> This PR is for clarifying the `NoSuchAlgorithmException` and
> `NoSuchPaddingException` for the `Cipher.getInstance(String transformation,
> Provider provider)` and `Cipher.getInstance(String transformation, String
> provider)` methods.
>
> As stated in `javax.crypto.CipherSpi` class, provide
> Allow password hiding even if there is no `System.console`. A manual test is
> included.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
decouple PassFailJFrame.java change; simplify code flow
-
Changes:
- all: https
On Wed, 3 Sep 2025 19:24:46 GMT, Sean Mullan wrote:
>> Well, which exception is thrown depends on which provider is used and how it
>> registers its implementations. Pinpointing the exact Exception would require
>> running the test against a specific provider which we know how the
>> implement
On Mon, 15 Sep 2025 09:02:11 GMT, Per Minborg wrote:
>> We have, for long, established that changes like this should be discussed
>> before putting forward any code. Yet, I am unable to find any discussion in
>> the appropriate mailing list. Please send me the link to the mailing list
>> discu
On Sat, 13 Sep 2025 05:02:46 GMT, Koushik Muthukrishnan Thirupattur
wrote:
> A DESCRIPTION OF THE PROBLEM :
> [JDK-7194452](https://bugs.openjdk.org/browse/JDK-7194452) left the
> SunCertPathBuilder.anchorIsTarget orphaned. Remove the deadcode.
This pull request has now been integrated.
Chang
On Mon, 15 Sep 2025 13:53:23 GMT, Weijun Wang wrote:
> I'd rather see a real public API even if it looks like
> `StringBuilder::appendInteger(boolean alwaysSign, boolean packWithZero, int
> minWidth, int number)`.
Methods like appendPair are provided for better performance, and you suggest
th
On Thu, 18 Sep 2025 00:06:01 GMT, Valerie Peng wrote:
>> This PR is for clarifying the `NoSuchAlgorithmException` and
>> `NoSuchPaddingException` for the `Cipher.getInstance(String transformation,
>> Provider provider)` and `Cipher.getInstance(String transformation, String
>> provider)` method
On Thu, 4 Sep 2025 13:59:28 GMT, Sean Mullan wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Address review comments from Sean.
>
> test/jdk/com/sun/crypto/provider/Cipher/ChaCha20/unittest/ChaCha20CipherUnitTest.j
> Skipped tests are treated as a pass:
>
> * test/jdk/sun/security/pkcs11/KeyStore/ClientAuth.java
> * test/jdk/sun/security/pkcs11/KeyStore/CertChainRemoval.java
> * test/jdk/sun/security/pkcs11/SecretKeyFactory/TestGeneral.java
> * test/jdk/sun/security/pkcs11/SecureRandom/Basic.java
> * test/jd
On Wed, 17 Sep 2025 21:02:33 GMT, Sean Mullan wrote:
>> Artur Barashev has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Remove unused import. Adjust comments.
>
> src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathVali
On Wed, 17 Sep 2025 21:11:02 GMT, Sean Mullan wrote:
>> Artur Barashev has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - Cleaner certpath validation solution
>> - Alternative solution for JDK-8367104
>
> src/java.base/share/classes/sun/
On Mon, 15 Sep 2025 18:24:59 GMT, Anthony Scarpino
wrote:
>> I see there could be a
>>
>> parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL,
>>
>> Shall we skip it?
>
> This only checks if one is available in the private key material. If there
> is none, null is fine.
>
> The
On Wed, 17 Sep 2025 20:03:03 GMT, Artur Barashev wrote:
>> RSASSA-PSS is currently the only signature algorithm we support that comes
>> with algorithm parameters. We don't check for those parameters when
>> validating certificates against supported signature algorithm constraints.
>
> Artur Ba
On Wed, 17 Sep 2025 15:30:44 GMT, Artur Barashev wrote:
>> RSASSA-PSS is currently the only signature algorithm we support that comes
>> with algorithm parameters. We don't check for those parameters when
>> validating certificates against supported signature algorithm constraints.
>
> Artur Ba
On Wed, 27 Aug 2025 10:25:00 GMT, Sean Coffey wrote:
>> SLSLogger is broken when used with with `System.Logger` (-Djavax.net.debug
>> mode)
>>
>> SSL Debug messages don't use format specifiers. As a result, any custom
>> format data isn't printed. Proposed solution is to append the SSL custom
On Tue, 16 Sep 2025 17:43:34 GMT, Weijun Wang wrote:
>> For interoperability, AP-REQ decryption uses the key with the highest kvno
>> in the keytab if no exact match is found. If decryption fails, a normal
>> "checksum failed" error is reported, which may hide the real cause that the
>> wrong
On Tue, 2 Sep 2025 15:28:00 GMT, Weibing Xiao wrote:
>> [webrev.zip](https://github.com/user-attachments/files/21517501/webrev.zip)
>> NPE thrown from SASL GSSAPI impl on Java 11+ when TLS is used with QOP
>> auth-int against Active Directory.
>>
>> When the exception is triggered, LDAP Connect
On Wed, 17 Sep 2025 01:00:21 GMT, Anthony Scarpino
wrote:
>> Hi
>>
>> Please review the [Second Preview](https://openjdk.org/jeps/8360563) for the
>> PEM API. The most significant changes from [JEP
>> 470](https://openjdk.org/jeps/470) are:
>>
>> - Renamed the name of `PEMRecord` class to `
> RSASSA-PSS is currently the only signature algorithm we support that comes
> with algorithm parameters. We don't check for those parameters when
> validating certificates against supported signature algorithm constraints.
Artur Barashev has updated the pull request incrementally with one addit
On Tue, 9 Sep 2025 11:19:06 GMT, Matthew Donovan wrote:
>> Mikhail Yankelevich has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Matthew's comments
>
> test/jdk/sun/security/pkcs11/Config/ReadConfInUTF16Env.java line 51:
>
>> 49:
On Wed, 17 Sep 2025 15:35:29 GMT, Mark Powers wrote:
>> src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line
>> 1489:
>>
>>> 1487: final MacData macData;
>>> 1488:
>>> 1489: if (macAlgorithm.equals("PBMAC1")) {
>>
>> The PBMAC1 algorithms are already define
> For interoperability, AP-REQ decryption uses the key with the highest kvno in
> the keytab if no exact match is found. If decryption fails, a normal
> "checksum failed" error is reported, which may hide the real cause that the
> wrong key is used. This code change throws a KRB_AP_ERR_BADKEYVER
On Tue, 15 Jul 2025 16:43:16 GMT, Thomas Fitzsimmons wrote:
> This patch adds configurability to `PKCS11Test.java`.
>
> Specifically, it adds two new system properties:
>
> - `CUSTOM_P11_LIBRARY_NAME`: Allow overriding the value assigned to the
> `nss_library` field. Prior to this patch, `nss
On Fri, 12 Sep 2025 11:28:41 GMT, Jaikiran Pai wrote:
>> Chen Liang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update NPE per roger review
>
> Hello Chen, I had a look at the changes, but I'm missing some broader context
> of this
> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232)
Mark Powers has updated the pull request incrementally with one additional
commit since the last revision:
a few more comments
-
Changes:
- all: https://git.openjdk.org/jdk/pull/24429/files
- new: https://git.openjd
On Wed, 3 Sep 2025 01:21:58 GMT, Valerie Peng wrote:
>> fixed
>
> The indentation still doesn't look right... Line 139 should align with line
> 138? Same goes for line 140-150.
Now I see it.
-
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2353273364
On Fri, 5 Sep 2025 13:06:47 GMT, Sean Mullan wrote:
>> Mark Powers has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> a few more comments
>
> src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java line 544:
>
>> 542:
> For interoperability, AP-REQ decryption uses the key with the highest kvno in
> the keytab if no exact match is found. If decryption fails, a normal
> "checksum failed" error is reported, which may hide the real cause that the
> wrong key is used. This code change throws a KRB_AP_ERR_BADKEYVER
> Hi,
>
> Please find here a PR for the implementation of [JEP 517: HTTP/3 for the HTTP
> Client API](https://openjdk.org/jeps/517).
>
> The CSR can be viewed at [JDK-8350588: Implement JEP 517: HTTP/3 for the HTTP
> Client API](https://bugs.openjdk.org/browse/JDK-8350588)
>
> This JEP propose
On Tue, 9 Sep 2025 16:46:10 GMT, Ben Perez wrote:
>> There are several places where MontgomeryIntegerPolynomialP256.mult() can be
>> optimized. In particular, since modulus[2] = 0 several multiplications can
>> be removed. Other multiplications can be replaced by shifts, which also
>> saves ti
> For interoperability, AP-REQ decryption uses the key with the highest kvno in
> the keytab if no exact match is found. If decryption fails, a normal
> "checksum failed" error is reported, which may hide the real cause that the
> wrong key is used. This code change throws a KRB_AP_ERR_BADKEYVER
On Wed, 17 Sep 2025 14:19:20 GMT, Weijun Wang wrote:
>> Mark Powers has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> a few more comments
>
> src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 180:
>
>> 178: priv
On Fri, 5 Sep 2025 12:06:53 GMT, Sean Mullan wrote:
>> Mark Powers has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> a few more comments
>
> src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1489:
>
>> 1487:
> RSASSA-PSS is currently the only signature algorithm we support that comes
> with algorithm parameters. We don't check for those parameters when
> validating certificates against supported signature algorithm constraints.
Artur Barashev has updated the pull request incrementally with two addit
On Wed, 17 Sep 2025 14:52:36 GMT, Mark Powers wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java line 544:
>>
>>> 542:
>>> "com.sun.crypto.provider.PBES2Parameters$HmacSHA512_256AndAES_256");
>>> 543:
>>> 544: psA("AlgorithmParameters", "PBMAC1",
On Fri, 5 Sep 2025 13:06:47 GMT, Sean Mullan wrote:
>> Mark Powers has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> a few more comments
>
> src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java line 544:
>
>> 542:
TLS 1.3 changed the way it generates the FFDHE shared secret. In TLS 1.2, the
leading zeroes in the shared secret were stripped, and in TLS 1.3 the leading
zeroes are preserved.
Thanks to the recent work in
[JDK-8189441](https://bugs.openjdk.org/browse/JDK-8189441), we now have a new
algorithm
> This PR extends security tests to use ByteBuffers backed by MemorySegments.
> Tests in the areas of Signature, Cipher, MessageDigest, and Mac are updated.
Matthew Donovan has updated the pull request with a new target base due to a
merge or a rebase. The pull request now contains seven commits
> This PR updates PKCS11 tests to better handle NSS version numbers. The
> previous code treated the version numbers as double values and used
> comparison operators. The problem is that it incorrectly treats 3.111 as
> between 3.11 and 3.12. This update parses and compares the major and minor
This PR updates tests that were using MD5 certificates. For most of the tests,
I added test cases for TLSv1.2/MD5withRSA and TLSv1.3/SHA256withRSA.
-
Commit messages:
- 8353738: Update TLS unit tests to not use certificates with MD5 signatures
Changes: https://git.openjdk.org/jdk/p
40 matches
Mail list logo
