On Tue, 29 Apr 2025 21:51:00 GMT, Artur Barashev wrote:
>> The current key manager is SunX509, which is configured in the
>> java.security. The SunX509 algorithm does not check the local certificate.
>> The PKIX algorithm should be preferred now so that the default key manager
>> could be more
On Tue, 29 Apr 2025 21:44:26 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
> The private marshal() method in sun.security.util.Debug still contains code
> to parse "permission=" and "codebase=" options. These
> sub-options were part of the "access" option which was removed in JDK 24 as
> part of JEP 486, so this code can be removed.
Koushik Muthukrishnan Thirupattur h
On Tue, 29 Apr 2025 21:44:26 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Tue, 29 Apr 2025 21:51:00 GMT, Artur Barashev wrote:
>> The current key manager is SunX509, which is configured in the
>> java.security. The SunX509 algorithm does not check the local certificate.
>> The PKIX algorithm should be preferred now so that the default key manager
>> could be more
On Tue, 29 Apr 2025 22:11:20 GMT, Mark Powers wrote:
>> This is a side issue, but it looks like this API can also throw
>> `IndexOutOfBoundsException` if an offset is input which causes
>> `System.arraycopy` (on line 112) to access the iv out of range. Please check
>> and file a separate issue
On Tue, 29 Apr 2025 18:16:47 GMT, Sean Mullan wrote:
>> done
>
> This is a side issue, but it looks like this API can also throw
> `IndexOutOfBoundsException` if an offset is input which causes
> `System.arraycopy` (on line 112) to access the iv out of range. Please check
> and file a separate
> The current key manager is SunX509, which is configured in the java.security.
> The SunX509 algorithm does not check the local certificate. The PKIX
> algorithm should be preferred now so that the default key manager could be
> more robust.
>
> Compatibility considerations:
>
> 1) Customers
> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
> for the HKDF support from JCA/JCE providers.
>
> This is just code refactoring. Known-answer regression test for the internal
> JSSE HKDF impl is removed as the test vectors are already covered by the HKDF
> impl in
On Tue, 29 Apr 2025 19:58:42 GMT, Sean Mullan wrote:
>> Artur Barashev has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Skip explicit KeyPair initialization and let the provider default set it
>
> test/jdk/javax/rmi/ssl/SSLSocketParameter
On Tue, 29 Apr 2025 18:51:58 GMT, Sean Mullan wrote:
>> Artur Barashev has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Skip explicit KeyPair initialization and let the provider default set it
>
> test/jdk/sun/security/tools/keytool/Print
On Thu, 24 Apr 2025 17:57:33 GMT, Artur Barashev wrote:
> I wasn't able to reproduce the issue. Most likely it was caused by unusually
> high CPU load in test environment. Increasing the server's "accept" call
> time-out value from 5 to 10 seconds to make the test more robust.
This pull reques
On Thu, 24 Apr 2025 18:30:00 GMT, Artur Barashev wrote:
>> The current key manager is SunX509, which is configured in the
>> java.security. The SunX509 algorithm does not check the local certificate.
>> The PKIX algorithm should be preferred now so that the default key manager
>> could be more
On Thu, 24 Apr 2025 17:57:33 GMT, Artur Barashev wrote:
> I wasn't able to reproduce the issue. Most likely it was caused by unusually
> high CPU load in test environment. Increasing the server's "accept" call
> time-out value from 5 to 10 seconds to make the test more robust.
@artur-oracle
Y
On Thu, 17 Apr 2025 17:32:03 GMT, Koushik Muthukrishnan Thirupattur
wrote:
> The private marshal() method in sun.security.util.Debug still contains code
> to parse "permission=" and "codebase=" options. These
> sub-options were part of the "access" option which was removed in JDK 24 as
> part
On Tue, 29 Apr 2025 17:50:01 GMT, Valerie Peng wrote:
> Update CSR with the new names, e.g. with the output length suffix?
Thanks for reminding. Done.
-
PR Comment: https://git.openjdk.org/jdk/pull/24576#issuecomment-2839977324
On Thu, 24 Apr 2025 17:22:22 GMT, Mark Powers wrote:
> [JDK-8351113](https://bugs.openjdk.org/browse/JDK-8351113)
This pull request has now been integrated.
Changeset: c2485d5f
Author:Mark Powers
URL:
https://git.openjdk.org/jdk/commit/c2485d5f7dd00eaed34a5d309276114eb4c78cb0
Stats:
On Fri, 18 Apr 2025 10:15:06 GMT, Mikhail Yankelevich
wrote:
> Provider is now added to the Security before the test
test/jdk/sun/security/pkcs11/Serialize/SerializeProvider.java line 51:
> 49:
> 50: if (Security.getProvider(p.getName()) != p) {
> 51: throw new SkippedExce
By using the AVX-512 vector registers the speed of the computation of the
ML-KEM algorithms (key generation, encapsulation, decapsulation) can be
approximately doubled.
-
Commit messages:
- 8351412: Add AVX-512 intrinsics for ML-KEM
Changes: https://git.openjdk.org/jdk/pull/24953/
On Thu, 24 Apr 2025 18:30:00 GMT, Artur Barashev wrote:
>> The current key manager is SunX509, which is configured in the
>> java.security. The SunX509 algorithm does not check the local certificate.
>> The PKIX algorithm should be preferred now so that the default key manager
>> could be more
On Tue, 29 Apr 2025 16:22:43 GMT, Mark Powers wrote:
>> src/java.base/share/classes/javax/crypto/spec/RC2ParameterSpec.java line 107:
>>
>>> 105: if (offset < 0) {
>>> 106: throw new ArrayIndexOutOfBoundsException("offset is
>>> negative");
>>> 107: }
>>
>> Move the
On Tue, 29 Apr 2025 17:51:26 GMT, Mark Powers wrote:
>> [JDK-8351113](https://bugs.openjdk.org/browse/JDK-8351113)
>
> Mark Powers has updated the pull request incrementally with one additional
> commit since the last revision:
>
> third comment from Sean
LGTM. But see my one comment about a
On Thu, 24 Apr 2025 17:57:33 GMT, Artur Barashev wrote:
> I wasn't able to reproduce the issue. Most likely it was caused by unusually
> high CPU load in test environment. Increasing the server's "accept" call
> time-out value from 5 to 10 seconds to make the test more robust.
LGTM.
-
On Mon, 28 Apr 2025 14:48:34 GMT, Weijun Wang wrote:
>> Add 2 `MessageDigest` algorithms.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> test alias usage
Update CSR with the new names, e.g. with the output length suffix?
> [JDK-8351113](https://bugs.openjdk.org/browse/JDK-8351113)
Mark Powers has updated the pull request incrementally with one additional
commit since the last revision:
third comment from Sean
-
Changes:
- all: https://git.openjdk.org/jdk/pull/24854/files
- new: https://git.op
On Tue, 29 Apr 2025 16:52:09 GMT, Sean Mullan wrote:
>> Mark Powers has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> second comment from Sean
>
> test/jdk/java/security/spec/RC2ParameterSpec/InvalidArrayIndex.java line 4:
>
>> 2: * Copy
On Tue, 29 Apr 2025 16:26:35 GMT, Mark Powers wrote:
>> [JDK-8351113](https://bugs.openjdk.org/browse/JDK-8351113)
>
> Mark Powers has updated the pull request incrementally with one additional
> commit since the last revision:
>
> second comment from Sean
test/jdk/java/security/spec/RC2Para
On Tue, 29 Apr 2025 13:08:36 GMT, Sean Mullan wrote:
>> Mark Powers has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> comment from Sean
>
> src/java.base/share/classes/javax/crypto/spec/RC2ParameterSpec.java line 107:
>
>> 105: if
> [JDK-8351113](https://bugs.openjdk.org/browse/JDK-8351113)
Mark Powers has updated the pull request incrementally with one additional
commit since the last revision:
second comment from Sean
-
Changes:
- all: https://git.openjdk.org/jdk/pull/24854/files
- new: https://git.o
On Tue, 22 Apr 2025 20:27:04 GMT, Rajan Halade wrote:
> The change is to remove two Camerfirma root certificates which are terminated
> and no longer in use. These two roots are removed from `cacerts` truststore.
> Distrust of these roots is also removed as these roots will no longer be
> trus
> Hi,
>
> Enhanced exception messages are designed to hide sensitive information such
> as hostnames, IP
> addresses from exception message strings, unless the enhanced mode for the
> specific category
> has been explicitly enabled. Enhanced exceptions were first introduced in
> 8204233 in JD
On Mon, 28 Apr 2025 21:05:26 GMT, Mark Powers wrote:
>> [JDK-8351113](https://bugs.openjdk.org/browse/JDK-8351113)
>
> Mark Powers has updated the pull request incrementally with one additional
> commit since the last revision:
>
> comment from Sean
src/java.base/share/classes/javax/crypto/s
On 2025-04-28 10:22, Osipov, Michael (IN IT IN) wrote:
> Hi folks,
> Hi Max,
>
> please assess the following bug I have found in Java 11+, it does not
exist
> in Java 8. I have tried the following most versions on Azul Zulu/
> OpenJDK: 8, 11, 17, 21, 24 on multiple platforms. Searched JBS as wel
33 matches
Mail list logo
