Re: RFR: 8245527: LDAP Cnannel Binding support for Java GSS/Kerberos

About the prefix, it may follow RFC 5056 (See page 7, section 2.1). o Specifications of channel bindings for any secure channels MUST provide for a single, canonical octet string encoding of the channel bindings. Under this framework, channel bindings MUST start with the

Re: FYI: new javadoc tag to document system properties

In JCE and JSSE, the public APIs definition (javax.net.ssl) and the internal implementation (sun.security.ssl) are separated. The system property can be defined in the internal implementation classes. I think we should add the @systemProperty on the public APIs, right? The public API class

Re: RFR: 8148188: Enhance the security libraries to record events of interest

rev/ some jfr side edits also : * Change label from "X.509 Certificate" to "X509 Certificate" - JFR test fails with "." usage * Move the instance field variable name in CertChainEvent to "certChain" - JFR tests discourage use of  "ID" in "

Re: RFR: 8148188: Enhance the security libraries to record events of interest

(chc.conContext.conSession); No more comment. Thanks, Xuelei On 6/27/2018 11:57 AM, Xuelei Fan wrote: Hi Sean, I may reply in several replies. PKIXMasterCertPathValidator.java +  CertChainEvent cce = new CertChainEvent(); +  if(cce.isEnabled

Re: RFR: 8148188: Enhance the security libraries to record events of interest

, in JDK 11, "RSASSA-PSS" and "XDH" are added, but we really forgot that we may need to update this file as well. On 6/27/2018 12:14 PM, Seán Coffey wrote: On 27/06/2018 19:57, Xuelei Fan wrote: Hi Sean, I may reply in several replies. PKIXMasterCe

Re: RFR: 8148188: Enhance the security libraries to record events of interest

Hi Sean, I may reply in several replies. PKIXMasterCertPathValidator.java + CertChainEvent cce = new CertChainEvent(); + if(cce.isEnabled() || EventHelper.loggingSecurity()) { + String c = reversedCertList.stream() + .map(x ->

Re: RFR 8181594: Efficient and constant-time modular arithmetic

to ImmutableIntegerModuloP. On 3/11/2018 12:04 PM, Xuelei Fan wrote: On 2/26/2018 10:39 AM, Adam Petcher wrote: On 2/23/2018 12:46 PM, Xuelei Fan wrote: ArrayUtil.java: === I'm not very sure how widely this utilities will be used in the future. Looks like only BigIntegerModuloP uses

Re: RFR 8181594: Efficient and constant-time modular arithmetic

On 2/26/2018 10:39 AM, Adam Petcher wrote: http://cr.openjdk.java.net/~apetcher/8181594/webrev.01/ See inline below. On 2/23/2018 12:46 PM, Xuelei Fan wrote: ArrayUtil.java: === I'm not very sure how widely this utilities will be used in the future. Looks like only

Re: RFR 8198645 Use System.lineSeparator() instead of getProperty("line.separator")

Looks fine to me. Thanks! Xuelei On 2/23/2018 11:39 AM, Roger Riggs wrote: Please review cleanup replacements of System.getProperty("line.separator") with System.lineSeparator(). It uses the line separator from System instead of looking it up in the properties each time. Also fixed one

Re: RFR 8181594: Efficient and constant-time modular arithmetic

ArrayUtil.java: === I'm not very sure how widely this utilities will be used in the future. Looks like only BigIntegerModuloP uses this classes. I may prefer to define private methods for byte array swap in BigIntegerModuloP. BigIntegerModuloP.java: === As

Re: [10] RFR 8194666: ProblemList update for bugid associated with PreferredKey.java, ConcurrentHashMapTest and SSLSocketParametersTest.sh

I'm not very sure of the fix problems of JDK-8176354. But this changeset Looks fine to me. Thanks, Xuelei On 1/4/2018 7:55 PM, Amy Lu wrote: Please review this minor cleanup for test/jdk/ProblemList.txt on bugid that associated with tests. bug:

Re: 9 RFR of JDK-8176337: Mark several tests as intermittently failing

> sun/security/tools/keytool/DefaultSignatureAlgorithm.java > javax/net/ssl/DTLS/CipherSuite.java The above two updates look fine to me. Thanks, Xuelei On 3/7/2017 7:36 PM, Hamlin Li wrote: Would you please review below patch? bug: https://bugs.openjdk.java.net/browse/JDK-8176337 webrev:

Re: RFR 8170900: Issue with FilePermission::implies for wildcard flag(-)

16 3:58 PM, Wang Weijun wrote: On Dec 22, 2016, at 4:39 AM, Xuelei Fan <xuelei@oracle.com> wrote: I'm trying to understand this update. Does "/-" imply "/foo"? Yes. Does the following spec can be used to explain the new added note? * if t

Re: RFR 8170900: Issue with FilePermission::implies for wildcard flag(-)

I'm trying to understand this update. Does "/-" imply "/foo"? Does the following spec can be used to explain the new added note? * if the wildcard flag is "-", the simple pathname's path * must be recursively inside the wildcard pathname's path. Xuelei On 12/19/2016 11:25

Re: RFR 8168979: @implNote for invalid FilePermission

On 12/13/2016 5:45 PM, Wang Weijun wrote: A major behavior change is that <> now implies an invalid permission, I hope this is good to minimize incompatibility. Looks like two sides of the same coin. If there is an invalid > (not existing in practice, I think), it now implies all; if

Re: RFR 9: 8169416: SSLSessionImpl finalize overhead

Looks fine to me. Thanks, Xuelei > On 23 Nov 2016, at 5:41 AM, Roger Riggs wrote: > > Adding security-dev... > > Please review this change to remove an ineffective finalizer for SSLSessions. > The finalizer removes bindings from the SSLSession of a table that is also >

Re: RFR: 8154304: NullpointerException at LdapReferralException.getReferralContext

Looks nice to me. It would be nice to update the copyright date, too. Thanks, Xuelei On 4/15/2016 10:13 PM, Seán Coffey wrote: > I need to correct another issue related to JDK-8149450. If a > getReferralContext call is made on a ReferralContext that doesn't > contain any referrals (URI fields)

Re: RFR: 8149450: LdapCtx.processReturnCode() throwing Null Pointer Exception

Looks fine to me. Thanks, Xuelei On 4/10/2016 9:41 PM, Sean Coffey wrote: > Looking to fix this issue. Better checks for the referrrals field. > > bugID : https://bugs.openjdk.java.net/browse/JDK-8149450 > webrev : http://cr.openjdk.java.net/~coffeys/webrev.8149450.jdk9/webrev/ > > regards, >

Re: Code Review Request, 8152237 Support BigInteger.TWO

Thanks! Xuelei On 3/23/2016 9:44 PM, Wang Weijun wrote: > >> On Mar 23, 2016, at 7:23 PM, Xuelei Fan <xuelei@oracle.com> wrote: >> >> On 3/23/2016 5:44 PM, Wang Weijun wrote: >>> Then why not fix the 2 bugs in a single changeset? &

Re: Code Review Request, 8152237 Support BigInteger.TWO

t; [1] > http://docs.oracle.com/javase/8/docs/api/java/math/BigInteger.html#compareTo-java.math.BigInteger- > >> On 23 Mar 2016, at 12:23, Xuelei Fan <xuelei@oracle.com >> <mailto:xuelei@oracle.com>> wrote: >> >> On 3/23/2016 5:44 PM, Wang Weij

Re: Code Review Request, 8152237 Support BigInteger.TWO

. See the new webrev: http://cr.openjdk.java.net/~xuelei/8152237/webrev.01/ Xuelei > --Max > >> 在 2016年3月23日，17:06，Xuelei Fan <xuelei@oracle.com> 写道： >> >>> On 3/23/2016 3:34 PM, Wang Weijun wrote: >>> >>>> On Mar 23, 2016, at 12:48 PM,

Re: Code Review Request, 8152237 Support BigInteger.TWO

On 3/23/2016 3:34 PM, Wang Weijun wrote: > >> On Mar 23, 2016, at 12:48 PM, Xuelei Fan <xuelei@oracle.com> wrote: >> >> On 3/23/2016 12:10 PM, Wang Weijun wrote: >>> Only 3 files touched. Are you going to make the >>> s/BigInteger.valu

Re: Code Review Request, 8152237 Support BigInteger.TWO

On Mar 23, 2016, at 11:26 AM, Xuelei Fan <xuelei@oracle.com> wrote: Hi, Please review the update for the supporting of BigInteger.TWO: http://cr.openjdk.java.net/~xuelei/8152237/webrev/ BigInteger.valueOf(2) is a common BigInteger value used in binary and cryptography ope

Code Review Request, 8152237 Support BigInteger.TWO

Hi, Please review the update for the supporting of BigInteger.TWO: http://cr.openjdk.java.net/~xuelei/8152237/webrev/ BigInteger.valueOf(2) is a common BigInteger value used in binary and cryptography operation calculation. The BigInteger.TWO is not exported, and hence

Re: [9] Review request for 8085979: Make some DTLS feature functional tests work also for TLS protocol

. As would avoid the unnecessary old file logs. Xuelei -Konstantin On 06/09/2015 06:07 PM, Xuelei Fan wrote: On 6/9/2015 10:57 PM, Xuelei Fan wrote: Looks fine to me. Nice port to TLS protocols. A very minior comment about the class name. TLSUnSupportedCiphersTest.java: replease

Re: [9] Review request for 8085979: Make some DTLS feature functional tests work also for TLS protocol

On 6/9/2015 10:57 PM, Xuelei Fan wrote: Looks fine to me. Nice port to TLS protocols. A very minior comment about the class name. TLSUnSupportedCiphersTest.java: replease UnSupported with Unsupported. typo: replace UnSupported with Unsupported. Thanks, Xuelei On 6/8/2015 11:04 PM

Re: [9] Review request for 8085979: Make some DTLS feature functional tests work also for TLS protocol

On 6/9/2015 11:47 PM, Xuelei Fan wrote: On 6/9/2015 11:31 PM, Konstantin Shefov wrote: Xuelei, thanks for reviewing typo is corrected: http://cr.openjdk.java.net/~kshefov/8085979/webrev.01/ Why there are old UnSupportedCiphersTest.java files? If you have not committed the changeset, you

Re: [9] Review request for 8072515: Test Task: Develop new tests for JEP 219: Datagram Transport Layer Security (DTLS)

Looks fine to me. It's nice to keep each line not exceed 80 characters. For example - * @run main/othervm -Dtest.security.protocol=DTLS -Dtest.mode=norm DTLSBufferOverflowUnderflowTest + * @run main/othervm -Dtest.security.protocol=DTLS + * -Dtest.mode=norm

Re: Swing Dev Replace concat String to append in StringBuilder parameters

/StringBuilder.toString:()Ljava/lang/String; 38: areturn } -Pavel On 26 Aug 2014, at 06:20, Xuelei Fan xuelei@oracle.com wrote: I was wondering, is it nice to address it in Java compiler to use string builder for the string + operator? Xuelei On 8/26/2014 11:28 AM, Wang Weijun wrote: New

Re: Swing Dev Replace concat String to append in StringBuilder parameters

I was wondering, is it nice to address it in Java compiler to use string builder for the string + operator? Xuelei On 8/26/2014 11:28 AM, Wang Weijun wrote: New webrevs available at http://cr.openjdk.java.net/~weijun/8055723/client/webrev.01/

Re: JDK-8041679 Replace uses of StringBuffer with StringBuilder within the JDK

- security http://cr.openjdk.java.net/~psandoz/jdk9/sb/JDK-8041679-buffer-to-builder-security/webrev/ Looks fine to me. Thanks for making this update. Xuelei On 5/12/2014 6:03 PM, Paul Sandoz wrote: Hi, This is a request for review of Otavio's patch replacing StringBuffer with

Re: JDK 9 RFR of JDK-8027063 SecurityManger.getClassContext returns a raw type

Looks fine to me. Thanks, Xuelei On 1/7/2014 4:53 AM, Joe Darcy wrote: Hello, Please review the simple change to fix JDK-8027063 SecurityManger.getClassContext returns a raw type, which changes a signature of a protected method in SecurityManger to remove a use of raw types in the core

hg: jdk8/tl/jdk: 7093640: Enable client-side TLS 1.2 by default

Changeset: 8d35f0985dd7 Author:xuelei Date: 2013-12-18 16:46 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/8d35f0985dd7 7093640: Enable client-side TLS 1.2 by default Reviewed-by: weijun, mullan, wetmore ! src/share/classes/sun/security/ssl/ProtocolVersion.java !

hg: jdk8/tl/jdk: 8014266: regression test AsyncSSLSocketClose.java time out.

Changeset: 40d0ccd00f87 Author:xuelei Date: 2013-11-14 16:08 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/40d0ccd00f87 8014266: regression test AsyncSSLSocketClose.java time out. Reviewed-by: xuelei Contributed-by: Rajan Halade rajan.hal...@oracle.com !

hg: jdk8/tl/jdk: 8023147: Test DisabledShortRSAKeys.java intermittent failed

Changeset: 1158d504e39e Author:xuelei Date: 2013-11-13 01:14 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1158d504e39e 8023147: Test DisabledShortRSAKeys.java intermittent failed Reviewed-by: mullan ! test/sun/security/ssl/javax/net/ssl/TLSv12/DisabledShortRSAKeys.java

hg: jdk8/tl/jdk: 8026119: Regression test DHEKeySizing.java failing intermittently

Changeset: fb202a8e83c9 Author:xuelei Date: 2013-10-13 21:10 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/fb202a8e83c9 8026119: Regression test DHEKeySizing.java failing intermittently Reviewed-by: weijun !

hg: jdk8/tl/jdk: 6956398: make ephemeral DH key match the length of the certificate key

Changeset: 0d5f4f1782e8 Author:xuelei Date: 2013-10-07 18:46 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0d5f4f1782e8 6956398: make ephemeral DH key match the length of the certificate key Reviewed-by: weijun ! src/share/classes/sun/security/ssl/ServerHandshaker.java +

hg: jdk8/tl/jdk: 8025123: SNI support in Kerberos cipher suites

Changeset: 3fca37c636be Author:xuelei Date: 2013-10-01 20:25 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3fca37c636be 8025123: SNI support in Kerberos cipher suites Reviewed-by: weijun, xuelei Contributed-by: Artem Smotrakov artem.smotra...@oracle.com !

hg: jdk8/tl/jdk: 8024501: sun.security.mscapi.Key has no definition of serialVersionUID

Changeset: c9083205e6eb Author:xuelei Date: 2013-09-10 21:31 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/c9083205e6eb 8024501: sun.security.mscapi.Key has no definition of serialVersionUID Reviewed-by: weijun ! src/windows/classes/sun/security/mscapi/Key.java

hg: jdk8/tl/jdk: 8024444: Change to use othervm mode of tests in SSLEngineImpl

Changeset: f80b8af9c218 Author:xuelei Date: 2013-09-09 19:07 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f80b8af9c218 802: Change to use othervm mode of tests in SSLEngineImpl Reviewed-by: mullan !

hg: jdk8/tl/jdk: 7188657: There should be a way to reorder the JSSE ciphers

Changeset: 0f47f9f622d9 Author:xuelei Date: 2013-09-07 17:05 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0f47f9f622d9 7188657: There should be a way to reorder the JSSE ciphers Reviewed-by: weijun, wetmore ! src/share/classes/javax/net/ssl/SSLParameters.java !

hg: jdk8/tl/jdk: 8024068: sun/security/ssl/javax/net/ssl/ServerName/IllegalSNIName.java fails

Changeset: ead6babac5a9 Author:xuelei Date: 2013-09-01 20:00 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ead6babac5a9 8024068: sun/security/ssl/javax/net/ssl/ServerName/IllegalSNIName.java fails Reviewed-by: weijun !

hg: jdk8/tl/jdk: 8023881: IDN.USE_STD3_ASCII_RULES option is too strict to use Unicode in IDN.toASCII

Changeset: cdf68747b0fb Author:xuelei Date: 2013-08-29 18:58 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/cdf68747b0fb 8023881: IDN.USE_STD3_ASCII_RULES option is too strict to use Unicode in IDN.toASCII Reviewed-by: michaelm ! src/share/classes/java/net/IDN.java +

hg: jdk8/tl/jdk: 8020842: IDN do not throw IAE when hostname ends with a trailing dot

Changeset: 096e7c665857 Author:xuelei Date: 2013-08-19 17:42 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/096e7c665857 8020842: IDN do not throw IAE when hostname ends with a trailing dot Reviewed-by: weijun, michaelm ! src/share/classes/java/net/IDN.java +

hg: jdk8/tl/jdk: 8023230: The impl of KerberosClientKeyExchange maybe not exist

Changeset: 21a25911f7f7 Author:xuelei Date: 2013-08-19 18:49 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/21a25911f7f7 8023230: The impl of KerberosClientKeyExchange maybe not exist Reviewed-by: weijun ! src/share/classes/sun/security/ssl/KerberosClientKeyExchange.java

hg: jdk8/tl/jdk: 8022487: DEREncodedKeyValue.supportedKeyTypes should be private

Changeset: ea4f4164422e Author:xuelei Date: 2013-08-11 18:21 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ea4f4164422e 8022487: DEREncodedKeyValue.supportedKeyTypes should be private Reviewed-by: mullan !

hg: jdk8/tl/jdk: 8013809: deadlock in SSLSocketImpl between between write and close

Changeset: 8c7cf4926157 Author:xuelei Date: 2013-08-07 06:42 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/8c7cf4926157 8013809: deadlock in SSLSocketImpl between between write and close Reviewed-by: wetmore ! src/share/classes/sun/security/ssl/SSLSocketImpl.java

hg: jdk8/tl/jdk: 7127524: P11TlsPrfGenerator has anonymous inner class with serialVersionUID

Changeset: d6de149b9f20 Author:xuelei Date: 2013-08-01 07:34 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d6de149b9f20 7127524: P11TlsPrfGenerator has anonymous inner class with serialVersionUID Reviewed-by: vinnie !

hg: jdk8/tl/jdk: 8021841: Remove SSLEngineDeadlock.java from problem list

Changeset: 613cc7beba64 Author:xuelei Date: 2013-07-29 19:36 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/613cc7beba64 8021841: Remove SSLEngineDeadlock.java from problem list Reviewed-by: wetmore ! test/ProblemList.txt

hg: jdk8/tl/jdk: 8019359: To comment why not use no_renegotiation to reject client initiated renegotiation

Changeset: 60d1994f63f7 Author:xuelei Date: 2013-06-27 19:22 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/60d1994f63f7 8019359: To comment why not use no_renegotiation to reject client initiated renegotiation Reviewed-by: wetmore !

hg: jdk8/tl/jdk: 8017157: catch more exception in test RejectClientRenego

Changeset: a44bd993ce93 Author:xuelei Date: 2013-06-20 07:48 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a44bd993ce93 8017157: catch more exception in test RejectClientRenego Reviewed-by: vinnie !

hg: jdk8/tl/jdk: 7188658: Add possibility to disable client initiated renegotiation

Changeset: a76858faad59 Author:xuelei Date: 2013-06-19 02:33 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a76858faad59 7188658: Add possibility to disable client initiated renegotiation Reviewed-by: weijun, wetmore ! src/share/classes/sun/security/ssl/Handshaker.java !

hg: jdk8/tl/jdk: 8000456: Add programmatic deadlock detection in SSLEngineDeadlock

Changeset: 2d9da733014f Author:xuelei Date: 2013-06-18 18:50 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/2d9da733014f 8000456: Add programmatic deadlock detection in SSLEngineDeadlock Reviewed-by: wetmore !

hg: jdk8/tl/jdk: 8014618: Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement

Changeset: 6407106f1b1c Author:xuelei Date: 2013-05-30 22:02 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/6407106f1b1c 8014618: Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement Reviewed-by: xuelei Contributed-by: Pasi Eronen p...@iki.fi !

hg: jdk8/tl/jdk: 7160837: DigestOutputStream does not turn off digest calculation when close() is called

Changeset: 8402ef8fabde Author:ascarpino Date: 2013-05-30 22:19 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/8402ef8fabde 7160837: DigestOutputStream does not turn off digest calculation when close() is called Reviewed-by: mullan, xuelei !

hg: jdk8/tl/jdk: 6750584: Cipher.wrap/unwrap methods should define UnsupportedOperationException

Changeset: 918d9ac17740 Author:ascarpino Date: 2013-05-30 14:11 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/918d9ac17740 6750584: Cipher.wrap/unwrap methods should define UnsupportedOperationException Reviewed-by: mullan ! src/share/classes/javax/crypto/Cipher.java !

Code review request, JDK-8010814, More buffers are stored or returned without cloning

Hi, There is another fix to avoid the use of mutable objects. webrev: http://cr.openjdk.java.net/~xuelei/8010814/webrev.00/ Thanks, Xuelei

Re: Code review request, JDK-8010814, More buffers are stored or returned without cloning

if those env cases belong to #1. I think both fixes are for #2. Xuelei Thanks Max On 5/16/13 5:08 PM, Xuelei Fan wrote: Hi, There is another fix to avoid the use of mutable objects. webrev: http://cr.openjdk.java.net/~xuelei/8010814/webrev.00/ Thanks, Xuelei

hg: jdk8/tl/jdk: 8005535: SSLSessionImpl should have protected finalize()

Changeset: 76998d11a643 Author:xuelei Date: 2013-05-13 05:41 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/76998d11a643 8005535: SSLSessionImpl should have protected finalize() Reviewed-by: weijun, wetmore ! src/share/classes/sun/security/ssl/SSLSessionImpl.java

hg: jdk8/tl/jdk: 8005598: (reopened) Need to clone array of input/output parameters

Changeset: 46db0e633240 Author:xuelei Date: 2013-05-13 06:05 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/46db0e633240 8005598: (reopened) Need to clone array of input/output parameters Reviewed-by: weijun ! src/share/classes/com/sun/jndi/dns/DnsContext.java !

Code review request, JDK-8010815, some constructors issues in com.sun.jndi.toolkit

Hi, There is some constructors issues about mutable objects in com.sun.jndi.toolkit. webrev: http://cr.openjdk.java.net/~xuelei/8010815/webrev.00/ Thanks, Xuelei

Code review request: 8005598 (reopened) Need to clone array of input/output parameters

Hi, It's a correction of previous fix of JDK-8003265: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4472a641b4dc Which introduced compiler warning and error, and backouted later. Thanks, Xuelei

Re: Code review request: 8005598 (reopened) Need to clone array of input/output parameters

Oops, here is the webrev: http://cr.openjdk.java.net/~xuelei/8005598/webrev.00/ Xuelei On 5/9/2013 10:30 AM, Xuelei Fan wrote: Hi, It's a correction of previous fix of JDK-8003265: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4472a641b4dc Which introduced compiler warning and error

hg: jdk8/tl/jdk: 8006935: Need to take care of long secret keys in HMAC/PRF compuation

Changeset: 7bdb3e186497 Author:xuelei Date: 2013-04-18 22:23 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/7bdb3e186497 8006935: Need to take care of long secret keys in HMAC/PRF compuation Reviewed-by: valeriep !

hg: jdk8/tl/jdk: 7030966: Support AEAD CipherSuites

Changeset: def2e05299b7 Author:xuelei Date: 2013-03-01 02:34 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/def2e05299b7 7030966: Support AEAD CipherSuites Reviewed-by: weijun, wetmore, valeriep ! src/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java !

hg: jdk8/tl/jdk: 8006265: Add test SSLEngineDeadlock.java to ProblemList

Changeset: edb7e34a0531 Author:xuelei Date: 2013-01-14 18:31 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/edb7e34a0531 8006265: Add test SSLEngineDeadlock.java to ProblemList Reviewed-by: weijun ! test/ProblemList.txt

hg: jdk8/tl/jdk: 7109274: Restrict the use of certificates with RSA keys less than 1024 bits

Changeset: 645d774b683a Author:xuelei Date: 2012-12-28 00:48 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/645d774b683a 7109274: Restrict the use of certificates with RSA keys less than 1024 bits Summary: This restriction is applied via the Java Security property,

hg: jdk8/tl/jdk: 8003265: Need to clone array of input/output parameters

Changeset: 4472a641b4dc Author:xuelei Date: 2012-12-28 03:50 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4472a641b4dc 8003265: Need to clone array of input/output parameters Reviewed-by: mullan ! src/share/classes/com/sun/jndi/dns/DnsContext.java !

hg: jdk8/tl/jdk: 8004184: security tests leave JSSEServer running

Changeset: ead651efb271 Author:xuelei Date: 2012-12-03 06:00 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ead651efb271 8004184: security tests leave JSSEServer running Summary: Use othervm mode to release resources, and correct the system properties issues in JSSE

hg: jdk8/tl/jdk: 8004019: Removes unused method HandshakeHash.setCertificateVerifyAlg()

Changeset: 46c627801490 Author:xuelei Date: 2012-11-28 05:18 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/46c627801490 8004019: Removes unused method HandshakeHash.setCertificateVerifyAlg() Summary: certification verification in HandshakeHash was abandoned during TLS 1.2

hg: jdk8/tl/jdk: 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl

Changeset: f7d45462b225 Author:xuelei Date: 2012-11-24 04:09 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f7d45462b225 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl Reviewed-by: xuelei Contributed-by: Florian Weimer

hg: jdk8/tl/jdk: 8003951: Removes unused variables in sun.security.ssl

Changeset: d30c13172254 Author:xuelei Date: 2012-11-24 04:27 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d30c13172254 8003951: Removes unused variables in sun.security.ssl Reviewed-by: xuelei Contributed-by: Florian Weimer fwei...@redhat.com !

hg: jdk8/tl/jdk: 8003587: Warning cleanup in package javax.net.ssl

Changeset: 25e5df117021 Author:xuelei Date: 2012-11-18 01:31 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/25e5df117021 8003587: Warning cleanup in package javax.net.ssl Summary: Removes unnecessary imports and adds missing Override annotations Reviewed-by: xuelei

Re: [8] Code Review Request for CR 7167056 - Clarify that BasicPermission names that contain non-wildcard asterisks are not invalid

Looks fine to me. Xuelei On 11/16/2012 10:54 PM, Sean Mullan wrote: This change affects components in the security and core libs areas. This is a minor specification clarification to avoid the use of the terms valid and invalid when describing the syntax for wildcard names in

hg: jdk8/tl/jdk: 8001569: Regression test GetPeerHost uses static port number

Changeset: 9edfa0e761b9 Author:xuelei Date: 2012-11-09 01:15 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9edfa0e761b9 8001569: Regression test GetPeerHost uses static port number Reviewed-by: weijun !

hg: jdk8/tl/jdk: 8001466: Nightly regression test failure of SSLSocketSNISensitive.java

Changeset: e782f3c383fe Author:xuelei Date: 2012-10-24 08:25 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e782f3c383fe 8001466: Nightly regression test failure of SSLSocketSNISensitive.java Reviewed-by: weijun !

hg: jdk8/tl/jdk: 7200295: CertificateRequest message is wrapping when using large numbers of Certs

Changeset: a58585051c4b Author:xuelei Date: 2012-09-26 21:05 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a58585051c4b 7200295: CertificateRequest message is wrapping when using large numbers of Certs Reviewed-by: wetmore !

hg: jdk8/tl/jdk: 7199066: Typo in method name

Changeset: 88a4f699d233 Author:xuelei Date: 2012-09-18 06:51 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/88a4f699d233 7199066: Typo in method name Reviewed-by: mullan ! src/share/classes/sun/security/ssl/SSLContextImpl.java !

hg: jdk8/tl/jdk: 7195733: TEST_BUG: sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/B6216082.java failing

Changeset: b7b33a3c9df0 Author:xuelei Date: 2012-09-04 02:24 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/b7b33a3c9df0 7195733: TEST_BUG: sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/B6216082.java failing Reviewed-by: chegar, alanb, xuelei

hg: jdk8/tl/jdk: 7185576: Need to consider the connection timeout at test/com/sun/jndi/ldap/InvalidLdapFilters.java

Changeset: e0e7cc711bda Author:xuelei Date: 2012-07-24 03:31 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e0e7cc711bda 7185576: Need to consider the connection timeout at test/com/sun/jndi/ldap/InvalidLdapFilters.java Reviewed-by: vinnie !

hg: jdk8/tl/jdk: 7180038: regression test failure, SSLEngineBadBufferArrayAccess.java

Changeset: 3ae91286f313 Author:xuelei Date: 2012-07-03 20:29 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3ae91286f313 7180038: regression test failure, SSLEngineBadBufferArrayAccess.java Reviewed-by: weijun !

hg: jdk8/tl/jdk: 7166487: checkSequenceNumber method never called within readRecord of SSLEngineImpl

Changeset: cdcbd22cfb9d Author:xuelei Date: 2012-06-19 17:28 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/cdcbd22cfb9d 7166487: checkSequenceNumber method never called within readRecord of SSLEngineImpl Reviewed-by: weijun !

hg: jdk8/tl/jdk: 7174244: NPE in Krb5ProxyImpl.getServerKeys()

Changeset: f8e72d7ff37d Author:xuelei Date: 2012-06-06 18:18 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f8e72d7ff37d 7174244: NPE in Krb5ProxyImpl.getServerKeys() Reviewed-by: weijun ! src/share/classes/sun/security/ssl/SSLContextImpl.java !

hg: jdk8/tl/jdk: 7172149: ArrayIndexOutOfBoundsException from Signature.verify

Changeset: 713b10821c3d Author:xuelei Date: 2012-06-06 18:39 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/713b10821c3d 7172149: ArrayIndexOutOfBoundsException from Signature.verify Summary: take care of integer addition overflow Reviewed-by: xuelei, wetmore Contributed-by:

hg: jdk8/tl/jdk: 7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows

Changeset: 9fe6ebbe5895 Author:xuelei Date: 2012-05-17 21:59 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/9fe6ebbe5895 7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows Reviewed-by: vinnie, wetmore ! test/sun/security/mscapi/ShortRSAKey1024.sh !

hg: jdk8/tl/jdk: 7167988: PKIX CertPathBuilder in reverse mode doesn't work if more than one trust anchor is specified

Changeset: df3152beef2f Author:xuelei Date: 2012-05-14 07:26 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/df3152beef2f 7167988: PKIX CertPathBuilder in reverse mode doesn't work if more than one trust anchor is specified Reviewed-by: mullan !

hg: jdk8/tl/jdk: 7166570: JSSE certificate validation has started to fail for certificate chains

Changeset: 0f63f3390ac9 Author:xuelei Date: 2012-05-08 18:08 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0f63f3390ac9 7166570: JSSE certificate validation has started to fail for certificate chains Reviewed-by: wetmore !

hg: jdk8/tl/jdk: 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites

Changeset: 41d3f7509e00 Author:xuelei Date: 2012-05-04 17:28 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/41d3f7509e00 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites Reviewed-by: weijun !

hg: jdk8/tl/jdk: 7158688: Typo in SSLContext Spec

Changeset: 71fdf32fdc65 Author:xuelei Date: 2012-05-01 03:48 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/71fdf32fdc65 7158688: Typo in SSLContext Spec Reviewed-by: weijun, wetmore ! src/share/classes/javax/net/ssl/SSLContext.java

hg: jdk8/tl/jdk: 6996372: synchronizing handshaking hash

Changeset: f0842ed897c3 Author:xuelei Date: 2012-04-27 04:25 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f0842ed897c3 6996372: synchronizing handshaking hash Summary: remove the unnecessary synchronization. Also reviewed by David Schlosnagle (schlo...@gmail.com)

hg: jdk8/tl/jdk: 7147407: remove never used debug code in DnsClient.java

Changeset: a4e3dde9a8a7 Author:xuelei Date: 2012-02-21 05:44 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a4e3dde9a8a7 7147407: remove never used debug code in DnsClient.java Reviewed-by: vinnie ! src/share/classes/com/sun/jndi/dns/DnsClient.java

hg: jdk8/tl/jdk: 7145837: a little performance improvement on the usage of SecureRandom

Changeset: 45804d661008 Author:xuelei Date: 2012-02-15 23:45 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/45804d661008 7145837: a little performance improvement on the usage of SecureRandom Reviewed-by: chegar, wetmore ! src/share/classes/sun/security/ssl/CipherSuite.java

hg: jdk8/tl/jdk: 7144781: incorrect URLs in JSSE java doc

Changeset: da8b8ee281f9 Author:xuelei Date: 2012-02-10 22:17 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/da8b8ee281f9 7144781: incorrect URLs in JSSE java doc Reviewed-by: wetmore, skannan ! src/share/classes/javax/net/ssl/ExtendedSSLSession.java !

hg: jdk8/tl/jdk: 7132248: sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CookieHttpsClientTest.java failing

Changeset: d383b5d128e3 Author:xuelei Date: 2012-01-23 04:44 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d383b5d128e3 7132248: sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CookieHttpsClientTest.java failing Reviewed-by: alanb !

hg: jdk8/tl/jdk: 7106773: 512 bits RSA key cannot work with SHA384 and SHA512

Changeset: 11e52d5ba64e Author:xuelei Date: 2012-01-12 03:39 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/11e52d5ba64e 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 Reviewed-by: weijun ! src/share/classes/sun/security/pkcs11/P11Cipher.java !

hg: jdk8/tl/jdk: 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager

Changeset: 82151e860a64 Author:xuelei Date: 2011-11-23 03:40 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/82151e860a64 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager Summary: also reviewed by dennis...@oracle.com Reviewed-by: mullan !

hg: jdk8/tl/jdk: 7111548: unexpected debug log message

Changeset: 5c7c83a6ee24 Author:xuelei Date: 2011-11-14 01:21 -0800 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/5c7c83a6ee24 7111548: unexpected debug log message Reviewed-by: wetmore ! src/share/classes/sun/security/ssl/SSLSocketImpl.java

hg: jdk8/tl/jdk: 7106277: Brokenness in the seqNumberOverflow of MAC

Changeset: 30900a1a9cfc Author:xuelei Date: 2011-10-30 20:07 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/30900a1a9cfc 7106277: Brokenness in the seqNumberOverflow of MAC Reviewed-by: wetmore ! src/share/classes/sun/security/ssl/MAC.java

hg: jdk8/tl/jdk: 7092375: Security Libraries don't build with javac -Werror

Changeset: ffa762153af4 Author:xuelei Date: 2011-09-28 15:10 -0700 URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ffa762153af4 7092375: Security Libraries don't build with javac -Werror Summary: Changes to security related java and make files to remove warnings Reviewed-by: xuelei

Re: Request for review: 7084245: Update usages of InternalError to use exception chaining

I reviewed the security part. In general, it looks fine. But sometimes, from my very personal view, the exception-chain might be over used. For example, the following code: try { md = MessageDigest.getInstance(SHA); } catch (NoSuchAlgorithmException nsae) { throw new

  1   2   >