On Wed, 29 May 2024 18:53:55 GMT, Anthony Scarpino
wrote:
> Hi
>
> This change is to improve TLS 1.3 session resumption by allowing a TLS server
> to send more than one resumption ticket per connection and clients to store
> more. Resumption is a quick way to use an existing TLS session to
On Wed, 29 May 2024 18:53:55 GMT, Anthony Scarpino
wrote:
> Hi
>
> This change is to improve TLS 1.3 session resumption by allowing a TLS server
> to send more than one resumption ticket per connection and clients to store
> more. Resumption is a quick way to use an existing TLS session to
On Fri, 10 May 2024 14:00:55 GMT, Weijun Wang wrote:
>> Add `Cipher::export` API.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> change new method to non final
That seems like a good approach. If Cipher can address all
On Fri, 10 May 2024 14:00:55 GMT, Weijun Wang wrote:
>> Add `Cipher::export` API.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> change new method to non final
I see that it could work that way, but have we firmly
On Tue, 23 Apr 2024 20:42:51 GMT, Kevin Driver wrote:
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
On Wed, 31 Jan 2024 08:19:55 GMT, SendaoYan wrote:
> 8325024: java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java incorrect
> comment information
Looks good, but please label the JBS bug with noreg-trivial.
-
Marked as reviewed by jnimeh (Reviewer).
PR Review:
On Wed, 31 Jan 2024 07:42:32 GMT, John Jiang wrote:
> If the server doesn't receive the client certificate for required client
> authentication, it should raise error `Empty client certificate chain`.
Looks good.
-
Marked as reviewed by jnimeh (Reviewer).
PR Review:
On Thu, 18 Jan 2024 19:11:56 GMT, Anthony Scarpino
wrote:
> This is the straight backport to 22 of
> https://github.com/openjdk/jdk/pull/17362
LGTM
-
Marked as reviewed by jnimeh (Reviewer).
PR Review: https://git.openjdk.org/jdk22/pull/93#pullrequestreview-1830622552
On Thu, 11 Jan 2024 03:26:03 GMT, Anthony Scarpino
wrote:
> Hi,
>
> I need a review of a few simple test changes. This fixes a failure with two
> manually run AES/GCM tests that depended on another test that changed with
> [JDK-8318756](https://bugs.openjdk.org/browse/JDK-8318756). It also
On Tue, 12 Dec 2023 01:02:59 GMT, Jamil Nimeh wrote:
> This fix corrects an oversight in the ChaCha20 intrinsics delivered by
> JDK-8247645. An ifdef guard is now part of the x86 ChaCha20 intrinsics code
> which disables them by default on 32-bit platforms, as this arc
> This fix corrects an oversight in the ChaCha20 intrinsics delivered by
> JDK-8247645. An ifdef guard is now part of the x86 ChaCha20 intrinsics code
> which disables them by default on 32-bit platforms, as this architecture was
> not part of the feature delivery.
Jamil Nimeh
On Tue, 12 Dec 2023 09:24:48 GMT, Aleksey Shipilev wrote:
>> src/hotspot/cpu/x86/vm_version_x86.cpp line 1152:
>>
>>> 1150: // No support currently for ChaCha20 intrinsics on 32-bit platforms
>>> 1151: if (UseChaCha20Intrinsics) {
>>> 1152: warning("Support for ChaCha20 intrinsics not
On Mon, 9 Oct 2023 20:44:50 GMT, Kevin Driver wrote:
>> fixes [JDK-8314199](https://bugs.openjdk.org/browse/JDK-8314199) by
>> initializing the HashSet with a more accurate number
>
> Kevin Driver has updated the pull request incrementally with one additional
> commit since the last revision:
On Mon, 9 Oct 2023 19:19:49 GMT, Kevin Driver wrote:
>> I wondered about an approach like this. I'll push another commit with these
>> changes.
>
> Do you think we'll lose performance in a meaningful way? One of the
> guarantees of HashSet is constant-time operations.
>
> There is no such
On Mon, 9 Oct 2023 16:36:06 GMT, Kevin Driver wrote:
> fixes [JDK-8314199](https://bugs.openjdk.org/browse/JDK-8314199) by
> initializing the HashSet with a more accurate number
src/java.base/share/classes/com/sun/crypto/provider/PBEKeyFactory.java line 59:
> 57:
> 58: static {
> 59:
On Fri, 11 Aug 2023 21:38:04 GMT, Daniel JeliĆski wrote:
>> Please review this patch that ensures that all exceptions thrown by
>> SSLEngine delegated tasks are translated to alerts.
>>
>> All exceptions should already be translated to SSLExceptions and alerts by
>> the time we exit from
On Thu, 21 Sep 2023 13:29:10 GMT, Sean Mullan wrote:
>> Please review this change to ensure this test is tested on different TLS
>> protocols (1.0, 1.1, 1.2)
>>
>> I added a protocol parameter to the test arguments so that different
>> protocols are tested. I also removed the boolean
On Thu, 21 Sep 2023 13:30:07 GMT, Sean Mullan wrote:
>> test/jdk/sun/security/ssl/DHKeyExchange/DHEKeySizing.java line 35:
>>
>>> 33: * @library /javax/net/ssl/templates
>>> 34: * @run main/othervm -Djdk.tls.client.enableSessionTicketExtension=false
>>> 35: * DHEKeySizing
On Wed, 20 Sep 2023 19:51:28 GMT, Sean Mullan wrote:
> Please review this change to ensure this test is tested on different TLS
> protocols (1.0, 1.1, 1.2)
>
> I added a protocol parameter to the test arguments so that different
> protocols are tested. I also removed the boolean exportable
On Wed, 6 Sep 2023 20:02:10 GMT, Hai-May Chao wrote:
>> Please review the enhancement for JDK-8311596 and its CSR JDK-8313236. Thank
>> you.
>
> Hai-May Chao has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Set to default if a negative
On Thu, 31 Aug 2023 02:34:58 GMT, John Jiang wrote:
> The method `SSLSocketImpl::closeSocket` has the below code snippet,
>
>
> if (appInput.readLock.tryLock()) {
> int soTimeout = getSoTimeout();
> try {
> // deplete could hang on the skip operation
> // in case of
On Thu, 3 Aug 2023 20:51:33 GMT, Valerie Peng wrote:
> This change addresses the scenario where a certificate is first stored as
> part of a certificate chain and then stored again as a certificate
> corresponding to a PrivateKey entry. Newer version of NSS errors out with
> CKR_GENERAL_ERROR
On Fri, 4 Aug 2023 17:30:06 GMT, Hai-May Chao wrote:
> Please review the enhancement for JDK-8311596 and its CSR JDK-8313236. Thank
> you.
src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 159:
> 157: maxServerCertificateChainLength = (serverLen != null) ?
> 158:
On Mon, 31 Jul 2023 19:09:53 GMT, Xue-Lei Andrew Fan wrote:
>> Hi,
>>
>> May I have the code cleanup update reviewed? With this update, the unused
>> code in StatusResponseManager.java will be removed.
>>
>> Thanks,
>> Xuelei
>
> Xue-Lei Andrew Fan has updated the pull request incrementally
On Wed, 2 Aug 2023 00:45:36 GMT, Xue-Lei Andrew Fan wrote:
>> I think @jnimeh should review this, as I think these methods were added when
>> implementing OCSP Stapling, and it would be good for him to make sure they
>> are no longer needed..
>
>> I think @jnimeh should review this, as I think
On Thu, 27 Jul 2023 04:00:21 GMT, John Jiang wrote:
> if ((nextByte == DerValue.tag_SequenceOf)
> && (! ((nextByte & 0x0c0) == 0x080))) {
> ...
> ...
> }
>
> If `nextByte` is `DerValue.tag_SequenceOf`, exactly `0x30`, then the test
> after `&&` should always be true.
The
On Mon, 17 Jul 2023 17:45:56 GMT, Matthew Donovan wrote:
> In this PR, i raised the client timeout from 5 to 60 seconds. I considered
> refactoring the SimpleOSCPServer class a little but ultimately, the client
> needs to just wait until the server is ready or a time-out is reached.
>
On Thu, 13 Jul 2023 17:36:47 GMT, Matthew Donovan wrote:
>> test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java line 51:
>>
>>> 49: private static final String DTLSV_1_2 = "DTLSv1.2";
>>> 50:
>>> 51: private static final int READ_TIMEOUT_SECS =
>>> Integer.getInteger("readtimeout",
On Mon, 26 Jun 2023 17:38:04 GMT, Matthew Donovan wrote:
> In this PR, I updated the test to use read time-outs. The test is restarted
> if the read operations time-out within (default) 30 seconds. The test makes 5
> attempts before giving up.
Aside from the nit, looks good to me.
On Fri, 23 Jun 2023 14:55:45 GMT, Jamil Nimeh wrote:
> This is a backport of the test fixes comprising JDK-8309740.
This pull request has now been integrated.
Changeset: 17b6f7b9
Author: Jamil Nimeh
URL:
https://git.openjdk.org/jdk21/commit/17b6f7b9a5a14a869d3f1efd0ab51fea4fa40
On Fri, 23 Jun 2023 15:20:24 GMT, Ben Perez wrote:
>> Added single-argument `putTime` method to `DerOutputStream` that selects the
>> correct encoding based on the `Date` value. Similarly, a `getTime` method
>> was added to `DerValue` to automatically call the correct decoding function
>>
This is a backport of the test fixes comprising JDK-8309740.
-
Commit messages:
- Backport 5ca4cdd2caceba9dad8025e5a8851740a3961921
Changes: https://git.openjdk.org/jdk21/pull/58/files
Webrev: https://webrevs.openjdk.org/?repo=jdk21=58=00
Issue:
On Fri, 16 Jun 2023 18:42:32 GMT, Xue-Lei Andrew Fan wrote:
>> This PR is for tests that were modified/added in JDK-8179502. The timeout
>> windows for those tests were a little too short on some test systems,
>> especially when the system is under heavy load. After a few iterations
>>
On Fri, 16 Jun 2023 18:19:45 GMT, Jamil Nimeh wrote:
> This PR is for tests that were modified/added in JDK-8179502. The timeout
> windows for those tests were a little too short on some test systems,
> especially when the system is under heavy load. After a few iterations
>
On Thu, 22 Jun 2023 23:22:14 GMT, Ben Perez wrote:
>> Added single-argument `putTime` method to `DerOutputStream` that selects the
>> correct encoding based on the `Date` value. Similarly, a `getTime` method
>> was added to `DerValue` to automatically call the correct decoding function
>>
On Thu, 22 Jun 2023 19:50:10 GMT, Jamil Nimeh wrote:
>> Ben Perez has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Replaced depreciated ctor in putTime. Added getTime method to
>> DerInputStream
On Thu, 22 Jun 2023 21:21:14 GMT, Ben Perez wrote:
>> Added single-argument `putTime` method to `DerOutputStream` that selects the
>> correct encoding based on the `Date` value. Similarly, a `getTime` method
>> was added to `DerValue` to automatically call the correct decoding function
>>
On Thu, 22 Jun 2023 18:45:14 GMT, Ben Perez wrote:
> Added single-argument `putTime` method to `DerOutputStream` that selects the
> correct encoding based on the `Date` value. Similarly, a `getTime` method was
> added to `DerValue` to automatically call the correct decoding function based
>
This PR is for tests that were modified/added in JDK-8179502. The timeout
windows for those tests were a little too short on some test systems,
especially when the system is under heavy load. After a few iterations trying
out various longer time windows I have a set that should not run into
On Fri, 16 Jun 2023 14:52:44 GMT, Xue-Lei Andrew Fan wrote:
>> There is a difference, though. The close() method in SSLSocketImpl is not
>> synchronized and there is the chance of a NullPointerException in
>> duplexCloseOutput() because `conContext.handshakeContext` is being set to
>> null by
On Wed, 3 May 2023 11:26:32 GMT, Matthew Donovan wrote:
>> In this PR, I added methods to the TransportContext class to synchronize
>> access to the handshakeContext field. I also updated locations in the code
>> that rely on the handshakeContext field to not be null to use the
>>
On Thu, 25 May 2023 21:17:40 GMT, Ben Perez wrote:
> Changed `namedParams` in XECParameters and EdDSAParameters to be `private
> final`
Looks good to me. Just a minor nit in each file: The copyrights on line 2 in
each file could be updated to 2023.
-
Marked as reviewed by
On Tue, 2 May 2023 21:12:31 GMT, Jamil Nimeh wrote:
> This set of enhancements extends the allowed syntax for the
> `com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and
> `com.sun.security.crl.readtimeout` System properties. These properties
> retain their curr
On Tue, 11 Apr 2023 17:26:25 GMT, Jamil Nimeh wrote:
> This fixes an issue where the key/nonce reuse policy for SunJCE ChaCha20 and
> ChaCha20-Poly1305 was overly strict in enforcing no-reuse when the Cipher was
> in DECRYPT_MODE. For decryption, this should be allowed and be c
On Mon, 22 May 2023 17:39:59 GMT, Jamil Nimeh wrote:
>> src/java.base/share/classes/sun/security/provider/certpath/URICertStore.java
>> line 131:
>>
>>> 129: private static final int DEFAULT_CRL_READ_TIMEOUT = 15000;
>>> 130:
>>> 131:
ttps://bugs.openjdk.org/browse/JDK-8179502
> CSR: https://bugs.openjdk.org/browse/JDK-8300722
Jamil Nimeh has updated the pull request with a new target base due to a merge
or a rebase. The incremental webrev excludes the unrelated changes brought in
by the merge/rebase. The pull request contains
On Mon, 22 May 2023 17:17:26 GMT, Sean Mullan wrote:
>> Jamil Nimeh has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Use privilegedGetProperty, catch NFE following string match
>
> src/java.base/sha
On Tue, 9 May 2023 14:59:36 GMT, Sean Mullan wrote:
>> Jamil Nimeh has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Add 's' suffix to allowed syntax
>
> I think you should also apply the cert and CRL tim
ttps://bugs.openjdk.org/browse/JDK-8179502
> CSR: https://bugs.openjdk.org/browse/JDK-8300722
Jamil Nimeh has updated the pull request incrementally with one additional
commit since the last revision:
Use privilegedGetProperty, catch NFE following string match
-
Changes:
- all: h
On Mon, 22 May 2023 15:58:14 GMT, Sean Mullan wrote:
>> Jamil Nimeh has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Add OCSP readtimeout property
>
> src/java.base/share/classes/sun/security/action/GetP
On Tue, 9 May 2023 15:56:02 GMT, Jamil Nimeh wrote:
>> Yes, I noticed that too. I wasn't sure if we needed to make a change there.
>> I opted to leave well-enough alone since nobody was asking for it and it's
>> one less property to keep track of. All of these pr
ttps://bugs.openjdk.org/browse/JDK-8179502
> CSR: https://bugs.openjdk.org/browse/JDK-8300722
Jamil Nimeh has updated the pull request incrementally with one additional
commit since the last revision:
Add OCSP readtimeout property
-
Changes:
- all: https://git.openjdk.org/jdk/pull/1
On Tue, 9 May 2023 15:55:24 GMT, Jamil Nimeh wrote:
>> src/java.base/share/classes/sun/security/provider/certpath/OCSP.java line 1:
>>
>>> 1: /*
>>
>> I see there is no way to individually control the OCSP read and connect
>> timeouts like there is
On Tue, 9 May 2023 15:01:29 GMT, Sean Mullan wrote:
>> Jamil Nimeh has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Add 's' suffix to allowed syntax
>
> src/java.base/share/classes/sun/security/provider/cert
On Fri, 5 May 2023 11:27:48 GMT, Matthew Donovan wrote:
> Could someone please review this PR? It is a small change to increase the
> time that the client waits for the server thread to start.
>
> Thanks!
Marked as reviewed by jnimeh (Reviewer).
-
PR Review:
ttps://bugs.openjdk.org/browse/JDK-8179502
> CSR: https://bugs.openjdk.org/browse/JDK-8300722
Jamil Nimeh has updated the pull request incrementally with one additional
commit since the last revision:
Add 's' suffix to allowed syntax
-
Changes:
- all: https://git.openjdk.org/jdk/
On Wed, 3 May 2023 00:27:55 GMT, Weijun Wang wrote:
>> Well, all the existing documentation already states that they are in
>> seconds. That was why I didn't add any additional suffixes. The goal was
>> to make it so folks don't need to make any changes if the existing
>> seconds-level
On Tue, 2 May 2023 22:33:47 GMT, Weijun Wang wrote:
>> This set of enhancements extends the allowed syntax for the
>> `com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and
>> `com.sun.security.crl.readtimeout` System properties. These properties
>> retain their current behavior
This set of enhancements extends the allowed syntax for the
`com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and
`com.sun.security.crl.readtimeout` System properties. These properties retain
their current behavior where a purely numeric value is interpreted in seconds,
but now
On Tue, 11 Apr 2023 18:15:22 GMT, Xue-Lei Andrew Fan wrote:
>> This fixes an issue where the key/nonce reuse policy for SunJCE ChaCha20 and
>> ChaCha20-Poly1305 was overly strict in enforcing no-reuse when the Cipher
>> was in DECRYPT_MODE. For decryption, this should be allowed and be
>>
This fixes an issue where the key/nonce reuse policy for SunJCE ChaCha20 and
ChaCha20-Poly1305 was overly strict in enforcing no-reuse when the Cipher was
in DECRYPT_MODE. For decryption, this should be allowed and be consistent with
the AES-GCM decryption initialization behavior.
- Issue:
On Mon, 10 Apr 2023 21:12:38 GMT, Xue-Lei Andrew Fan wrote:
>> Matthew Donovan has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - added comment referring to relevant RFC
>> - clarified if-statements; fixed exception message wording
>
>
On Wed, 1 Feb 2023 18:10:41 GMT, Jamil Nimeh wrote:
> Hello all,
>
> This addresses a test bug where the SimpleOCSPServer would reset the
> connections made by a client CertPathValidator. I've made some minor changes
> to how the network data is read and sent from OCS
On Tue, 14 Mar 2023 15:01:07 GMT, Weijun Wang wrote:
>> Jamil Nimeh has updated the pull request with a new target base due to a
>> merge or a rebase. The pull request now contains 11 commits:
>>
>> - merge with main
>> - merge with main
>> - 8300939:
s://bugs.openjdk.org/browse/JDK-8300939
Jamil Nimeh has updated the pull request with a new target base due to a merge
or a rebase. The pull request now contains 11 commits:
- merge with main
- merge with main
- 8300939: sun/security/provider/certpath/OCSP/OCSPNoContentLength.java fails
d
On Fri, 3 Feb 2023 17:14:41 GMT, Mark Powers wrote:
> It's not clear to me what is causing this test failure, but your fix is to
> drain the input stream and flush the output?
Yes, that's the gist of it. I didn't realize originally that I was leaving
unread data in the input stream, so
s://bugs.openjdk.org/browse/JDK-8300939
Jamil Nimeh has updated the pull request with a new target base due to a merge
or a rebase. The pull request now contains 10 commits:
- merge with main
- 8300939: sun/security/provider/certpath/OCSP/OCSPNoContentLength.java fails
due to network erro
On Wed, 1 Feb 2023 19:25:54 GMT, Weijun Wang wrote:
> A trivial doc-only change.
Marked as reviewed by jnimeh (Reviewer).
-
PR: https://git.openjdk.org/jdk/pull/12373
Hello all,
This addresses a test bug where the SimpleOCSPServer would reset the
connections made by a client CertPathValidator. I've made some minor changes
to how the network data is read and sent from OCSP HTTP GET URLs and on
responses, respectively. This will take the test off the
On Tue, 24 Jan 2023 01:50:52 GMT, Jamil Nimeh wrote:
> This adds the OCSPNoContentLength test recently added as part of JDK-8296343.
> The test exposes what looks to be an intermittent socket closure issue in
> SimpleOCSPServer. In order to take the time to solve it properly,
This adds the OCSPNoContentLength test recently added as part of JDK-8296343.
The test exposes what looks to be an intermittent socket closure issue in
SimpleOCSPServer. In order to take the time to solve it properly, I'd like to
add this test to the problem list.
- JBS:
On Tue, 10 Jan 2023 06:02:29 GMT, Jamil Nimeh wrote:
> This fixes an issue where HTTP responses that do not have an explicit
> Content-Length are causing an EOFException which unravels into a
> CertPathValidatorException during validations that involve OCSP checks.
>
&g
On Thu, 19 Jan 2023 22:13:07 GMT, Volodymyr Paprotski wrote:
>> Looks good to me.
>
> @jnimeh would you mind running this through your tests? The build failures
> reported above seem unrelated..
@vpaprotsk regression tests completed successfully on my end.
-
PR:
Hello all,
I put together a draft CSR for enhancing the
com.sun.security.ocsp.timeout System property to allow it to be
specified either in seconds (as it is currently done, no change to the
format) or by appending "ms" (case-insensitive) to allow the numeric
value to be interpreted in
On Thu, 19 Jan 2023 22:13:07 GMT, Volodymyr Paprotski wrote:
>> Looks good to me.
>
> @jnimeh would you mind running this through your tests? The build failures
> reported above seem unrelated..
@vpaprotsk Yes, happy to take it through a regression run on my side. I'll
will run it later
On Thu, 19 Jan 2023 18:30:04 GMT, Volodymyr Paprotski wrote:
>> Per rfc7539 Section 2.5, "Read the block as a little-endian number."
>>
>> sun.security.util.math.intpoly.IntegerPolynomial1305 enforces this on input
>> when input is provided as `[]byte` but not when input is in `ByteBuffer`
>>
On Thu, 12 Jan 2023 15:31:30 GMT, Matthew Donovan wrote:
>> Jamil Nimeh has updated the pull request incrementally with two additional
>> commits since the last revision:
>>
>> - Throw exception directly from non 200 HTTP response codes
>> - Moved SimpleOC
> This fixes an issue where HTTP responses that do not have an explicit
> Content-Length are causing an EOFException which unravels into a
> CertPathValidatorException during validations that involve OCSP checks.
>
> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
Jamil Ni
> This fixes an issue where HTTP responses that do not have an explicit
> Content-Length are causing an EOFException which unravels into a
> CertPathValidatorException during validations that involve OCSP checks.
>
> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
Jamil Ni
On Tue, 10 Jan 2023 18:32:08 GMT, Jamil Nimeh wrote:
>> It may be more effective/accuracy to stop read OCSP response bytes if
>> response code is not OK.
>
> Logging the error code and returning with no read and not throwing an
> exception I believe would still work
On Tue, 10 Jan 2023 18:26:50 GMT, Xue-Lei Andrew Fan wrote:
>> Well, in the case of a 404 what appears to happen is that HttpURLConnection
>> would throw a FileNotFoundException. That ultimately would result in a CPVE
>> if there were no other sources of revocation information (e.g. CRL) for
On Tue, 10 Jan 2023 17:30:08 GMT, Xue-Lei Andrew Fan wrote:
>> This fixes an issue where HTTP responses that do not have an explicit
>> Content-Length are causing an EOFException which unravels into a
>> CertPathValidatorException during validations that involve OCSP checks.
>>
>> - JBS:
On Tue, 10 Jan 2023 15:49:26 GMT, Mark Powers wrote:
>> This fixes an issue where HTTP responses that do not have an explicit
>> Content-Length are causing an EOFException which unravels into a
>> CertPathValidatorException during validations that involve OCSP checks.
>>
>> - JBS:
Hello all,
This fixes an issue in OCSP where HTTP responses that do not have an
explicit Content-Length are causing an EOFException which unravels into
a CertPathValidatorException during validations that involve OCSP checks.
* JBS: https://bugs.openjdk.org/browse/JDK-8296343
On Tue, 3 Jan 2023 17:43:43 GMT, Volker Simonis wrote:
>> Looks good to me. Thanks!
>
>> Looks good to me. Thanks!
>
> Thanks @XueleiFan!
>
> I've updated the copyright year to 2023 and will wait one or two more days
> just in case @ascarpino wants to take one more look as well.
Hi
On Wed, 28 Dec 2022 15:54:49 GMT, Jamil Nimeh wrote:
> This adds documentation to the `java(1)` man page for new ChaCha20 and
> Poly1305 intrinsics, highlighting the diagnostic flags that were delivered in
> those feature enhancements. This is similar to what has already been done
> - JBS: https://bugs.openjdk.org/browse/JDK-8298592
> - Flags were delivered in ( openjdk/jdk#7702 for ChaCha20 and
> openjdk/jdk#10582 for Poly1305, with a minor change to the Poly1305 flag name
> in #49 )
Jamil Nimeh has updated the pull request incrementally with one additional
com
This adds documentation to the `java(1)` man page for new ChaCha20 and Poly1305
intrinsics, highlighting the diagnostic flags that were delivered in those
feature enhancements. This is similar to what has already been done for AES
and GHASH diagnostic flags.
- JBS:
On Wed, 14 Dec 2022 18:41:35 GMT, Matthew Donovan wrote:
>> This fix is intended to address various time-out errors in tests that use
>> DTLSOverDatagram as a test template. Based on test output from those bugs
>> (JDK-8202059, JDK-8249562, JDK-8280185, JDK-8280186, JDK-8269887,
>>
On Mon, 5 Dec 2022 22:05:51 GMT, Volodymyr Paprotski wrote:
>> There is now an intrinsic for Poly1305, which is only enabled on the
>> `engineUpdate([]byte)` path. This PR adds intrinsic support
>> `engineUpdate(ByteBuffer)` (when the bytebuffer `hasArray`).
>>
>> Fuzzing test expanded to
On Mon, 5 Dec 2022 18:22:00 GMT, Sandhya Viswanathan
wrote:
>> Volodymyr Paprotski has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> remove comment
>
> @valeriepeng Could you please take a look at this PR?
@sviswa7 I will be looking at
On Thu, 1 Dec 2022 04:19:37 GMT, Anthony Scarpino wrote:
>> I would like a review of an update to the GCM code. A recent report showed
>> that GCM memory usage for TLS was very large. This was a result of in-place
>> buffers, which TLS uses, and how the code handled the combined intrinsic
On Fri, 4 Mar 2022 16:47:54 GMT, Jamil Nimeh wrote:
> This PR delivers ChaCha20 intrinsics that accelerate the core block function
> that generates key stream from the key, counter and nonce. Intrinsics have
> been written for the following platforms and instruction sets:
>
>
On Mon, 28 Nov 2022 22:58:26 GMT, Anthony Scarpino
wrote:
>> Jamil Nimeh has updated the pull request with a new target base due to a
>> merge or a rebase. The pull request now contains 50 commits:
>>
>> - Merge with main
>> - Add AVX assertion guard
&g
forms that support the advanced SIMD instructions
>
> Note: Microbenchmark results moved to a comment in the PR so we don't have to
> see it in every email.
>
> Special thanks to the folks who have made many helpful comments while this PR
> was in draft form.
Jamil Nimeh has up
On Mon, 21 Nov 2022 19:06:49 GMT, Vladimir Ivanov wrote:
>> Jamil Nimeh has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Pull out common macro code into function parameter pack
>
> src/hotspot/cpu/x86/stubGe
forms that support the advanced SIMD instructions
>
> Note: Microbenchmark results moved to a comment in the PR so we don't have to
> see it in every email.
>
> Special thanks to the folks who have made many helpful comments while this PR
> was in draft form.
Jamil Nimeh has
forms that support the advanced SIMD instructions
>
> Note: Microbenchmark results moved to a comment in the PR so we don't have to
> see it in every email.
>
> Special thanks to the folks who have made many helpful comments while this PR
> was in draft form.
Jamil Nimeh has up
On Thu, 10 Nov 2022 20:11:46 GMT, Jamil Nimeh wrote:
>> This PR delivers ChaCha20 intrinsics that accelerate the core block function
>> that generates key stream from the key, counter and nonce. Intrinsics have
>> been written for the following platforms and instruction set
On Fri, 21 Oct 2022 12:29:22 GMT, Andrew Haley wrote:
>> This PR delivers ChaCha20 intrinsics that accelerate the core block function
>> that generates key stream from the key, counter and nonce. Intrinsics have
>> been written for the following platforms and instruction sets:
>>
>> -
1 - 100 of 125 matches
Mail list logo