Re: RFR 8183591: Incorrect behavior when reading DER value with Integer.MAX_VALUE length

BTW: Can in.available() be < length as well? In that case then exception before your changed line would be misleading. Gruss Bernd Gruss Bernd -- http://bernd.eckenfels.net From: security-dev on behalf of Adam Petcher Sent: Wednesday, July 12, 2017 8:38:25 PM

RFR 8183591: Incorrect behavior when reading DER value with Integer.MAX_VALUE length

This is a bug fix for a corner case in which a DER value has length equal to Integer.MAX_VALUE. The code uses IOUtils.readFully() to read the value, which interprets length=Integer.MAX_VALUE to mean "read to the end." The result is that no exception will be thrown when fewer then Integer.MAX_VA

Re: RFR: 8184208: update class="striped" tables for accessibility

Looks good Jon. > On Jul 11, 2017, at 5:39 PM, Jonathan Gibbons > wrote: > > Please review this auto-generated update to improve the accessibility of many > of the tables > in the API docs for the java.base module. > > The changes are just to the HTML markup for selected tables; > there is no

Re: RFR 8182999: SunEC throws ProviderException on invalid curves

+1 > On 12 Jul 2017, at 15:51, Adam Petcher wrote: > > I made a minor tweak to the test. I realized that the test will still pass if > the curve becomes supported in the future. I want the test to fail in this > case because it would no longer be testing an unsupported curve. > > latest webre

Re: RFR 8182999: SunEC throws ProviderException on invalid curves

I made a minor tweak to the test. I realized that the test will still pass if the curve becomes supported in the future. I want the test to fail in this case because it would no longer be testing an unsupported curve. latest webrev: http://cr.openjdk.java.net/~apetcher/8182999/webrev.02/ On

Re: [RFR] 8174849: Change SHA1 certpath restrictions - issue with 3rd party JCE provider

On 7/11/17 3:10 PM, Langer, Christoph wrote: Well, probably you are right that it is not a bug - at least when you look at the documentation of Java9 (the link that you have cited). However, if we look at the documentation of X509Certificate, it's not that clear, resp. it wasn't for pre JDK9 r

Re: RFR 8182999: SunEC throws ProviderException on invalid curves

Looks fine to me too. We should investigate how best to support similar behaviour for the SunPKCS11 provider. To track this issue I’ve filed a related bug 8184290 : SunPKCS11 throws ProviderException for unsupported curves > On 10 Jul 2017, a

AW: [RFR] 8174849: Change SHA1 certpath restrictions - issue with 3rd party JCE provider

Hello Sean, Christoph, To explain the reason for our non-compliance to the JCA "withRSA" signature standard name notation I have to get back to the very beginning. Namely to JDK 1.1.8 which used the "/RSA" notation as standard names for RSA-PKCSv1.5 signature algorithms (see attachment; I have

Re: (10) RFR of JDK-8184165: sun.security.provider.PolicyFile$PolicyEntry.toString() throws MissingResourceException

I'm afraid it's not worth to build such a automatic tool. Different resource clients uses different resource classes which have different resource items, so such a tool must understand which resource client is using which resource class, which is not easy or even possible. Or we can hard code

Re: (10) RFR of JDK-8184234: sun.security.provider.AuthPolicyFile$PolicyEntry.toString() throws MissingResourceException

Change looks fine. Thanks Max > On Jul 12, 2017, at 2:13 PM, Hamlin Li wrote: > > Would you please review the below patch? > > bug: https://bugs.openjdk.java.net/browse/JDK-8184234 > > webrev: http://cr.openjdk.java.net/~mli/8184234/webrev.00/ > > > Thank you > > -Hamlin >

Re: (10) RFR of JDK-8184165: sun.security.provider.PolicyFile$PolicyEntry.toString() throws MissingResourceException

Great work! Thanks for going deep on this issue. Is it possible to change your manual check into an automatic test? I know sources might not be available when running a test, but if something like ${test.src}/../../../src/java.base/share/classes/sun/security/util/ exists it can be a good hint t