Clearing buffers and temporary arrays to avoid data leaks in cipher operations.
-
Commit messages:
- the fix
Changes: https://git.openjdk.org/jdk/pull/9158/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=9158&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8282038
St
At the beginning, this bug was about the incorrect warning message "Unsupported
authentication scheme" on line 1051 which should have been "This key algorithm
has been checked, skip it".
Now, it's a code refactoring that emphasizes only the key algorithm inside a
signature scheme is checked in
On Fri, 10 Jun 2022 21:27:58 GMT, Mark Powers wrote:
>> https://bugs.openjdk.java.net/browse/JDK-8285263 Minor cleanup could be done
>> in java.security
>>
>> JDK-8273046 is the umbrella bug for this bug. The changes were too large for
>> a single code review, so it was decided to split into s
On Fri, 10 Jun 2022 23:49:45 GMT, Hai-May Chao wrote:
> Please review the small fix in comment.
LGTM. Thanks.
-
Marked as reviewed by weijun (Reviewer).
PR: https://git.openjdk.org/jdk/pull/9135
On Thu, 9 Jun 2022 21:34:56 GMT, Weijun Wang wrote:
> Add comment to the method.
This pull request has now been integrated.
Changeset: d4b473d8
Author: Weijun Wang
URL:
https://git.openjdk.org/jdk/commit/d4b473d89046874f25aa6f65f3ae96f7d8397d50
Stats: 8 lines in 1 file chan
On Fri, 10 Jun 2022 00:35:16 GMT, Mark Powers wrote:
>> src/java.base/share/classes/java/security/SecureRandom.java line 905:
>>
>>> 903: private static final Pattern pattern =
>>> 904: Pattern.compile(
>>> 905: "\\s*([\\S&&[^:,]]*)(:([\\S&&[^,]]*))?\\s*(,(.*)
On Fri, 10 Jun 2022 21:27:58 GMT, Mark Powers wrote:
>> https://bugs.openjdk.java.net/browse/JDK-8285263 Minor cleanup could be done
>> in java.security
>>
>> JDK-8273046 is the umbrella bug for this bug. The changes were too large for
>> a single code review, so it was decided to split into s
On Thu, 9 Jun 2022 22:29:36 GMT, Jamil Nimeh wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> verb
>
> src/java.base/share/classes/sun/security/util/math/IntegerModuloP.java line
>
> Add comment to the method.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
verb
-
Changes:
- all: https://git.openjdk.org/jdk/pull/9115/files
- new: https://git.openjdk.org/jdk/pull/9115/files/36741bba..15ef8
Add comment to the method.
-
Commit messages:
- add comment
Changes: https://git.openjdk.org/jdk/pull/9115/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=9115&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8287178
Stats: 8 lines in 1 file changed: 7 ins; 0 del
On Tue, 7 Jun 2022 15:37:02 GMT, Mark Powers wrote:
>> https://bugs.openjdk.java.net/browse/JDK-8285263 Minor cleanup could be done
>> in java.security
>>
>> JDK-8273046 is the umbrella bug for this bug. The changes were too large for
>> a single code review, so it was decided to split into sm
Switch to wide char version of `CertGetNameString` to get the non-ASCII name.
-
Commit messages:
- the fix
Changes: https://git.openjdk.java.net/jdk/pull/9085/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=9085&range=00
Issue: https://bugs.openjdk.org/browse/JDK-6522
On Tue, 24 May 2022 16:29:02 GMT, Sean Mullan wrote:
> Please review this fix to the XML Signature implementation to check for null
> or missing DSA parameters and throw a MarshalException before trying to
> create a DSA public key from its XML encoding. This will allow the code to
> fail earl
On Tue, 24 May 2022 16:29:02 GMT, Sean Mullan wrote:
> Please review this fix to the XML Signature implementation to check for null
> or missing DSA parameters and throw a MarshalException before trying to
> create a DSA public key from its XML encoding. This will allow the code to
> fail earl
On Mon, 23 May 2022 21:44:39 GMT, Valerie Peng wrote:
>> Need to update the 3 header files due to expiring business approval for 3rd
>> party.
>>
>> The header files contain tabs which jcheck disallows, so I have to replace
>> them with spaces.
>>
>> Thanks,
>> Valerie
>
> Valerie Peng has up
On Tue, 17 May 2022 19:56:22 GMT, Weijun Wang wrote:
> Let ECDSA's `engineGetParameters()` always return null. At the same time,
> remove the remembered `sigParams` field. One behavior change is that after
> calling `setParameter()`, one can call `init()` again with a key usin
gt; Also added SHA1withECDSA to the no-NULL list in `KnownOIDs`.
>
> All security-related tests passed.
Weijun Wang has updated the pull request with a new target base due to a merge
or a rebase. The incremental webrev excludes the unrelated changes brought in
by the merge/rebase. The p
On Wed, 18 May 2022 16:19:40 GMT, Sibabrata Sahoo wrote:
> A new API to execute kinit.
Marked as reviewed by weijun (Reviewer).
-
PR: https://git.openjdk.java.net/jdk/pull/8775
gt; Also added SHA1withECDSA to the no-NULL list in `KnownOIDs`.
>
> All security-related tests passed.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
will not read params for ECDSA
-
Changes:
- all: https://git.
On Tue, 17 May 2022 22:22:36 GMT, Valerie Peng wrote:
>> This is to update the method javadoc of
>> java.security.Signature.getParameters() with the missing `@throws
>> UnsupportedOperationException`. In addition, the wording on the returned
>> parameters are updated to match those in Cipher a
On Tue, 17 May 2022 20:27:41 GMT, Jamil Nimeh wrote:
> Do the behavioral changes you've cited in the PR description warrant a CSR,
> or do you feel this behavioral change is still consistent with the current
> Signature API documentation?
I think so. In fact, after this change, there's simply
Let ECDSA's `engineGetParameters()` always return null. At the same time,
remove the remembered `sigParams` field. One behavior change is that after
calling `setParameter()`, one can call `init()` again with a key using
different parameters. I think this should be allowed since we are reusing th
On Thu, 12 May 2022 22:52:59 GMT, Valerie Peng wrote:
>> This change refactors the PBES2Core and PKCS12PBECipherCore classes in
>> SunJCE provider as requested in the bug record. Functionality should remain
>> the same with a clearer and simplified code/control flow with less lines of
>> code.
On Wed, 11 May 2022 16:01:39 GMT, Mat Carter wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
>> "Windows-MY" and "Windows-ROOT" remain uncha
On Wed, 11 May 2022 15:55:40 GMT, Mat Carter wrote:
>> Mat Carter has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Add test from wangweij
>
> @christophbrejla - my goal is to backport to latest (18 or 19), 17 and 11
@macarte I think Sean
On Mon, 9 May 2022 21:44:10 GMT, Weijun Wang wrote:
> `AlgorithmId.getName` is updated for PBES2 algorithm identifiers so it
> directly returns the standard algorithm defined by Java (Ex:
> `PBEWithHmacSHA256AndAES_256`), instead of a simple "PBES2".
>
> Please note
On Wed, 11 May 2022 21:55:45 GMT, Weijun Wang wrote:
> This code change allows one entering "." at a distinguished name prompt to
> skip a sub-component when running `keytool -genkeyapir`. Several new resource
> strings are added.
>
> There is no detailed descriptio
On Thu, 12 May 2022 21:31:39 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/PBES2Core.java line 244:
>>
>>> 242: iCount = DEFAULT_COUNT;
>>> 243: }
>>> 244: //if (ivSpec == null) { // old behavior always generat
On Thu, 12 May 2022 03:28:15 GMT, Valerie Peng wrote:
>> This change refactors the PBES2Core and PKCS12PBECipherCore classes in
>> SunJCE provider as requested in the bug record. Functionality should remain
>> the same with a clearer and simplified code/control flow with less lines of
>> code.
On Thu, 12 May 2022 03:28:15 GMT, Valerie Peng wrote:
>> This change refactors the PBES2Core and PKCS12PBECipherCore classes in
>> SunJCE provider as requested in the bug record. Functionality should remain
>> the same with a clearer and simplified code/control flow with less lines of
>> code.
"." is entered for all fields and keytool rejected it. In
> the second round, CN is entered but the others are unchanged (just type
> enter, because they are already entered previously). At the end, the name is
> "CN=Duke".
Weijun Wang has updated the pu
On Thu, 10 Mar 2022 08:52:17 GMT, Сергей Цыпанов wrote:
>> `List.of()` along with `Set.of()` create unmodifiable `List/Set` but with
>> smaller footprint comparing to `Arrays.asList()` / `new HashSet()` when
>> called with vararg of size 0, 1, 2.
>>
>> In general replacement of `Arrays.asList(
On Wed, 11 May 2022 23:40:46 GMT, Weijun Wang wrote:
>> This code change allows one entering "." at a distinguished name prompt to
>> skip a sub-component when running `keytool -genkeyapir`. Several new
>> resource strings are added.
>>
>> There is
On Wed, 11 May 2022 22:35:32 GMT, Weijun Wang wrote:
> Add missing OIDs for 2 secret key algorithms. These will be used when storing
> secret keys in a PKCS12 keystore. Like DES and DESede, the OIDs were
> originally defined for CBC mode cipher algorithms, they are reused here f
On Wed, 11 May 2022 15:55:40 GMT, Mat Carter wrote:
> @christophbrejla - my goal is to backport to latest (18 or 19), 17 and 11
Then please add the versions to the "Fix Version(s)" field of the CSR. There
are also some questions waiting for you in the comment there.
-
PR: https://
On Wed, 11 May 2022 22:02:42 GMT, Valerie Peng wrote:
>> This change refactors the PBES2Core and PKCS12PBECipherCore classes in
>> SunJCE provider as requested in the bug record. Functionality should remain
>> the same with a clearer and simplified code/control flow with less lines of
>> code.
"." is entered for all fields and keytool rejected it. In
> the second round, CN is entered but the others are unchanged (just type
> enter, because they are already entered previously). At the end, the name is
> "CN=Duke".
Weijun Wang has updated
On Wed, 11 May 2022 22:37:18 GMT, Jamil Nimeh wrote:
>> This code change allows one entering "." at a distinguished name prompt to
>> skip a sub-component when running `keytool -genkeyapir`. Several new
>> resource strings are added.
>>
>> There is no detailed description in `keytool.html`, so
Add missing OIDs for 2 secret key algorithms. These will be used when storing
secret keys in a PKCS12 keystore. Like DES and DESede, the OIDs were originally
defined for CBC mode cipher algorithms, they are reused here for key algorithms.
OpenSSL uses the same OIDs for cipher algorithms.
1 3 6
This code change allows one entering "." at a distinguished name prompt to skip
a sub-component when running `keytool -genkeyapir`. Several new resource
strings are added.
There is no detailed description in `keytool.html`, so I think there's no need
to update it.
I'll file a CSR to describe t
On Wed, 11 May 2022 05:53:21 GMT, Xue-Lei Andrew Fan wrote:
>> Hi,
>>
>> May I have this simple example update in the KeyStore specification?
>>
>> Password protection should be destroyed in the example code in KeyStore
>> specification. Otherwise, applications may just copy and past the code,
On Wed, 11 May 2022 01:14:00 GMT, Valerie Peng wrote:
>> The `core.init(..., cipher)` is actually
>> `cipher.init(core.translateKeyAndParams())`. Is it possible we write it this
>> way?
>
> It's possible, more refactoring would be needed and not necessarily less
> lines of code. With your sugg
On Tue, 10 May 2022 22:03:19 GMT, Xue-Lei Andrew Fan wrote:
>> src/java.base/share/classes/java/security/KeyStore.java line 165:
>>
>>> 163: *}
>>> 164: *} finally {
>>> 165: *protParam.destroy();
>>
>> `KeyStore.ProtectionParameter` does not have a `destroy` method. Only
On Tue, 10 May 2022 22:07:47 GMT, Xue-Lei Andrew Fan wrote:
>> Hi,
>>
>> May I have this simple example update in the KeyStore specification?
>>
>> Password protection should be destroyed in the example code in KeyStore
>> specification. Otherwise, applications may just copy and past the code,
On Tue, 10 May 2022 18:55:50 GMT, Mat Carter wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
>> "Windows-MY" and "Windows-ROOT" remain uncha
On Tue, 10 May 2022 18:51:07 GMT, Mat Carter wrote:
>> @macarte You need to finalize your CSR soon if you want to include this
>> change into JDK 19. RDP1 is 2022/06/09, and all enhancements require
>> approval after that.
>>
>> BTW, is it possible to detect whether you have admin privilege in
On Tue, 10 May 2022 17:23:24 GMT, Mat Carter wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
>> "Windows-MY" and "Windows-ROOT" remain uncha
On Tue, 10 May 2022 04:13:43 GMT, Xue-Lei Andrew Fan wrote:
> Hi,
>
> May I have this simple example update in the KeyStore specification?
>
> Password protection should be destroyed in the example code in KeyStore
> specification. Otherwise, applications may just copy and past the code, and
On Thu, 5 May 2022 16:36:04 GMT, Mat Carter wrote:
>> I'd like to contribute a test. Please modify it as much as you like. You can
>> put it inside `test/jdk/sun/security/mscapi/`.
>>
>> /*
>> * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
>> * DO NOT ALTER OR REMOVE
On Tue, 10 May 2022 01:22:21 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java
>> line 314:
>>
>>> 312: } else if (cipher instanceof DESedeCipher
>>> tripleDes) {
>>> 313: tripleDes.engineInit(op
On Mon, 9 May 2022 18:28:04 GMT, Valerie Peng wrote:
>> Anyone can help review this javadoc update? The main change is the wording
>> for the method javadoc of
>> Cipher.getParameters()/CipherSpi.engineGetParameters(). The original wording
>> is somewhat restrictive and request is to broaden t
On Mon, 9 May 2022 18:45:05 GMT, Valerie Peng wrote:
>> This is to update the method javadoc of
>> java.security.Signature.getParameters() with the missing `@throws
>> UnsupportedOperationException`. In addition, the wording on the returned
>> parameters are updated to match those in Cipher an
On Mon, 9 May 2022 23:23:05 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/PBES2Core.java line 229:
>>
>>> 227: if (key instanceof javax.crypto.interfaces.PBEKey
>>> pbeKey) {
>>> 228: salt = check(pbeKey.getSalt()); // may be
`AlgorithmId.getName` is updated for PBES2 algorithm identifiers so it directly
returns the standard algorithm defined by Java (Ex:
`PBEWithHmacSHA256AndAES_256`), instead of a simple "PBES2".
Please note I specifically update the javadoc for this method to clarify that
this name is meant to be
On Fri, 29 Apr 2022 22:30:04 GMT, Weijun Wang wrote:
> All `IntegerPolynimial`s are singletons now. Also, hand-coded implementations
> for Ed25519 and Ed448 are removed. They were not used since `FieldGen` starts
> generating classes for them.
>
> No new regression test. Thi
On Thu, 5 May 2022 19:38:06 GMT, Valerie Peng wrote:
>> This change refactors the PBES2Core and PKCS12PBECipherCore classes in
>> SunJCE provider as requested in the bug record. Functionality should remain
>> the same with a clearer and simplified code/control flow with less lines of
>> code.
On Fri, 29 Apr 2022 22:57:20 GMT, Weijun Wang wrote:
>> All `IntegerPolynimial`s are singletons now. Also, hand-coded
>> implementations for Ed25519 and Ed448 are removed. They were not used since
>> `FieldGen` starts generating classes for them.
>>
>> No new re
On Thu, 5 May 2022 21:05:40 GMT, Mark Powers wrote:
>> https://bugs.openjdk.java.net/browse/JDK-8284688
>>
>> [JDK-8273046](https://bugs.openjdk.java.net/browse/JDK-8273046) is the
>> umbrella bug for this bug. The changes were too large for a single code
>> review, so it was decided to split
On Thu, 5 May 2022 06:02:14 GMT, Xue-Lei Andrew Fan wrote:
>> Hi,
>>
>> Could I have the simple update reviewed?
>>
>> In the PKCS12 key store implementation, the PBEKeySpec.clearPassword()
>> should be called in a finally try block. Otherwise, the password cleanup
>> could be interrupted by
On Wed, 4 May 2022 20:32:30 GMT, Mat Carter wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
>> "Windows-MY" and "Windows-ROOT" remain unchan
On Wed, 4 May 2022 20:32:30 GMT, Mat Carter wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
>> "Windows-MY" and "Windows-ROOT" remain unchan
On Thu, 5 May 2022 06:02:14 GMT, Xue-Lei Andrew Fan wrote:
>> Hi,
>>
>> Could I have the simple update reviewed?
>>
>> In the PKCS12 key store implementation, the PBEKeySpec.clearPassword()
>> should be called in a finally try block. Otherwise, the password cleanup
>> could be interrupted by
On Wed, 4 May 2022 20:32:30 GMT, Mat Carter wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
>> "Windows-MY" and "Windows-ROOT" remain unchan
On Wed, 4 May 2022 20:16:12 GMT, Hai-May Chao wrote:
>> Please review these changes to add DES/3DES/MD5 to
>> `jdk.security.legacyAlgorithms` security property, and to add the legacy
>> algorithm constraint checking to `keytool` commands that are associated with
>> secret key entries stored in
On Mon, 25 Apr 2022 14:23:17 GMT, Xue-Lei Andrew Fan wrote:
>> Hi,
>>
>> Could I have the simple update reviewed?
>>
>> In the PKCS12 key store implementation, the PBEKeySpec.clearPassword()
>> should be called in a finally try block. Otherwise, the password cleanup
>> could be interrupted b
On Wed, 4 May 2022 03:18:43 GMT, Weijun Wang wrote:
>> Mat Carter has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> replace string parameter with int and supporting constants
>
> Also, please remove trailing
On Tue, 3 May 2022 22:52:49 GMT, Mat Carter wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
>> "Windows-MY" and "Windows-ROOT" remain unchan
On Tue, 3 May 2022 23:38:38 GMT, Mat Carter wrote:
>> Mat Carter has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> replace string parameter with int and supporting constants
>
> I don't use this API much so I don't really have an opinion a
On Tue, 3 May 2022 22:52:49 GMT, Mat Carter wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
>> "Windows-MY" and "Windows-ROOT" remain unchan
On Tue, 3 May 2022 17:51:43 GMT, Weijun Wang wrote:
> Since `keytool -importpass` always uses `KeyFactory.getInstance("PBE")` to
> generate the secret key, and "PBE" is an alias of "PBEwithMD5andDES" inside
> the SunJCE security provider, its `ge
change modifies it to "PBE".
>
> Note that I haven't chosen the `-keyalg` option value here because it is
> actually the algorithm used to protect the PBE secret key entry. It's a
> cipher algorithm instead of a key algorithm.
Weijun Wang has updated the p
On Wed, 4 May 2022 01:50:34 GMT, Valerie Peng wrote:
>> Since `keytool -importpass` always uses `KeyFactory.getInstance("PBE")` to
>> generate the secret key, and "PBE" is an alias of "PBEwithMD5andDES" inside
>> the SunJCE security provider, its `getAlgorithm` is always
>> `PBEwithMD5andDES`.
Since `keytool -importpass` always uses `KeyFactory.getInstance("PBE")` to
generate the secret key, and "PBE" is an alias of "PBEwithMD5andDES" inside the
SunJCE security provider, its `getAlgorithm` is always `PBEwithMD5andDES`.
This code change modifies it to "PBE".
Note that I haven't chosen
On Tue, 3 May 2022 14:54:05 GMT, Hai-May Chao wrote:
>> Please review these changes to add DES/3DES/MD5 to
>> `jdk.security.legacyAlgorithms` security property, and to add the legacy
>> algorithm constraint checking to `keytool` commands that are associated with
>> secret key entries stored in
On Tue, 3 May 2022 14:54:05 GMT, Hai-May Chao wrote:
>> Please review these changes to add DES/3DES/MD5 to
>> `jdk.security.legacyAlgorithms` security property, and to add the legacy
>> algorithm constraint checking to `keytool` commands that are associated with
>> secret key entries stored in
On Mon, 2 May 2022 22:39:09 GMT, Mark Powers wrote:
>> https://bugs.openjdk.java.net/browse/JDK-8284688
>>
>> [JDK-8273046](https://bugs.openjdk.java.net/browse/JDK-8273046) is the
>> umbrella bug for this bug. The changes were too large for a single code
>> review, so it was decided to split
On Mon, 2 May 2022 21:14:21 GMT, Valerie Peng wrote:
>> Then what does "cannot generate parameter values" mean? Any example?
>
> An example is RSASSA-PSS, i.e. it requires the caller to explicitly state
> which message digest to use, etc.
You listed 2 cases when null is returned: 1) not supplie
On Mon, 2 May 2022 17:41:52 GMT, Weijun Wang wrote:
> PKCS12 stores the object identifier of a SecretKey along with it, and when
> retrieved, translate the object identifier to an algorithm name.
> Unfortunately, inside `KnownOIDs.java`, "DES" is [only registered
>
On Fri, 29 Apr 2022 19:42:27 GMT, Hai-May Chao wrote:
>> Please review these changes to add DES/3DES/MD5 to
>> `jdk.security.legacyAlgorithms` security property, and to add the legacy
>> algorithm constraint checking to `keytool` commands that are associated with
>> secret key entries stored i
PKCS12 stores the object identifier of a SecretKey along with it, and when
retrieved, translate the object identifier to an algorithm name. Unfortunately,
inside `KnownOIDs.java`, "DES" is [only registered
as](https://github.com/wangweij/jdk/blob/7a6cbef157b67bb4fb877617f2a23228aade9a5d/src/java
On Fri, 29 Apr 2022 19:42:27 GMT, Hai-May Chao wrote:
>> Please review these changes to add DES/3DES/MD5 to
>> `jdk.security.legacyAlgorithms` security property, and to add the legacy
>> algorithm constraint checking to `keytool` commands that are associated with
>> secret key entries stored i
On Thu, 28 Apr 2022 18:32:31 GMT, Xue-Lei Andrew Fan wrote:
>> Please review the update to remove finalizer method in the
>> java.security.jgss module. It is one of the efforts to clean up the use of
>> finalizer method in JDK.
>
> Xue-Lei Andrew Fan has updated the pull request incrementally w
On Thu, 28 Apr 2022 14:35:54 GMT, Weijun Wang wrote:
> We added a new system property back in
> https://bugs.openjdk.java.net/browse/JDK-8153005 but it's better to describe
> it in the `java.security` file as well.
>
> Please review the text. I especially added the l
> All `IntegerPolynimial`s are singletons now. Also, hand-coded implementations
> for Ed25519 and Ed448 are removed. They were not used since `FieldGen` starts
> generating classes for them.
>
> No new regression test. This is a clean-up.
Weijun Wang has updated the pull reques
All `IntegerPolynimial`s are singletons now. Also, hand-coded implementations
for Ed25519 and Ed448 are removed. They were not used since `FieldGen` starts
generating classes for them.
No new regression test. This is a clean-up.
-
Commit messages:
- the fix
Changes: https://git.o
On Fri, 29 Apr 2022 20:47:08 GMT, Sean Mullan wrote:
>> The reason I added the last sentence is because this property has no value.
>> Someone might think they can set it to false to disable it, but that is
>> equivalent to set it to true.
>
> Ah I see. Maybe put in the previous sentence, ex: "
keystore.pkcs12.legacy=false`.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
clearer text
-
Changes:
- all: https://git.openjdk.java.net/jdk/pull/8452/files
- new: https://git.openjdk.java.net/jdk/pull/8452/files/08700389
On Fri, 29 Apr 2022 20:35:14 GMT, Sean Mullan wrote:
>> Can we say both? All these properties are only used when creating the file
>> (key-related ones when creating the key). If a compatibility issue already
>> happens, users need to downgrade their keystore.
>>
>> So, the full text will be s
On Fri, 29 Apr 2022 13:17:55 GMT, Sean Mullan wrote:
>> How about this?
>>
>> To work with legacy PKCS #12 tools that does not support the new algorithms,
>> the system property "keystore.pkcs12.legacy" can be set
>> which will override the properties defined here with old settings.
>> This syst
On Thu, 28 Apr 2022 23:22:30 GMT, Valerie Peng wrote:
>> I suggest the last sentence to be "null is returned if the required
>> parameters were not supplied **or** the underlying signature implementation
>> cannot generate the parameter values." I used "or" because for EdDSA
>> parameters are
On Thu, 28 Apr 2022 19:59:07 GMT, Sean Mullan wrote:
>> OpenSSL's help page shows
>>
>> -legacy Use legacy encryption: 3DES_CBC for keys, RC2_CBC for
>> certs
>>
>> Can we also say "To work with legacy PKCS #12 files"?
>
> But isn't it mostly an issue when creating new keystores a
On Thu, 28 Apr 2022 23:08:17 GMT, Valerie Peng wrote:
>> So, "the underlying signature implementation supports returning the
>> parameters as {@code AlgorithmParameters}" is quite necessary. Xuelei's
>> suggestion is quite good, just change the last "and" to "or".
>
> I assume you were suggesti
On Thu, 28 Apr 2022 19:48:38 GMT, Sean Mullan wrote:
>> We added a new system property back in
>> https://bugs.openjdk.java.net/browse/JDK-8153005 but it's better to describe
>> it in the `java.security` file as well.
>>
>> Please review the text. I especially added the last sentence so that p
On Thu, 28 Apr 2022 19:11:23 GMT, Valerie Peng wrote:
>> Anyone can help review this javadoc update? The main change is the wording
>> for the method javadoc of
>> Cipher.getParameters()/CipherSpi.engineGetParameters(). The original wording
>> is somewhat restrictive and request is to broaden
On Thu, 28 Apr 2022 04:34:36 GMT, Xue-Lei Andrew Fan wrote:
>> Please review the update to remove finalizer method in the
>> java.security.jgss module. It is one of the efforts to clean up the use of
>> finalizer method in JDK.
>
> Xue-Lei Andrew Fan has updated the pull request incrementally w
On Thu, 28 Apr 2022 04:34:36 GMT, Xue-Lei Andrew Fan wrote:
>> Please review the update to remove finalizer method in the
>> java.security.jgss module. It is one of the efforts to clean up the use of
>> finalizer method in JDK.
>
> Xue-Lei Andrew Fan has updated the pull request incrementally w
On Thu, 28 Apr 2022 04:34:36 GMT, Xue-Lei Andrew Fan wrote:
>> Please review the update to remove finalizer method in the
>> java.security.jgss module. It is one of the efforts to clean up the use of
>> finalizer method in JDK.
>
> Xue-Lei Andrew Fan has updated the pull request incrementally w
On Thu, 28 Apr 2022 06:46:35 GMT, Hai-May Chao wrote:
>> Please review these changes to add DES/3DES/MD5 to
>> `jdk.security.legacyAlgorithms` security property, and to add the legacy
>> algorithm constraint checking to `keytool` commands that are associated with
>> secret key entries stored i
On Thu, 28 Apr 2022 02:33:49 GMT, Mark Powers wrote:
>> https://bugs.openjdk.java.net/browse/JDK-8285504
>>
>> JDK-8273046 is the umbrella bug for this bug. The changes were too large for
>> a single code review, so it was decided to split into smaller chunks. This
>> is one such chunk:
>>
>
We added a new system property back in
https://bugs.openjdk.java.net/browse/JDK-8153005 but it's better to describe it
in the `java.security` file as well.
Please review the text. I especially added the last sentence so that people
won't set `-Dkeystore.pkcs12.legacy=false`.
-
Com
1 - 100 of 2573 matches
Mail list logo