<div dir="auto">Vote: yes<div dir="auto"><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">Andrew Dinn <<a href="mailto:adinn@redhat.com">adinn@redhat.com</a>> schrieb am Di., 8. Apr. 2025, 18:21:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I hereby nominate Martin Balao (mbalao) [1] to JDK Reviewer.<br>
<br>
Martin joined the Red Hat Java Platform team in 2017 as its security <br>
expert, leading all Red Hat work related to OpenJDK security. He has <br>
been a member of the OpenJDK Vulnerability Group since its inception, <br>
actively involved both in preparing & reviewing reproducers/fixes for <br>
undisclosed CVEs and in planning & preparing 3-monthly CVE patch bundles <br>
for mainline/LTS updates releases. He has also been an active <br>
contributor to mainline security development work and bears prime <br>
responsibility for Draft JEP 8325511 (Security Providers Filter) [3]. <br>
As well as reviewing multiple security patches in the VG, Martin has <br>
contributed 46 changes [4] to mainline JDK over the past 8 years.<br>
<br>
Votes are due by 24:00 UTC, April 22, 2025.<br>
<br>
Only current JDK Reviewers [1] are eligible to vote on this nomination. <br>
Votes must be cast in the open by replying<br>
to this mailing list.<br>
<br>
For Three-Vote Consensus voting instructions, see [2].<br>
<br>
Andrew Dinn<br>
<br>
[1] <a href="https://openjdk.org/census" rel="noreferrer noreferrer" target="_blank">https://openjdk.org/census</a><br>
[2] <a href="https://openjdk.org/projects/#reviewer-vote" rel="noreferrer noreferrer" target="_blank">https://openjdk.org/projects/#reviewer-vote</a><br>
[3] <a href="https://openjdk.org/jeps/8325511" rel="noreferrer noreferrer" target="_blank">https://openjdk.org/jeps/8325511</a><br>
[4] 8148421: Transport Layer Security (TLS) Session Hash and Extended <br>
Master Secret Extension <br>
<<a href="https://github.com/openjdk/jdk/commit/82bf0799c67f224ffb1875e630f5152e8410ad14" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/82bf0799c67f224ffb1875e630f5152e8410ad14</a>><br>
8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS <br>
uses sqlite <br>
<<a href="https://github.com/openjdk/jdk/commit/f1212e26c3126297268374142cf285ee66fe4e60" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/f1212e26c3126297268374142cf285ee66fe4e60</a>><br>
8201509: Zero: S390 31bit atomic_copy64 inline assembler is wrong <br>
<<a href="https://github.com/openjdk/jdk/commit/a79484396d8753bfa677426945c6cfac536a9c8c" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/a79484396d8753bfa677426945c6cfac536a9c8c</a>><br>
8203182: Release session if initialization of SunPKCS11 Signature fails <br>
<<a href="https://github.com/openjdk/jdk/commit/62c97f695f1650963d4c1f68364c99f9315fbd76" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/62c97f695f1650963d4c1f68364c99f9315fbd76</a>><br>
8195607: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with <br>
"NSS initialization failed" on NSS 3.34.1 <br>
<<a href="https://github.com/openjdk/jdk/commit/b44c24d290362e4edf5b0bf18b1ecce1583daeff" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/b44c24d290362e4edf5b0bf18b1ecce1583daeff</a>><br>
8029661: Support TLS v1.2 algorithm in SunPKCS11 provider <br>
<<a href="https://github.com/openjdk/jdk/commit/aafb2b04740911742de1332a83d23eefe1e6804d" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/aafb2b04740911742de1332a83d23eefe1e6804d</a>><br>
8213154: Update copyright headers of files in src tree that are missing <br>
Classpath exception <br>
<<a href="https://github.com/openjdk/jdk/commit/7724fd6d9bf52bc3aa7d5940b829503dc57e5042" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/7724fd6d9bf52bc3aa7d5940b829503dc57e5042</a>><br>
8204142: AWT hang occurs when sequenced events arrive out of sequence in <br>
multiple AppContexts <br>
<<a href="https://github.com/openjdk/jdk/commit/7c14ebfcd04b147cd6972e3a7242f4b97b1f97e5" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/7c14ebfcd04b147cd6972e3a7242f4b97b1f97e5</a>><br>
6913047: Long term memory leak when using PKCS11 and JCE exceeds 32 bit <br>
process address space <br>
<<a href="https://github.com/openjdk/jdk/commit/dfcab1b85ae9ca39b95cf3b17cbfbaea1238aec7" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/dfcab1b85ae9ca39b95cf3b17cbfbaea1238aec7</a>><br>
8217088: Disable JDK-6913047 fix (SunPKCS11 memory leak) after <br>
JDK-8216597 (SIGBUS error in getNativeKeyInfo) <br>
<<a href="https://github.com/openjdk/jdk/commit/6cfcdde523ed3875cbe31379e04a745891816fcb" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/6cfcdde523ed3875cbe31379e04a745891816fcb</a>><br>
8219011: Implement MacroAssembler::warn method on AArch64 <br>
<<a href="https://github.com/openjdk/jdk/commit/d6bec9017ec205fe790aaed2e4721b2f85b674f3" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/d6bec9017ec205fe790aaed2e4721b2f85b674f3</a>><br>
8218854: FontMetrics.getMaxAdvance may be less than the maximum <br>
FontMetrics.charWidth <br>
<<a href="https://github.com/openjdk/jdk/commit/ae9ee277b6eca4cbcd91948e7c518c4a797e6d84" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/ae9ee277b6eca4cbcd91948e7c518c4a797e6d84</a>><br>
8220753: Re-introduce the test case for TLS 1.2 algorithms in SunPKCS11 <br>
crypto provider <br>
<<a href="https://github.com/openjdk/jdk/commit/0814229ebc94f6821789391df29c34610164b47f" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/0814229ebc94f6821789391df29c34610164b47f</a>><br>
8220513: Wrapper Key may get deleted when closing sessions in SunPKCS11 <br>
crypto provider <br>
<<a href="https://github.com/openjdk/jdk/commit/0d35ef38e6f11d4f5bafaefc3d97567c18b57857" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/0d35ef38e6f11d4f5bafaefc3d97567c18b57857</a>><br>
8221271: sun/security/pkcs11/tls/tls12/TestTLS12.java test failed <br>
<<a href="https://github.com/openjdk/jdk/commit/a8a29bbae66da112b6012a4d5c7cbf5270b1573a" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/a8a29bbae66da112b6012a4d5c7cbf5270b1573a</a>><br>
8222805: sun/security/pkcs11/tls/tls12/TestTLS12.java fails with <br>
Unsupported signature algorithm: rsa_pss_rsae_sha256 <br>
<<a href="https://github.com/openjdk/jdk/commit/11bb97a71c805344c051e4fba75096a539528000" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/11bb97a71c805344c051e4fba75096a539528000</a>><br>
8223482: Unsupported ciphersuites may be offered by a TLS client <br>
<<a href="https://github.com/openjdk/jdk/commit/ebf8e1c0ac605a0613c343d37abece6d57cd9698" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/ebf8e1c0ac605a0613c343d37abece6d57cd9698</a>><br>
8215032: Support Kerberos cross-realm referrals (RFC 6806) <br>
<<a href="https://github.com/openjdk/jdk/commit/5aae9ef0db20101c5a1473426e5dcd6f8a625c6a" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/5aae9ef0db20101c5a1473426e5dcd6f8a625c6a</a>><br>
8227437: S4U2proxy cannot continue because server's TGT cannot be found <br>
<<a href="https://github.com/openjdk/jdk/commit/3cd50f2666a382c4b85f923c02a5460d4bce515c" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/3cd50f2666a382c4b85f923c02a5460d4bce515c</a>><br>
8233404: System property to set the number of PBE iterations in JCEKS <br>
keystores <br>
<<a href="https://github.com/openjdk/jdk/commit/0e5a288dfe0b90e0d2c8c6288334fb9847a4f403" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/0e5a288dfe0b90e0d2c8c6288334fb9847a4f403</a>><br>
8233946: Add @since 13 annotation to KerberosPrincipal.KRB_NT_ENTERPRISE <br>
field <br>
<<a href="https://github.com/openjdk/jdk/commit/171257ea1aa210d13e7604994e90ad334ed51875" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/171257ea1aa210d13e7604994e90ad334ed51875</a>><br>
8005819: Support cross-realm MSSFU <br>
<<a href="https://github.com/openjdk/jdk/commit/4fa827ec92665dae9c3cd6505d885ba5b7998df2" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/4fa827ec92665dae9c3cd6505d885ba5b7998df2</a>><br>
8238555: Allow Initialization of SunPKCS11 with NSS when there are <br>
external FIPS modules in the NSSDB <br>
<<a href="https://github.com/openjdk/jdk/commit/84f3e86749be8b84b6f39262cfdd160e651d6dba" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/84f3e86749be8b84b6f39262cfdd160e651d6dba</a>><br>
8239385: KerberosTicket client name refers wrongly to sAMAccountName in <br>
AD <br>
<<a href="https://github.com/openjdk/jdk/commit/2883bccf48f7a63c3635a0792138c5481050966f" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/2883bccf48f7a63c3635a0792138c5481050966f</a>><br>
8241888: Mirror jdk.security.allowNonCaAnchor system property with a <br>
security one <br>
<<a href="https://github.com/openjdk/jdk/commit/1c651455a75ff21770bb3b112a440396fce402a5" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/1c651455a75ff21770bb3b112a440396fce402a5</a>><br>
8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS <br>
Kerberos tickets <br>
<<a href="https://github.com/openjdk/jdk/commit/31753ef9bf2508727021cb40fd0cf761502bd814" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/31753ef9bf2508727021cb40fd0cf761502bd814</a>><br>
8259319: Illegal package access when SunPKCS11 requires SunJCE's classes <br>
<<a href="https://github.com/openjdk/jdk/commit/4be2173478bd1e84946bd903b350ce466bddb36b" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/4be2173478bd1e84946bd903b350ce466bddb36b</a>><br>
8258833: Cancel multi-part cipher operations in SunPKCS11 after failures <br>
<<a href="https://github.com/openjdk/jdk/commit/47c7dc7734677b64511ab1d4b3c30d3197d66ce9" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/47c7dc7734677b64511ab1d4b3c30d3197d66ce9</a>><br>
8261355: No data buffering in SunPKCS11 Cipher encryption when the <br>
underlying mechanism has no padding <br>
<<a href="https://github.com/openjdk/jdk/commit/1ee80e03adfae5f428519f7c134e78a0f277a0a5" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/1ee80e03adfae5f428519f7c134e78a0f277a0a5</a>><br>
8265462: Handle multiple slots in the NSS Internal Module from <br>
SunPKCS11's Secmod <br>
<<a href="https://github.com/openjdk/jdk/commit/bdbe23b9cb6151c81a4de675e629b0a42f00640d" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/bdbe23b9cb6151c81a4de675e629b0a42f00640d</a>><br>
8270137: Kerberos Credential Retrieval from Cache not Working in <br>
Cross-Realm Setup <br>
<<a href="https://github.com/openjdk/jdk/commit/67869b491ae1eaf311dfb8c61a9e94329a822ffc" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/67869b491ae1eaf311dfb8c61a9e94329a822ffc</a>><br>
8271566: DSA signature length value is not accurate in P11Signature <br>
<<a href="https://github.com/openjdk/jdk/commit/ea8d3c92c69c393cdbc6c62398f1e9c6adc708d3" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/ea8d3c92c69c393cdbc6c62398f1e9c6adc708d3</a>><br>
8275535: Retrying a failed authentication on multiple LDAP servers can <br>
lead to users blocked <br>
<<a href="https://github.com/openjdk/jdk/commit/3be394e1606dd17c2c14ce806c796f5eb2b1ad6e" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/3be394e1606dd17c2c14ce806c796f5eb2b1ad6e</a>><br>
8301553: Support Password-Based Cryptography in SunPKCS11 <br>
<<a href="https://github.com/openjdk/jdk/commit/4a75fd462c002a209201d8bfc8d6c9eb286a7444" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/4a75fd462c002a209201d8bfc8d6c9eb286a7444</a>><br>
8309569: sun/security/pkcs11/Signature/TestRSAKeyLength.java fails after <br>
JDK-8301553 <br>
<<a href="https://github.com/openjdk/jdk/commit/760cb04a2e099a3af9199d77a234af75a18cce5d" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/760cb04a2e099a3af9199d77a234af75a18cce5d</a>><br>
8325254: CKA_TOKEN private and secret keys are not necessarily sensitive <br>
<<a href="https://github.com/openjdk/jdk/commit/0f5f3c9b9718c610406088327401210486447462" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/0f5f3c9b9718c610406088327401210486447462</a>><br>
8328556: Do not extract large CKO_SECRET_KEY keys from the NSS Software <br>
Token <br>
<<a href="https://github.com/openjdk/jdk/commit/13cf0707f903609c9bda99a9bf7511f494f9feae" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/13cf0707f903609c9bda99a9bf7511f494f9feae</a>><br>
8330611: AES-CTR vector intrinsic may read out of bounds (x86_64, <br>
AVX-512) <br>
<<a href="https://github.com/openjdk/jdk/commit/8a8d9288980513db459f7d6b36554b65844951ca" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/8a8d9288980513db459f7d6b36554b65844951ca</a>><br>
8330842: Support AES CBC with Ciphertext Stealing (CTS) in SunPKCS11 <br>
<<a href="https://github.com/openjdk/jdk/commit/4ab7e98c79a1a0b7aba1ca74a8316820c906e70e" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/4ab7e98c79a1a0b7aba1ca74a8316820c906e70e</a>><br>
8323231: Improve array management <br>
<<a href="https://github.com/openjdk/jdk/commit/5f365d44be9c1f3413c9ccde970e2745090a516a" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/5f365d44be9c1f3413c9ccde970e2745090a516a</a>><br>
8336499: Failure when creating non-CRT RSA private keys in SunPKCS11 <br>
<<a href="https://github.com/openjdk/jdk/commit/3251eea1f4289a0505052be204407c02ca38b0ad" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/3251eea1f4289a0505052be204407c02ca38b0ad</a>><br>
8319332: Security properties files inclusion <br>
<<a href="https://github.com/openjdk/jdk/commit/c6f1d5f374bfa9bde75765391d5dae0e8e28b4ab" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/c6f1d5f374bfa9bde75765391d5dae0e8e28b4ab</a>><br>
8332644: Improve graph optimizations <br>
<<a href="https://github.com/openjdk/jdk/commit/c89f76c0b9ca085192775af9bd9368562b582dd6" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/c89f76c0b9ca085192775af9bd9368562b582dd6</a>><br>
8345221: Replace legacy with new Provider APIs in SunNativeGSS <br>
<<a href="https://github.com/openjdk/jdk/commit/a49f0776eb176129f558b6fab3f50e0453f8cbcb" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/a49f0776eb176129f558b6fab3f50e0453f8cbcb</a>><br>
8330045: Enhance array handling <br>
<<a href="https://github.com/openjdk/jdk/commit/5f6c85420a19d5dd9ccaf0a0c6e8f6502fab2aa7" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/5f6c85420a19d5dd9ccaf0a0c6e8f6502fab2aa7</a>><br>
8328119: Support HKDF in SunPKCS11 (Preview) 8346720: Support Generic <br>
keys in SunPKCS11 SecretKeyFactor <br>
<<a href="https://github.com/openjdk/jdk/commit/6ddbcc34c019d780fc12d8f636e3aa3de33ecaaa" rel="noreferrer noreferrer" target="_blank">https://github.com/openjdk/jdk/commit/6ddbcc34c019d780fc12d8f636e3aa3de33ecaaa</a>><br>
<br>
</blockquote></div>