On Tue, 8 Nov 2022 16:16:53 GMT, Matthias Baesken wrote:
>> The java/security/Exceptions/ChainingConstructors jdk jtreg test shows quite
>> a lot of code duplication. The test code can be simplified e.g. by using
>> generics. Additionally the test failure output was improved and a test for
>>
On Tue, 8 Nov 2022 12:03:06 GMT, Erik Gahlin wrote:
> Could I have a review of PR that fixes so unsigned numbers are printed
> correctly in the jfr tool.
>
> Testing:
> test/jdk/jdk/jfr
> test/jdk/jdk/security/logging/
>
> Thanks
> Erik
Marked as reviewed by coffeys (Reviewer).
LGTM
---
On Wed, 9 Nov 2022 08:12:33 GMT, Matthias Baesken wrote:
> Mark and Sean, thanks for the reviews ! Do I need another review ? Best
> regards, Matthias
No, you can integrate now.
-
PR: https://git.openjdk.org/jdk/pull/11016
On Tue, 8 Nov 2022 12:03:06 GMT, Erik Gahlin wrote:
> Could I have a review of PR that fixes so unsigned numbers are printed
> correctly in the jfr tool.
>
> Testing:
> test/jdk/jdk/jfr
> test/jdk/jdk/security/logging/
>
> Thanks
> Erik
Marked as reviewed by mgronlun (Reviewer).
On Mon, 7 Nov 2022 12:49:21 GMT, Matthias Baesken wrote:
> The java/security/Exceptions/ChainingConstructors jdk jtreg test shows quite
> a lot of code duplication. The test code can be simplified e.g. by using
> generics. Additionally the test failure output was improved and a test for
> the
On Thu, 13 Oct 2022 18:15:30 GMT, Xue-Lei Andrew Fan wrote:
>> Hi,
>>
>> May I have this update reviewed? With this update, the result will be
>> reduced if required in EC limbs operations in the JDK implementation.
>>
>> In the current implementation, the EC limbs addition and subtraction re
> By moving the JFR event up to the java.security.cert.CertificateFactory
> class, we can record all generate cert events, including those from 3rd party
> providers. I've also altered the logic so that an event is genertate for
> every generate cert call (not just ones missing from the JDK prov
On Tue, 8 Nov 2022 23:21:58 GMT, Volodymyr Paprotski wrote:
>> Handcrafted x86_64 asm for Poly1305. Main optimization is to process 16
>> message blocks at a time. For more details, left a lot of comments in
>> `macroAssembler_x86_poly.cpp`.
>>
>> - Added new KAT test for Poly1305 and a fuzz t
On Wed, 9 Nov 2022 16:01:33 GMT, Weijun Wang wrote:
> The NSS tests do not work fine on linux-aarch64 now. Disable them at the
> moment.
I guess it's not possible to ProblemList an OS/arch combo?
test/jdk/sun/security/pkcs11/PKCS11Test.java line 703:
> 701: "/usr/lib/arm-linux
On Wed, 9 Nov 2022 16:09:36 GMT, Sean Mullan wrote:
> I guess it's not possible to ProblemList an OS/arch combo?
Yes, we can, but there are quite a lot of tests failing here.
-
PR: https://git.openjdk.org/jdk/pull/11063
> The NSS tests do not work fine on linux-aarch64 now. Disable them at the
> moment.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
add comment
-
Changes:
- all: https://git.openjdk.org/jdk/pull/11063/files
- new: h
On Wed, 9 Nov 2022 16:11:28 GMT, Sean Mullan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> add comment
>
> test/jdk/sun/security/pkcs11/PKCS11Test.java line 703:
>
>> 701: "/usr/lib/arm-linux-gnue
On Wed, 9 Nov 2022 16:15:30 GMT, Weijun Wang wrote:
> > I guess it's not possible to ProblemList an OS/arch combo?
>
> Yes, we can, but there are quite a lot of tests failing here.
Seems fine then.
-
PR: https://git.openjdk.org/jdk/pull/11063
On Wed, 9 Nov 2022 16:01:33 GMT, Weijun Wang wrote:
> The NSS tests do not work fine on linux-aarch64 now. Disable them at the
> moment.
Thumbs up. This is a trivial fix.
Do we know if these tests will also fail on linux-x64 OL9?
-
Marked as reviewed by dcubed (Reviewer).
PR: ht
On Wed, 9 Nov 2022 14:27:26 GMT, Ferenc Rakoczi wrote:
> The way I see it is this: as limbs are 64-bit wide, the only place where they
> can possibly overflow (during the computations they are used for) is the
> multiplication (including multiply by int and squaring). So I would first try
> to
On Wed, 9 Nov 2022 16:24:21 GMT, Weijun Wang wrote:
>> The NSS tests do not work fine on linux-aarch64 now. Disable them at the
>> moment.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> add comment
Bug needs `noreg-self`
On Wed, 9 Nov 2022 16:01:33 GMT, Weijun Wang wrote:
> The NSS tests do not work fine on linux-aarch64 now. Disable them at the
> moment.
This pull request has now been integrated.
Changeset: fa8a8668
Author:Weijun Wang
URL:
https://git.openjdk.org/jdk/commit/fa8a8668a6656046d713a6b
On Tue, 8 Nov 2022 16:22:55 GMT, Sean Mullan wrote:
> >
>
> My vote would be to leave it out. `keytool` already emits warnings when weak
> algorithms are used. It seems we both agree that few users, will likely
> enable JFR on `keytool`. We could always add these events later, but it is
> ha
On Tue, 8 Nov 2022 21:39:03 GMT, Mikhailo Seledtsov
wrote:
> Trivial change, updated jdk problem list.
The `java/security/cert/pkix/policyChanges/TestPolicy.java` and
`java/security/cert/CertPathBuilder/targetConstraints/BuildEEBasicConstraints.java`
test failures are already fixed. There is
The NSS tests do not work fine on linux-aarch64 now. Disable them at the moment.
-
Commit messages:
- the fix
Changes: https://git.openjdk.org/jdk/pull/11063/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11063&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8296675
Trivial change, updated jdk problem list.
-
Commit messages:
- Using linux-all since the same issue on aarch64
- 8296611: Problemlist several sun/security and java/security tests until
JDK-8295343 is resolved
Changes: https://git.openjdk.org/jdk/pull/11045/files
Webrev: https://w
On Wed, 9 Nov 2022 16:03:16 GMT, Daniel D. Daugherty wrote:
> Do we know if these tests will also fail on linux-x64 OL9?
For linux-x64, we use libraries from the artifact server and they succeed on
OL9.
-
PR: https://git.openjdk.org/jdk/pull/11063
On Tue, 8 Nov 2022 21:39:03 GMT, Mikhailo Seledtsov
wrote:
> Trivial change, updated jdk problem list.
@dcubed-ojdk Dan, could you please review this problem listing change ?
-
PR: https://git.openjdk.org/jdk/pull/11045
On Tue, 8 Nov 2022 21:39:03 GMT, Mikhailo Seledtsov
wrote:
> Trivial change, updated jdk problem list.
Thanks Sean. I will remove the fixed tests from the list.
-
PR: https://git.openjdk.org/jdk/pull/11045
On Fri, 16 Sep 2022 00:27:55 GMT, Xue-Lei Andrew Fan wrote:
> Hi,
>
> Please review this simple fix for readability.
>
> In the AES cipher implementation, the AESCipher class is defined as abstract.
> As is not necessary as there is no abstract method in this class. Code
> reader may try to
On Wed, 9 Nov 2022 00:10:48 GMT, Vladimir Ivanov wrote:
>> Volodymyr Paprotski has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> fix 32-bit build
>
> src/hotspot/share/opto/library_call.cpp line 7014:
>
>> 7012: const TypeKlassPtr* rkla
On Tue, 8 Nov 2022 18:38:59 GMT, Xue-Lei Andrew Fan wrote:
> Hi,
>
> May I have the micro-benchmark code reviewed for EC signature algorithms?
> The benchmarking now is focused on EC algorithms, more algorithms (e.g.,
> RSA/PSS based) may be added later if needed.
>
> Thanks,
> Xuelei
This
> Trivial change, updated jdk problem list.
Mikhailo Seledtsov has updated the pull request incrementally with one
additional commit since the last revision:
Addressed review feedback
-
Changes:
- all: https://git.openjdk.org/jdk/pull/11045/files
- new: https://git.openjdk.or
On Wed, 9 Nov 2022 16:38:38 GMT, Xue-Lei Andrew Fan wrote:
> > The way I see it is this: as limbs are 64-bit wide, the only place where
> > they can possibly overflow (during the computations they are used for) is
> > the multiplication (including multiply by int and squaring). So I would
> >
An `EncryptedPrivateKeyInfo` object can be created with an uninitialized
`AlgorithmParameters`, but before you call `getEncoded` on it you need to
remember to initialize the params. This is unfortunate but since this is a
public API, I hesitate to make a change.
Instead, this code change fixes
On Wed, 9 Nov 2022 19:59:08 GMT, Weijun Wang wrote:
> An `EncryptedPrivateKeyInfo` object can be created with an uninitialized
> `AlgorithmParameters`, but before you call `getEncoded` on it you need to
> remember to initialize the params. This is unfortunate but since this is a
> public API,
> By moving the JFR event up to the java.security.cert.CertificateFactory
> class, we can record all generate cert events, including those from 3rd party
> providers. I've also altered the logic so that an event is genertate for
> every generate cert call (not just ones missing from the JDK prov
On Wed, 9 Nov 2022 21:14:08 GMT, Sean Coffey wrote:
>> By moving the JFR event up to the java.security.cert.CertificateFactory
>> class, we can record all generate cert events, including those from 3rd
>> party providers. I've also altered the logic so that an event is genertate
>> for every g
On Wed, 9 Nov 2022 00:23:21 GMT, Vladimir Ivanov wrote:
>> Volodymyr Paprotski has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> fix 32-bit build
>
> src/hotspot/cpu/x86/macroAssembler_x86.hpp line 970:
>
>> 968:
>> 969: void addmq(int
On Mon, 26 Sep 2022 13:45:45 GMT, Sean Coffey wrote:
> By moving the JFR event up to the java.security.cert.CertificateFactory
> class, we can record all generate cert events, including those from 3rd party
> providers. I've also altered the logic so that an event is genertate for
> every gene
> Handcrafted x86_64 asm for Poly1305. Main optimization is to process 16
> message blocks at a time. For more details, left a lot of comments in
> `macroAssembler_x86_poly.cpp`.
>
> - Added new KAT test for Poly1305 and a fuzz test to compare intrinsic and
> java.
> - Would like to add an `I
One `PKCS9Attribute` can be created but cannot be encoded. Since the
`SigningCertificateInfo::parse` method has not fully parsed the data
(`PolicyInformation` is left out), this code change add the encoding itself as
a field to the `SigningCertificateInfo` class so we can encode it.
After this
On Fri, 16 Sep 2022 00:27:55 GMT, Xue-Lei Andrew Fan wrote:
> Hi,
>
> Please review this simple fix for readability.
>
> In the AES cipher implementation, the AESCipher class is defined as abstract.
> As is not necessary as there is no abstract method in this class. Code
> reader may try to
On Wed, 9 Nov 2022 02:19:29 GMT, Volodymyr Paprotski wrote:
>>> Did not split it up into individual constants. The main 'problem' is that
>>> Address and ExternalAddress are not compatible.
>>
>> There's a reason for that and it's because RIP-relative addressing doesn't
>> always work, so add
On Wed, 9 Nov 2022 15:55:53 GMT, Jatin Bhateja wrote:
>> Volodymyr Paprotski has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> fix 32-bit build
>
> src/hotspot/cpu/x86/vm_version_x86.cpp line 1181:
>
>> 1179: #ifdef _LP64
>> 1180: if (s
> `EDIPartyName` should not have a null `partyName`.
>
> Inside `X400Name` it should be a `DerValue` instead of arbitrary byte array.
> Note: in `GeneralSubtrees.java`, an `X400Name` is created with a null
> content. This would lead to an NPE anyway. A future fix might be needed.
Weijun Wang ha
On Wed, 9 Nov 2022 17:36:12 GMT, Mikhailo Seledtsov
wrote:
>> Trivial change, updated jdk problem list.
>
> Mikhailo Seledtsov has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Addressed review feedback
I have updated the problem list to ex
`EDIPartyName` should not have a null `partyName`.
Inside `X400Name` it should be a `DerValue` instead of arbitrary byte array.
Note: in `GeneralSubtrees.java`, an `X400Name` is created with a null content.
This would lead to an NPE anyway. A future fix might be needed.
-
Commit me
On Tue, 8 Nov 2022 23:59:42 GMT, Vladimir Ivanov wrote:
>> Volodymyr Paprotski has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> fix 32-bit build
>
> src/java.base/share/classes/com/sun/crypto/provider/Poly1305.java line 175:
>
>> 173:
>
On Wed, 9 Nov 2022 17:36:12 GMT, Mikhailo Seledtsov
wrote:
>> Trivial change, updated jdk problem list.
>
> Mikhailo Seledtsov has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Addressed review feedback
Please update the PR commit message i
On Wed, 9 Nov 2022 17:36:12 GMT, Mikhailo Seledtsov
wrote:
>> Trivial change, updated jdk problem list.
>
> Mikhailo Seledtsov has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Addressed review feedback
Marked as reviewed by rhalade (Review
On Fri, 16 Sep 2022 00:27:55 GMT, Xue-Lei Andrew Fan wrote:
> Hi,
>
> Please review this simple fix for readability.
>
> In the AES cipher implementation, the AESCipher class is defined as abstract.
> As is not necessary as there is no abstract method in this class. Code
> reader may try to
On Tue, 8 Nov 2022 21:39:03 GMT, Mikhailo Seledtsov
wrote:
> Trivial change, updated jdk problem list.
This pull request has now been integrated.
Changeset: d6e2d0d0
Author:Mikhailo Seledtsov
URL:
https://git.openjdk.org/jdk/commit/d6e2d0d03d2161f934474fa1d4299513d14cb9c5
Stats:
On Wed, 9 Nov 2022 17:36:12 GMT, Mikhailo Seledtsov
wrote:
>> Trivial change, updated jdk problem list.
>
> Mikhailo Seledtsov has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Addressed review feedback
Thank you Rajan.
-
PR:
The cache named `signerToCodeSource` is never used now.
-
Commit messages:
- Make signerToCodeSource cache work.
Changes: https://git.openjdk.org/jdk/pull/11072/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11072&range=00
Issue: https://bugs.openjdk.org/browse/JDK-829673
> Handcrafted x86_64 asm for Poly1305. Main optimization is to process 16
> message blocks at a time. For more details, left a lot of comments in
> `macroAssembler_x86_poly.cpp`.
>
> - Added new KAT test for Poly1305 and a fuzz test to compare intrinsic and
> java.
> - Would like to add an `I
NativePRNG SecureRandom doesn’t scale with number of threads. The performance
starts dropping as we increase the number of threads. Even going from 1 thread
to 2 threads shows significant drop. The bottleneck is the singleton RandomIO
instance. Making the RandomIO ThreadLocal helps in removing t
On Thu, 10 Nov 2022 00:23:47 GMT, Bradford Wetmore wrote:
>> Hi,
>>
>> Please review this simple fix for readability.
>>
>> In the AES cipher implementation, the AESCipher class is defined as
>> abstract. As is not necessary as there is no abstract method in this class.
>> Code reader may tr
Please review a "somewhat automated" change to insert `@spec` tags into doc
comments, as appropriate, to leverage the recent new javadoc feature to
generate a new page listing the references to all external specifications
listed in the `@spec` tags.
"Somewhat automated" means that I wrote and u
> Hi,
>
> Please review this simple fix for readability.
>
> In the AES cipher implementation, the AESCipher class is defined as abstract.
> As is not necessary as there is no abstract method in this class. Code
> reader may try to search for abstract methods if the abstract keyword is
> pres
On Wed, 9 Nov 2022 21:54:49 GMT, Weijun Wang wrote:
> One `PKCS9Attribute` can be created but cannot be encoded. Since the
> `SigningCertificateInfo::parse` method has not fully parsed the data
> (`PolicyInformation` is left out), this code change add the encoding itself
> as a field to the `S
On Thu, 10 Nov 2022 01:56:29 GMT, Xue-Lei Andrew Fan wrote:
>> One `PKCS9Attribute` can be created but cannot be encoded. Since the
>> `SigningCertificateInfo::parse` method has not fully parsed the data
>> (`PolicyInformation` is left out), this code change add the encoding itself
>> as a fie
On Thu, 10 Nov 2022 02:01:32 GMT, Xue-Lei Andrew Fan wrote:
> Is it a real problem reported in productive environment?
No. I am just cleaning up the code to make encoding and decoding symmetric and
consistent. You can see I'm working on several PRs at the same time.
-
PR: https://
On Wed, 9 Nov 2022 22:44:59 GMT, Weijun Wang wrote:
>> `EDIPartyName` should not have a null `partyName`.
>>
>> Inside `X400Name` it should be a `DerValue` instead of arbitrary byte array.
>> Note: in `GeneralSubtrees.java`, an `X400Name` is created with a null
>> content. This would lead to a
On Thu, 10 Nov 2022 02:08:54 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/sun/security/pkcs/SigningCertificateInfo.java
>> line 92:
>>
>>> 90: }
>>> 91:
>>> 92: public byte[] toByteArray() {
>>
>> Is it possible to have the method package private?
>
> The whole class is only
On Thu, 10 Nov 2022 02:14:02 GMT, Xue-Lei Andrew Fan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> add test
>>
>> only in patch2:
>> unchanged:
>
> src/java.base/share/classes/sun/security/x509/EDIPartyName
> One `PKCS9Attribute` can be created but cannot be encoded. Since the
> `SigningCertificateInfo::parse` method has not fully parsed the data
> (`PolicyInformation` is left out), this code change add the encoding itself
> as a field to the `SigningCertificateInfo` class so we can encode it.
>
>
On Wed, 9 Nov 2022 21:54:49 GMT, Weijun Wang wrote:
> One `PKCS9Attribute` can be created but cannot be encoded. Since the
> `SigningCertificateInfo::parse` method has not fully parsed the data
> (`PolicyInformation` is left out), this code change add the encoding itself
> as a field to the `S
On Thu, 10 Nov 2022 02:18:35 GMT, Xue-Lei Andrew Fan wrote:
>> The whole class is only used in the same package at the moment. Making only
>> one method package private is not fair.
>
> Hm, maybe making this class package private as well? The returned array is
> not cloned. It may not worthy
On Thu, 10 Nov 2022 01:22:04 GMT, Volodymyr Paprotski wrote:
>> Handcrafted x86_64 asm for Poly1305. Main optimization is to process 16
>> message blocks at a time. For more details, left a lot of comments in
>> `macroAssembler_x86_poly.cpp`.
>>
>> - Added new KAT test for Poly1305 and a fuzz
On Wed, 9 Nov 2022 22:44:59 GMT, Weijun Wang wrote:
>> `EDIPartyName` should not have a null `partyName`.
>>
>> Inside `X400Name` it should be a `DerValue` instead of arbitrary byte array.
>> Note: in `GeneralSubtrees.java`, an `X400Name` is created with a null
>> content. This would lead to a
On Thu, 10 Nov 2022 02:32:42 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/sun/security/x509/EDIPartyName.java line 66:
>>
>>> 64: public EDIPartyName(String assignerName, String partyName) {
>>> 65: this.assigner = assignerName;
>>> 66: this.party = Objects.requireN
On Thu, 10 Nov 2022 02:43:21 GMT, Weijun Wang wrote:
>> One `PKCS9Attribute` can be created but cannot be encoded. Since the
>> `SigningCertificateInfo::parse` method has not fully parsed the data
>> (`PolicyInformation` is left out), this code change add the encoding itself
>> as a field to t
On Wed, 9 Nov 2022 19:59:08 GMT, Weijun Wang wrote:
> An `EncryptedPrivateKeyInfo` object can be created with an uninitialized
> `AlgorithmParameters`, but before you call `getEncoded` on it you need to
> remember to initialize the params. This is unfortunate but since this is a
> public API,
On Wed, 9 Nov 2022 20:15:35 GMT, Weijun Wang wrote:
>> An `EncryptedPrivateKeyInfo` object can be created with an uninitialized
>> `AlgorithmParameters`, but before you call `getEncoded` on it you need to
>> remember to initialize the params. This is unfortunate but since this is a
>> public A
70 matches
Mail list logo
