Re: AlgorithmConstraints caching [ was Re: RFR: 8284694: Avoid evaluating SSLAlgorithmConstraints twice]

2022-04-22 Thread Daniel Jeliński
Hi Tony & Sean, As it turns out, caching the availability of algorithms is sufficient to get a massive speedup here. Check out the results on https://github.com/openjdk/jdk/pull/8349 and let me know what you think. Regards, Daniel śr., 20 kwi 2022 o 22:22 Seán Coffey napisał(a): > > I think the

Re: RFR: 8285431: Assertion in NativeGSSContext constructor

2022-04-22 Thread Daniel Jeliński
On Fri, 22 Apr 2022 06:26:01 GMT, Xue-Lei Andrew Fan wrote: > Hi, > > May I have the simple update reviewed. > > In the NativeGSSContext constructor for imported context, the assert is use > on the object field, instead of the input parameters. As in a constructor, > `'this'` object does not

Re: RFR: 8284490: Remove finalizer method in java.security.jgss [v7]

2022-04-22 Thread Daniel Fuchs
On Wed, 20 Apr 2022 15:54:07 GMT, Xue-Lei Andrew Fan wrote: >> Please review the update to remove finalizer method in the >> java.security.jgss module. It is one of the efforts to clean up the use of >> finalizer method in JDK. > > Xue-Lei Andrew Fan has updated the pull request incrementally w

RFR: 8285404: RSA signature verification should follow RFC 8017 8.2.2 Step 4

2022-04-22 Thread Weijun Wang
Compare encoded instead of decoded digest in RSA signature verification. - Commit messages: - RFC 8017 8.2.2 Step 4 Changes: https://git.openjdk.java.net/jdk/pull/8365/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=8365&range=00 Issue: https://bugs.openjdk.java.net/b

Re: RFR: 8285404: RSA signature verification should follow RFC 8017 8.2.2 Step 4

2022-04-22 Thread Michael StJohns
On 4/22/2022 1:21 PM, Weijun Wang wrote: Compare encoded instead of decoded digest in RSA signature verification. - Commit messages: - RFC 8017 8.2.2 Step 4 Changes:https://git.openjdk.java.net/jdk/pull/8365/files Webrev:https://webrevs.openjdk.java.net/?repo=jdk&pr=8365&range=

Re: RFR: 8285404: RSA signature verification should follow RFC 8017 8.2.2 Step 4

2022-04-22 Thread Weijun Wang
On Fri, 22 Apr 2022 18:09:33 GMT, Michael StJohns wrote: > This is a weird one.? AFAICT the way it was being done is valid and > allowed by RFC8017 - I would have closed the bug report as notabug Yes, I saw the "Note". It's definitely OK to decode but one has to make sure the input is DER encod

RFR: 8285389: EdDSA trimming zeros

2022-04-22 Thread Anthony Scarpino
Hi, I'd like a code review of this change to EdDSA. ed25519 and ed448 internally was trimming extra zeros off the end of the signature before processing. This can result in some verify testing failures which are strict about the signature length passed into the operation. thanks Tony --

Re: RFR: 8285431: Assertion in NativeGSSContext constructor

2022-04-22 Thread Valerie Peng
On Fri, 22 Apr 2022 06:26:01 GMT, Xue-Lei Andrew Fan wrote: > Hi, > > May I have the simple update reviewed. > > In the NativeGSSContext constructor for imported context, the assert is use > on the object field, instead of the input parameters. As in a constructor, > `'this'` object does not

Re: RFR: 8285404: RSA signature verification should follow RFC 8017 8.2.2 Step 4

2022-04-22 Thread Valerie Peng
On Fri, 22 Apr 2022 17:10:58 GMT, Weijun Wang wrote: > Compare encoded instead of decoded digest in RSA signature verification. Regardless whether we ended up with decode/encode, we should make sure RSASSA-PSS signature impl is also covered and consistent. - PR: https://git.openjd

Re: A possible JEP to replace SecurityManager after JEP 411

2022-04-22 Thread Martin Balao
Hi, On 4/8/22 11:13 AM, Sean Mullan wrote: > In general, I think authorization is best done at a higher layer within > the application and not via low-level SM callouts. Authorize the subject > first and if not acceptable, prevent the operation or API from being > called in the first place. Once t

Re: A possible JEP to replace SecurityManager after JEP 411

2022-04-22 Thread Peter Firmstone
Hi Martin, I'm curious, you sound like you arrived at this opinion from experience?  Rather than being an upper layer only concern, my opinion is that it requires lower layer intervention / controls, with upper layers providing the decision making context. My reason for asking is, we're basi