Document preconditions on certain `JavaLangAccess` methods that use operations
either unsafe and/or without range checks.
-
Commit messages:
- Improve `JavaLangAccess` documentation
Changes: https://git.openjdk.org/jdk/pull/24982/files
Webrev: https://webrevs.openjdk.org/?repo=jd
On Thu, 17 Apr 2025 09:51:40 GMT, Mikhail Yankelevich
wrote:
> * Changed the test to use scratch directory
> * Cleaned up the imports
test/jdk/sun/security/pkcs12/P12SecretKey.java line 68:
> 66:
> 67: // temporary files are created in scratch directory
> 68: final File ksFile
On Mon, 17 Mar 2025 13:19:55 GMT, Fernando Guallini
wrote:
> The test `javax/net/ssl/DTLS/PacketLossRetransmission` takes about ~2 to
> complete. The reason is that, in multiple scenarios, the server/client socket
> times out after 10 seconds waiting to receive a DatagramPacket that has been
On Mon, 21 Apr 2025 18:42:55 GMT, Matthew Donovan wrote:
> In this PR, I updated the default `serverAddress` field to use the loopback
> interface. I also removed some unnecessary logic around creating the server
> interface and the client connecting code.
Marked as reviewed by rhalade (Review
On Wed, 23 Apr 2025 10:19:51 GMT, Mikhail Yankelevich
wrote:
> I could not replicate the issue after more than 64000 runs. However, I have
> done the following to increase stability and added logs in case this happens
> again.
>
> Changes:
> * Specifically binding the client to the loopback
On Mon, 28 Apr 2025 17:18:05 GMT, Weijun Wang wrote:
>> I view this as an advanced feature for experienced users. The list is large
>> and algorithm-dependent. For example an EC private key PEM could be
>> PrivateKey.class, ECPrivateKey.class, PEMRecord.class,
>> PKCS8EncodedKeySpec.class.
On Fri, 25 Apr 2025 12:41:34 GMT, Weijun Wang wrote:
>> Anthony Scarpino has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - javadoc updates
>> - code review comments
>
> src/java.base/share/classes/sun/security/ec/ECKeyFactory.java line
> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE
> respectively.
>
> CSR is underway.
>
> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK
> API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net
> jck:api/javax_security jck:ap
On Wed, 30 Apr 2025 15:43:31 GMT, Weijun Wang wrote:
> The private key encoding formats of ML-KEM and ML-DSA are updated to match
> the latest IETF drafts at:
> https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-08
> and
> https://datatracker.ietf.org/doc/html/draft
> Finalize the KDF API.
Weijun Wang has updated the pull request incrementally with two additional
commits since the last revision:
- add a positive debug log and update exception message
- enhancing exception messages and debug outputs
-
Changes:
- all: https://git.openjdk.org
> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE
> respectively.
>
> CSR is underway.
>
> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK
> API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net
> jck:api/javax_security jck:ap
On Tue, 29 Apr 2025 21:44:26 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE
respectively.
CSR is underway.
Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK API
(jck:api/java_security jck:api/javax_crypto jck:api/javax_net
jck:api/javax_security jck:api/org_ietf jck:a
On Wed, 30 Apr 2025 07:48:32 GMT, Ferenc Rakoczi wrote:
>> By using the AVX-512 vector registers the speed of the computation of the
>> ML-KEM algorithms (key generation, encapsulation, decapsulation) can be
>> approximately doubled.
>
> Ferenc Rakoczi has updated the pull request incrementally
On Wed, 30 Apr 2025 15:43:31 GMT, Weijun Wang wrote:
> The private key encoding formats of ML-KEM and ML-DSA are updated to match
> the latest IETF drafts at:
> https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-08
> and
> https://datatracker.ietf.org/doc/html/draft
On Wed, 30 Apr 2025 18:25:35 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/sun/security/ssl/ServerHello.java line 624:
>>
>>> 622:
>>> 623: SSLKeyDerivation handshakeKD = ke.createKeyDerivation(shc);
>>> 624: SecretKey handshakeSecret = handshakeKD.deriveKey(
>
> In addition to the goals, scope, motivation, specification and requirement
> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would
> like to describe the most relevant decisions taken during the implementation
> of this enhancement. These notes are organized by feature,
On Wed, 30 Apr 2025 15:49:16 GMT, Sean Mullan wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Add comment about not using the same HKDF instance.
>
> src/java.base/share/classes/sun/security/ssl/ServerHello.java li
On Tue, 22 Apr 2025 20:27:04 GMT, Rajan Halade wrote:
> The change is to remove two Camerfirma root certificates which are terminated
> and no longer in use. These two roots are removed from `cacerts` truststore.
> Distrust of these roots is also removed as these roots will no longer be
> trus
On Tue, 15 Apr 2025 07:46:52 GMT, Alan Bateman wrote:
>> Hi, this is a proposal to fix 8352728.
>>
>> The main idea is to replace
>> [`java.nio.file.Path::toRealPath`](https://docs.oracle.com/en/java/javase/24/docs/api/java.base/java/nio/file/Path.html#toRealPath(java.nio.file.LinkOption...))
>
On Mon, 28 Apr 2025 22:34:24 GMT, Artur Barashev wrote:
>> Per TLSv1.3 RFC:
>>
>>
>>If no "signature_algorithms_cert" extension is
>>present, then the "signature_algorithms" extension also applies to
>>signatures appearing in certificates.
>>
>>
>> When no "signature_algorithms_ce
On Tue, 29 Apr 2025 21:51:00 GMT, Artur Barashev wrote:
>> The current key manager is SunX509, which is configured in the
>> java.security. The SunX509 algorithm does not check the local certificate.
>> The PKIX algorithm should be preferred now so that the default key manager
>> could be more
On Tue, 29 Apr 2025 21:44:26 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
The private key encoding formats of ML-KEM and ML-DSA are updated to match the
latest IERTF drafts at:
https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-08
and
https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-certificates-10.
New security/system properti
On Tue, 29 Apr 2025 21:44:26 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
> The private marshal() method in sun.security.util.Debug still contains code
> to parse "permission=" and "codebase=" options. These
> sub-options were part of the "access" option which was removed in JDK 24 as
> part of JEP 486, so this code can be removed.
Koushik Muthukrishnan Thirupattur h
On Tue, 29 Apr 2025 21:44:26 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
On Wed, 30 Apr 2025 10:19:54 GMT, Daniel Fuchs wrote:
>> Hi,
>>
>> Please find here a PR for the implementation of JEP [JDK-8291976: HTTP/3 for
>> the HTTP Client API](https://bugs.openjdk.org/browse/JDK-8291976).
>>
>> The CSR can be viewed at [JDK-8350588: Implement HTTP/3 for the HTTP Clien
> Provider is now added to the Security before the test
Mikhail Yankelevich has updated the pull request incrementally with one
additional commit since the last revision:
removed unneeded check
-
Changes:
- all: https://git.openjdk.org/jdk/pull/24750/files
- new: https://git.
On Tue, 29 Apr 2025 19:02:38 GMT, Sean Mullan wrote:
>> Mikhail Yankelevich has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> removed unneeded check
>
> test/jdk/sun/security/pkcs11/Serialize/SerializeProvider.java line 51:
>
>> 49:
>> 5
On Tue, 29 Apr 2025 21:44:26 GMT, Valerie Peng wrote:
>> This PR removes the internal JSSE HKDF impl and changes to use the KDF API
>> for the HKDF support from JCA/JCE providers.
>>
>> This is just code refactoring. Known-answer regression test for the internal
>> JSSE HKDF impl is removed as
> Provider is now added to the Security before the test
Mikhail Yankelevich has updated the pull request incrementally with one
additional commit since the last revision:
changed to check for null provider
-
Changes:
- all: https://git.openjdk.org/jdk/pull/24750/files
- new:
On Mon, 28 Apr 2025 22:34:24 GMT, Artur Barashev wrote:
>> Per TLSv1.3 RFC:
>>
>>
>>If no "signature_algorithms_cert" extension is
>>present, then the "signature_algorithms" extension also applies to
>>signatures appearing in certificates.
>>
>>
>> When no "signature_algorithms_ce
On Wed, 30 Apr 2025 13:01:45 GMT, Sean Coffey wrote:
>> The `javax.net.debug` TLS debug option is buggy since TLSv1.3 implementation
>> was introduced many years ago.
>>
>> Where "ssl" was previously a value to obtain all TLS debug traces (except
>> network type dumps, verbose data), it now pr
> The `javax.net.debug` TLS debug option is buggy since TLSv1.3 implementation
> was introduced many years ago.
>
> Where "ssl" was previously a value to obtain all TLS debug traces (except
> network type dumps, verbose data), it now prints only a few lines for a
> standard client TLS connectio
> The `javax.net.debug` TLS debug option is buggy since TLSv1.3 implementation
> was introduced many years ago.
>
> Where "ssl" was previously a value to obtain all TLS debug traces (except
> network type dumps, verbose data), it now prints only a few lines for a
> standard client TLS connectio
On Wed, 30 Apr 2025 03:21:19 GMT, Koushik Muthukrishnan Thirupattur
wrote:
>> The private marshal() method in sun.security.util.Debug still contains code
>> to parse "permission=" and "codebase=" options. These
>> sub-options were part of the "access" option which was removed in JDK 24 as
>>
> Hi,
>
> Please find here a PR for the implementation of JEP [JDK-8291976: HTTP/3 for
> the HTTP Client API](https://bugs.openjdk.org/browse/JDK-8291976).
>
> The CSR can be viewed at [JDK-8350588: Implement HTTP/3 for the HTTP Client
> API](https://bugs.openjdk.org/browse/JDK-8350588)
>
> Th
> By using the AVX-512 vector registers the speed of the computation of the
> ML-KEM algorithms (key generation, encapsulation, decapsulation) can be
> approximately doubled.
Ferenc Rakoczi has updated the pull request incrementally with one additional
commit since the last revision:
Removed
39 matches
Mail list logo
