On Thu, 13 Feb 2025 16:27:03 GMT, Sean Mullan wrote:
> This change adds an API note to these methods recommending that the caller
> should perform further validation steps on the code signers that signed the
> JAR file, such as validating the code signer's certificate chain, and
> determining
On Thu, 13 Feb 2025 08:35:47 GMT, Nicole Xu wrote:
> As is suggested in
> [JDK-8342958](https://bugs.openjdk.org/browse/JDK-8342958), `jvmArgs` should
> be used consistently in microbenchmarks to 'align with the intuition that
> when you use jvmArgsAppend/-Prepend intent is to add to a set of
> This fix makes some minor changes to the internals of the
> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
> works better now with these changes. I've also taken this opportunity to do
> s
> This fix makes some minor changes to the internals of the
> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
> works better now with these changes. I've also taken this opportunity to do
> s
On Thu, 13 Feb 2025 19:34:04 GMT, Sean Mullan wrote:
>> Jamil Nimeh has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Fix JBS ID and summary in test
>
> test/lib/jdk/test/lib/security/CertificateBuilder.java line 462:
>
>> 460:
On Thu, 13 Feb 2025 19:52:32 GMT, Sean Mullan wrote:
> Also, should it be moved to somewhere else like
> jdk/test/sun/security/provider/certpath?
Hmmm...not sure about that, but maybe an explanation is in order: Because the
JDK only implements the client side with OCSP, we rely on CertPathVali
java.security.debug is a widely used debug system property for JDK security
libs. It's time to capture details about this property via javadoc.
NOTE : We are adding a new html file (similar to the Networkin
On Thu, 13 Feb 2025 19:37:39 GMT, Daniel Jeliński wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java
>> line 124:
>>
>>> 122: } else if (tlsVersion == 0x0303) {
>>> 123: mechanism = CKM_TLS12_KEY_AND_MAC_DERIVE;
>>> 124:
On Thu, 13 Feb 2025 08:35:47 GMT, Nicole Xu wrote:
> As is suggested in
> [JDK-8342958](https://bugs.openjdk.org/browse/JDK-8342958), `jvmArgs` should
> be used consistently in microbenchmarks to 'align with the intuition that
> when you use jvmArgsAppend/-Prepend intent is to add to a set of
On Thu, 13 Feb 2025 19:49:37 GMT, Sean Mullan wrote:
> That's a good question. I usually add the `noreg-self` label even it it is a
> brand new test and not a fix to an existing test and there is no other JDK
> code changes. @JesperIRL do you have any advice for this situation?
`noreg-self` is
On Thu, 13 Feb 2025 19:45:19 GMT, Sean Mullan wrote:
>> This fix makes some minor changes to the internals of the
>> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
>> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
>> works better now with
On Thu, 13 Feb 2025 18:58:00 GMT, Sean Mullan wrote:
>> This fix makes some minor changes to the internals of the
>> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
>> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
>> works better now with
On Tue, 11 Feb 2025 17:50:45 GMT, Jamil Nimeh wrote:
> This fix makes some minor changes to the internals of the
> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
> works better now with thes
On Thu, 13 Feb 2025 18:58:00 GMT, Sean Mullan wrote:
>> This fix makes some minor changes to the internals of the
>> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
>> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
>> works better now with
On Tue, 11 Feb 2025 17:50:45 GMT, Jamil Nimeh wrote:
> This fix makes some minor changes to the internals of the
> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
> works better now with thes
On Thu, 13 Feb 2025 19:06:28 GMT, Bradford Wetmore wrote:
>> Please review this trivial fix that ensures that the mechanism always
>> matches the parameter class type.
>>
>> I added a new test case that crashes without the fix, passes with the fix.
>> Existing tier1-3 test cases continue to pa
On Wed, 12 Feb 2025 10:02:55 GMT, Daniel Jeliński wrote:
> Please review this trivial fix that ensures that the mechanism always matches
> the parameter class type.
>
> I added a new test case that crashes without the fix, passes with the fix.
> Existing tier1-3 test cases continue to pass.
M
On Tue, 11 Feb 2025 17:50:45 GMT, Jamil Nimeh wrote:
> This fix makes some minor changes to the internals of the
> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
> works better now with thes
On Thu, 13 Feb 2025 18:32:41 GMT, Daniel Jeliński wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java
>> line 122:
>>
>>> 120: } else if (tlsVersion == 0x0301 || tlsVersion == 0x0302) {
>>> 121: mechanism = CKM_TLS_KEY_AND_MAC_
On Thu, 13 Feb 2025 18:41:01 GMT, Sean Mullan wrote:
>> TLS 1.2 is version 3.3.
>> The versions are:
>> SSL 3.0 - 3.0
>> TLS 1.0 - 3.1
>> TLS 1.1 - 3.2
>> TLS 1.2 - 3.3
>
> Ah ok. So I assume TLS 1.3 is using a different code path or KDF.
TLS 1.3 uses HKDF, and doesn't work with SunPKCS11 yet, s
On Thu, 13 Feb 2025 18:12:52 GMT, Sean Mullan wrote:
>> Please review this trivial fix that ensures that the mechanism always
>> matches the parameter class type.
>>
>> I added a new test case that crashes without the fix, passes with the fix.
>> Existing tier1-3 test cases continue to pass.
>
On Wed, 12 Feb 2025 10:02:55 GMT, Daniel Jeliński wrote:
> Please review this trivial fix that ensures that the mechanism always matches
> the parameter class type.
>
> I added a new test case that crashes without the fix, passes with the fix.
> Existing tier1-3 test cases continue to pass.
@
This change adds an API note to these methods recommending that the caller
should perform further validation steps on the code signers that signed the JAR
file, such as validating the code signer's certificate chain, and determining
if the signer should be trusted. There was already a similar wa
On Mon, 18 Nov 2024 18:05:34 GMT, Martin Balao wrote:
> We would like to propose an implementation of the HKDF algorithms for
> SunPKCS11, aligned with the KDF API proposed for JDK 24 (see [JEP 478: Key
> Derivation Function API
> (Preview)](https://bugs.openjdk.org/browse/JDK-8189808)).
>
>
> Moved the sh file logic to jtreg java test.
Mikhail Yankelevich has updated the pull request incrementally with one
additional commit since the last revision:
changed to use a scratch directory
-
Changes:
- all: https://git.openjdk.org/jdk/pull/23590/files
- new: https://gi
On Wed, 12 Feb 2025 19:31:31 GMT, Rajan Halade wrote:
>> test/jdk/sun/security/pkcs11/Provider/MultipleLogins.java line 63:
>>
>>> 61: private static void copyDbFiles() throws IOException {
>>> 62: final var testFolder = System.getProperty("test.src", ".");
>>> 63: final var
As is suggested in [JDK-8342958](https://bugs.openjdk.org/browse/JDK-8342958),
`jvmArgs` should be used consistently in microbenchmarks to 'align with the
intuition that when you use jvmArgsAppend/-Prepend intent is to add to a set of
existing flags, while if you supply jvmArgs intent is "run wi
27 matches
Mail list logo
