author:Artur Barashev
Committer: Weijun Wang
URL:
https://git.openjdk.org/jdk/commit/59c4649be37a387efaf100f368b3e9db0
On Wed, 4 Sep 2024 20:01:31 GMT, Artur Barashev wrote:
> https://bugs.openjdk.org/browse/JDK-8329959
Looks good to me. Thanks!
-
Marked as reviewed by weijun (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/20860#pullrequestreview-2283411609
On Fri, 30 Aug 2024 23:26:12 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Fri, 16 Aug 2024 18:25:19 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 144:
>>
>>> 142: salt = consolidateKeyMaterial(salts);
>>> 143: } catch (InvalidKeyException ike) {
>>> 144: th
On Thu, 5 Sep 2024 11:17:34 GMT, Maurizio Cimadamore
wrote:
>> Scoped methods are critical methods in the FFM API where memory is accessed
>> in a potentially unsafe way. When closing shared arenas, we look at threads
>> in the middle of a scoped operation involving that arena, and if we find
On Tue, 27 Aug 2024 14:49:40 GMT, Fernando Guallini
wrote:
> The test sun/security/validator/samedn.sh failed once due to the following
> reason:
>
> `Caused by: java.security.cert.CertificateNotYetValidException: NotBefore:
> Tue Aug 06 14:41:13 GMT 2024`
>
> This test generates several cer
On Thu, 5 Sep 2024 11:29:41 GMT, Alan Bateman wrote:
>> Maurizio Cimadamore has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Address review comments
>
> test/jdk/java/foreign/TestMappedHandshake.java line 90:
>
>> 88:
>> 89:
On Thu, 5 Sep 2024 11:17:34 GMT, Maurizio Cimadamore
wrote:
>> Scoped methods are critical methods in the FFM API where memory is accessed
>> in a potentially unsafe way. When closing shared arenas, we look at threads
>> in the middle of a scoped operation involving that arena, and if we find
On Thu, 5 Sep 2024 09:55:46 GMT, Alan Bateman wrote:
> Do the MMU_* functions still need to be jni-exported?
I've now dropped JNIEXPORT, but kept JNICALL, as that is used to set
`__stdcall` (at least on Windows).
-
PR Review Comment: https://git.openjdk.org/jdk/pull/20854#discussi
> Scoped methods are critical methods in the FFM API where memory is accessed
> in a potentially unsafe way. When closing shared arenas, we look at threads
> in the middle of a scoped operation involving that arena, and if we find one,
> we make it fail (by installing an async handshake on that
https://bugs.openjdk.org/browse/JDK-8329959
-
Commit messages:
- retrigger checks
- 8329959: Update DigestMD5Client.java - fix typo in javadoc string
Changes: https://git.openjdk.org/jdk/pull/20860/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=20860&range=00
Issue: htt
On Tue, 3 Sep 2024 13:07:47 GMT, Fernando Guallini
wrote:
> The test javax/net/ssl/DTLS/DTLSRehandshakeTest.java runs multiple scenarios,
> generating a large amount of logging as a result. Since Jtreg truncates the
> output when it becomes too large, the logs are often not useful for debuggin
On Thu, 15 Aug 2024 09:29:00 GMT, Fernando Guallini
wrote:
> In order to improve performance when instantiating NativePRNG, a dummy
> constructor was added in the PR: https://github.com/openjdk/jdk/pull/17560
> which takes and ignores a `java.security.SecureRandomParameters`, throwing an
> ex
On Wed, 4 Sep 2024 15:23:51 GMT, Maurizio Cimadamore
wrote:
> Scoped methods are critical methods in the FFM API where memory is accessed
> in a potentially unsafe way. When closing shared arenas, we look at threads
> in the middle of a scoped operation involving that arena, and if we find one
The test javax/net/ssl/DTLS/DTLSRehandshakeTest.java runs multiple scenarios,
generating a large amount of logging as a result. Since Jtreg truncates the
output when it becomes too large, the logs are often not useful for debugging
in case of failure.
This PR updates the test to also write the
50 matches
Mail list logo
