On Fri, 21 Feb 2025 11:49:26 GMT, Mikhail Yankelevich wrote:
> Changed shell files to be java tests:
> * ./validator/certreplace.sh
> * ./validator/samedn.sh
test/jdk/sun/security/validator/CertReplace.java line 117:
> 115: final String outputInt = SecurityTools.keytool(ktBaseParameters
> 8261513: Various BasicConstraintsExtension issues
Ben Perez has updated the pull request incrementally with one additional commit
since the last revision:
changed toString wording, no longer set critical to ca
-
Changes:
- all: https://git.openjdk.org/jdk/pull/20224/files
-
On Thu, 20 Feb 2025 01:12:46 GMT, Jamil Nimeh wrote:
>> This fix makes some minor changes to the internals of the
>> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
>> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
>> works better now with
> java.security.debug is a widely used debug system property for JDK security
> libs. It's time to capture details about this property via javadoc.
>
> 
>
>
> NOTE : We are adding a new html file (similar t
The test javax/crypto/CryptoPermissions/InconsistentEntries.java uses
CDSTestUtils.clone to copy the JDK into the scratch dir by creating symbolic
links, but this was seen to crash the VM in Windows Server 2025. To ensure test
stability, it should hard copy the required files.
-
Co
On Fri, 21 Feb 2025 18:36:39 GMT, Sean Mullan wrote:
>> @wangweij is planning on name usage for those. I'm focusing on these older
>> curves.
>
> They are already defined. I think you just want to add something like:
>
>
> If (key.getAlgorithm().equals("ML-KEM") ||
> key.getAlgorithm().equal
On Fri, 14 Feb 2025 18:44:38 GMT, Anthony Scarpino
wrote:
> Hi,
>
> I need a review for the following change. Naming conventions for EdDSA and
> XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator.
> These internal changes help make it more consistent when parsing the act
On Tue, 11 Feb 2025 17:50:45 GMT, Jamil Nimeh wrote:
> This fix makes some minor changes to the internals of the
> `CertificateBuilder` and `SimpleOCSPServer` test classes. They would break
> when ML-DSA was selected as key and signing algorithms. Also RSASSA-PSS
> works better now with thes
On Fri, 21 Feb 2025 20:10:33 GMT, Weijun Wang wrote:
>> They are already defined. I think you just want to add something like:
>>
>>
>> If (key.getAlgorithm().equals("ML-KEM") ||
>> key.getAlgorithm().equals("ML-DSA")) {
>>return ((NamedParameterSpec) key.getParams()).getName();
>> }
>>
>
On Fri, 21 Feb 2025 10:31:34 GMT, Fernando Guallini
wrote:
> The test javax/crypto/CryptoPermissions/InconsistentEntries.java uses
> CDSTestUtils.clone to copy the JDK into the scratch dir by creating symbolic
> links, but this was seen to crash the VM in Windows Server 2025. To ensure
> test
On Fri, 14 Feb 2025 18:44:38 GMT, Anthony Scarpino
wrote:
> Hi,
>
> I need a review for the following change. Naming conventions for EdDSA and
> XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator.
> These internal changes help make it more consistent when parsing the act
On Thu, 20 Feb 2025 14:03:37 GMT, Michael McMahon wrote:
> As a regular user of the property, this change is a great idea. I think the
> text accompanying the table should describe the syntax of the property value.
> Is it a comma separated list etc?
The syntax has always been a bit loosely sp
On Fri, 21 Feb 2025 17:52:18 GMT, Anthony Scarpino
wrote:
>> src/java.base/share/classes/sun/security/util/KeyUtil.java line 189:
>>
>>> 187: case EdECKey ed -> ed.getParams().getName();
>>> 188: case XECKey xe -> ((NamedParameterSpec)
>>> xe.getParams()).getName();
>>>
On Fri, 21 Feb 2025 15:05:00 GMT, Weijun Wang wrote:
>> Changed shell files to be java tests:
>> * ./validator/certreplace.sh
>> * ./validator/samedn.sh
>
> test/jdk/sun/security/validator/CertReplace.java line 117:
>
>> 115: final String outputInt = SecurityTools.keytool(ktBaseParameter
On Thu, 20 Feb 2025 00:20:30 GMT, Anthony Scarpino
wrote:
>> I need a review of this change that adds new timing controls for the initial
>> server setup. On rare occasions, more so on certain architectures, the
>> server may not fully start before the client tries to connect. Additional
>>
On Fri, 14 Feb 2025 16:43:32 GMT, Ben Perez wrote:
> It turns out that initializing a multidimensional array with `int[][] a = new
> int[rows][cols]` is slower than allocating each column in a loop. Since we do
> a lot of large multidimensional array allocations in ML-DSA, the optimized
> init
> The test javax/crypto/CryptoPermissions/InconsistentEntries.java uses
> CDSTestUtils.clone to copy the JDK into the scratch dir by creating symbolic
> links, but this was seen to crash the VM in Windows Server 2025. To ensure
> test stability, it should hard copy the required files.
Fernando
Add AVX2 montgomery multiplication intrinsic. (About 60-80% gain)
Also add reduction to existing AVX512 multiplication (this was left-over from
https://github.com/openjdk/jdk/pull/19893 where a quick fix was required). This
is mostly for cleanup, but there is about 1-2% gain.
Before (no AVX512)
On Fri, 14 Feb 2025 16:43:32 GMT, Ben Perez wrote:
> It turns out that initializing a multidimensional array with `int[][] a = new
> int[rows][cols]` is slower than allocating each column in a loop. Since we do
> a lot of large multidimensional array allocations in ML-DSA, the optimized
> init
> Changed shell files to be java tests:
> * ./validator/certreplace.sh
> * ./validator/samedn.sh
Mikhail Yankelevich has updated the pull request incrementally with one
additional commit since the last revision:
keyStore is not used to delete, cleanup of the calls, minor refactoring
-
On Fri, 21 Feb 2025 16:57:32 GMT, Mikhail Yankelevich wrote:
>> Changed shell files to be java tests:
>> * ./validator/certreplace.sh
>> * ./validator/samedn.sh
>
> Mikhail Yankelevich has updated the pull request incrementally with one
> additional commit since the last revision:
>
> keyStor
On Thu, 20 Feb 2025 14:20:34 GMT, Sean Mullan wrote:
>> Hi,
>>
>> I need a review for the following change. Naming conventions for EdDSA and
>> XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator.
>> These internal changes help make it more consistent when parsing the actu
On Fri, 14 Feb 2025 18:44:38 GMT, Anthony Scarpino
wrote:
> Hi,
>
> I need a review for the following change. Naming conventions for EdDSA and
> XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator.
> These internal changes help make it more consistent when parsing the act
On Fri, 21 Feb 2025 20:51:11 GMT, Fernando Guallini
wrote:
>> The test javax/crypto/CryptoPermissions/InconsistentEntries.java uses
>> CDSTestUtils.clone to copy the JDK into the scratch dir by creating symbolic
>> links, but this was seen to crash the VM in Windows Server 2025. To ensure
>>
On Fri, 21 Feb 2025 19:15:21 GMT, Sean Mullan wrote:
>> Hi,
>>
>> I need a review for the following change. Naming conventions for EdDSA and
>> XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator.
>> These internal changes help make it more consistent when parsing the actu
On Fri, 21 Feb 2025 20:35:34 GMT, Weijun Wang wrote:
>> Hi,
>>
>> I need a review for the following change. Naming conventions for EdDSA and
>> XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator.
>> These internal changes help make it more consistent when parsing the actu
On Fri, 21 Feb 2025 10:31:34 GMT, Fernando Guallini
wrote:
> The test javax/crypto/CryptoPermissions/InconsistentEntries.java uses
> CDSTestUtils.clone to copy the JDK into the scratch dir by creating symbolic
> links, but this was seen to crash the VM in Windows Server 2025. To ensure
> test
On Fri, 21 Feb 2025 20:25:59 GMT, Weijun Wang wrote:
>> Hi,
>>
>> I need a review for the following change. Naming conventions for EdDSA and
>> XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator.
>> These internal changes help make it more consistent when parsing the actu
On Fri, 21 Feb 2025 21:09:32 GMT, Anthony Scarpino
wrote:
>> src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
>> line 95:
>>
>>> 93: case "Ed25519" -> {
>>> 94: if (aliasEd25519 == null) {
>>> 95: aliasEd25519 = Lis
On Fri, 21 Feb 2025 21:21:24 GMT, Anthony Scarpino
wrote:
>> test/jdk/sun/security/util/AlgorithmConstraints/DisabledAlgorithmPermits.java
>> line 61:
>>
>>> 59: case "Ed25519" ->
>>> 60: Arrays.asList(
>>> 61: new TestCase("EdDSA", false),
>>
>
On Fri, 21 Feb 2025 21:11:54 GMT, Anthony Scarpino
wrote:
>> src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
>> line 78:
>>
>>> 76: private static List aliasEd25519 = null;
>>> 77: private static List aliasXDH = null;
>>> 78: private static List alia
Changed shell files to be java tests:
* ./validator/certreplace.sh
* ./validator/samedn.sh
-
Commit messages:
- changed to 2 different test ids
- 8349533: Refactor validator tests shell files to java
Changes: https://git.openjdk.org/jdk/pull/23727/files
Webrev: https://webrevs.op
On Thu, 20 Feb 2025 20:27:27 GMT, Weijun Wang wrote:
> The similarity between the certificate pairs is impressive! Just curious -
> why the change in issuer and owner names?
Looks like it's something between `keytool` and `openssl x509`. When i print
the certificates with openssl, the issuer a
On Tue, 18 Feb 2025 13:33:52 GMT, Andrew Dinn wrote:
>> Ferenc Rakoczi has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Adding comments + some code reorganization
>
> src/hotspot/cpu/aarch64/assembler_aarch64.hpp line 2594:
>
>> 2592:
On Tue, 18 Feb 2025 13:43:18 GMT, Andrew Dinn wrote:
>> Ferenc Rakoczi has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Adding comments + some code reorganization
>
> src/hotspot/cpu/aarch64/stubGenerator_aarch64.cpp line 4066:
>
>> 4064
On Wed, 19 Feb 2025 02:55:18 GMT, Hao Sun wrote:
>> Ferenc Rakoczi has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Adding comments + some code reorganization
>
> Hi. Here is the test result of our CI.
>
> ### copyright year
>
> the fol
On Fri, 21 Feb 2025 22:05:03 GMT, Weijun Wang wrote:
>> This is complicated by `KeyPairGenerator.getInstance("EdDSA")` returning an
>> Ed25519 key
>>
>> If someone were to check permits() with "EdDSA" the above code recognizes
>> that "Ed25519" on the disabled algorithm list overlaps with "EdD
Typo: s/ficticious/fictitious/
No unit test. Check that javadoc still builds.
-
Commit messages:
- 8350476: Fix typo introduced in JDK-8350147
Changes: https://git.openjdk.org/jdk/pull/23733/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=23733&range=00
Issue: https://
On Sat, 22 Feb 2025 02:25:42 GMT, Bradford Wetmore wrote:
> Typo: s/ficticious/fictitious/
>
> No unit test. Check that javadoc still builds.
Marked as reviewed by jnimeh (Reviewer).
-
PR Review: https://git.openjdk.org/jdk/pull/23733#pullrequestreview-2634674252
On Sun, 16 Feb 2025 15:41:52 GMT, Chen Liang wrote:
>> src/java.base/share/classes/sun/security/provider/ML_DSA.java line 1237:
>>
>>> 1235: return res;
>>> 1236: }
>>> 1237:
>>
>> Centralizing the allocation into a helper on its own Looks unseful (for
>> resource Management, debu
On Fri, 21 Feb 2025 22:29:01 GMT, Anthony Scarpino
wrote:
>> Do we call `permits` before instantiating a `KeyPairGenerator`? What if
>> people call `kpg.initialize(NPS.Ed448)` after the instantiation?
>>
>> In reality, I think it depends on how many `permits` calls there are. Modern
>> algori
On Fri, 21 Feb 2025 20:31:35 GMT, Anthony Scarpino
wrote:
>> Or what about this?
>>
>> if (key instanceof AsymmetricKey ak) {
>> if (ak.getParams() instanceof NamedParameterSpec nps) {
>> return nps.getName();
>> }
>> }
>> return k
On Sat, 22 Feb 2025 02:25:42 GMT, Bradford Wetmore wrote:
> Typo: s/ficticious/fictitious/
>
> No unit test. Check that javadoc still builds.
Marked as reviewed by jpai (Reviewer).
-
PR Review: https://git.openjdk.org/jdk/pull/23733#pullrequestreview-2634730559
43 matches
Mail list logo
