On Wed, 2 Mar 2022 00:13:41 GMT, Valerie Peng wrote:
> It's been several years since we increased the default key sizes. Before
> shifting to PQC, NSA replaced its Suite B cryptography recommendations with
> the Commercial National Security Algorithm Suite which suggests:
>
ested key size and algorithm changes.
> The changes are mostly in keytool, jarsigner and their regression tests, so
> @wangweij Could you please take a look?
>
> Thanks!
Valerie Peng has updated the pull request incrementally with one additional
commit since the last revision:
On Thu, 24 Mar 2022 06:41:11 GMT, Xue-Lei Andrew Fan wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Added comment regarding possible deadlocks.
>
> src/java.base/s
ested key size and algorithm changes.
> The changes are mostly in keytool, jarsigner and their regression tests, so
> @wangweij Could you please take a look?
>
> Thanks!
Valerie Peng has updated the pull request incrementally with one additional
commit since the last revisio
On Wed, 23 Mar 2022 21:51:51 GMT, Xue-Lei Andrew Fan wrote:
>> My very first prototype is to implement the AES keysize calculation as you
>> commented, i.e. in the static block and use an int for DEF_AES_KEY_SIZE.
>> However, it is later discovered through testing that this leads to deadlocks
On Wed, 23 Mar 2022 04:46:48 GMT, Xue-Lei Andrew Fan wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Minor code refactoring
>
> src/java.base/share/classes/sun/security/util/Security
ested key size and algorithm changes.
> The changes are mostly in keytool, jarsigner and their regression tests, so
> @wangweij Could you please take a look?
>
> Thanks!
Valerie Peng has updated the pull request incrementally with one additional
commit since the last revision:
Minor c
On Tue, 15 Mar 2022 20:51:25 GMT, Valerie Peng wrote:
>> It's been several years since we increased the default key sizes. Before
>> shifting to PQC, NSA replaced its Suite B cryptography recommendations with
>> the Commercial National Security Algorithm Suite which suggests
ested key size and algorithm changes.
> The changes are mostly in keytool, jarsigner and their regression tests, so
> @wangweij Could you please take a look?
>
> Thanks!
Valerie Peng has updated the pull request incrementally with one additional
commit since the last r
On Mon, 14 Mar 2022 21:24:15 GMT, Weijun Wang wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update again and undo DSA changes
>
> src/jdk.crypto.cryptoki/sha
On Mon, 14 Mar 2022 21:18:56 GMT, Weijun Wang wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update again and undo DSA changes
>
> src/jdk.crypto.cryptoki/sha
On Mon, 14 Mar 2022 21:08:30 GMT, Weijun Wang wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update again and undo DSA changes
>
> src/java.base/share/classes/sun/security/util/
ested key size and algorithm changes.
> The changes are mostly in keytool, jarsigner and their regression tests, so
> @wangweij Could you please take a look?
>
> Thanks!
Valerie Peng has updated the pull request incrementally with one additional
commit since the las
ested key size and algorithm changes.
> The changes are mostly in keytool, jarsigner and their regression tests, so
> @wangweij Could you please take a look?
>
> Thanks!
Valerie Peng has updated the pull request incrementally with one additional
commit since t
On Wed, 9 Mar 2022 19:44:39 GMT, Weijun Wang wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update JarSigner javadoc to make it consistent with previous update
>
> src/jdk.jart
ested key size and algorithm changes.
> The changes are mostly in keytool, jarsigner and their regression tests, so
> @wangweij Could you please take a look?
>
> Thanks!
Valerie Peng has updated the pull request incrementally with one additional
commit since the last revision:
ested key size and algorithm changes.
> The changes are mostly in keytool, jarsigner and their regression tests, so
> @wangweij Could you please take a look?
>
> Thanks!
Valerie Peng has updated the pull request incrementally with one additional
commit since the last revision:
Updat
On Wed, 2 Mar 2022 04:02:45 GMT, Anthony Scarpino wrote:
> I have some compatibility concerns about the AES change breaking code that
> expects a SecretKeySpec of 16 bytes. I can see situations where
> '.getEncoded()' returns a byte[32] when user code expects a byte[16]. Also,
> I'm pretty
It's been several years since we increased the default key sizes. Before
shifting to PQC, NSA replaced its Suite B cryptography recommendations with the
Commercial National Security Algorithm Suite which suggests:
- SHA-384 for secure hashing
- AES-256 for symmetric encryption
- RSA with 3072
On Tue, 3 Aug 2021 19:05:55 GMT, Weijun Wang wrote:
> `oddPart` contains a lot of info on the `modInverse` output, sometimes it's
> even the same. Clearing it in case the result is sensitive.
>
> No new regression test since it's difficult to access a temporary local
> variable in an internal
On Tue, 29 Jun 2021 00:07:41 GMT, Sean Coffey wrote:
>> Sufficient permissions missing if this code was ever to run with
>> SecurityManager.
>>
>> Cleanest approach appears to be use of InnocuousThread to create the
>> cleaner/poller threads.
>> Test case coverage extended to cover the
On Tue, 22 Jun 2021 20:08:03 GMT, Sean Coffey wrote:
>> Sufficient permissions missing if this code was ever to run with
>> SecurityManager.
>>
>> Cleanest approach appears to be use of InnocuousThread to create the
>> cleaner/poller threads.
>> Test case coverage extended to cover the
On Fri, 25 Jun 2021 19:39:22 GMT, Valerie Peng wrote:
>> Sean Coffey has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Move TokenPoller to Runnable
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkc
On Tue, 22 Jun 2021 20:08:03 GMT, Sean Coffey wrote:
>> Sufficient permissions missing if this code was ever to run with
>> SecurityManager.
>>
>> Cleanest approach appears to be use of InnocuousThread to create the
>> cleaner/poller threads.
>> Test case coverage extended to cover the
On Mon, 18 Jan 2021 11:03:06 GMT, Martin Buchholz wrote:
>> 8252412: [macos11] system dynamic libraries removed from filesystem
>
> Martin Buchholz has refreshed the contents of this pull request, and previous
> commits have been removed. The incremental views will show differences
> compared
On Fri, 22 Jan 2021 22:55:22 GMT, Jiangli Zhou wrote:
>> Ok, I see Java_sun_security_smartcardio_PlatformPCSC_initialize does dlopen
>> using the 'jLibName' (string) obtained from getLibraryName() and throws
>> IOException if dlopen fails. The change seems safe enough.
>>
>> I'm wondering if
On Mon, 18 Jan 2021 13:39:04 GMT, Claes Redestad wrote:
>> - The MD5 intrinsics added by
>> [JDK-8250902](https://bugs.openjdk.java.net/browse/JDK-8250902) shows that
>> the `int[] x` isn't actually needed. This also applies to the SHA intrinsics
>> from which the MD5 intrinsic takes
On Fri, 15 Jan 2021 23:36:35 GMT, Claes Redestad wrote:
>> - The MD5 intrinsics added by
>> [JDK-8250902](https://bugs.openjdk.java.net/browse/JDK-8250902) shows that
>> the `int[] x` isn't actually needed. This also applies to the SHA intrinsics
>> from which the MD5 intrinsic takes
On Sun, 20 Dec 2020 20:27:03 GMT, Claes Redestad wrote:
> - The MD5 intrinsics added by
> [JDK-8250902](https://bugs.openjdk.java.net/browse/JDK-8250902) shows that
> the `int[] x` isn't actually needed. This also applies to the SHA intrinsics
> from which the MD5 intrinsic takes inspiration
On Sun, 20 Dec 2020 20:27:03 GMT, Claes Redestad wrote:
> - The MD5 intrinsics added by
> [JDK-8250902](https://bugs.openjdk.java.net/browse/JDK-8250902) shows that
> the `int[] x` isn't actually needed. This also applies to the SHA intrinsics
> from which the MD5 intrinsic takes inspiration
On Thu, 7 Jan 2021 18:50:05 GMT, Claes Redestad wrote:
>> Removing the UUID clone cache and running the microbenchmark along with the
>> changes in #1933:
>>
>> Benchmark (size) Mode
>> CntScoreError Units
>>
On Fri, 8 Jan 2021 21:30:14 GMT, Martin Balao wrote:
>> As described in JDK-8259319 [1], this fix proposal is to set proper access
>> permissions so the SunPKCS11 provider can create instances of SunJCE classes
>> when a Security Manager is installed and the fallback scheme is used.
>>
>> No
On Wed, 6 Jan 2021 15:33:59 GMT, Martin Balao wrote:
> As described in JDK-8259319 [1], this fix proposal is to set proper access
> permissions so the SunPKCS11 provider can create instances of SunJCE classes
> when a Security Manager is installed and the fallback scheme is used.
>
> No
On Wed, 6 Jan 2021 15:33:59 GMT, Martin Balao wrote:
> As described in JDK-8259319 [1], this fix proposal is to set proper access
> permissions so the SunPKCS11 provider can create instances of SunJCE classes
> when a Security Manager is installed and the fallback scheme is used.
>
> No
On Wed, 6 Jan 2021 15:33:59 GMT, Martin Balao wrote:
> As described in JDK-8259319 [1], this fix proposal is to set proper access
> permissions so the SunPKCS11 provider can create instances of SunJCE classes
> when a Security Manager is installed and the fallback scheme is used.
>
> No
Could someone please help review this RFE?
Enhance default JDK providers except SunPKCS11 with signatures using SHA-3
family of digests. SunPKCS11 provider will
be updated separately (JDK-8242332).
This changes covers SUN, SunRsaSign, and SunEC providers. Changes are
straightforward, just add
I am also concerned about the changes in GSSLibStub.c about the default
value being GSS_C_AF_UNSPECinstead of GSS_C_AF_NULLADDR (line 194-195).
Can you try and see if Window works with GSS_C_AF_NULLADDR? If yes, I'd
prefer to not changing the default value for addresstype for the same
reason
Changeset: d922c8aba2f8
Author:valeriep
Date: 2013-12-03 17:23 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/d922c8aba2f8
8029158: sun/security/pkcs11/Signature/TestDSAKeyLength.java does not compile
(or run)
Summary: Add the missing library path and skip testing against
Changeset: 8d5a9245b9ca
Author:valeriep
Date: 2013-11-25 11:56 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/8d5a9245b9ca
7200306: SunPKCS11 provider delays the check of DSA key size for SHA1withDSA to
sign() instead of init()
Summary: Add key length checks to P11Signature
Changeset: 93826827e8b4
Author:valeriep
Date: 2013-11-19 15:29 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/93826827e8b4
8026943: SQE test jce/Global/Cipher/SameBuffer failed
Summary: Always use different input/output buffers when calling FeedbackCipher
objects
Changeset: 1597066b58ee
Author:valeriep
Date: 2013-10-08 11:07 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1597066b58ee
7196382: PKCS11 provider should support 2048-bit DH
Summary: Query and enforce range checking using the values from native PKCS11
library.
Reviewed-by:
Changeset: 162c015c434a
Author:valeriep
Date: 2013-07-11 11:43 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/162c015c434a
8020321: Problem in PKCS11 regression test TestRSAKeyLength
Summary: Corrected the isValidKeyLength array
Reviewed-by: xuelei
!
Changeset: f225da733291
Author:valeriep
Date: 2013-07-05 13:53 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f225da733291
8012637: Adjust CipherInputStream class to work in AEAD/GCM mode
Summary: Ensure the Cipher.doFinal() is called only once
Reviewed-by: xuelei
!
Changeset: 2ec31660cc0e
Author:valeriep
Date: 2013-05-07 14:04 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/2ec31660cc0e
8010134: A finalizer in sun.security.pkcs11.wrapper.PKCS11 perhaps should be
protected
Summary: Change the finalize method of PKCS11 class to be
Changeset: 7d4e30730f80
Author:valeriep
Date: 2013-04-04 20:05 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/7d4e30730f80
7155720: PKCS11 minor issues in native code
Summary: Added OOM handling to address the two issues found by parfait.
Reviewed-by: weijun
!
Changeset: 46e6a4b7ca26
Author:valeriep
Date: 2013-01-07 11:11 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/46e6a4b7ca26
6996769: support AEAD cipher
Summary: Added implementation for GCM mode under AES cipher
Reviewed-by: weijun
!
Changeset: f0aa997ad78b
Author:valeriep
Date: 2012-09-25 11:27 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/f0aa997ad78b
7199941: test about AES/ECB mode fails
Summary: Fixed the problem of field blockMode not having correct value for
AES algorithms.
Reviewed-by: vinnie
Changeset: e129833555f6
Author:valeriep
Date: 2012-09-04 18:41 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e129833555f6
7044060: Need to support NSA Suite B Cryptography algorithms
Summary: Add support for DSA parameter generation and OIDs for NSA Suite B
algorithms.
Changeset: 114fbbeb8f75
Author:valeriep
Date: 2012-08-10 13:08 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/114fbbeb8f75
7107613: scalability bloker in javax.crypto.CryptoPermissions
Summary: Changed the type of field perms from Hashtable to ConcurrentHashMap.
Reviewed-by:
Changeset: af1030be726a
Author:valeriep
Date: 2012-05-18 12:29 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/af1030be726a
7169496: Problem with the SHA-224 support for SunMSCAPI provider
Summary: Remove SHA224withRSA signature from SunMSCAPI provider due to lack of
windows
Changeset: 3e3017eba8ac
Author:valeriep
Date: 2012-05-08 17:57 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/3e3017eba8ac
4963723: Implement SHA-224
Summary: Add support for SHA-224, SHA224withRSA, SHA224withECDSA, HmacSHA224
and OAEPwithSHA-224AndMGF1Padding.
Reviewed-by:
Changeset: 4c4d2337dfad
Author:valeriep
Date: 2012-03-20 15:06 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/4c4d2337dfad
7146728: Inconsistent length for the generated secret using DH key agreement
impl from SunJCE and PKCS11
Summary: Always return the secret in the same
Changeset: bdbc32b2f920
Author:valeriep
Date: 2012-03-15 14:28 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/bdbc32b2f920
7130959: Tweak 7058133 fix for JDK 8 (javah makefile changes)
Summary: Fixed JAVAHFLAGS setting to use -bootclasspath.
Reviewed-by: wetmore
!
Changeset: ff24779c147f
Author:valeriep
Date: 2012-01-27 15:25 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ff24779c147f
7136538: typo in test/Makefile under the jdk_security3 target
Summary: Fixed the typo of secrity.
Reviewed-by: wetmore
! test/Makefile
Changeset: 313da5d059bf
Author:valeriep
Date: 2012-01-19 12:01 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/313da5d059bf
7092825: javax.crypto.Cipher.Transform.patternCache is synchronizedMap and
became scalability bottleneck.
Summary: Changed patternCache from
Changeset: ef3b6736c074
Author:valeriep
Date: 2012-01-12 16:04 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/ef3b6736c074
7088989: Improve the performance for T4 by utilizing the newly provided crypto
APIs
Summary: Added the OracleUcrypto provider for utilizing the Solaris
Changeset: cdc128128044
Author:valeriep
Date: 2012-01-05 18:18 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/cdc128128044
6414899: P11Digest should support cloning
Summary: Enhanced the PKCS11 Digest implementation to support cloning
Reviewed-by: vinnie
!
Changeset: a9dfdc523c2c
Author:valeriep
Date: 2011-12-21 14:08 -0800
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a9dfdc523c2c
6839886: Array overrun in pkcs11
Summary: Fix the wrong value when dealing w/ month and day.
Reviewed-by: mullan
!
Changeset: e93679cf1e1a
Author:valeriep
Date: 2011-06-30 18:42 -0700
URL: http://hg.openjdk.java.net/jdk8/tl/jdk/rev/e93679cf1e1a
7058133: Javah should use the freshly built classes instead of those from the
BOOTDIR jdk
Summary: Changed javah to use the newly built classes
Changeset: 40e2b3a25533
Author:valeriep
Date: 2011-04-29 13:31 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/40e2b3a25533
7036252: sunpkcs11-solaris.cfg needs a review
Summary: Updated the disabled mechanisms section since Solaris bug 6306708 has
been fixed.
Reviewed-by:
Changeset: 131ed7967996
Author:valeriep
Date: 2011-04-15 15:56 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/131ed7967996
7035115: sun/security/pkcs11/Provider/ConfigShortPath.java compilation failed
Summary: Updated the test to use reflection and skip when SunPKCS11
Changeset: 5d132f3bfbbf
Author:valeriep
Date: 2011-04-12 15:57 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/5d132f3bfbbf
7001094: Can't initialize SunPKCS11 more times than PKCS11 driver
maxSessionCount
Summary: Changed SessionManager to keep track of session count for
Changeset: 4a7da412db38
Author:valeriep
Date: 2011-03-15 18:42 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/4a7da412db38
7001933: Deadlock in java.lang.classloader.getPackage()
Summary: Modified to not holding the packages lock when calling parent CL.
Reviewed-by: dholmes,
Changeset: a52da0bada39
Author:valeriep
Date: 2011-03-07 14:14 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/a52da0bada39
6994008: PKCS11 should support RSA and RSA/ECB/NoPadding ciphers
Summary: Add support for RSA_X_509 mechanism and aliasing of RSA to
Changeset: 75216854fb53
Author:valeriep
Date: 2011-02-22 12:01 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/75216854fb53
6604496: Support for CKM_AES_CTR (counter mode)
Summary: Enhanced SunPKCS11 provider to support AES/CTR/NoPadding
transformation.
Reviewed-by: vinnie
Changeset: d4c2d2d72cfc
Author:valeriep
Date: 2010-12-22 18:30 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/d4c2d2d72cfc
6581254: pkcs11 provider fails to parse configuration file contains windows
short path
Summary: Modified configuration parsing code to support ~.
Changeset: 6deeca9378c0
Author:valeriep
Date: 2010-11-19 16:59 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6deeca9378c0
6203816: Can not run test/java/security/Security/ClassLoaderDeadlock.sh from
the command line
Summary: Fixed the script to not delete the provider
Changeset: 86ea594c1d10
Author:valeriep
Date: 2010-11-15 14:32 -0800
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/86ea594c1d10
6848930: JSN security test jce/Global/Cipher/PKCS5Padding cannot thrown
expected BadPaddingException
Summary: Disabled CKM_DES_CBC_PAD,
Changeset: 96d78263fdf7
Author:valeriep
Date: 2010-10-14 17:59 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/96d78263fdf7
6988081: Use GetPrimitiveArrayCritical instead GetByteArray to Reduce
allocation in some sunpkcs jni wrappers
Summary: Changed to use
Changeset: 1b430727f00d
Author:valeriep
Date: 2010-10-12 17:05 -0700
URL: http://hg.openjdk.java.net/jdk7/tl/jdk/rev/1b430727f00d
6887853: javadoc for java.lang.Classloader should be more clear
Summary: Updated the relevant javadoc description of java.lang.ClassLoader
class w/
70 matches
Mail list logo