Re: New candidate JEP: 411: Deprecate the Security Manager for Removal

Thanks David, will make a note of it for future reference. Cheers, Peter. On 30/04/2021 12:57 am, David Lloyd wrote: If it helps, we've solved this particular problem in a couple of places by using an MR-JAR which selects an implementation using `StackWalker` when Java 9+ is used.  I will say

Re: RFR: JDK-6676643: Improve current C_GetAttributeValue native implementation

On Tue, 27 Apr 2021 18:46:21 GMT, Greg Rubin wrote: >> For this particular call, the pValue field is null, it's meant to query the >> exact length of the specified attribute. Thus, CKR_BUFFER_TOO_SMALL should >> not be returned. >> Afterwards, we then allocate the buffer based on this queried

Re: RFR: 8236671: NullPointerException in JKS keystore [v2]

On Wed, 28 Apr 2021 12:39:42 GMT, Sean Coffey wrote: >> Trivial enough change. Improved the exception thrown from JceKeyStore also. > > Sean Coffey has updated the pull request with a new target base due to a > merge or a rebase. The incremental webrev excludes the unrelated changes > brought i

Re: New candidate JEP: 411: Deprecate the Security Manager for Removal

On 29/04/2021 10:57 pm, Sean Mullan wrote: On 4/29/21 1:37 AM, Peter Firmstone wrote: We have our own security manager implementation and policy provider implementations.  Both of these are high performance and non-blocking and we are able to dynamically grant and revoke some permissions.

Integrated: 8255410: Add ChaCha20 and Poly1305 support to SunPKCS11 provider

On Fri, 9 Apr 2021 17:08:30 GMT, Valerie Peng wrote: > Could someone (perhaps Jamil?) please help review this change? This enhances > SunPKCS11 provider with ChaCha20-Poly1305 cipher and ChaCha20 key generation > support. Majority of the regression tests are adapted from the existing ones > fo

Re: RFR: 8264774: Implementation of Foreign Function and Memory API (Incubator) [v3]

On Thu, 29 Apr 2021 10:31:29 GMT, Maurizio Cimadamore wrote: > I think I expect that, with caller sensitive, it is possible from a client in > an "enabled" module to obtain a MethodHandle, and then pass it to an > unprivileged module, which then calls it, and works ok. This matches my > expec

Re: RFR: 8266220: keytool still prompt for store password on a password-less pkcs12 file if -storetype pkcs12 is specified

On Wed, 28 Apr 2021 15:07:14 GMT, Weijun Wang wrote: > It's awkward that for a password-less pkcs12 keystore, `keytool -list` does > not prompt for a password but `keytool -list -storetype pkcs12` does. New commit pushed. When the file is opened the second time, uses a local variable and close

Re: RFR: 8266220: keytool still prompt for store password on a password-less pkcs12 file if -storetype pkcs12 is specified [v2]

> It's awkward that for a password-less pkcs12 keystore, `keytool -list` does > not prompt for a password but `keytool -list -storetype pkcs12` does. Weijun Wang has updated the pull request incrementally with one additional commit since the last revision: close stream carefully

Re: RFR: 8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)

On Thu, 29 Apr 2021 15:58:28 GMT, Xue-Lei Andrew Fan wrote: >> Yes, I’ve made a test that calculates total time spent by server to receive >> "N" connections. Every server handshake is performed in a separate thread >> The client starts "T" threads. Every thread sends one initial connection and

Re: RFR: 8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)

On Tue, 27 Apr 2021 23:45:30 GMT, Alexey Bakhtin wrote: >> src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java line >> 377: >> >>> 375: // If we are keeping state, see if the identity is >>> in the cache >>> 376: if (requestedId.ident

Re: Ping? [8u] RFR: 8206925: Support the certificate_authorities extension

Anyone? On Tue, 2021-04-20 at 12:23 +0200, Severin Gehwolf wrote: > Hi, > > Please review this OpenJDK 8u backport of the certificate_authorities > extensionj. The OpenJDK 11u patch didn't apply cleanly after path > unshuffeling, but was fairly trivial to resolve. Conflicts caused by: > > 1. X50

Re: New candidate JEP: 411: Deprecate the Security Manager for Removal

If it helps, we've solved this particular problem in a couple of places by using an MR-JAR which selects an implementation using `StackWalker` when Java 9+ is used. I will say however that it appears to be slightly less performant, which is unfortunate (but hopefully fixable at some point in the f

Re: New candidate JEP: 411: Deprecate the Security Manager for Removal

On 4/29/21 2:44 AM, Geertjan Wielenga wrote: Also, from the point of view of Apache NetBeans, here’s a list of our concerns with these developments: https://blogs.apache.org/netbeans/entry/jep-411-deprecate-the-security

Re: RFR: 8266220: keytool still prompt for store password on a password-less pkcs12 file if -storetype pkcs12 is specified

On Wed, 28 Apr 2021 15:07:14 GMT, Weijun Wang wrote: > It's awkward that for a password-less pkcs12 keystore, `keytool -list` does > not prompt for a password but `keytool -list -storetype pkcs12` does. Test `sun/security/tools/keytool/KeyToolTest.java` failed on Windows. Looks like a file-not

Re: New candidate JEP: 411: Deprecate the Security Manager for Removal

On 4/29/21 1:37 AM, Peter Firmstone wrote: Which version of Java is this planned for?   Will the last version supporting the security manager be a long term support version, eg back ports of security patches and TLS technologies? The JEP has not been targeted to a release yet, but the Securi

Re: RFR: 8264774: Implementation of Foreign Function and Memory API (Incubator) [v5]

> This PR contains the API and implementation changes for JEP-412 [1]. A more > detailed description of such changes, to avoid repetitions during the review > process, is included as a separate comment. > > [1] - https://openjdk.java.net/jeps/412 Maurizio Cimadamore has updated the pull request

Re: JEP411: Missing use-case: Monitoring / restricting libraries

Having implemented SecurityManager and Policy providers, I'd like to comment on some of the assessments, some thoughts: * Poor performance, this is specific to the Java Policy implementation, I have addressed this in my implementations, performance impact is imperceptible, I know how to a

Re: RFR: 8264774: Implementation of Foreign Function and Memory API (Incubator) [v3]

On Wed, 28 Apr 2021 18:33:36 GMT, Maurizio Cimadamore wrote: >> This PR contains the API and implementation changes for JEP-412 [1]. A more >> detailed description of such changes, to avoid repetitions during the review >> process, is included as a separate comment. >> >> [1] - https://openjd

Re: RFR: 8264774: Implementation of Foreign Function and Memory API (Incubator) [v4]

> This PR contains the API and implementation changes for JEP-412 [1]. A more > detailed description of such changes, to avoid repetitions during the review > process, is included as a separate comment. > > [1] - https://openjdk.java.net/jeps/412 Maurizio Cimadamore has updated the pull request

Re: RFR: 8264774: Implementation of Foreign Function and Memory API (Incubator) [v3]

On Wed, 28 Apr 2021 23:22:38 GMT, Mandy Chung wrote: > My statement was overly simplified, sorry. If `handle` is invoked in another > module B and invoked by a class in module B, which module (the `lookup`'s > module or ) do you expect be the caller to check against for native access > check?