Hi Sean,
There is an update from @Jamil Nimeh on the PR
(https://github.com/openjdk/jdk17u-dev/pull/2747), and he doesn't have reviewer
rights. So, could you please help us here to review the PR.
We are really looking forward to getting this backport done, as our customer is
waiting for the fix
On Mon, 7 Oct 2024 12:42:00 GMT, Prasadrao Koppula wrote:
>> Using SharedSecrets, I attempted to expose FileInputStream::path
>> information. After implementing the fix, I validated the startup performance
>> tests. Observed no consistent pattern of performance drops or gains, can
>> disregard
On Tue, 8 Oct 2024 01:13:17 GMT, Valerie Peng wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> null check as asserts, and better exception messages
>
> src/java.base/share/classes/sun/security/pkcs/NamedPKCS8Key.java
On Tue, 8 Oct 2024 01:15:49 GMT, Valerie Peng wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> null check as asserts, and better exception messages
>
> src/java.base/share/classes/sun/security/pkcs/NamedPKCS8Key.java
On Mon, 7 Oct 2024 18:54:03 GMT, Weijun Wang wrote:
>> To prepare for new PQC algorithms like ML-KEM and ML-DSA where there are
>> only named standardized parameter sets, a common framework is introduced.
>>
>> A example of EdDSA implementation using this framework is included as a test.
>
> We
On Mon, 7 Oct 2024 21:44:45 GMT, Valerie Peng wrote:
> Could someone please help review this PR? It updates the PKCS#11 headers and
> the relevant files to v3.1.
>
> Thanks!
> Valerie
looks good
-
Marked as reviewed by ascarpino (Reviewer).
PR Review: https://git.openjdk.org/jdk
On Mon, 7 Oct 2024 21:44:45 GMT, Valerie Peng wrote:
> Could someone please help review this PR? It updates the PKCS#11 headers and
> the relevant files to v3.1.
>
> Thanks!
> Valerie
Looks good to me. Thanks.
-
Marked as reviewed by weijun (Reviewer).
PR Review: https://git.ope
Could someone please help review this PR? It updates the PKCS#11 headers and
the relevant files to v3.1.
Thanks!
Valerie
-
Commit messages:
- 8331959: Update PKCS#11 Cryptographic Token Interface to v3.1
Changes: https://git.openjdk.org/jdk/pull/21396/files
Webrev: https://webre
On Mon, 7 Oct 2024 18:07:19 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/sun/security/provider/NamedKEM.java line 72:
>>
>>> 70: throws InvalidAlgorithmParameterException,
>>> InvalidKeyException {
>>> 71: if (spec != null) {
>>> 72: throw new InvalidAl
> To prepare for new PQC algorithms like ML-KEM and ML-DSA where there are only
> named standardized parameter sets, a common framework is introduced.
>
> A example of EdDSA implementation using this framework is included as a test.
Weijun Wang has updated the pull request incrementally with one
On Mon, 7 Oct 2024 16:46:42 GMT, Sean Mullan wrote:
>> Thanks for the explanation.
>
> So maybe you should also throw `AssertionError` if `fname` is `null` to be
> consistent.
Yes, I can.
-
PR Review Comment: https://git.openjdk.org/jdk/pull/21167#discussion_r1790714214
> Check for unexpected plaintext alert message during TLSv1.3 handshake. This
> can happen if client doesn't receive ServerHello due to network timeout and
> tries to close the connection by sending an alert message.
Artur Barashev has updated the pull request incrementally with one additional
On Mon, 7 Oct 2024 16:57:56 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> no need for this when there is no ambiguity
>
> src/java.base/share/classes/sun/security/provider/NamedKEM.java line 72:
>
On Mon, 7 Oct 2024 12:51:56 GMT, Weijun Wang wrote:
>> To prepare for new PQC algorithms like ML-KEM and ML-DSA where there are
>> only named standardized parameter sets, a common framework is introduced.
>>
>> A example of EdDSA implementation using this framework is included as a test.
>
> We
On Fri, 4 Oct 2024 20:06:49 GMT, Kevin Driver wrote:
>> We only have child classes inside JDK, therefore if the convention is not
>> followed, it's treated as a programming error. In other cases when the input
>> argument are from users we need to be prepared for any invalid input and we
>> tr
> Check for unexpected plaintext alert message during TLSv1.3 handshake. This
> can happen if client doesn't receive ServerHello due to network timeout and
> tries to close the connection by sending an alert message.
Artur Barashev has updated the pull request incrementally with one additional
> Check for unexpected plaintext alert message during TLSv1.3 handshake. This
> can happen if client doesn't receive ServerHello due to network timeout and
> tries to close the connection by sending an alert message.
Artur Barashev has updated the pull request incrementally with one additional
> To prepare for new PQC algorithms like ML-KEM and ML-DSA where there are only
> named standardized parameter sets, a common framework is introduced.
>
> A example of EdDSA implementation using this framework is included as a test.
Weijun Wang has updated the pull request incrementally with one
On Fri, 4 Oct 2024 20:05:22 GMT, Kevin Driver wrote:
>> I think `this` is necessary when there are input arguments having the same
>> name as the instance fields. This happens a lot in a constructor when fields
>> are being initialized from input arguments. In other methods, it's more
>> commo
On Fri, 4 Oct 2024 16:56:05 GMT, Kevin Driver wrote:
>> Weijun Wang has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains six additional
>> commits si
> Using SharedSecrets, I attempted to expose FileInputStream::path information.
> After implementing the fix, I validated the startup performance tests.
> Observed no consistent pattern of performance drops or gains, can disregard
> the occasional performance drop observed in 1 or 2 runs.
Prasa
On Fri, 4 Oct 2024 16:47:53 GMT, Kevin Driver wrote:
>> Weijun Wang has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains six additional
>> commits si
Hi Lim,
You raise a good point about how to prevent loading unauthorized code.
I'm interested to see the responses you'll get.
I think OpenJDK was overly focused on sandboxes, applets and
serialization, instead of authorization and principles of least
privilege, where the focus should have
> Using SharedSecrets, I attempted to expose FileInputStream::path information.
> After implementing the fix, I validated the startup performance tests.
> Observed no consistent pattern of performance drops or gains, can disregard
> the occasional performance drop observed in 1 or 2 runs.
Prasa
On Wed, 21 Aug 2024 00:09:25 GMT, Valerie Peng wrote:
>> Can someone help review this fix? Changed the required-mechanism check by
>> checking if the particular mechanism is inside the list of enabled supported
>> mechanisms. This should be more reliable than calling C_GetMechanismInfo(..)
>>
25 matches
Mail list logo
