On Tue, 6 Sep 2022 01:26:34 GMT, Bradford Wetmore wrote:
>> I remember the major problem was the auto-seeding before the first
>> `nextBytes` is called, and it could read `/dev/random`. Not sure it's for
>> SHA1PRNG or NativeRandom.
>
> SHA1PRNG, which is no longer the default on Linux. But so
On Thu, 25 Aug 2022 19:59:18 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/java/security/Security.java line 599:
>>
>>> 597: // Returns all installed providers
>>> 598: // if the selection criteria is null.
>>> 599: if ((keySet == null) || (allProviders == null)
On Mon, 29 Aug 2022 20:13:42 GMT, Valerie Peng wrote:
>> Existing provider filtering code only handles two standard attribute
>> "KeySize" and "ImplementedIn", the rest are compared by exact match. Over
>> time, more standard attributes are added which contain multiple values
>> separated by "
On Mon, 29 Aug 2022 20:13:42 GMT, Valerie Peng wrote:
>> Existing provider filtering code only handles two standard attribute
>> "KeySize" and "ImplementedIn", the rest are compared by exact match. Over
>> time, more standard attributes are added which contain multiple values
>> separated by "
On Mon, 29 Aug 2022 20:13:42 GMT, Valerie Peng wrote:
>> Existing provider filtering code only handles two standard attribute
>> "KeySize" and "ImplementedIn", the rest are compared by exact match. Over
>> time, more standard attributes are added which contain multiple values
>> separated by "
On Mon, 29 Aug 2022 20:13:42 GMT, Valerie Peng wrote:
>> Existing provider filtering code only handles two standard attribute
>> "KeySize" and "ImplementedIn", the rest are compared by exact match. Over
>> time, more standard attributes are added which contain multiple values
>> separated by "
On Mon, 29 Aug 2022 20:13:42 GMT, Valerie Peng wrote:
>> Existing provider filtering code only handles two standard attribute
>> "KeySize" and "ImplementedIn", the rest are compared by exact match. Over
>> time, more standard attributes are added which contain multiple values
>> separated by "
On Mon, 29 Aug 2022 20:13:42 GMT, Valerie Peng wrote:
>> Existing provider filtering code only handles two standard attribute
>> "KeySize" and "ImplementedIn", the rest are compared by exact match. Over
>> time, more standard attributes are added which contain multiple values
>> separated by "
On Fri, 2 Sep 2022 18:48:32 GMT, Mark Powers wrote:
>> https://bugs.openjdk.org/browse/JDK-8291509
>
> Mark Powers has updated the pull request incrementally with one additional
> commit since the last revision:
>
> white space
reviewed up to certpath dir.
src/java.base/share/classes/sun/se
On Tue, 6 Sep 2022 16:59:38 GMT, Sean Mullan wrote:
>> Mark Powers has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> white space
>
> src/java.base/share/classes/sun/security/provider/PolicyParser.java line 1180:
>
>> 1178:
On Fri, 2 Sep 2022 01:02:26 GMT, Mark Powers wrote:
>> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 183:
>>
>>> 181: private List weakWarnings = new ArrayList<>();
>>> 182:
>>> 183: private Set trustedCerts = new HashSet<>();
>>
>> Put all these `final`s in one
On Fri, 2 Sep 2022 04:16:04 GMT, Mark Powers wrote:
>> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 3534:
>>
>>> 3532: Object[] source = {alias};
>>> 3533: if (otherKeyPass != null) {
>>> 3534: System.err.println(form.format(source
On Mon, 5 Sep 2022 09:29:49 GMT, Daniel Jeliński wrote:
> This patch enables SignTwice test to complete faster on Windows machines.
>
> The test starts `keytool` and `jarsigner` a number of times, passing
> `-J-Djava.security.egd=file:/dev/./urandom` to the started process,
> presumably to avo
On Tue, 6 Sep 2022 09:21:33 GMT, Daniel Jeliński wrote:
>> SHA1PRNG, which is no longer the default on Linux. But some apps are still
>> asking for SHA1PRNG instead of using the default NativePRNG on Linux.
>
> FWIW, NativePRNGBlocking ignores java.security.egd and always uses
> `/dev/random`.
On Tue, 6 Sep 2022 19:05:40 GMT, Bradford Wetmore wrote:
>> FWIW, NativePRNGBlocking ignores java.security.egd and always uses
>> `/dev/random`.
>>
>> I'd rather not clean up all references to EGD here. Filed
>> [JDK-8293412](https://bugs.openjdk.org/browse/JDK-8293412) as a follow up.
>
> So
On Thu, 1 Sep 2022 17:28:40 GMT, zzambers wrote:
> There is a race condition in JDK's SessionManager, which can lead to random
> exceptions.
>
> **Exception:**
>
> javax.net.ssl.SSLException: Internal error: close session with active objects
> at java.base/sun.security.ssl.Alert.createSS
On Tue, 6 Sep 2022 17:53:32 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/sun/security/provider/PolicyParser.java line
>> 1180:
>>
>>> 1178: // and then in a java string, it's escaped again
>>> 1179:
>>> 1180: out.print(name.replaceAll("",
>>> "\\\
On Thu, 1 Sep 2022 17:28:40 GMT, zzambers wrote:
> There is a race condition in JDK's SessionManager, which can lead to random
> exceptions.
>
> **Exception:**
>
> javax.net.ssl.SSLException: Internal error: close session with active objects
> at java.base/sun.security.ssl.Alert.createSS
On Fri, 2 Sep 2022 18:48:32 GMT, Mark Powers wrote:
>> https://bugs.openjdk.org/browse/JDK-8291509
>
> Mark Powers has updated the pull request incrementally with one additional
> commit since the last revision:
>
> white space
some more comments ... mostly minor stuff.
src/java.base/share/
On Tue, 6 Sep 2022 20:36:27 GMT, Sean Mullan wrote:
>> My understanding: In regex, there is no need to escape `"`, so `"` is the
>> same as `"`.
>
> Ok,but the regex is `"\\""`, so shouldn't it keep the double-backslash at the
> beginning (`\`)?, i.e.:
>
> `...replaceAll("\"", "\\""));`
T
On Tue, 6 Sep 2022 21:02:50 GMT, Valerie Peng wrote:
>> There is a race condition in JDK's SessionManager, which can lead to random
>> exceptions.
>>
>> **Exception:**
>>
>> javax.net.ssl.SSLException: Internal error: close session with active objects
>> at java.base/sun.security.ssl.Aler
On Tue, 6 Sep 2022 16:24:01 GMT, Sean Mullan wrote:
>> Mark Powers has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> white space
>
> src/java.base/share/classes/sun/security/provider/AbstractDrbg.java line 81:
>
>> 79: * does not nee
On Tue, 6 Sep 2022 22:16:57 GMT, zzambers wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SessionManager.java
>> line 210:
>>
>>> 208: return;
>>> 209: }
>>> 210: releaseSession(session);
>>
>> With the described race condition, have you tried fi
On Thu, 1 Sep 2022 17:28:40 GMT, zzambers wrote:
> There is a race condition in JDK's SessionManager, which can lead to random
> exceptions.
>
> **Exception:**
>
> javax.net.ssl.SSLException: Internal error: close session with active objects
> at java.base/sun.security.ssl.Alert.createSS
On Tue, 6 Sep 2022 20:25:13 GMT, Valerie Peng wrote:
>> There is a race condition in JDK's SessionManager, which can lead to random
>> exceptions.
>>
>> **Exception:**
>>
>> javax.net.ssl.SSLException: Internal error: close session with active objects
>> at java.base/sun.security.ssl.Aler
On Tue, 6 Sep 2022 14:10:16 GMT, Weijun Wang wrote:
>> Both may be null as their javadoc didn't state explicitly what is returned.
>> This is existing code and it returns null upon empty keySet which I keep the
>> same behavior.
>> Perhaps for consistency sake, it should also check for the empt
On Tue, 6 Sep 2022 14:16:28 GMT, Weijun Wang wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> more refactoring.
>
> src/java.base/share/classes/java/security/Security.java line 613:
>
>> 611: // For each se
On Tue, 6 Sep 2022 14:24:43 GMT, Weijun Wang wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> more refactoring.
>
> src/java.base/share/classes/java/security/Security.java line 861:
>
>> 859: // check r
On Tue, 6 Sep 2022 22:37:21 GMT, Mark Powers wrote:
>> src/java.base/share/classes/sun/security/provider/certpath/CertId.java line
>> 226:
>>
>>> 224: "\nissuerKeyHash: \n" +
>>> 225: encoder.encode(issuerKeyHash) +
>>> 226: "\n" + certSerialNumbe
> There is a race condition in JDK's SessionManager, which can lead to random
> exceptions.
>
> **Exception:**
>
> javax.net.ssl.SSLException: Internal error: close session with active objects
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
> at
> java.base/
On Tue, 6 Sep 2022 14:36:57 GMT, Weijun Wang wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> more refactoring.
>
> src/java.base/share/classes/java/security/Security.java line 919:
>
>> 917: }
>> 918:
>> 919:
On Tue, 6 Sep 2022 14:40:42 GMT, Weijun Wang wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> more refactoring.
>
> test/jdk/java/security/Security/ProviderFiltering.java line 108:
>
>> 106: doit(key + ":"
On Tue, 6 Sep 2022 23:17:55 GMT, Valerie Peng wrote:
>> Sorry, I re-read and maybe the original check is better. If both `keySet`
>> and `allProviders` are empty, then empty is returned. According to the spec,
>> it should be null.
>>
>> I still don't think either of them can be null, but addi
On Tue, 9 Aug 2022 15:30:57 GMT, Xue-Lei Andrew Fan wrote:
>> This update is to support key exchange named groups customization for
>> individual (D)TLS connection. Please review the CSR as well:
>> CSR: https://bugs.openjdk.org/browse/JDK-8291950
>> RFE: https://bugs.openjdk.org/browse/JDK-8281
On Mon, 5 Sep 2022 09:29:49 GMT, Daniel Jeliński wrote:
> This patch enables SignTwice test to complete faster on Windows machines.
>
> The test starts `keytool` and `jarsigner` a number of times, passing
> `-J-Djava.security.egd=file:/dev/./urandom` to the started process,
> presumably to avo
On Tue, 30 Aug 2022 07:10:36 GMT, Andrey Turbanov wrote:
> After integration of
> [JDK-8259021](https://bugs.openjdk.org/browse/JDK-8259021) a few more fields
> were added to `SharedSecrets` class. It make sense to update their reading
> code to use the same idiom.
This pull request has now b
36 matches
Mail list logo
