Integrated: 8209398: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failed with "PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE"
On Tue, 14 Dec 2021 18:33:47 GMT, Valerie Peng wrote: > Can someone help review this small fix? NSS returns PKCS11 > CKR_ATTRIBUTE_SENSITIVE error when trying to retrieve CKA_VALUE out of its > token keys. So this fix is to add special handling for NSS token secret keys. > There is already an existing regression test which detects this and disabled > in ProblemList.txt. Removing that test from ProblemList.txt to verify this > fix. > > Thanks, > Valerie This pull request has now been integrated. Changeset: d64820df Author:Valerie Peng URL: https://git.openjdk.java.net/jdk/commit/d64820dfefc0bac578df43fe58d2bce8577ec94e Stats: 9 lines in 2 files changed: 4 ins; 2 del; 3 mod 8209398: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failed with "PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE" Reviewed-by: hchao, weijun - PR: https://git.openjdk.java.net/jdk/pull/6837
Re: RFR: 8209398: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failed with "PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE"
On Tue, 14 Dec 2021 18:33:47 GMT, Valerie Peng wrote: > Can someone help review this small fix? NSS returns PKCS11 > CKR_ATTRIBUTE_SENSITIVE error when trying to retrieve CKA_VALUE out of its > token keys. So this fix is to add special handling for NSS token secret keys. > There is already an existing regression test which detects this and disabled > in ProblemList.txt. Removing that test from ProblemList.txt to verify this > fix. > > Thanks, > Valerie Thanks HaiMay and Weijun for review~~ - PR: https://git.openjdk.java.net/jdk/pull/6837
Re: RFR: 8209398: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failed with "PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE"
On Tue, 14 Dec 2021 18:33:47 GMT, Valerie Peng wrote: > Can someone help review this small fix? NSS returns PKCS11 > CKR_ATTRIBUTE_SENSITIVE error when trying to retrieve CKA_VALUE out of its > token keys. So this fix is to add special handling for NSS token secret keys. > There is already an existing regression test which detects this and disabled > in ProblemList.txt. Removing that test from ProblemList.txt to verify this > fix. > > Thanks, > Valerie Marked as reviewed by weijun (Reviewer). - PR: https://git.openjdk.java.net/jdk/pull/6837
Re: RFR: 8209398: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failed with "PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE"
On Wed, 22 Dec 2021 00:46:32 GMT, Weijun Wang wrote: > Since the return error code is PKCS11 CKR_ATTRIBUTE_SENSITIVE, does it make > sense to assign `sensitive = true` right at the beginning? I'm not a PKCS11 > expert and not sure if this has any negative effect on > > https://github.com/openjdk/jdk/blob/ea8d3c92c69c393cdbc6c62398f1e9c6adc708d3/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java#L1394 > (where the `sensitive` flag is used). I debated about it, my current thought is to reflect the same value returned by underlying PKCS11 library. Otherwise, it may look confusing to users - why C returns false but Java shows it to be true. This consistency comes with a cost of extra maintenance/code to check and special handle vendor-specific behavior like this NSS token key, i.e. queried to be non-sensitive and extractable , but yet errors out if trying to retrieve the key values. - PR: https://git.openjdk.java.net/jdk/pull/6837
Re: RFR: 8209398: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failed with "PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE"
On Wed, 22 Dec 2021 00:40:35 GMT, Weijun Wang wrote: > What about here? > > https://github.com/openjdk/jdk/blob/a5d7de235101696463dba22792703c6809ff7fc4/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11RSAKeyFactory.java#L280 Well, this bug is about PKCS11 SecretKey. Maybe this line in P11RSAKeyFactory.java needs to be updated as well, but best to do it separately after trying the NSS behavior out first. - PR: https://git.openjdk.java.net/jdk/pull/6837
[jdk18] Integrated: JDK-8278967 rmiregistry fails to start because SecurityManager is disabled
On Fri, 17 Dec 2021 20:01:27 GMT, Stuart Marks wrote: > Enable the security manager in rmiregistry's launcher arguments. This pull request has now been integrated. Changeset: 04ee9211 Author:Stuart Marks URL: https://git.openjdk.java.net/jdk18/commit/04ee9211fcc59178b3bfdfdda5e0def9b0f29ada Stats: 7 lines in 2 files changed: 4 ins; 0 del; 3 mod 8278967: rmiregistry fails to start because SecurityManager is disabled Reviewed-by: alanb, erikj - PR: https://git.openjdk.java.net/jdk18/pull/45
Re: [jdk18] RFR: JDK-8278967 rmiregistry fails to start because SecurityManager is disabled [v2]
On Wed, 22 Dec 2021 01:18:58 GMT, Stuart Marks wrote: >> Enable the security manager in rmiregistry's launcher arguments. > > Stuart Marks has updated the pull request incrementally with one additional > commit since the last revision: > > Change java.security.manager to "allow"; filter warning lines from > VersionCheck Build change looks good. - Marked as reviewed by erikj (Reviewer). PR: https://git.openjdk.java.net/jdk18/pull/45
RFR: 8279134: Fix Amazon copyright in various files
This bug is similar to https://bugs.openjdk.java.net/browse/JDK-8244094 Currently, some of the files in the OpenJDK repo have Amazon copyright notices which are all slightly different and do not conform to Amazons preferred copyright notice which is simply (intentionally without copyright year): "Copyright Amazon.com Inc. or its affiliates. All Rights Reserved." @simonis @phohensee - Commit messages: - Initial fix JDK-8279134 Changes: https://git.openjdk.java.net/jdk/pull/6915/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=6915&range=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8279134 Stats: 15 lines in 14 files changed: 0 ins; 1 del; 14 mod Patch: https://git.openjdk.java.net/jdk/pull/6915.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/6915/head:pull/6915 PR: https://git.openjdk.java.net/jdk/pull/6915
Re: [jdk18] RFR: JDK-8278967 rmiregistry fails to start because SecurityManager is disabled [v2]
On Wed, 22 Dec 2021 01:18:58 GMT, Stuart Marks wrote: >> Enable the security manager in rmiregistry's launcher arguments. > > Stuart Marks has updated the pull request incrementally with one additional > commit since the last revision: > > Change java.security.manager to "allow"; filter warning lines from > VersionCheck This version looks okay, avoids having an attempt to set the SM in createRegistry always be skipped. - Marked as reviewed by alanb (Reviewer). PR: https://git.openjdk.java.net/jdk18/pull/45
