Nice, we still get to use Java 23 ;) I listened to one of Brian's
talks recently, it sounds like you're solving some long term structural
issues with Java.
Looking forward to a Jep for removal of Java serialization. Note we use
constructor based deserialization, with a single common defined
> Check for unexpected plaintext alert message during TLSv1.3 handshake. This
> can happen if client doesn't receive ServerHello due to network timeout and
> tries to close the connection by sending an alert message.
Artur Barashev has updated the pull request incrementally with two additional
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
>
> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
Kevin Driver
On Thu, 3 Oct 2024 12:49:06 GMT, Weijun Wang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> revamped test to be a testng test and run 1 million iterations to try to
>> demonstrate robustness
>
> test/jdk/javax/cr
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
>
> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
Kevin Driver
On Thu, 3 Oct 2024 20:00:54 GMT, Weijun Wang wrote:
>> Ok, but how are you experimenting? These comments aren't using any markdown
>> that I can see, and it's rare that we would generate javadoc for internal
>> classes.
>
> I have quite a lot in `NamedKeyPairGenerator` and IntelliJ IDEA recogni
On Thu, 3 Oct 2024 19:55:02 GMT, Sean Mullan wrote:
>> I'm trying out the https://openjdk.org/jeps/467 style javadoc. Still, this
>> is not public API so I can take the risk for the experiment.
>
> Ok, but how are you experimenting? These comments aren't using any markdown
> that I can see, and
On Thu, 3 Oct 2024 19:44:25 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/sun/security/x509/NamedX509Key.java line 48:
>>
>>> 46: private final byte[] h;
>>> 47:
>>> 48: /// Ctor from family name, parameter set name, raw key bytes.
>>
>> Any reason you use 3 slashes instead of
On Thu, 3 Oct 2024 19:09:28 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains six additional
>> commits sin
On Thu, 3 Oct 2024 17:40:22 GMT, Weijun Wang wrote:
>> To prepare for new PQC algorithms like ML-KEM and ML-DSA where there are
>> only named standardized parameter sets, a common framework is introduced.
>>
>> A example of EdDSA implementation using this framework is included as a test.
>
> We
> To prepare for new PQC algorithms like ML-KEM and ML-DSA where there are only
> named standardized parameter sets, a common framework is introduced.
>
> A example of EdDSA implementation using this framework is included as a test.
Weijun Wang has updated the pull request with a new target base
On Fri, 27 Sep 2024 18:48:23 GMT, Jamil Nimeh wrote:
> This PR corrects a flaw in the StatusResponseManager where it was incorrectly
> swallowing the interrupt status when either an invokeAll was called (spawning
> the threads to fetch each OCSP response) or when attempting to grab the data
>
On Wed, 2 Oct 2024 22:53:01 GMT, Jamil Nimeh wrote:
>> This PR corrects a flaw in the StatusResponseManager where it was
>> incorrectly swallowing the interrupt status when either an invokeAll was
>> called (spawning the threads to fetch each OCSP response) or when attempting
>> to grab the da
On Tue, 3 Sep 2024 07:57:47 GMT, Fernando Guallini
wrote:
>> There are 3 manual GSS-API/Kerberos tests that require a manual setup and
>> were added to the problem list years ago:
>>
>> - com/sun/security/sasl/gsskerb/**AuthOnly**-> Verifies that both client and
>> server have completed the a
We are aiming to do this in 24, but nothing is official until the JEP is
targeted to a specific release.
--Sean
On 10/3/24 6:28 AM, Peter Firmstone wrote:
Which release does this target?
I've been waiting to learn the affected Java release, so we can document
which versions of Java our softw
Please review a doc update to add `@spec` tags to crypto and security APIs in
`java.base`.
This was authored and proposed as #13336 by @jonathan-gibbons as part of
[JDK-8296546] back in 2023, but although it was reviewed and approved it never
was integrated. Since I can't reopen Jon's PR and a
On Wed, 2 Oct 2024 22:14:39 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another PR
The test: **sun/security/mscapi/nonUniqueAliases/NonUniqueAliases.java** relies
on the `certutil.exe` tool to import and delete certificates from a keystore.
It was annotated with `@ignore` due to the uncertainty of `certutil.exe` being
available on the instance where the test is executed.
Rath
Hi, I have some questions about this JEP.
Will something similar to Python's audit hooks[1][2] be considered, to
give transparency what is happening inside,
so that jvm behavior can be monitored - such as a security agent (it
can interact with Antimalware Scan Interface (AMSI)[3]).
Currently with
Which release does this target?
I've been waiting to learn the affected Java release, so we can document
which versions of Java our software can and cannot support.
We'll continue to use Java beyond this release, but will need to
maintain our own fork, as it's not possible to build an Authori
On 03/10/2024 10:17, Denis Bredelet wrote:
Hello,
With the OpenJDK 11.0.21 release the constructor visibility changed.
That breaks code that relied on
"sun.security.util.ObjectIdentifier(String oid)" such as Apache Kerby
directory's GssTokenV1 class.
The error I receive is:
class org.apache.ke
21 matches
Mail list logo
