> Currently when a signature scheme constraint is specified with
> "jdk.tls.disabledAlgorithms" property we don't differentiate between
> signatures used to sign a TLS handshake exchange and the signatures used in
> TLS certificates:
> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3
> Currently when a signature scheme constraint is specified with
> "jdk.tls.disabledAlgorithms" property we don't differentiate between
> signatures used to sign a TLS handshake exchange and the signatures used in
> TLS certificates:
> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3
On Thu, 27 Mar 2025 18:33:56 GMT, Sean Mullan wrote:
>> Artur Barashev has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Fix java.security syntax. Remove whitespace.
>
> test/jdk/sun/security/ssl/SignatureScheme/AbstractCheckSignatureSchem
On Thu, 27 Mar 2025 19:33:46 GMT, Artur Barashev wrote:
>> test/jdk/sun/security/ssl/SignatureScheme/AbstractCheckSignatureSchemes.java
>> line 77:
>>
>>> 75: }
>>> 76:
>>> 77: protected String getProtocol() {
>>
>> I'd be more inclined to make this abstract and force subclasses to ov
On Thu, 27 Mar 2025 19:38:01 GMT, Sean Mullan wrote:
>> Actually this is done on purpose to check case-insensitive matching, I use
>> this approach in other tests as well.
>
> Ok, please add a comment above indicating that.
Done.
-
PR Review Comment: https://git.openjdk.org/jdk/pu
On Thu, 27 Mar 2025 14:13:10 GMT, Sean Mullan wrote:
>> Artur Barashev has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Fix java.security syntax. Remove whitespace.
>
> src/java.base/share/classes/sun/security/ssl/SSLScope.java line 39:
>
> Hi,
>
> I need a review for the following change. Naming conventions for EdDSA and
> XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator.
> These internal changes help make it more consistent when parsing the actual
> curve being used vs the broader algorithm name.
>
> t
On Thu, 27 Mar 2025 19:13:59 GMT, Volodymyr Paprotski
wrote:
>> Add AVX2 montgomery multiplication intrinsic. (About 60-80% gain)
>>
>> Also add reduction to existing AVX512 multiplication (this was left-over
>> from https://github.com/openjdk/jdk/pull/19893 where a quick fix was
>> required)
On Thu, 27 Mar 2025 18:11:32 GMT, Anthony Scarpino
wrote:
>> Volodymyr Paprotski has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - whitespace
>> - prettify test
>
> Wait on integration. I need to check something
Let me know if I can
On Thu, 27 Mar 2025 19:35:48 GMT, Artur Barashev wrote:
>> test/jdk/sun/security/ssl/SignatureScheme/DisableSignatureSchemePerScopeTLS12.java
>> line 52:
>>
>>> 50: protected static final String DISABLED_CONSTRAINTS =
>>> 51: HANDSHAKE_DISABLED_SIG + " usage HandShakesignature,
On Thu, 27 Mar 2025 21:29:05 GMT, Hai-May Chao wrote:
>> The jarsigner -verify command currently performs verification by reading
>> from JarFile to navigate the central directory (CEN) headers. It is now
>> enhanced to include cross-validation of entries between JarFile (CEN-based)
>> and Jar
> The jarsigner -verify command currently performs verification by reading from
> JarFile to navigate the central directory (CEN) headers. It is now enhanced
> to include cross-validation of entries between JarFile (CEN-based) and
> JarInputStream (stream-based) representations of the JAR. It em
> As part of [https://bugs.openjdk.org/browse/JDK-8301553](JDK-8301553),
> SunPKCS11 provider added support for PBE SecretKeyFactories for
> `HmacPBESHAxxx` and `PBEWithHmacSHAxxxAndAES_yyy`. These impls produce keys
> whose encoding contains the PBKDF2 derived bytes. Given that SunJCE provider
> The jarsigner -verify command currently performs verification by reading from
> JarFile to navigate the central directory (CEN) headers. It is now enhanced
> to include cross-validation of entries between JarFile (CEN-based) and
> JarInputStream (stream-based) representations of the JAR. It em
On Thu, 27 Mar 2025 19:40:40 GMT, Sean Mullan wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Add CEN/LOC summary warning to Informational Warnings
>
> src/jdk.jartool/share/man/jarsigner.md line 929:
>
>> 927:
>
On Thu, 27 Mar 2025 21:17:15 GMT, Hai-May Chao wrote:
>> The jarsigner -verify command currently performs verification by reading
>> from JarFile to navigate the central directory (CEN) headers. It is now
>> enhanced to include cross-validation of entries between JarFile (CEN-based)
>> and Jar
On Mon, 24 Mar 2025 20:59:22 GMT, Valerie Peng wrote:
>> Hi @valeriepeng, I found code assuming `com.sun.crypto.provider.PBEKey`
>> contains only ASCII, please find my suggestions in the review comments. I
>> also added a suggestion for the tests, in order to increase the coverage in
>> that r
On Tue, 25 Mar 2025 18:34:00 GMT, Francisco Ferrari Bihurriet
wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> apply the suggested changes and minor code refactoring.
>
> src/jdk.crypto.cryptoki/share/classes/sun/s
On Thu, 27 Mar 2025 19:10:08 GMT, Hai-May Chao wrote:
>> The jarsigner -verify command currently performs verification by reading
>> from JarFile to navigate the central directory (CEN) headers. It is now
>> enhanced to include cross-validation of entries between JarFile (CEN-based)
>> and Jar
On Wed, 26 Mar 2025 14:49:29 GMT, Sean Mullan wrote:
>> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/resources/jarsigner.properties
>> line 216:
>>
>>> 214:
>>> manifest.attribute.1.differs.jarfile.value.2.jarinputstream.value.3=Manifest
>>> attribute %1$s differs: JarFile value
On Thu, 27 Mar 2025 18:46:02 GMT, Sean Mullan wrote:
>> Artur Barashev has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Fix java.security syntax. Remove whitespace.
>
> test/jdk/sun/security/ssl/SignatureScheme/AbstractCheckSignatureSchem
On Thu, 27 Mar 2025 13:28:57 GMT, Sean Mullan wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Not split warning in rb.getString() accross multi-lines for Usages.java
>
> src/jdk.jartool/share/classes/sun/security/t
On Mon, 24 Mar 2025 17:23:51 GMT, Volodymyr Paprotski
wrote:
>> Add AVX2 montgomery multiplication intrinsic. (About 60-80% gain)
>>
>> Also add reduction to existing AVX512 multiplication (this was left-over
>> from https://github.com/openjdk/jdk/pull/19893 where a quick fix was
>> required)
> Add AVX2 montgomery multiplication intrinsic. (About 60-80% gain)
>
> Also add reduction to existing AVX512 multiplication (this was left-over from
> https://github.com/openjdk/jdk/pull/19893 where a quick fix was required).
> This is mostly for cleanup, but there is about 1-2% gain.
>
> Befo
On Thu, 27 Mar 2025 14:38:44 GMT, Artur Barashev wrote:
>> Yes, it's inconsistent with the rest of the file actually. I'll check which
>> version is semantically correct and make changes. Thanks!
>
> All done. I had to re-open a CSR for this change, so it took some time.
Looks good. Thanks for
On Thu, 27 Mar 2025 14:42:36 GMT, Artur Barashev wrote:
>> We have an incorrect regex syntax when describing a "usage" algorithm
>> constraint. Current syntax indicates that usage types are optional while
>> they are not: at least one usage type should be specified.
>
> Artur Barashev has updat
On Thu, 27 Mar 2025 18:52:53 GMT, Anthony Scarpino
wrote:
>> Volodymyr Paprotski has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - whitespace
>> - prettify test
>
> src/java.base/share/classes/sun/security/util/math/intpoly/MontgomeryI
> The jarsigner -verify command currently performs verification by reading from
> JarFile to navigate the central directory (CEN) headers. It is now enhanced
> to include cross-validation of entries between JarFile (CEN-based) and
> JarInputStream (stream-based) representations of the JAR. It em
On Mon, 24 Mar 2025 17:24:01 GMT, Artur Barashev wrote:
>> Currently when a signature scheme constraint is specified with
>> "jdk.tls.disabledAlgorithms" property we don't differentiate between
>> signatures used to sign a TLS handshake exchange and the signatures used in
>> TLS certificates:
On Thu, 27 Mar 2025 01:52:40 GMT, Hai-May Chao wrote:
>> Again, shall we return here? Do you want to skip other comparison when the
>> manifests are not the same?
>
> It was suggested that I validate the Manifest and then fast fail if there is
> an inconsistency. As Manifest contains metadata a
On Thu, 27 Mar 2025 13:32:09 GMT, Sean Mullan wrote:
>> This step checks content and order. As the order does matter, I have this
>> step to explicitly warn about ordering issue.
>
> But they are Sets now, so the order could have changed simply by adding them
> to the Set. I think this check ca
> The jarsigner -verify command currently performs verification by reading from
> JarFile to navigate the central directory (CEN) headers. It is now enhanced
> to include cross-validation of entries between JarFile (CEN-based) and
> JarInputStream (stream-based) representations of the JAR. It em
On Thu, 27 Mar 2025 13:33:37 GMT, Fernando Guallini
wrote:
>> Mikhail Yankelevich has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> minor: imports fix
>
> test/lib/jdk/test/lib/security/artifacts/ThirdPartyArtifacts.java line 30:
>
>> 28
On Mon, 24 Mar 2025 17:24:01 GMT, Artur Barashev wrote:
>> Currently when a signature scheme constraint is specified with
>> "jdk.tls.disabledAlgorithms" property we don't differentiate between
>> signatures used to sign a TLS handshake exchange and the signatures used in
>> TLS certificates:
On Mon, 24 Mar 2025 17:23:51 GMT, Volodymyr Paprotski
wrote:
>> Add AVX2 montgomery multiplication intrinsic. (About 60-80% gain)
>>
>> Also add reduction to existing AVX512 multiplication (this was left-over
>> from https://github.com/openjdk/jdk/pull/19893 where a quick fix was
>> required)
On Mon, 24 Mar 2025 17:23:51 GMT, Volodymyr Paprotski
wrote:
>> Add AVX2 montgomery multiplication intrinsic. (About 60-80% gain)
>>
>> Also add reduction to existing AVX512 multiplication (this was left-over
>> from https://github.com/openjdk/jdk/pull/19893 where a quick fix was
>> required)
> 8351566: Consolidate third party artifacts used in tests
Mikhail Yankelevich has updated the pull request incrementally with one
additional commit since the last revision:
Fernando's comments:
* cleanup
-
Changes:
- all: https://git.openjdk.org/jdk/pull/23988/files
- n
On Thu, 27 Mar 2025 14:42:36 GMT, Artur Barashev wrote:
>> We have an incorrect regex syntax when describing a "usage" algorithm
>> constraint. Current syntax indicates that usage types are optional while
>> they are not: at least one usage type should be specified.
>
> Artur Barashev has updat
On Tue, 25 Mar 2025 19:22:52 GMT, Artur Barashev wrote:
>> src/java.base/share/conf/security/java.security line 541:
>>
>>> 539: #
>>> 540: # UsageType:
>>> 541: # ([TLSServer] | [TLSClient] | [SignedJAR])
>>
>> It looks like we list the alternatives without brackets, for example
>> Co
> We have an incorrect regex syntax when describing a "usage" algorithm
> constraint. Current syntax indicates that usage types are optional while they
> are not: at least one usage type should be specified.
Artur Barashev has updated the pull request incrementally with one additional
commit si
On Thu, 27 Mar 2025 14:14:11 GMT, Sean Mullan wrote:
>> Artur Barashev has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Fix java.security syntax. Remove whitespace.
>
> src/java.base/share/conf/security/java.security line 747:
>
>> 745:
On Mon, 24 Mar 2025 17:24:01 GMT, Artur Barashev wrote:
>> Currently when a signature scheme constraint is specified with
>> "jdk.tls.disabledAlgorithms" property we don't differentiate between
>> signatures used to sign a TLS handshake exchange and the signatures used in
>> TLS certificates:
On Tue, 18 Mar 2025 14:11:26 GMT, Mikhail Yankelevich
wrote:
>> 8351566: Consolidate third party artifacts used in tests
>
> Mikhail Yankelevich has updated the pull request incrementally with one
> additional commit since the last revision:
>
> minor: imports fix
test/lib/jdk/test/lib/secu
On Thu, 27 Mar 2025 02:18:05 GMT, Hai-May Chao wrote:
>> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line
>> 1215:
>>
>>> 1213: if (!cenEntries2.equals(locEntries)) {
>>> 1214: crossChkWarnings.add(rb.getString(
>>> 1215:
On Thu, 27 Mar 2025 06:40:02 GMT, Hai-May Chao wrote:
>> The jarsigner -verify command currently performs verification by reading
>> from JarFile to navigate the central directory (CEN) headers. It is now
>> enhanced to include cross-validation of entries between JarFile (CEN-based)
>> and Jar
> The jarsigner -verify command currently performs verification by reading from
> JarFile to navigate the central directory (CEN) headers. It is now enhanced
> to include cross-validation of entries between JarFile (CEN-based) and
> JarInputStream (stream-based) representations of the JAR. It em
46 matches
Mail list logo
