Re: RFR: 8345940: Migrate security-related resources from Java classes to properties files [v4]

On Fri, 7 Mar 2025 22:07:31 GMT, Justin Lu wrote: >> Artur Barashev has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Update keytool and jarsigner resources location > > src/java.base/share/classes/sun/security/tools/keytool/Main.java line

Re: RFR: 8351223: Update localized resources in keytool and jarsigner

On Thu, 6 Mar 2025 17:40:15 GMT, Justin Lu wrote: > > Hi @justin-curtis-lu! Just curious how urgent is this change? I'm going to > > finish the .java -> .properties conversion draft soon and then you can > > modify the properties files in plain UTF-8 text: #22774 > > We want to get this into `

Re: RFR: 8349849: PKCS11 SunTlsKeyMaterial crashes when used with TLS1.2 TlsKeyMaterialParameterSpec

On Wed, 12 Feb 2025 10:02:55 GMT, Daniel Jeliński wrote: > Please review this trivial fix that ensures that the mechanism always matches > the parameter class type. > > I added a new test case that crashes without the fix, passes with the fix. > Existing tier1-3 test cases continue to pass. M

Re: RFR: 8325448: Hybrid Public Key Encryption [v9]

On Tue, 11 Mar 2025 21:12:54 GMT, Weijun Wang wrote: >> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/. >>  > > Weijun Wang has updated the pull request incrementally with

Re: RFR: 8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh to run fully in java [v3]

On Thu, 6 Mar 2025 11:49:12 GMT, Mikhail Yankelevich wrote: >> Refactor the following to run fully in java: >> test/java/security//Security/ClassLoaderDeadlock/ClassLoaderDeadlock.sh >> test/java/security//Security/ClassLoaderDeadlock/Deadlock.sh > > Mikhail Yankelevich has updated the pull requ

Re: RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing [v8]

On Tue, 11 Mar 2025 17:30:54 GMT, Kevin Driver wrote: >> JDK-8341775: In the case where there is a *single* META-INF directory but >> potentially *multiple* manifest files of different cases, print a warning >> before selecting the first one and ignoring the rest (the current behavior >> shoul

Re: RFR: 8350459: MontgomeryIntegerPolynomialP256 multiply intrinsic with AVX2 on x86_64 [v4]

On Wed, 5 Mar 2025 23:03:23 GMT, Volodymyr Paprotski wrote: >> Add AVX2 montgomery multiplication intrinsic. (About 60-80% gain) >> >> Also add reduction to existing AVX512 multiplication (this was left-over >> from https://github.com/openjdk/jdk/pull/19893 where a quick fix was >> required).

Re: RFR: 8325448: Hybrid Public Key Encryption [v9]

On Tue, 11 Mar 2025 21:14:16 GMT, Weijun Wang wrote: > usually determined by the key type. Hm, might be a bit more complicated for PQ/T Hybrid KEMs. It can of course be added later on, as the implementations using that (like Xwing for HPKE with JOSE) are still in draft state. - P

Re: RFR: 8325448: Hybrid Public Key Encryption [v9]

On Tue, 11 Mar 2025 21:12:54 GMT, Weijun Wang wrote: >> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/. >>  > > Weijun Wang has updated the pull request incrementally with

Re: RFR: 8325448: Hybrid Public Key Encryption [v8]

On Tue, 11 Mar 2025 19:59:42 GMT, Sean Mullan wrote: >> Weijun Wang has updated the pull request incrementally with one additional >> commit since the last revision: >> >> add mode_auth and mode_auth_psk, tiny spec change > > src/java.base/share/classes/sun/security/util/SliceableSecretKey.ja

Re: RFR: 8325448: Hybrid Public Key Encryption [v9]

> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/. >  Weijun Wang has updated the pull request incrementally with one additional commit since the last revision: of(kdf_id

Re: RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing

On Thu, 21 Nov 2024 15:53:28 GMT, Hai-May Chao wrote: >> JDK-8341775: In the case where there is a *single* META-INF directory but >> potentially *multiple* manifest files of different cases, print a warning >> before selecting the first one and ignoring the rest (the current behavior >> shoul

Re: RFR: 8345940: Migrate security-related resources from Java classes to properties files [v9]

On Mon, 10 Mar 2025 17:57:42 GMT, Artur Barashev wrote: >> These resources files are in Java classes. If converted to properties files, >> the localized versions can use UTF-8 encoding directly. >> >> ./src/java.base/share/classes/sun/security/tools/keytool/Resources.java >> ./src/java.base/sha

Integrated: 8345940: Migrate security-related resources from Java classes to properties files

On Mon, 16 Dec 2024 22:03:59 GMT, Artur Barashev wrote: > These resources files are in Java classes. If converted to properties files, > the localized versions can use UTF-8 encoding directly. > > ./src/java.base/share/classes/sun/security/tools/keytool/Resources.java > ./src/java.base/share/cl

Re: RFR: 8325448: Hybrid Public Key Encryption [v8]

On Mon, 3 Mar 2025 15:57:49 GMT, Weijun Wang wrote: >> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/. >> >>  > > Weijun Wang has updated the pull request incrementally wi

Re: RFR: 8349151: Refactor test/java/security/cert/CertificateFactory/slowstream.sh to java test [v2]

On Mon, 3 Feb 2025 19:12:30 GMT, Mikhail Yankelevich wrote: >> Refactor test/java/security/cert/CertificateFactory/slowstream.sh to java >> test > > Mikhail Yankelevich has updated the pull request incrementally with one > additional commit since the last revision: > > cleanup Still needs

Re: RFR: 8345940: Migrate security-related resources from Java classes to properties files [v9]

On Mon, 10 Mar 2025 17:57:42 GMT, Artur Barashev wrote: >> These resources files are in Java classes. If converted to properties files, >> the localized versions can use UTF-8 encoding directly. >> >> ./src/java.base/share/classes/sun/security/tools/keytool/Resources.java >> ./src/java.base/sha

Re: RFR: 8349534: Refactor jdk/sun/security/krb5/runNameEquals.sh to java test [v4]

On Tue, 11 Feb 2025 18:46:29 GMT, Mikhail Yankelevich wrote: >> Refactored the runNameEquals.sh to java test > > Mikhail Yankelevich has updated the pull request incrementally with one > additional commit since the last revision: > > minor Still needs an approval - PR Comment:

Re: RFR: 8349535: Refactor ./pkcs11/Provider/MultipleLogins.sh to java test [v3]

On Tue, 25 Feb 2025 17:50:53 GMT, Mikhail Yankelevich wrote: >> test/jdk/sun/security/pkcs11/Provider/MultipleLogins.java line 63: >> >>> 61: private static final SunPKCS11[] providers = new >>> SunPKCS11[NUM_PROVIDERS]; >>> 62: >>> 63: private static void copyDbFiles() throws IOExcep

Re: RFR: 8349535: Refactor ./pkcs11/Provider/MultipleLogins.sh to java test [v4]

> Moved the sh file logic to jtreg java test. Mikhail Yankelevich has updated the pull request incrementally with one additional commit since the last revision: Multiple logins test now extends PKCS11Test * Multiple logins test now extends PKCS11Test * cleanup * skip exceptions are no

RFR: 8303770: Remove Baltimore root certificate expiring in May 2025

Removed "_CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE_" root certificate expiring in May 2025 from cacerts truststore. No code signing certificates were issued from CA. The release-note is at [JDK-8351686](https://bugs.openjdk.org/browse/JDK-8351686) - Commit me

Re: RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing [v8]

> JDK-8341775: In the case where there is a *single* META-INF directory but > potentially *multiple* manifest files of different cases, print a warning > before selecting the first one and ignoring the rest (the current behavior > should be maintained). Kevin Driver has updated the pull request

Re: RFR: 8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh to run fully in java [v2]

On Thu, 6 Mar 2025 11:20:23 GMT, Jaikiran Pai wrote: >> Mikhail Yankelevich has updated the pull request with a new target base due >> to a merge or a rebase. The incremental webrev excludes the unrelated >> changes brought in by the merge/rebase. The pull request contains three >> additional

Re: RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing [v7]

On Mon, 10 Mar 2025 21:11:15 GMT, Kevin Driver wrote: >> test/jdk/sun/security/tools/jarsigner/MultiManifest.jar line 1: >> >>> 1: PKO�rY >>> META-INF/��PKPKO�rYMETA-INF/MANIFEST.MF�M��LK-.� >> >> We usually do not include a binary file in the code repository. Can you >>

Re: RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing [v6]

> JDK-8341775: In the case where there is a *single* META-INF directory but > potentially *multiple* manifest files of different cases, print a warning > before selecting the first one and ignoring the rest (the current behavior > should be maintained). > > **Note**: We cannot (so far) pass whe

Re: RFR: 8349583: Add mechanism to disable signature schemes based on their TLS scope [v13]

> Currently when a signature scheme constraint is specified with > "jdk.tls.disabledAlgorithms" property we don't differentiate between > signatures used to sign a TLS handshake exchange and the signatures used in > TLS certificates: > https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3

Re: RFR: 8345940: Migrate security-related resources from Java classes to properties files [v7]

> These resources files are in Java classes. If converted to properties files, > the localized versions can use UTF-8 encoding directly. > > ./src/java.base/share/classes/sun/security/tools/keytool/Resources.java > ./src/java.base/share/classes/sun/security/util/Resources.java > ./src/java.base/s

Re: RFR: 8349583: Add mechanism to disable signature schemes based on their TLS scope [v15]

On Mon, 10 Mar 2025 19:40:11 GMT, Sean Mullan wrote: >> Artur Barashev has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Update constraint description > > src/java.base/share/conf/security/java.security line 752: > >> 750: # ampersand

Re: RFR: 8351034: Add AVX-512 intrinsics for ML-DSA [v3]

On Wed, 5 Mar 2025 18:27:44 GMT, Ferenc Rakoczi wrote: >> Hi @ferakocz , >> >> Thanks!, for efficient utilization of Decode ICache (please refer to Intel >> SDM section 3.4.2.5), code blocks should be aligned to 32-byte boundaries; a >> 64-byte aligned code is a superset of both 16 and 32 byt

Re: RFR: 8345139: Fix bugs and inconsistencies in the Provider services map [v5]

On Wed, 12 Feb 2025 20:46:31 GMT, Francisco Ferrari Bihurriet wrote: >> Hi, this pull request implements the fixes for bugs and inconsistencies >> described in [JDK-8345139](https://bugs.openjdk.org/browse/JDK-8345139 "Fix >> bugs and inconsistencies in the Provider services map"). >> >>

Re: RFR: 8349492: Update sun/security/pkcs12/KeytoolOpensslInteropTest.java to use a recent Openssl version [v6]

On Fri, 7 Mar 2025 12:43:34 GMT, Fernando Guallini wrote: >> This updates the OpenSSL version that is used by test >> `sun/security/pkcs12/KeytoolOpensslInteropTest.java` to the current LTS >> version (3.0 series). >> There are some differences between the 1.1.x and the current OpenSSL versio

Re: RFR: 8345940: Migrate security-related resources from Java classes to properties files [v4]

On Fri, 7 Mar 2025 21:50:53 GMT, Justin Lu wrote: >> Artur Barashev has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Update keytool and jarsigner resources location > > src/jdk.jartool/share/classes/sun/security/tools/jarsigner/resources/

RFR: 8351349: GSSUtil.createSubject has outdated access control context and policy related text

Please review this change to remove outdated access control context and policy related text from the `com.sun.security.jgss.GSSUtil` class which no longer applies now that JEP 486 disabled the Security Manager. I have removed the text and not tried to replace it. I think it is better to keep the

Re: RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing [v7]

On Mon, 10 Mar 2025 15:59:23 GMT, Kevin Driver wrote: >> JDK-8341775: In the case where there is a *single* META-INF directory but >> potentially *multiple* manifest files of different cases, print a warning >> before selecting the first one and ignoring the rest (the current behavior >> shoul

Re: RFR: 8345940: Migrate security-related resources from Java classes to properties files [v4]

On Fri, 7 Mar 2025 21:48:58 GMT, Justin Lu wrote: >> Artur Barashev has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Update keytool and jarsigner resources location > > src/jdk.jartool/share/classes/sun/security/tools/jarsigner/resources/

Re: RFR: 8345940: Migrate security-related resources from Java classes to properties files [v6]

> These resources files are in Java classes. If converted to properties files, > the localized versions can use UTF-8 encoding directly. > > ./src/java.base/share/classes/sun/security/tools/keytool/Resources.java > ./src/java.base/share/classes/sun/security/util/Resources.java > ./src/java.base/s

Re: RFR: 8345940: Migrate security-related resources from Java classes to properties files [v9]

> These resources files are in Java classes. If converted to properties files, > the localized versions can use UTF-8 encoding directly. > > ./src/java.base/share/classes/sun/security/tools/keytool/Resources.java > ./src/java.base/share/classes/sun/security/util/Resources.java > ./src/java.base/s

Re: RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing [v7]

On Mon, 10 Mar 2025 15:59:23 GMT, Kevin Driver wrote: >> JDK-8341775: In the case where there is a *single* META-INF directory but >> potentially *multiple* manifest files of different cases, print a warning >> before selecting the first one and ignoring the rest (the current behavior >> shoul

Re: RFR: 8350964: Add an ArtifactResolver.fetch(clazz) method [v2]

> In this PR, I created a new method, `ArtifactResolver.fetchOne()`, to > consolidate duplicate code across tests. Matthew Donovan has updated the pull request incrementally with one additional commit since the last revision: Changed exception message in Artifact resolver and fixed logic in k

Re: RFR: 8350964: Add an ArtifactResolver.fetch(clazz) method [v2]

On Tue, 11 Mar 2025 15:39:17 GMT, Mikhail Yankelevich wrote: >> Matthew Donovan has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Changed exception message in Artifact resolver and fixed logic in keytool >> test > > test/jdk/sun/security

Re: RFR: 8350964: Add an ArtifactResolver.fetch(clazz) method [v2]

On Tue, 11 Mar 2025 15:59:53 GMT, Fernando Guallini wrote: >> Matthew Donovan has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Changed exception message in Artifact resolver and fixed logic in keytool >> test > > test/jdk/sun/security/p

Re: RFR: 8346129: Simplify EdDSA & XDH curve name usage [v5]

> Hi, > > I need a review for the following change. Naming conventions for EdDSA and > XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator. > These internal changes help make it more consistent when parsing the actual > curve being used vs the broader algorithm name. > > t

Re: RFR: 8350964: Add an ArtifactResolver.fetch(clazz) method

On Tue, 11 Mar 2025 15:21:09 GMT, Matthew Donovan wrote: > In this PR, I created a new method, `ArtifactResolver.fetchOne()`, to > consolidate duplicate code across tests. test/jdk/sun/security/provider/acvp/Launcher.java line 181: > 179: } > 180: > 181: private static Path fetchACVPS

Re: RFR: 8350964: Add an ArtifactResolver.fetch(clazz) method

On Tue, 11 Mar 2025 15:21:09 GMT, Matthew Donovan wrote: > In this PR, I created a new method, `ArtifactResolver.fetchOne()`, to > consolidate duplicate code across tests. test/jdk/sun/security/pkcs12/KeytoolOpensslInteropTest.java line 90: > 88: generateInitialKeystores(openss

Re: RFR: 8351349: GSSUtil.createSubject has outdated access control context and policy related text [v2]

On Tue, 11 Mar 2025 12:49:44 GMT, Sean Mullan wrote: >> Please review this change to remove outdated access control context and >> policy related text from the `com.sun.security.jgss.GSSUtil` class which no >> longer applies now that JEP 486 disabled the Security Manager. >> >> I also made a

Re: RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing [v7]

> JDK-8341775: In the case where there is a *single* META-INF directory but > potentially *multiple* manifest files of different cases, print a warning > before selecting the first one and ignoring the rest (the current behavior > should be maintained). > > **Note**: We cannot (so far) pass whe

Re: RFR: 8345940: Migrate security-related resources from Java classes to properties files [v9]

On Mon, 10 Mar 2025 17:57:42 GMT, Artur Barashev wrote: >> These resources files are in Java classes. If converted to properties files, >> the localized versions can use UTF-8 encoding directly. >> >> ./src/java.base/share/classes/sun/security/tools/keytool/Resources.java >> ./src/java.base/sha

RFR: 8350964: Add an ArtifactResolver.fetch(clazz) method

In this PR, I created a new method, `ArtifactResolver.fetchOne()`, to consolidate duplicate code across tests. - Commit messages: - 8350964: Add an ArtifactResolver.fetch(clazz) method Changes: https://git.openjdk.org/jdk/pull/23989/files Webrev: https://webrevs.openjdk.org/?repo

Re: RFR: 8351349: GSSUtil.createSubject has outdated access control context and policy related text [v2]

> Please review this change to remove outdated access control context and > policy related text from the `com.sun.security.jgss.GSSUtil` class which no > longer applies now that JEP 486 disabled the Security Manager. > > I also made a few other minor changes, adding code tags around class names

Re: RFR: 8345940: Migrate security-related resources from Java classes to properties files [v8]

> These resources files are in Java classes. If converted to properties files, > the localized versions can use UTF-8 encoding directly. > > ./src/java.base/share/classes/sun/security/tools/keytool/Resources.java > ./src/java.base/share/classes/sun/security/util/Resources.java > ./src/java.base/s