Re: RFR: 8296343: CPVE thrown on missing content-length in OCSP response [v2]

2023-01-12 Thread Jamil Nimeh
> This fixes an issue where HTTP responses that do not have an explicit > Content-Length are causing an EOFException which unravels into a > CertPathValidatorException during validations that involve OCSP checks. > > - JBS: https://bugs.openjdk.org/browse/JDK-8296343 Jamil Nimeh has updated the

RFR: 8299817: [s390] AES-CTR mode intrinsic fails with multiple short update() calls

2023-01-12 Thread Lutz Schmidt
This PR addresses an issue in the AES-CTR mode intrinsic on s390. When a message is ciphered in multiple, small (< 16 bytes) segments, the result is incorrect. This is not just a band-aid fix. The issue was taken as a chance to restructure the code. though still complicated, It is now easier to

Re: RFR: 8296343: CPVE thrown on missing content-length in OCSP response [v2]

2023-01-12 Thread Matthew Donovan
On Thu, 12 Jan 2023 14:41:51 GMT, Jamil Nimeh wrote: >> This fixes an issue where HTTP responses that do not have an explicit >> Content-Length are causing an EOFException which unravels into a >> CertPathValidatorException during validations that involve OCSP checks. >> >> - JBS: https://bugs

Re: RFR: 8299870: TLS record version check allows invalid records [v2]

2023-01-12 Thread Matthew Donovan
> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version > numbers. > - Removed IllegalRecordVersion.java from ProblemList.txt > > Tested with jdk_security and jdk_security3 test groups. Matthew Donovan has updated the pull request incrementally with three additional comm

Re: RFR: 8296343: CPVE thrown on missing content-length in OCSP response [v2]

2023-01-12 Thread Jamil Nimeh
On Thu, 12 Jan 2023 15:31:30 GMT, Matthew Donovan wrote: >> Jamil Nimeh has updated the pull request incrementally with two additional >> commits since the last revision: >> >> - Throw exception directly from non 200 HTTP response codes >> - Moved SimpleOCSPServer to use CountdownLatch for re

Re: RFR: 8296343: CPVE thrown on missing content-length in OCSP response [v3]

2023-01-12 Thread Jamil Nimeh
> This fixes an issue where HTTP responses that do not have an explicit > Content-Length are causing an EOFException which unravels into a > CertPathValidatorException during validations that involve OCSP checks. > > - JBS: https://bugs.openjdk.org/browse/JDK-8296343 Jamil Nimeh has updated the

Re: RFR: 8299870: TLS record version check allows invalid records [v2]

2023-01-12 Thread Xue-Lei Andrew Fan
On Thu, 12 Jan 2023 15:32:23 GMT, Matthew Donovan wrote: >> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version >> numbers. >> - Removed IllegalRecordVersion.java from ProblemList.txt >> >> Tested with jdk_security and jdk_security3 test groups. > > Matthew Donovan has

Re: RFR: 8299870: TLS record version check allows invalid records [v3]

2023-01-12 Thread Rajan Halade
On Fri, 13 Jan 2023 00:28:32 GMT, Matthew Donovan wrote: >> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version >> numbers. >> - Removed IllegalRecordVersion.java from ProblemList.txt >> >> Tested with jdk_security and jdk_security3 test groups. > > Matthew Donovan has

Re: RFR: 8299870: TLS record version check allows invalid records [v3]

2023-01-12 Thread Matthew Donovan
> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version > numbers. > - Removed IllegalRecordVersion.java from ProblemList.txt > > Tested with jdk_security and jdk_security3 test groups. Matthew Donovan has updated the pull request incrementally with two additional commit