On Tue, 1 Apr 2025 21:41:57 GMT, Sergey Kuksenko wrote:
> Update crypto microbenchmarks to cover ML-DSA, ML-KEM, and HSS algorithms.
test/micro/org/openjdk/bench/javax/crypto/full/KEMBench.java line 69:
> 67: @OperationsPerInvocation(SET_SIZE)
> 68: public void encapsulate(Blackhole bh)
On Thu, 27 Mar 2025 19:13:59 GMT, Volodymyr Paprotski
wrote:
>> Add AVX2 montgomery multiplication intrinsic. (About 60-80% gain)
>>
>> Also add reduction to existing AVX512 multiplication (this was left-over
>> from https://github.com/openjdk/jdk/pull/19893 where a quick fix was
>> required)
On Thu, 6 Mar 2025 10:46:11 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Enhanced exception messages are designed to hide sensitive information such
>> as hostnames, IP
>> addresses from exception message strings, unless the enhanced mode for the
>> specific category
>> has been explicitly enabl
On Wed, 18 Dec 2024 21:07:14 GMT, Roger Riggs wrote:
>> SM Cleanup of common test library test/lib/...:
>>
>> Remove unnecessary catches of SecurityException
>> Remove AccessController and doPrivileged from SimpleSSLContext and
>> ProcessTools.
>
> Roger Riggs has updated the pull request incre
On Tue, 19 Nov 2024 20:43:25 GMT, Sean Mullan wrote:
> Now that JEP 486 has been integrated, `java.security.jgss` and
> `jdk.security.jgss` module dependencies on `System.getSecurityManager` and
> `AccessController.doPrivileged*` can be removed.
>
> There is an undocumented property named "sun
On Fri, 1 Nov 2024 12:15:36 GMT, Andrey Turbanov wrote:
> The field `sun.security.rsa.RSAPSSSignature#DIGEST_LENGTHS` is modified only
> in ``. It means we can use Immutable Map instead of Hashtable.
> Hashtable is legacy synchronized class, which have `synchronized` on its
>
The field `sun.security.rsa.RSAPSSSignature#DIGEST_LENGTHS` is modified only in
``. It means we can use Immutable Map instead of Hashtable.
Hashtable is legacy synchronized class, which have `synchronized` on its `get`
method. It's not needed in our case.
-
Commit messages:
- [PATC
On Tue, 29 Oct 2024 08:15:58 GMT, Andrey Turbanov wrote:
> `Hashtable` doesn't allow `null` values.
> It means we can replace containsKey+get with get+null check.
> It's clearer and a bit faster.
This pull request has now been integrated.
Changeset: f77a5144
Author:A
`Hashtable` doesn't allow `null` values.
It means we can replace containsKey+get with get+null check.
It's clearer and a bit faster.
-
Commit messages:
- [PATCH] Avoid redundant Hashtable.containsKey call in CodeSource.readObject
Changes: https://git.openjdk.org/jdk/pull/21753/files
On Thu, 24 Oct 2024 13:52:57 GMT, Claes Redestad wrote:
> Many OpenJDK micros use `@Fork(jvmArgs/-Append/-Prepend)` to add JVM
> reasonable or necessary flags, but when deploying and running micros we often
> want to add or replace flags to tune to the machine, test different GCs, etc.
> The i
On Wed, 16 Oct 2024 18:47:44 GMT, Matthew Donovan wrote:
> In this PR, I removed hard-coded security providers and replaced them with a
> system property, test.provider.name. If the property is not specified, the
> provider originally used in the test is used:
>
> Cipher c = Cipher.getInstance
On Tue, 15 Oct 2024 18:41:59 GMT, Ben Perez wrote:
>> Java implementation of ML-DSA, the FIPS 204 post-quantum signature scheme
>> https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf. Depends on
>> https://github.com/openjdk/jdk/pull/21167
>
> Ben Perez has updated the pull request increme
On Tue, 27 Aug 2024 12:35:24 GMT, Ferenc Rakoczi wrote:
>> In preparation for the new PQC algorithms implementations, internal XOF
>> (eXtendable Output Function) methods are added to the SHAKE128 and SHAKE256
>> implementations.
>
> Ferenc Rakoczi has updated the pull request incrementally wit
On Fri, 28 Jun 2024 12:39:32 GMT, Claes Redestad wrote:
>> This PR attains a speed-up on some microbenchmarks by simplifying how we
>> build up the MH combinator tree shape
>> (only use prependers with prefix, always add a suffix to the newArray
>> combinator), then simplifying/inlining some of
On Wed, 29 May 2024 18:53:55 GMT, Anthony Scarpino
wrote:
> Hi
>
> This change is to improve TLS 1.3 session resumption by allowing a TLS server
> to send more than one resumption ticket per connection and clients to store
> more. Resumption is a quick way to use an existing TLS session to e
On Wed, 12 Jun 2024 14:08:43 GMT, Ferenc Rakoczi wrote:
>> This PR removes some unnecessary conversions between byte arrays and long
>> arrays during SHA3 digest computations.
>
> Ferenc Rakoczi has updated the pull request incrementally with one additional
> commit since the last revision:
>
On Thu, 21 Mar 2024 17:13:46 GMT, Bill Huang wrote:
>> This task addresses an essential aspect of our testing infrastructure: the
>> proper handling and cleanup of temporary files and socket files created
>> during test execution. The motivation behind these changes is to prevent the
>> accumu
On Thu, 7 Mar 2024 16:53:05 GMT, Korov wrote:
>> src/java.base/share/classes/java/net/SocketPermission.java line 305:
>>
>>> 303: private void setDeny() {
>>> 304: defaultDeny = true;
>>> 305: }
>>
>> This method is used in internal whitebox tests - please revert this change
>
>
On Sat, 2 Mar 2024 13:51:04 GMT, Korov wrote:
>> Removing unused parameter `defval` in `SocketPermission.initEphemeralPorts`,
>> so the variable `PRIV_PORT_MAX` and `DEF_EPH_LOW` unused too.
>>
>> Removing unused parameter `cname` in `SocketPermission.authorizedIPv4` and
>> `SocketPermission.a
On Fri, 1 Mar 2024 17:35:35 GMT, Korov wrote:
> Removing unused parameter `defval` in `SocketPermission.initEphemeralPorts`,
> so the variable `PRIV_PORT_MAX` and `DEF_EPH_LOW` unused too.
>
> Removing unused parameter `cname` in `SocketPermission.authorizedIPv4` and
> `SocketPermission.author
On Fri, 9 Feb 2024 11:38:07 GMT, Darragh Clarke wrote:
> Currently these tests ignore vm flags, In most cases I've updated them to use
> `ProcessTools.createTestJavaProcessBuilder` this usually required some
> cleanup also.
>
> `test/jdk/java/net/ServerSocket/AcceptCauseFileDescriptorLeak.java
On Fri, 20 Oct 2023 02:29:15 GMT, Chen Liang wrote:
>> Please review a patch that renames `JavaLangAccess::xxNoRepl` to
>> `xxReportError` to explicitly indicate these APIs report encoding errors.
>>
>> The old "NoRepl" suffix presumably means "No Replacement", but it has been
>> misunderstood
On Mon, 16 Oct 2023 16:23:13 GMT, Weijun Wang wrote:
>> Remove most `System.exit()` calls in various security tools and only leave
>> one in the `main` method. This paves the way to convert them to JSR 199
>> tools.
>>
>> Note: before this change, the behavior of a successful `main()` method
On Thu, 24 Aug 2023 08:53:53 GMT, Andrey Turbanov wrote:
> A few classes in `com.sun.crypto.provider` package have non-final fields
> which could easily be marked `final`.
This pull request has now been integrated.
Changeset: 4e77b3c3
Author:Andrey Turbanov
URL:
On Wed, 18 Oct 2023 06:28:01 GMT, Andrey Turbanov wrote:
>> A few classes in `com.sun.crypto.provider` package have non-final fields
>> which could easily be marked `final`.
>
> Andrey Turbanov has updated the pull request with a new target base due to a
> merge or a reb
> A few classes in `com.sun.crypto.provider` package have non-final fields
> which could easily be marked `final`.
Andrey Turbanov has updated the pull request with a new target base due to a
merge or a rebase. The pull request now contains four commits:
- Merge remote-tracking branch &
On Fri, 13 Oct 2023 21:57:21 GMT, Weijun Wang wrote:
>> Remove most `System.exit()` calls in various security tools and only leave
>> one in the `main` method. This paves the way to convert them to JSR 199
>> tools.
>>
>> Note: before this change, the behavior of a successful `main()` method
> A few classes in `com.sun.crypto.provider` package have non-final fields
> which could easily be marked `final`.
Andrey Turbanov has updated the pull request with a new target base due to a
merge or a rebase. The pull request now contains three commits:
- Merge remote-tracking
On Tue, 10 Oct 2023 04:17:47 GMT, Valerie Peng wrote:
>> A few classes in `com.sun.crypto.provider` package have non-final fields
>> which could easily be marked `final`.
>
> src/java.base/share/classes/com/sun/crypto/provider/EncryptedPrivateKeyInfo.java
> line 1:
>
>> 1: /*
>
> Hmm, there i
On Mon, 11 Sep 2023 04:00:34 GMT, 温绍锦 wrote:
>> Some codes in core libs are duplicated, including:
>> java.util.DecimalDigits::DIGITS -> java.lang.StringLatin1.PACKED_DIGITS
>> java.util.DecimalDigits::size -> java.lang.Long.stringSize
>>
>> We can reduce duplication through JavaLangAccess, whic
A few classes in `com.sun.crypto.provider` package have non-final fields which
could easily be marked `final`.
-
Commit messages:
- [PATCH]: Make fields final in com.sun.crypto.provider package
Changes: https://git.openjdk.org/jdk/pull/15412/files
Webrev: https://webrevs.openjdk.o
On Wed, 5 Jul 2023 20:25:26 GMT, Kevin Driver wrote:
> JDK-8295068: an NPE is thrown when an invalid `id` is found to match up a
> `ClientCertificateType`; rather than throwing the `NPE`, we now throw an
> `IllegalArgumentException`. This does not seem to be a scenario where
> recovery is poss
On Thu, 8 Jun 2023 14:25:26 GMT, Matthew Donovan wrote:
> This PR improves the reliability of the BlockedAsyncClose test by addressing
> an edge case/race condition between the two test threads. The purpose of the
> test is to verify that an SSLSocket can be closed if a thread is blocked in a
On Fri, 9 Jun 2023 13:54:14 GMT, Sean Coffey wrote:
> New functionality in the -XshowSettings menu to display relevant information
> about JDK security configuration
src/java.base/share/classes/sun/launcher/LauncherHelper.java line 330:
> 328: if (arg.toLowerCase(Locale.ROOT).equals("p
On Wed, 17 May 2023 20:01:26 GMT, Ferenc Rakoczi wrote:
>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC
>> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with
>> SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has updated the pull request
On Wed, 17 May 2023 20:01:26 GMT, Ferenc Rakoczi wrote:
>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC
>> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with
>> SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has updated the pull request
On Thu, 13 Apr 2023 16:05:29 GMT, Kevin Driver wrote:
>> All known implementors of this interface were removed in
>> [JDK-8029886](https://bugs.openjdk.org/browse/JDK-8029886).
>
> Kevin Driver has refreshed the contents of this pull request, and previous
> commits have been removed. The increm
On Wed, 5 Apr 2023 15:48:02 GMT, Roger Riggs wrote:
>> With the addition of `jdk.internal.util.OperatingSystem` references to the
>> system property `os.name` can be replaced.
>> This PR exports jdk.internal.util to:
>> - java.prefs,
>> - java.security.jgss,
>> - java.smartcardio,
>> - jdk.c
On Wed, 8 Mar 2023 19:10:11 GMT, Andrey Turbanov wrote:
> java.util.Enumeration is a legacy interface from java 1.0.
> There is couple of places with cycles which use it to iterate over
> collections. We can replace this manual cycle with enchanced-for, which is
> shorter and ea
java.util.Enumeration is a legacy interface from java 1.0.
There is couple of places with cycles which use it to iterate over collections.
We can replace this manual cycle with enchanced-for, which is shorter and
easier to read.
-
Commit messages:
- [PATCH] Use enhanced-for cycle i
On Wed, 25 Jan 2023 17:38:13 GMT, Eirik Bjorsnos wrote:
> This PR resurrects VerifySignedJar which currently tests nothing.
>
> VerifySignedJar currently verifies a binary JAR which was signed with SHA-1
> back in April 2000. Because SHA-1 signed JARs has been disabled for a while,
> the JAR i
On Tue, 17 Jan 2023 23:08:10 GMT, Eirik Bjorsnos wrote:
>> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to
>> read.
>>
>> Some changes are made in the choice of algorithms and naming. The intent
>> here is to reduce confusion and make the purpose of the test clearer
On Sat, 3 Dec 2022 19:18:48 GMT, Naoto Sato wrote:
>> This is to allow Console to be used even when it is not attached to the
>> platform provided terminal, such as the case when the standard input is
>> redirected. `System.console()` now returns a Console implementation based on
>> `jdk.inter
On Sun, 27 Nov 2022 13:21:25 GMT, Andrey Turbanov wrote:
> java.util.Enumeration is a legacy interface from java 1.0.
> There are a few places with cycles which use it to iterate over collections.
> We can replace this manual cycle with enchanced-for, which is shorter and
> ea
On Tue, 1 Nov 2022 13:34:40 GMT, Weijun Wang wrote:
> This code change removes `getElements()` and `delete()` from `CertAttrSet`
> and all its subclasses. The `getName()` method is moved to `s.s.x.Extension`
> since it's only useful there.
>
> Except for removing lines, the only place where re
java.util.Enumeration is a legacy interface from java 1.0.
There are a few places with cycles which use it to iterate over collections. We
can replace this manual cycle with enchanced-for, which is shorter and easier
to read.
sun.security.jgss.ProviderList#addAllMechsFromProvider
sun.security.jg
On Thu, 24 Nov 2022 08:24:37 GMT, Per Minborg wrote:
> During the work of another PR (https://github.com/openjdk/jdk/pull/11260),
> several improvement areas were identified. These are now adressed in this
> separate PR proposing the use of more modern Java constructs as well as
> simplifying
On Wed, 23 Nov 2022 23:39:03 GMT, Valerie Peng wrote:
> This RFE enhances existing PBE algorithms with the "SHA512/224" and
> "SHA512/256" support.
> Current transformation parsing in javax.crypto.Cipher class is re-written to
> handle the additional "/" in the "SHA512/224" and "SHA512/256" al
On Mon, 7 Nov 2022 16:54:32 GMT, Andrey Turbanov wrote:
> java.util.Enumeration is a legacy interface from java 1.0.
> There are a few places with cycles which use it to iterate over collections.
> We can replace this manual cycle with enchanced-for, which is shorter and
> ea
On Wed, 16 Nov 2022 02:00:23 GMT, Bradford Wetmore wrote:
>> java.util.Enumeration is a legacy interface from java 1.0.
>> There are a few places with cycles which use it to iterate over collections.
>> We can replace this manual cycle with enchanced-for, which is shorter and
>> easier to read.
On Mon, 7 Nov 2022 05:55:18 GMT, Johannes Waigel wrote:
> The `PCSCException` is thrown, but the error type is not visible due to the
> "private-packe" access rule.
> By changing the visibility it is possible to handle / access this exception
> type explicitly in the catch.
src/java.smartcardi
On Tue, 15 Nov 2022 02:50:10 GMT, Weijun Wang wrote:
>> Instead if creating an "unsigned" `X509CertImpl` with only an `X509CertInfo`
>> inside, a new static method `signNew` is introduced to create a newly signed
>> certificate from an `X509CertInfo` object and a `PrivateKey`. Thus make sure
>
On Tue, 15 Nov 2022 16:07:37 GMT, Weijun Wang wrote:
>> java.util.Enumeration is a legacy interface from java 1.0.
>> There are a few places with cycles which use it to iterate over collections.
>> We can replace this manual cycle with enchanced-for, which is shorter and
>> easier to read.
>
>
java.util.Enumeration is a legacy interface from java 1.0.
There are a few places with cycles which use it to iterate over collections. We
can replace this manual cycle with enchanced-for, which is shorter and easier
to read.
-
Commit messages:
- 8297074: Use enhanced-for cycle ins
On Wed, 9 Nov 2022 20:15:57 GMT, Xubo Zhang wrote:
> NativePRNG SecureRandom doesn’t scale with number of threads. The performance
> starts dropping as we increase the number of threads. Even going from 1
> thread to 2 threads shows significant drop. The bottleneck is the singleton
> RandomIO
On Mon, 17 Oct 2022 21:50:08 GMT, Andrey Turbanov wrote:
> java.util.Enumeration is a legacy interface from java 1.0.
> There are a few places with cycles which use it to iterate over collections.
> We can replace this manual cycle with enchanced-for, which is shorter and
> ea
On Fri, 4 Nov 2022 15:53:50 GMT, Weijun Wang wrote:
>> The major change is to remove the `get` and `set` methods in various
>> `CertAttrSet` child classes and change them to `setXyz` and `getXyz`
>> methods. The `Xyz` words might come from the field name or the attribute
>> name. For example,
On Wed, 26 Oct 2022 16:00:56 GMT, Daniel Fuchs wrote:
> Deprecate URL constructors. Developers are encouraged to use `java.net.URI`
> to parse or construct any URL.
>
> The `java.net.URL` class does not itself encode or decode any URL components
> according to the escaping mechanism defined in
On Tue, 18 Oct 2022 17:43:53 GMT, Weijun Wang wrote:
>> java.util.Enumeration is a legacy interface from java 1.0.
>> There are a few places with cycles which use it to iterate over collections.
>> We can replace this manual cycle with enchanced-for, which is shorter and
>> easier to read.
>
>
java.util.Enumeration is a legacy interface from java 1.0.
There are a few places with cycles which use it to iterate over collections. We
can replace this manual cycle with enchanced-for, which is shorter and easier
to read.
-
Commit messages:
- [PATCH] Use enhanced-for cycle inst
On Mon, 26 Sep 2022 13:45:45 GMT, Sean Coffey wrote:
> By moving the JFR event up to the java.security.cert.CertificateFactory
> class, we can record all generate cert events, including those from 3rd party
> providers. I've also altered the logic so that an event is genertate for
> every gene
On Mon, 10 Oct 2022 19:23:51 GMT, Sean Coffey wrote:
>> New JFR event to record state of initial security properties.
>>
>> Debug output is also now added for these properties via
>> -Djava.security.debug=properties
>
> Sean Coffey has updated the pull request incrementally with one additional
On Mon, 3 Oct 2022 10:30:54 GMT, Sean Coffey wrote:
>> New JFR event to record state of initial security properties.
>>
>> Debug output is also now added for these properties via
>> -Djava.security.debug=properties
>
> Sean Coffey has updated the pull request incrementally with one additional
On Tue, 30 Aug 2022 07:10:36 GMT, Andrey Turbanov wrote:
> After integration of
> [JDK-8259021](https://bugs.openjdk.org/browse/JDK-8259021) a few more fields
> were added to `SharedSecrets` class. It make sense to update their reading
> code to use the same idiom.
This pull req
After integration of [JDK-8259021](https://bugs.openjdk.org/browse/JDK-8259021)
a few more fields were added to `SharedSecrets` class. It make sense to update
their reading code to use the same idiom.
-
Commit messages:
- [PATCH] SharedSecrets should avoid double racy reads from no
On Thu, 23 Jun 2022 19:32:44 GMT, Andrey Turbanov wrote:
> Use `InputStream.readAllBytes` instead of manually written method.
>
> Skipped this method in
> [JDK-8080272](https://bugs.openjdk.org/browse/JDK-8080272)
This pull request has now been integrated.
Changeset: 0ca
On Thu, 23 Jun 2022 19:32:44 GMT, Andrey Turbanov wrote:
> Use `InputStream.readAllBytes` instead of manually written method.
>
> Skipped this method in
> [JDK-8080272](https://bugs.openjdk.org/browse/JDK-8080272)
I think we need approve from security team.
@seanjmullan @wang
On Thu, 21 Jul 2022 15:37:40 GMT, Сергей Цыпанов wrote:
> We can use `InputStream.readAllBytes()` in `ModuleHashes` and `X509CertPath`.
Ow. I've created similar PR for `X509CertPath` recently #9263
-
PR: https://git.openjdk.org/jdk/pull/9596
On Wed, 13 Jul 2022 17:42:18 GMT, Сергей Цыпанов wrote:
>> We can skip bounds check and null check for Charset in case we use the array
>> entirely and the Charset is either default one or proven to be non-null.
>>
>> Benchmark results:
>>
>> before
>>
>> Benchmark
On Fri, 24 Jun 2022 18:27:05 GMT, Andrey Turbanov wrote:
> Update code checks both non-null and instance of a class in security classes.
> The checks and explicit casts could also be replaced with pattern matching
> for the instanceof operator.
>
> See similar cleanup in java
On Sun, 3 Jul 2022 20:17:07 GMT, Attila Szegedi wrote:
>> Update code checks both non-null and instance of a class in security classes.
>> The checks and explicit casts could also be replaced with pattern matching
>> for the instanceof operator.
>>
>> See similar cleanup in java.base -
>> [JDK
Use `InputStream.readAllBytes` instead of manually written method.
-
Commit messages:
- [PATCH] Refactor I/O stream copying to use InputStream.readAllBytes in
X509CertPath
Changes: https://git.openjdk.org/jdk/pull/9263/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=9263&ra
Update code checks both non-null and instance of a class in security classes.
The checks and explicit casts could also be replaced with pattern matching for
the instanceof operator.
See similar cleanup in java.base -
[JDK-8258422](https://bugs.openjdk.java.net/browse/JDK-8258422)
-
On Sat, 30 Apr 2022 16:43:32 GMT, Andrey Turbanov wrote:
> Instead of pair `TreeMap.containsKey`/`TreeMap.put` method calls, we can use
> single call `TreeMap.putIfAbsent` and check result for nullness.
> Only non-null values are put into `Map domainEntries`.
> https://urldefense.co
74 matches
Mail list logo
