Re: JEP 411: Missing use-case: user functions in an RDBMS

2021-05-28 Thread Peter Firmstone
While I accept that my particular use case will no longer be supported in future, it's difficult to see the value of a sandbox, because developers will always want to relax it in some way and people fall into the trap of thinking that trust is black and white; this is trusted, that is not.

AW: [External] : Re: [11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

2021-05-28 Thread Doerr, Martin
Thank you, Sean, for your review and all your help! Best regards, Martin Von: Seán Coffey Datum: Freitag, 28. Mai 2021 um 18:51 An: Doerr, Martin , jdk-updates-...@openjdk.java.net , security-dev , Hohensee, Paul Betreff: Re: [External] : Re: [11u] RFR: 8267599: Revert the change to the

Re: [11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

2021-05-28 Thread Doerr, Martin
Hi, here’s my new webrev for reverting the pkcs12.macAlgorithm and macIterationCount changes from the JDK-8153005 backport: http://cr.openjdk.java.net/~mdoerr/8267599_revert_8153005_11u/webrev.01/ Oracle’s JBS issue:

Re: RFR: 8248268: Support KWP in addition to KW [v8]

2021-05-28 Thread Valerie Peng
On Tue, 25 May 2021 20:33:55 GMT, Valerie Peng wrote: >> This change updates SunJCE provider as below: >> - updated existing AESWrap support with AES/KW/NoPadding cipher >> transformation. >> - added support for AES/KWP/NoPadding and AES/KW/PKCS5Padding. >> >> Existing AESWrap impl, i.e.

AW: [External] : AW: [11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

2021-05-28 Thread Doerr, Martin
Hi Sean, thank you very much! I was concerned to miss anything. But it is really that simple  I’ll prepare a new webrev. Best regards, Martin Von: Seán Coffey Datum: Freitag, 28. Mai 2021 um 16:36 An: Doerr, Martin , jdk-updates-...@openjdk.java.net , security-dev , Hohensee, Paul

AW: [11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

2021-05-28 Thread Doerr, Martin
Hi Sean, thank you for your quick reply. I was already hoping to get such feedback. I had read the CSR and I had already thought that you guys didn’t revert the complete change. My problem is that I can’t see what exactly you have done. I’m concerned about making it insecure by creating a

Re: [External] : Re: [11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

2021-05-28 Thread Seán Coffey
Looks good! regards, Sean. On 28/05/2021 17:17, Doerr, Martin wrote: Hi, here’s my new webrev for reverting the pkcs12.macAlgorithm and macIterationCount changes from the JDK-8153005 backport:

Re: JEP 411: Missing use-case: user functions in an RDBMS

2021-05-28 Thread David Lloyd
On Thu, May 27, 2021 at 8:36 PM Chapman Flack wrote: > Hello, I see I am another person relatively late to stumble on this > "well publicized" JEP. (I am not sure how to recommend the publicity > could have been better handled, but apparently the avenues that were > used aren't ones that reached

Re: RFR: 8180571: Refactor sun/security/pkcs11 shell tests to plain java tests and fix failures [v2]

2021-05-28 Thread Fernando Guallini
> Refactor the following shell tests to Java: > - security/pkcs11/KeyStore/Basic.sh > - security/pkcs11/KeyStore/ClientAuth.sh > - security/pkcs11/KeyStore/SecretKeysBasic.sh > - security/pkcs11/Provider/ConfigQuotedString.sh > - security/pkcs11/Provider/Login.sh > -

(JDK-8266351) Re: [External] : Re: RFR: 8236671: NullPointerException in JKS keystore [v2]

2021-05-28 Thread Seán Coffey
Thanks for the pointers Will. I've added your details to the JDK-8266351 bug report. https://bugs.openjdk.java.net/browse/JDK-8266351 regards, Sean. On 24/05/2021 18:53, Will Sargent wrote: I have tried to sign up to the bug tracking system (through reset password I think?) but I'm not

Re: JEP 411: Missing use-case: user functions in an RDBMS

2021-05-28 Thread Chapman Flack
On 05/28/21 10:03, Chapman Flack wrote: > I still think it would be highly desirable for the JDK itself to > adopt some such mechanism, if it can be made sufficiently non-cumbersome, > and perhaps limited just to file operations ... and Process / ProcessHandle operations I am trying to

Re: [External] : AW: [11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

2021-05-28 Thread Seán Coffey
here are the main changes that we pushed for JDK 11u: diff --git a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java index a62452bdcd..441f2b651e 100644 ---

Re: RFR: 8240256: Better resource cleaning for SunPKCS11 Provider [v3]

2021-05-28 Thread Sean Coffey
> Added capability to allow the PKCS11 Token to be destroyed once a session is > logged out from. New configuration properties via pkcs11 config file. Cleaned > up the native resource poller also. > > New unit test case to test behaviour. Some PKCS11 tests refactored to allow > pkcs11 provider

Re: RFR: 8240256: Better resource cleaning for SunPKCS11 Provider [v2]

2021-05-28 Thread Seán Coffey
Thanks for the review Valerie. I've gone ahead and updated the test. You've a good point in that the PKCS11Test framework didn't suit the test that I needed. The new test no longer extends PKCS11Test as a result. I have kept the refactoring in PKCS11Test thought since it can offer up some

Re: JEP 411: Missing use-case: user functions in an RDBMS

2021-05-28 Thread Chapman Flack
Hi, On 05/28/21 06:09, Ron Pressler wrote: > Before getting into alternatives and the vision for what would be possible > post-SecurityManager, it would help to explain what the use-case and > requirements are. > > When we talk about untrusted code we usually mean code that you believe > might

Re: [11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

2021-05-28 Thread Seán Coffey
Martin, you seem to be suggesting a full revert of the JDK-8153005 changes. Note that the Oracle JDK changes only relate to to the default PKCS12 macAlgorithm and macIterationCount (back to HmacPBESHA1 and 10 respectively). While there are other interoperability concerns with the

RFR: 8267938: SCTP channel factory methods should check platform support

2021-05-28 Thread Chris Hegarty
The SCTP channel factory methods, namely SctpChannel::open, SctpServerChannel::open, and SctpMultiChannel::open, are specified to throw UnsupportedOperationException, if the SCTP protocol is not supported. Currently, underlying platform support is assumed once the appropriate libsctp.so.1

[11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

2021-05-28 Thread Doerr, Martin
Hi, Oracle has reverted the changes from JDK-8153005 backport in 11.0.12-oracle for interoperability reasons. See: https://bugs.openjdk.java.net/browse/JDK-8267599 and CSR: https://bugs.openjdk.java.net/browse/JDK-8267701 I had to adapt the small test addition from JDK-8266293 (see "// 8266293"

Re: JEP 411: Missing use-case: user functions in an RDBMS

2021-05-28 Thread Ron Pressler
Hi. Before getting into alternatives and the vision for what would be possible post-SecurityManager, it would help to explain what the use-case and requirements are. When we talk about untrusted code we usually mean code that you believe might be malicious and intentionally try to break through

Re: RFR: 8267125: AES Galois CounterMode (GCM) interleaved implementation using AVX512 + VAES instructions

2021-05-28 Thread Nils Eliasson
On Fri, 14 May 2021 00:42:35 GMT, Smita Kamath wrote: > I would like to submit AES-GCM optimization for x86_64 architectures > supporting AVX3+VAES (Evex encoded AES). This optimization interleaves AES > and GHASH operations. > Performance gain of ~1.5x - 2x for message sizes 8k and above.