RE: [8u-dev] RFR JDK-8187218 & JDK-8131051, two krb5 fixes on renewable

2018-09-19 Thread Prasadrao Koppula
Thanks Max for review, corrected all the coding style changes. Thanks, Prasad.K -Original Message- From: Weijun Wang Sent: Wednesday, September 19, 2018 9:09 PM To: Prasadrao Koppula Cc: security-dev@openjdk.java.net Subject: Re: [8u-dev] RFR JDK-8187218 & JDK-8131051, two krb5 fixes o

Re: RFR: JDK-8210846, TLSv.1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth

2018-09-19 Thread Jamil Nimeh
Great news!  Thanks for running the tests on your end, Norman. --Jamil Original message From: Norman Maurer Date: 9/19/18 4:32 PM (GMT-08:00) To: Bradford Wetmore Cc: Jamil Nimeh , OpenJDK Dev list Subject: Re: RFR: JDK-8210846, TLSv.1.3 interop problems with Op

Re: RFR: JDK-8210846, TLSv.1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth

2018-09-19 Thread Norman Maurer
I can confirm that this patch fixes the issue I was seeing. After applying it it also passes all of the tests that we have in the SSL testsuite of netty. So +1 from me. Bye Norman > On 19. Sep 2018, at 15:13, Bradford Wetmore > wrote: > > Looks good from a CR standpoint. Silly typos... >

Re: RFR: JDK-8210846, TLSv.1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth

2018-09-19 Thread Jamil Nimeh
I will add my test information to the bug.  Thanks for reviewing it. --Jamil Original message From: Bradford Wetmore Date: 9/19/18 3:13 PM (GMT-08:00) To: Norman Maurer , Jamil Nimeh Cc: OpenJDK Dev list Subject: Re: RFR: JDK-8210846, TLSv.1.3 interop problems with OpenS

Re: RFR: JDK-8210846, TLSv.1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth

2018-09-19 Thread Bradford Wetmore
Looks good from a CR standpoint. Silly typos... Looking forward to hearing back from Norman. I believe we are running the same testbed, so I expect it will work. Jamil, be sure to include the specific interop test information in the bug, so that when SQE goes to verify, they can be sure to

Re: RFR: JDK-8210846, TLSv.1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth

2018-09-19 Thread Norman Maurer
I will test and report back later today . Thanks for the quick turnaround > Am 19.09.2018 um 13:47 schrieb Jamil Nimeh : > > Hello all, > > This fix handles an issue in TLS client certificate authentication where our > client was failing to send a certificate after consuming the > CertificateR

RFR: JDK-8210846, TLSv.1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth

2018-09-19 Thread Jamil Nimeh
Hello all, This fix handles an issue in TLS client certificate authentication where our client was failing to send a certificate after consuming the CertificateRequest message.  Thanks to Norman Maurer for bringing this to our attention. Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/821

Re: Conceptual feedback on new ECC JEP

2018-09-19 Thread Adam Petcher
On 9/19/2018 1:37 PM, Bernd Eckenfels wrote: Hello, I think I missed it, but where is the conversion on BigInteger branching on key material? Isn’t this only branching on effective constant values? Or are you concerned about Spectre-type problems? This is not for Spectre (etc.) issues, wh

Re: Conceptual feedback on new ECC JEP

2018-09-19 Thread Adam Petcher
On 9/19/2018 12:51 PM, Michael StJohns wrote: On 9/19/2018 11:45 AM, Adam Petcher wrote: My goal is for the new provider to be at least as interoperable as PKCS11 providers with non-exportable keys. Do all the PKCS11 providers that you have used allow importing private keys over JCA, or over

Re: Conceptual feedback on new ECC JEP

2018-09-19 Thread Bernd Eckenfels
Hello, I think I missed it, but where is the conversion on BigInteger branching on key material? Isn’t this only branching on effective constant values? Or are you concerned about Spectre-type problems? Besides that I totally agree on the idea of having a more secure implementation which can b

Re: Conceptual feedback on new ECC JEP

2018-09-19 Thread Michael StJohns
On 9/19/2018 11:45 AM, Adam Petcher wrote: On 9/18/2018 4:24 PM, Michael StJohns wrote: Adam - Basically, the JCE is all about plugging in not about the implementations.  If this is truly an EC library, I should be able to get the benefit of your library with very minimal changes - e.g. sp

Re: TLSv.1.3 interropt problems with OpenSSL 1.1.1 when used on the client side with mutual auth

2018-09-19 Thread Xuelei Fan
Hi Norman, It is just a initial version set. Thanks, Xuelei On 9/19/2018 8:49 AM, Norman Maurer wrote: I see this is now tracked as https://bugs.openjdk.java.net/projects/JDK/issues/JDK-8210846?filter=allopenissues :) Just one question, I saw it list 12 as fix version. Is this just the init

Re: RFR(XS): 8210912: Build error in src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c after JDK-8029661

2018-09-19 Thread Mikael Vidstedt
Thank you! Change pushed and noreg-build label added. Cheers, Mikael > On Sep 19, 2018, at 9:13 AM, Sean Mullan wrote: > > Looks ok to me. The bug needs an appropriate noreg label. > > --Sean > > On 9/19/18 12:05 PM, Mikael Vidstedt wrote: >> Please review this change which fixes a Solaris/

Re: RFR(XS): 8210912: Build error in src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c after JDK-8029661

2018-09-19 Thread Sean Mullan
Looks ok to me. The bug needs an appropriate noreg label. --Sean On 9/19/18 12:05 PM, Mikael Vidstedt wrote: Please review this change which fixes a Solaris/SPARC build issue: bug: https://bugs.openjdk.java.net/browse/JDK-8210912 webrev: http://cr.openjdk.java.net/~mikael/webrevs/8210912/web

RFR(XS): 8210912: Build error in src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c after JDK-8029661

2018-09-19 Thread Mikael Vidstedt
Please review this change which fixes a Solaris/SPARC build issue: bug: https://bugs.openjdk.java.net/browse/JDK-8210912 webrev: http://cr.openjdk.java.net/~mikael/webrevs/8210912/webrev.00/open/webrev/

Re: Conceptual feedback on new ECC JEP

2018-09-19 Thread Adam Petcher
On 9/18/2018 4:24 PM, Michael StJohns wrote: Adam - Basically, the JCE is all about plugging in not about the implementations.  If this is truly an EC library, I should be able to get the benefit of your library with very minimal changes - e.g. specifying your provider in the various getIns

Re: [8u-dev] RFR JDK-8187218 & JDK-8131051, two krb5 fixes on renewable

2018-09-19 Thread Weijun Wang
Change looks fine, but the code style of lines 947-954 is quite different from normal, including, no space after keywords, wrong indentation of inner block and wrapped line, brace and else not on the same line, etc. --Max > On Sep 19, 2018, at 10:40 PM, Prasadrao Koppula > wrote: > > Could y

[8u-dev] RFR JDK-8187218 & JDK-8131051, two krb5 fixes on renewable

2018-09-19 Thread Prasadrao Koppula
Could you please review the following fixes for 8u-dev? jbs: https://bugs.openjdk.java.net/browse/JDK-8187218, https://bugs.openjdk.java.net/browse/JDK-8131051 webrev: http://cr.openjdk.java.net/~pkoppula/8187218/webrev.00/ Thanks, Prasad.K

Re: RFR JDK-8029661: JDK-Support TLS v1.2 algorithm in SunPKCS11 provider

2018-09-19 Thread Martin Balao
On Wed, Sep 19, 2018 at 1:52 AM, Valerie Peng wrote: > Test update looks fine and regression test run is clear. I have no more > comments. > Thanks, > Valerie > Submit-repository tests passed. Integrated to baseline then: * http://hg.openjdk.java.net/jdk/jdk/rev/bccd9966f1ed Thanks Valerie f