On Fri, 9 Apr 2021 04:55:14 GMT, Xue-Lei Andrew Fan wrote:
> To improve the readability, it would be nice to check the TLS extensions
> total length while parsing.
>
> No new regression test, trial update.
src/java.base/share/classes/sun/security/ssl/SSLExtensions.java line 68:
> 66:
To improve the readability, it would be nice to check the TLS extensions total
length while parsing.
No new regression test, trial update.
-
Commit messages:
- 8264948: Check for TLS extensions total length
Changes: https://git.openjdk.java.net/jdk/pull/3405/files
Webrev:
On Wed, 31 Mar 2021 06:30:01 GMT, Hai-May Chao wrote:
> Please review the changes that adds the -signer option to keytool -genkeypair
> command. As key agreement algorithms do not have a signing algorithm, the
> specified signer's private key will be used to sign and generate a key
>
> Hi,
>
> I'd like to propose a fix for JDK-8261355 [1].
>
> The scheme used for holding data and padding while performing encryption
> operations is almost the same than the existing one for decryption. The only
> difference is that encryption does not require a block-sized buffer to be
>
Ouch, missed that. Good to go.
Thanks,
Paul
-Original Message-
From: "Doerr, Martin"
Date: Thursday, April 8, 2021 at 2:53 AM
To: "Hohensee, Paul" , "Langer, Christoph"
, jdk-updates-dev ,
security-dev
Cc: "Lindenmaier, Goetz"
Subject: RE: [11u] RFR: 8226374: Restrict TLS signature
On Thu, 8 Apr 2021 01:06:47 GMT, Weijun Wang wrote:
> This code change does not intend to support multiple byte tags. Instead, it
> aims to fail more gracefully when such a tag is encountered. For `DerValue`
> constructors from an encoding (type I), an `IOException` will be thrown since
>
> This code change does not intend to support multiple byte tags. Instead, it
> aims to fail more gracefully when such a tag is encountered. For `DerValue`
> constructors from an encoding (type I), an `IOException` will be thrown since
> it's already in the throws clause. For constructors from
On Thu, 8 Apr 2021 17:18:50 GMT, Jamil Nimeh wrote:
>> I don't want to go on reading the following bytes to find out what the
>> intended tag number is, because that somehow shows I do understand the
>> encoding _a lot_ but still don't want to support it (well, actually I only
>> understand
On Thu, 8 Apr 2021 16:59:54 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/sun/security/util/DerValue.java line 225:
>>
>>> 223: DerValue(byte tag, byte[] buffer, int start, int end, boolean
>>> allowBER) {
>>> 224: if ((tag & 0x1f) == 0x1f) {
>>> 225: throw new
On Thu, 8 Apr 2021 17:10:13 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/sun/security/util/DerValue.java line 322:
>>
>>> 320: tag = buf[pos++];
>>> 321: if ((tag & 0x1f) == 0x1f) {
>>> 322: throw new IOException("Tag number over 30 is not
>>> supported");
On Thu, 8 Apr 2021 16:58:24 GMT, Jamil Nimeh wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> update exception wordings
>
> src/java.base/share/classes/sun/security/util/DerValue.java line 322:
>
>> 320:
On Sat, 3 Apr 2021 22:09:55 GMT, Alex Blewitt
wrote:
> 8264681: Use the blessed modifier order in java.security
The rest looks fine, but I would double-check all the copyrights to see if you
are modifying any other 3rd-party code than the ones I commented on. Best to
leave that code as-is
On Thu, 8 Apr 2021 15:53:10 GMT, Xue-Lei Andrew Fan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> update exception wordings
>
> src/java.base/share/classes/sun/security/util/DerValue.java line 225:
>
>> 223:
> This code change does not intend to support multiple byte tags. Instead, it
> aims to fail more gracefully when such a tag is encountered. For `DerValue`
> constructors from an encoding (type I), an `IOException` will be thrown since
> it's already in the throws clause. For constructors from
On Thu, 8 Apr 2021 13:57:37 GMT, Weijun Wang wrote:
>> This code change does not intend to support multiple byte tags. Instead, it
>> aims to fail more gracefully when such a tag is encountered. For `DerValue`
>> constructors from an encoding (type I), an `IOException` will be thrown
>> since
On Thu, 8 Apr 2021 13:57:37 GMT, Weijun Wang wrote:
>> This code change does not intend to support multiple byte tags. Instead, it
>> aims to fail more gracefully when such a tag is encountered. For `DerValue`
>> constructors from an encoding (type I), an `IOException` will be thrown
>> since
On Thu, 8 Apr 2021 03:46:07 GMT, Xue-Lei Andrew Fan wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> make sure test fails before code change
>
> src/java.base/share/classes/sun/security/util/DerValue.java line 322:
> This code change does not intend to support multiple byte tags. Instead, it
> aims to fail more gracefully when such a tag is encountered. For `DerValue`
> constructors from an encoding (type I), an `IOException` will be thrown since
> it's already in the throws clause. For constructors from
Hi Paul and Christoph,
thank you for the review and the approval.
I've added the blank line.
In addition, I've reviewed the whole change again and found a copy & paste bug
in my webrev.00:
SECT283_K1(0x0009, "sect283k1", true,
NamedGroupSpec.NAMED_GROUP_ECDHE,
19 matches
Mail list logo
