> Please review these changes to add DES/3DES/MD5 to
> `jdk.security.legacyAlgorithms` security property, and to add the legacy
> algorithm constraint checking to `keytool` commands that are associated with
> secret key entries stored in the keystore. These `keytool` commands are
> -genseckey,
> Please review these changes to add DES/3DES/MD5 to
> `jdk.security.legacyAlgorithms` security property, and to add the legacy
> algorithm constraint checking to `keytool` commands that are associated with
> secret key entries stored in the keystore. These `keytool` commands are
> -genseckey,
On Mon, 2 May 2022 21:42:28 GMT, Valerie Peng wrote:
>>> What kind of additional sentence do you have in mind?
>>
>> It may be fine to put it into the state for 'null" returned value. For
>> example:
>>
>>
>> The returned parameters may be the same that were used to initialize
>> this
On Tue, 3 May 2022 22:52:49 GMT, Mat Carter wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
>> "Windows-MY" and "Windows-ROOT" remain
On Tue, 3 May 2022 23:38:38 GMT, Mat Carter wrote:
>> Mat Carter has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> replace string parameter with int and supporting constants
>
> I don't use this API much so I don't really have an opinion
On Tue, 3 May 2022 22:52:49 GMT, Mat Carter wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
>> "Windows-MY" and "Windows-ROOT" remain
On Tue, 3 May 2022 17:51:43 GMT, Weijun Wang wrote:
> Since `keytool -importpass` always uses `KeyFactory.getInstance("PBE")` to
> generate the secret key, and "PBE" is an alias of "PBEwithMD5andDES" inside
> the SunJCE security provider, its `getAlgorithm` is always `PBEwithMD5andDES`.
>
>
> Since `keytool -importpass` always uses `KeyFactory.getInstance("PBE")` to
> generate the secret key, and "PBE" is an alias of "PBEwithMD5andDES" inside
> the SunJCE security provider, its `getAlgorithm` is always `PBEwithMD5andDES`.
>
> This code change modifies it to "PBE".
>
> Note that I
On Wed, 4 May 2022 01:50:34 GMT, Valerie Peng wrote:
>> Since `keytool -importpass` always uses `KeyFactory.getInstance("PBE")` to
>> generate the secret key, and "PBE" is an alias of "PBEwithMD5andDES" inside
>> the SunJCE security provider, its `getAlgorithm` is always
>>
On Tue, 3 May 2022 17:51:43 GMT, Weijun Wang wrote:
> Since `keytool -importpass` always uses `KeyFactory.getInstance("PBE")` to
> generate the secret key, and "PBE" is an alias of "PBEwithMD5andDES" inside
> the SunJCE security provider, its `getAlgorithm` is always `PBEwithMD5andDES`.
>
>
On Wed, 2 Mar 2022 19:04:26 GMT, zzambers wrote:
> When testing compatibility of jdk TLS implementation with gnutls, I have
> found a problem. The problem is, that gnutls does not like use of
> user_canceled alert when closing TLS-1.3 connection from duplexCloseOutput()
> (used by
On Tue, 3 May 2022 23:10:51 GMT, Xue-Lei Andrew Fan wrote:
> Could someone in Oracle help to run the Mach5 testing for security and
> network components (or just tier1 and tier2), and let me know if this update
> causes any failures?
Builds underway.
-
PR:
On Tue, 3 May 2022 22:52:49 GMT, Mat Carter wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
>> "Windows-MY" and "Windows-ROOT" remain
On Wed, 27 Apr 2022 21:47:15 GMT, Mat Carter wrote:
>> Thanks for the feedback, I'm going to incorporate that into the PR
>
>> And also, is there a ReleaseString missing?
>
> Yes an error when I "patched" my repo, but based on the feedback there will
> no longer be a string to release :)
On Tue, 3 May 2022 02:07:13 GMT, Xue-Lei Andrew Fan wrote:
>> Please review the update to remove finalizer method in the SunJSSE provider
>> implementation. It is one of the efforts to clean up the use of finalizer
>> method in JDK.
>
> Xue-Lei Andrew Fan has updated the pull request
On Tue, 3 May 2022 02:20:23 GMT, Xue-Lei Andrew Fan wrote:
>> Hi. Sorry, I should have brought this up earlier, but there is a jtreg test
>> library to help with ensuring the GC runs,
>> `test/lib/jdk/test/lib/util/ForceGC.java`. You might consider replacing the
>> test code that runs/checks
> On Windows you can now access the local machine keystores using the strings
> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
> application requires admin privileges.
>
> "Windows-MY" and "Windows-ROOT" remain unchanged, however given these
> original keystore strings
On Tue, 3 May 2022 17:51:43 GMT, Weijun Wang wrote:
> Since `keytool -importpass` always uses `KeyFactory.getInstance("PBE")` to
> generate the secret key, and "PBE" is an alias of "PBEwithMD5andDES" inside
> the SunJCE security provider, its `getAlgorithm` is always `PBEwithMD5andDES`.
>
>
Hi Andrey,
On 4/29/22 11:59 AM, Andrey Turbanov wrote:
Hello.
I found a suspicious code in CryptoPolicyParser method calls.
Method 'isConsistent' is called only from a method
'parsePermissionEntry'. It accepts the 'processedPermissions'
parameter from 'parsePermissionEntry'.
Method
On Thu, 21 Apr 2022 16:10:54 GMT, Alan Bateman wrote:
> > @AlanBateman So there is even more 3rd party code in there? :-( I tried to
> > ignore fixes for all files that I could identify as 3rd party. It's
> > actually a bit annoying that we have imported source code thrown around
> > like
This change refactors the PBES2Core and PKCS12PBECipherCore classes in SunJCE
provider as requested in the bug record. Functionality should remain the same
with a clearer and simplified code/control flow with less lines of code. This
should improve readability and maintenance. I enhanced one
On Tue, 3 May 2022 02:20:23 GMT, Xue-Lei Andrew Fan wrote:
>> Hi. Sorry, I should have brought this up earlier, but there is a jtreg test
>> library to help with ensuring the GC runs,
>> `test/lib/jdk/test/lib/util/ForceGC.java`. You might consider replacing the
>> test code that runs/checks
Since `keytool -importpass` always uses `KeyFactory.getInstance("PBE")` to
generate the secret key, and "PBE" is an alias of "PBEwithMD5andDES" inside the
SunJCE security provider, its `getAlgorithm` is always `PBEwithMD5andDES`.
This code change modifies it to "PBE".
Note that I haven't
On Tue, 3 May 2022 14:54:05 GMT, Hai-May Chao wrote:
>> Please review these changes to add DES/3DES/MD5 to
>> `jdk.security.legacyAlgorithms` security property, and to add the legacy
>> algorithm constraint checking to `keytool` commands that are associated with
>> secret key entries stored
On Tue, 3 May 2022 02:07:13 GMT, Xue-Lei Andrew Fan wrote:
>> Please review the update to remove finalizer method in the SunJSSE provider
>> implementation. It is one of the efforts to clean up the use of finalizer
>> method in JDK.
>
> Xue-Lei Andrew Fan has updated the pull request
On Tue, 3 May 2022 14:54:05 GMT, Hai-May Chao wrote:
>> Please review these changes to add DES/3DES/MD5 to
>> `jdk.security.legacyAlgorithms` security property, and to add the legacy
>> algorithm constraint checking to `keytool` commands that are associated with
>> secret key entries stored
On Mon, 2 May 2022 15:08:17 GMT, Sean Mullan wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Updated spec in java.security
>
> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 2196:
>
>>
> Please review these changes to add DES/3DES/MD5 to
> `jdk.security.legacyAlgorithms` security property, and to add the legacy
> algorithm constraint checking to `keytool` commands that are associated with
> secret key entries stored in the keystore. These `keytool` commands are
> -genseckey,
On Wed, 27 Apr 2022 21:41:30 GMT, Mat Carter wrote:
>> Same question. Does a new type name automagically add support for CNG?
>
> Correct, it does enable access to certificates and keys that require next
> (second) generation cryptographic providers, that were previously
> inaccessible. I've
On Thu, 7 Apr 2022 04:10:55 GMT, Xue-Lei Andrew Fan wrote:
> Please review the update to remove finalizer method in the java.security.jgss
> module. It is one of the efforts to clean up the use of finalizer method in
> JDK.
This pull request has now been integrated.
Changeset: ffca23a5
On Tue, 3 May 2022 02:07:13 GMT, Xue-Lei Andrew Fan wrote:
>> Please review the update to remove finalizer method in the SunJSSE provider
>> implementation. It is one of the efforts to clean up the use of finalizer
>> method in JDK.
>
> Xue-Lei Andrew Fan has updated the pull request
31 matches
Mail list logo
