Looks good to me.
Xuelei
On 6/4/2020 8:18 PM, Weijun Wang wrote:
Please review the patch below. The tag name should be camelCased.
*diff --git
a/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java
Hello all,
This brings a few PKCS#9 attributes (unstructuredName,
unstructuredAddress, signingTime) into line with v2.0 of the spec (RFC
2985). It mostly expands the allowed string or date types for these
attributes. I also came across a corner-case bug where toString calls
on
Hi,
Looks good to me, one question
If first registered SecureRandom algo gets removed,
getDefaultSecureRandomAlgorithm return stale data, a refresh required in remove?
Thanks,
Prasad.K
>-Original Message-
>From: Valerie Peng
>Sent: Friday, June 5, 2020 2:52 AM
>To:
Hi Simon,
On 4/06/2020 11:35 pm, Simon Tooke wrote:
Hello, David, and thanks for the review!
I've responded to your comments below, and intend to post a new patch
for review today or tomorrow.
Thanks again,
-Simon
On 2020-06-03 2:06 a.m., David Holmes wrote:
Hi Simon,
On 23/05/2020
Corrected the links.
On 04/06/20 10:59 pm, shivangi.g.gu...@oracle.com wrote:
Hi,
May I please find a sponsor for this patch?
Bug: https://bugs.openjdk.java.net/browse/JDK-8246330
Description:Many of EC named curves has been disabled with security
property "jdk.disabled.namedCurves". The
Hi Alexey,
It's so unfortunate that different addressType must be used. I'm OK with the
new TlsChannelBindingImpl class.
One thing I'm not comfortable is the
java.security.sasl/share/classes/module-info.java change. We've struggled hard
to avoid these kind of secret tunnels. Is it possible to
Please review the patch below. The tag name should be camelCased.
diff --git
a/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java
b/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java
---
Hi Max
Please review this webrev:
http://cr.openjdk.java.net/~jjiang/8244683/webrev.05/
- TimestampCheck.java
The codes in those private methods in Interceptor are merged into
getRespParam().
- TsaParam.java
Group the fields as signing internals and TSA fields.
- TsaSigner.java
> 在 2020年6月5日,03:19,Valerie Peng 写道:
>
>> Can you give an example when these 2 rules have different results? Is this
>> only true for those implementation that directly subclass MessageDigest?
>
> Before this fix, even the Spi impl implements Cloneable the instanceof check
> will always
Hi, Sean,
Thanks for the review and feedback. Webrev updated:
http://cr.openjdk.java.net/~valeriep/8246613/webrev.01/
getTypeAndAlgorithm(...) was not static due to an instance variable used
by debugging output. I have removed it and made both method static.
I will wait for others' review
On 6/4/20 3:34 PM, Valerie Peng wrote:
Hi,
Could someone help reviewing this fix? This change keep tracks of the
first registered SecureRandom algorithm and returns it upon the request
of SecureRandom class.
This looks good to me. I would recommend that Max or someone else
review it as
Sure, I have no more comments.
Thanks,
Valerie
On 6/3/2020 7:48 PM, Weijun Wang wrote:
RSAPrivateKeyImpl and RSAPrivateCrtKeyImpl
- throws InvalidKeyException when RSAUtil.createAlgorithmId(type, keyParams)
fails. I'll keep it.
EdDSAPrivateKeyImpl, XDHPrivateKeyImpl and ECPrivateKeyImpl
-
Hi,
Could someone help reviewing this fix? This change keep tracks of the
first registered SecureRandom algorithm and returns it upon the request
of SecureRandom class.
Bug: https://bugs.openjdk.java.net/browse/JDK-8246613
Webrev: http://cr.openjdk.java.net/~valeriep/8246613/webrev.00/
Hi Max,
Please find replies in line.
On 6/4/2020 3:54 AM, Weijun Wang wrote:
HmacCore.java:
78 md = null;
79 String noCloneProv = md.getProvider().getName();
NPE on line 79. Should reverse.
Good catch, fixed.
On Jun 4, 2020, at 8:09 AM, Valerie Peng
Hello,
Could you please review new version of the patch:
http://cr.openjdk.java.net/~abakhtin/8245527/webrev.v3/
I’ve moved all logic for creating TLS Channel Binding data out of
GssKrb5Client.java file.
All data is prepared inside TlsChannelBinding class.
Internal property name is renamed to
Hi,
May I please find a sponsor for this patch?
Bug: https://bugs.openjdk.java.net/browse/JDK-8246330
Description:Many of EC named curves has been disabled with security
property "jdk.disabled.namedCurves". The purpose of this Test is to
verify the behavior of any EC named curve from the
Hi,
Could you please review this patch. For timeout/interrupts, JDK11u+ releases,
SSLSocket:getSession behavior is different, compare to JDK8u. i.e, connection
is in open state for timeout/interrupts exception. For comparability reasons,
this fix will close connection for getSession
OK. Please go on. No other comment.
> On Jun 4, 2020, at 12:02 AM, sha.ji...@oracle.com wrote:
>
>> Can we make them internal at the moment until someone really need to extend
>> it?
> Yes, we can.
> But as a test lib, is it bad to think about a bit further?
But think about it carefully when
On 04/06/2020 14:35, Simon Tooke wrote:
> Yes, this hurt to type. A previous review suggested using julong, is
> that acceptable to you?
>
> (an aside: I'm now wondering if there is other code in the JDK that
> assumes long is 64bits - which is not true on all platforms...)
That was just me,
Hello, David, and thanks for the review!
I've responded to your comments below, and intend to post a new patch
for review today or tomorrow.
Thanks again,
-Simon
On 2020-06-03 2:06 a.m., David Holmes wrote:
Hi Simon,
On 23/05/2020 12:04 am, Sean Mullan wrote:
Cross-posting to hotspot-dev
> On Jun 4, 2020, at 7:29 PM, Hai-May Chao wrote:
>
> Hi Max,
>
>> On Jun 3, 2020, at 12:59 AM, Weijun Wang wrote:
>>
>> The source change looks fine to me.
>>
>> In TrustedCert.java:
>>
>> - You can use FileOutputStream and Files.copy(Path,OutputStream) in cat().
>
> This cat() is
Hi Max,
> On Jun 3, 2020, at 12:59 AM, Weijun Wang wrote:
>
> The source change looks fine to me.
>
> In TrustedCert.java:
>
> - You can use FileOutputStream and Files.copy(Path,OutputStream) in cat().
This cat() is taken from WealAlg.java.
>
> - There is no need to recreate root.jks and
HmacCore.java:
78 md = null;
79 String noCloneProv = md.getProvider().getName();
NPE on line 79. Should reverse.
> On Jun 4, 2020, at 8:09 AM, Valerie Peng wrote:
>
> Hi,
>
> Anyone can help review this fix? I changed com.sun.crypto.provider.HmacCore
>
Looks fine to me.
Thanks,
Max
> On Jun 4, 2020, at 10:40 AM, Valerie Peng wrote:
>
> Hi,
>
> Anyone can help review this straightforward enhancement? The changes are
> mostly based on the submitted patch with some minor polishing. Essentially
> re-using existing buffer instead of relying on
24 matches
Mail list logo
