[jdk17] RFR: 8267397: AlgorithmId's OID cache is never refreshed

2021-06-11 Thread Valerie Peng 
Could someone help review this small fix? This clears the static aliasOidsTable 
field in AlgorithmId class when provider list is changed. Enhanced existing 
regression test to cover the provider removal scenario.

Thanks,
Valerie

-

Commit messages:
 - 8267397: AlgorithmId's OID cache is never refreshed

Changes: https://git.openjdk.java.net/jdk17/pull/36/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk17=36=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8267397
  Stats: 105 lines in 3 files changed: 76 ins; 20 del; 9 mod
  Patch: https://git.openjdk.java.net/jdk17/pull/36.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk17 pull/36/head:pull/36

PR: https://git.openjdk.java.net/jdk17/pull/36

Re: [jdk17] RFR: 8268621: SunJCE provider may throw unexpected NPE for un-initialized AES KW/KWP Ciphers

2021-06-11 Thread Xue-Lei Andrew Fan 
On Fri, 11 Jun 2021 21:22:49 GMT, Valerie Peng  wrote:

> Could someone help review this straightforward fix? The current impl for AES 
> KW and KWP cipher should check for possible null iv value in its 
> CipherSpi.engineGetIV() and CipherSpi.engineGetParameters() impls. Updated 
> the regression test to cover this scenario as well as some other minor 
> updates.
> 
> Thanks!
> Valerie

Marked as reviewed by xuelei (Reviewer).

-

PR: https://git.openjdk.java.net/jdk17/pull/34

JEP 411: Updates to alternatives

2021-06-11 Thread Peter Firmstone 
Noticing the updates made to JEP 411 Alternatives, I think I might have 
a minimalist alternative, you may find interesting:


Remove:

1. SecurityManager
2. Policy provider and implementation
3. Permission checks in JDK code addressed by improvements to
   encapsulation, eg RuntimePermission "access class in package" and 
   ReflectPermission, these are no longer necessary, however I would
   recommend retaining checks at System::getProperty and setProperty,
   as these may contain security sensitive information (eg keystore and
   truststore).
4. doPrivileged calls within the JVM other than those which preserve
   context across threads, most permissions that "leak" are addressed
   at #3 above, and POLP tooling can capture other permissions.  It
   would appear that doPrivileged is more appropriate for application
   code, rather than JDK code.
5. I'm not sure about removing doPrivileged calls intended to preserve
   context within OpenJDK.

Changes (improvements):

1. Make Guard::check a default method, that delegates to a provider,
   with a single method (eg Authority::confirm(Guard)) that does
   nothing by default.  Remove all implementing instances of
   Permission::check. (this could be backported easily).
   SecurityManager methods are just permission checks, existing use
   cases of SecurityManager can be supported with this one method.  
   This could be back ported to Java 8, so libraries that currently
   support all supported Java versions can continue to do so.  All
   calls to SecurityManager methods in JDK code can be replaced by the
   corresponding permission check.
2. Add permission checks to data parsers (eg deserialization), this
   allows implementations to grant these permissions only to users, if
   there is not an authenticated user, then the data received by the
   parser cannot be trusted.
3. "Modules that are mapped to the boot loader get a unique
   ProtectionDomain that includes a useful code source rather than
   using a "shared" PD."   This allows permission to be granted to
   users, (not code) so certain privileged operations, such as data
   parsing cannot be performed without an authenticated user, eg
   deserialization.  When data can only be trusted from authenticated
   users.

Removal of AccessController and AccessControlContext have greater 
impact.   AccessController's stack walk is high scaling (I haven't 
observed any contention, I assume it's non blocking and thread 
confined?), it's certainly very performant, it could be replaced 
internally by StackWalker to reduce OpenJDK's maintenance burden, 
although it isn't clear what the performance impact might be, but it 
will no doubt performance improvement is possible.


With SecurityManager gone, no implementation and no policy provider, it 
simply provides the mechanics for an authorization layer without all the 
baggage, allowing both simple and complex implementations.  It's not for 
sandboxing untrusted code. Improvements will allow it to be utilised by 
developers, to prevent consumption of untrusted code or data and to 
limit the privileges of trusted code and users to principles of least 
privilege.


It should also simplifies many tests, as JDK code only need confirm 
Permission checks are made and functionality of the AccessController and 
AccessControlContext methods if these are retained (I would prefer to 
see that, at least for JAAS compatibility).


--
Regards,
 
Peter Firmstone

Zeus Project Services Pty Ltd.

[jdk17] RFR: 8268621: SunJCE provider may throw unexpected NPE for un-initialized AES KW/KWP Ciphers

2021-06-11 Thread Valerie Peng 
Could someone help review this straightforward fix? The current impl for AES KW 
and KWP cipher should check for possible null iv value in its 
CipherSpi.engineGetIV() and CipherSpi.engineGetParameters() impls. Updated the 
regression test to cover this scenario as well as some other minor updates.

Thanks!
Valerie

-

Commit messages:
 - 8268621: SunJCE provider may throw unexpected NPE for un-initialized AES 
KW/KWP Ciphers

Changes: https://git.openjdk.java.net/jdk17/pull/34/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk17=34=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8268621
  Stats: 50 lines in 4 files changed: 34 ins; 3 del; 13 mod
  Patch: https://git.openjdk.java.net/jdk17/pull/34.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk17 pull/34/head:pull/34

PR: https://git.openjdk.java.net/jdk17/pull/34

Re: [jdk17] RFR: 8268349: Provide more detail in JEP 411 warning messages [v2]

2021-06-11 Thread Weijun Wang 
> More loudly and precise warning messages when a security manager is either 
> enabled at startup or installed at runtime.
> 
> This is new PR for the `openjdk/jdk17` repo copied from 
> https://github.com/openjdk/jdk/pull/4400. A new commit is added.

Weijun Wang has updated the pull request incrementally with one additional 
commit since the last revision:

  update warnings to match the new CSR

-

Changes:
  - all: https://git.openjdk.java.net/jdk17/pull/13/files
  - new: https://git.openjdk.java.net/jdk17/pull/13/files/a8fc259e..c62dff99

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk17=13=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk17=13=00-01

  Stats: 4 lines in 1 file changed: 0 ins; 1 del; 3 mod
  Patch: https://git.openjdk.java.net/jdk17/pull/13.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk17 pull/13/head:pull/13

PR: https://git.openjdk.java.net/jdk17/pull/13

Re: RFR: 8267125: AES Galois CounterMode (GCM) interleaved implementation using AVX512 + VAES instructions [v2]

2021-06-11 Thread Vladimir Kozlov 
On Fri, 11 Jun 2021 17:54:02 GMT, Vladimir Kozlov  wrote:

>> Thanks for your comments Vladimir. The intrinsic is called for encrypt as 
>> well as decrypt operation.
>
> Only one intrinsic is declared in this change: `_galoisCounterMode_AESCrypt`. 
> Other AES intrinsics have 2 that is why they have to pass intrinsic_id(). See 
> lines before this.

Note, _counterMode_AESCrypt is not example - it has the same issue.

-

PR: https://git.openjdk.java.net/jdk/pull/4019

Re: RFR: 8267125: AES Galois CounterMode (GCM) interleaved implementation using AVX512 + VAES instructions [v2]

2021-06-11 Thread Vladimir Kozlov 
On Fri, 11 Jun 2021 17:19:37 GMT, Smita Kamath  wrote:

>> src/hotspot/share/opto/library_call.cpp line 547:
>> 
>>> 545: 
>>> 546:   case vmIntrinsics::_galoisCounterMode_AESCrypt:
>>> 547: return inline_galoisCounterMode_AESCrypt(intrinsic_id());
>> 
>> You don't need to pass `intrinsic_id()` for this implementation unless you 
>> plan to add decrypt intrinsic later.
>
> Thanks for your comments Vladimir. The intrinsic is called for encrypt as 
> well as decrypt operation.

Only one intrinsic is declared in this change: `_galoisCounterMode_AESCrypt`. 
Other AES intrinsics have 2 that is why they have to pass intrinsic_id(). See 
lines before this.

-

PR: https://git.openjdk.java.net/jdk/pull/4019

Re: RFR: 8267125: AES Galois CounterMode (GCM) interleaved implementation using AVX512 + VAES instructions [v2]

2021-06-11 Thread Smita Kamath 
On Fri, 11 Jun 2021 15:45:02 GMT, Vladimir Kozlov  wrote:

>> Smita Kamath has updated the pull request incrementally with one additional 
>> commit since the last revision:
>> 
>>   8267125:Updated intrinsic signature to remove copies of counter, state and 
>> subkeyHtbl
>
> src/hotspot/share/opto/library_call.cpp line 547:
> 
>> 545: 
>> 546:   case vmIntrinsics::_galoisCounterMode_AESCrypt:
>> 547: return inline_galoisCounterMode_AESCrypt(intrinsic_id());
> 
> You don't need to pass `intrinsic_id()` for this implementation unless you 
> plan to add decrypt intrinsic later.

Thanks for your comments Vladimir. The intrinsic is called for encrypt as well 
as decrypt operation.

> src/hotspot/share/opto/library_call.cpp line 6564:
> 
>> 6562:   Node* subkeyHtbl = load_field_from_object(ghash_object, 
>> "subkeyHtbl", "[J");
>> 6563:   Node* state = load_field_from_object(ghash_object, "state", "[J");
>> 6564:   if (embeddedCipherObj == NULL || counter == NULL || subkeyHtbl == 
>> NULL || state == NULL) return false;
> 
> Follow coding style for such long condition:
> 
> if () {
>   return false;
> }

I will make the change. Thanks.

-

PR: https://git.openjdk.java.net/jdk/pull/4019

Re: RFR: 8267125: AES Galois CounterMode (GCM) interleaved implementation using AVX512 + VAES instructions [v2]

2021-06-11 Thread Vladimir Kozlov 
On Fri, 4 Jun 2021 23:49:31 GMT, Smita Kamath  wrote:

>> I would like to submit AES-GCM optimization for x86_64 architectures 
>> supporting AVX3+VAES (Evex encoded AES). This optimization interleaves AES 
>> and GHASH operations.
>> Performance gain of ~1.5x - 2x for message sizes 8k and above.
>
> Smita Kamath has updated the pull request incrementally with one additional 
> commit since the last revision:
> 
>   8267125:Updated intrinsic signature to remove copies of counter, state and 
> subkeyHtbl

Do you plan to implement `decrypt` intrinsic too?

src/hotspot/share/opto/library_call.cpp line 547:

> 545: 
> 546:   case vmIntrinsics::_galoisCounterMode_AESCrypt:
> 547: return inline_galoisCounterMode_AESCrypt(intrinsic_id());

You don't need to pass `intrinsic_id()` for this implementation unless you plan 
to add decrypt intrinsic later.

src/hotspot/share/opto/library_call.cpp line 6545:

> 6543:  top_out != NULL && top_out->klass() != NULL, "args are 
> strange");
> 6544: 
> 6545:   // checks are the responsibility of the caller

Do you have all NULL for all objects and range checks in Java code for this 
intrinsic?

src/hotspot/share/opto/library_call.cpp line 6564:

> 6562:   Node* subkeyHtbl = load_field_from_object(ghash_object, "subkeyHtbl", 
> "[J");
> 6563:   Node* state = load_field_from_object(ghash_object, "state", "[J");
> 6564:   if (embeddedCipherObj == NULL || counter == NULL || subkeyHtbl == 
> NULL || state == NULL) return false;

Follow coding style for such long condition:

if () {
  return false;
}

-

PR: https://git.openjdk.java.net/jdk/pull/4019

[jdk17] Integrated: 8268093: Manual Testcase: "sun/security/krb5/config/native/TestDynamicStore.java" Fails with NPE

2021-06-11 Thread Weijun Wang 
On Fri, 11 Jun 2021 01:46:46 GMT, Weijun Wang  wrote:

> The test must run with sudo but I forgot to mention it. New comment and a 
> better error message is added.

This pull request has now been integrated.

Changeset: e39346e7
Author:Weijun Wang 
URL:   
https://git.openjdk.java.net/jdk17/commit/e39346e708a06cdee2b9a096f08c1cfe2e21dfc2
Stats: 14 lines in 2 files changed: 12 ins; 0 del; 2 mod

8268093: Manual Testcase: 
"sun/security/krb5/config/native/TestDynamicStore.java" Fails with NPE

Reviewed-by: mullan

-

PR: https://git.openjdk.java.net/jdk17/pull/12

Re: [jdk17] RFR: 8268093: Manual Testcase: "sun/security/krb5/config/native/TestDynamicStore.java" Fails with NPE

2021-06-11 Thread Sean Mullan 
On Fri, 11 Jun 2021 01:46:46 GMT, Weijun Wang  wrote:

> The test must run with sudo but I forgot to mention it. New comment and a 
> better error message is added.

Marked as reviewed by mullan (Reviewer).

-

PR: https://git.openjdk.java.net/jdk17/pull/12

Re: RFR: JDK-8268464 : Remove dependancy of TestHttpsServer, HttpTransaction, HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests [v3]

2021-06-11 Thread Daniel Fuchs 
On Fri, 11 Jun 2021 13:38:14 GMT, Mahendra Chhipa 
 wrote:

>> …HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests
>
> Mahendra Chhipa has updated the pull request incrementally with one 
> additional commit since the last revision:
> 
>   Remove extra space.

test/jdk/sun/net/www/protocol/https/HttpsURLConnection/B6216082.java line 89:

> 87: // created as it will use an ephemeral port.
> 88: System.setProperty("https.proxyPort",
> 89: Integer.toString(proxy.getLocalPort()));

A potentially better alternative to setting system properties in main could be 
to set a ProxySelector (using ProxySelector.setDefault());

test/jdk/sun/net/www/protocol/https/HttpsURLConnection/B6216082.java line 184:

> 182: HttpURLConnection uc = (HttpURLConnection)url.openConnection();
> 183: System.out.println(uc.getResponseCode());
> 184: if(uc.getResponseCode() == 400) {

It could be better to use: `uc.getResponseCode() != 200` here - since anything 
but 200 should be an error?

test/jdk/sun/net/www/protocol/https/HttpsURLConnection/B6216082.java line 186:

> 184: if(uc.getResponseCode() == 400) {
> 185: uc.disconnect();
> 186: throw new RuntimeException("Test failed : bad http request");

Maybe add the response code to the exception message.

-

PR: https://git.openjdk.java.net/jdk/pull/4432

Re: RFR: JDK-8268464 : Remove dependancy of TestHttpsServer, HttpTransaction, HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests [v3]

2021-06-11 Thread Mahendra Chhipa 
> …HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests

Mahendra Chhipa has updated the pull request incrementally with one additional 
commit since the last revision:

  Remove extra space.

-

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/4432/files
  - new: https://git.openjdk.java.net/jdk/pull/4432/files/49965732..db615030

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk=4432=02
 - incr: https://webrevs.openjdk.java.net/?repo=jdk=4432=01-02

  Stats: 3 lines in 1 file changed: 0 ins; 3 del; 0 mod
  Patch: https://git.openjdk.java.net/jdk/pull/4432.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/4432/head:pull/4432

PR: https://git.openjdk.java.net/jdk/pull/4432

Re: RFR: JDK-8268464 : Remove dependancy of TestHttpsServer, HttpTransaction, HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests [v2]

2021-06-11 Thread Mahendra Chhipa 
> …HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests

Mahendra Chhipa has updated the pull request incrementally with one additional 
commit since the last revision:

  Implemented review comments.

-

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/4432/files
  - new: https://git.openjdk.java.net/jdk/pull/4432/files/b490e1ff..49965732

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk=4432=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk=4432=00-01

  Stats: 36 lines in 2 files changed: 5 ins; 17 del; 14 mod
  Patch: https://git.openjdk.java.net/jdk/pull/4432.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/4432/head:pull/4432

PR: https://git.openjdk.java.net/jdk/pull/4432

Re: RFR: 8268427: Improve AlgorithmConstraints:checkAlgorithm performance

2021-06-11 Thread Dongbo He 
On Fri, 11 Jun 2021 04:21:15 GMT, Xue-Lei Andrew Fan  wrote:

>> The collection required when new Constraints() should retain the default 
>> case of the elements, because some code will depend on this, for example, .
>> [entry.startsWith("keySize")](https://github.com/openjdk/jdk/blob/dd1cbadc82bcecf718b96c833a5845fde79db061/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java#L383).
>> But the set required by the permits should unify the case of the elements, 
>> because algorithm may be uppercase or lowercase, but the Set:contains() 
>> cannot handle this situation.
>> So we need to create a new Set that ignores the default case of elements.
>
> For the entry.startsWith("keySize") example, I don't think keySize is an 
> algorithm that could be listed individually in the list.  The "keySize" may 
> be just a part one algorithm, for example "RSA keySize < 1024".
> 
> It's a good point about the lowercase and upper case.  Did you check how 
> constraints like the "keySize" are expressed in the list or set?

Yes, you're right. The "keySize" is not an independent algorithm listed in 
list, it exists in a form like "ec keysize <224".
In the case of "keySize", the object in the list stored in 
`algorithmConstraints` is `KeySizeConstraint`, then keysize will be checked in 
[algorithmConstraints.permits(algorithm, 
parameters)](https://github.com/openjdk/jdk/blob/dd1cbadc82bcecf718b96c833a5845fde79db061/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java#L169)
 by `KeySizeConstraint:permits`.

-

PR: https://git.openjdk.java.net/jdk/pull/4424