From xuelei at openjdk.org  Mon Jan  2 03:07:55 2023
From: xuelei at openjdk.org (Xue-Lei Andrew Fan)
Date: Mon, 2 Jan 2023 03:07:55 GMT
Subject: RFR: 8298381: Improve handling of session tickets for multiple
 SSLContexts [v5]
In-Reply-To: <sZRhosUwjIv2lcRhOXsJ2qzKkhz9WpgKHvj8NkWaQfk=.3f1d0524-60fe-4095-b2b2-810c9b09bc1e@github.com>
References: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
 <sZRhosUwjIv2lcRhOXsJ2qzKkhz9WpgKHvj8NkWaQfk=.3f1d0524-60fe-4095-b2b2-810c9b09bc1e@github.com>
Message-ID: <0DraNUgnD1sGBM7e3jj101i5Dso2znvuEU-z5GYDnPw=.8df7206e-9934-474d-b8c0-c3d87f628c79@github.com>

On Fri, 23 Dec 2022 11:51:32 GMT, Volker Simonis <simonis at openjdk.org> wrote:

>> Currently, TLS session tickets introduced by [JDK-8211018](https://bugs.openjdk.org/browse/JDK-8211018) in JDK 13 (i.e. `SessionTicketExtension$StatelessKey`) are generated in the class `SessionTicketExtension` and they use a single, global key ID (`currentKeyID`) for all `SSLContext`s.
>> 
>> This is problematic if more than one `SSLContext` is used, because every context which requests a session ticket will increment the global id `currentKeyID` when it creates a ticket. This means that in turn all the other contexts won't be able to find a ticket under the new id in their `SSLContextImpl` and create a new one (again incrementing `currentKeyID`). In fact, every time a ticket is requested from a different context, this will transitively trigger a new ticket creation in all the other contexts. We've observed millions of session ticket accumulating for some workloads.
>> 
>> Another issue with the curent implementation is that cleanup is racy because the underlying data structure (i.e. `keyHashMap` in `SSLContextImpl`) as well as the cleanup code itself are not threadsafe.
>> 
>> I therefor propose to move `currentKeyID` into the `SSLContextImpl` to solve these issues.
>> 
>> The following test program (contributed by Steven Collison (https://raycoll.com/)) can be used to demonstrate the current behaviour. It outputs the number of `StatelessKey` instances at the end of the program. Opening 1000 connections with a single `SSLContext` results in a single `StatelessKey` instance being created:
>> 
>> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext 9999 1 1000
>> 605:             1             32  sun.security.ssl.SessionTicketExtension$StatelessKey (java.base at 20-internal)
>> 
>> The same example with the 1000 connections being opened alternatively on thwo different contexts will instead create 1000 `StatelessKey` instances:
>> 
>> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext 9999 2 1000
>>   11:          1000          32000  sun.security.ssl.SessionTicketExtension$StatelessKey (java.base at 20-internal)
>> 
>> With my proposed patch, the numbers goes back to two instances again:
>> 
>> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext 9999 2 1000
>> 611:             2             64  sun.security.ssl.SessionTicketExtension$StatelessKey (java.base at 20-internal)
>> 
>> 
>> I've attached the test program to the [JBS issue](https://bugs.openjdk.org/browse/JDK-8298381). If you think it makes sense, I can probably convert it into a JTreg test.
>
> Volker Simonis has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Use HandshakeContext's secure random for keygen in StatelessKey and improve initialization in SSLSessionContextImpl

Looks good to me.  Thanks!

-------------

Marked as reviewed by xuelei (Reviewer).

PR: https://git.openjdk.org/jdk/pull/11590

From duke at openjdk.org  Tue Jan  3 00:59:57 2023
From: duke at openjdk.org (Xubo Zhang)
Date: Tue, 3 Jan 2023 00:59:57 GMT
Subject: RFR: 8296746: NativePRNG SecureRandom doesn't scale with threads
 [v2]
In-Reply-To: <o4CBuHegbvp76-FPR2b7zNCHOTU4lBXPv4op43xc80g=.c7ab8e20-e685-4134-bc45-39b73cbc5324@github.com>
References: <cKk_qdPEmDSFPABJ3TKjNyjZKjvFsNZ2b7ZacZ3SajM=.261f426f-b38b-44f7-a59c-7276df76d666@github.com>
 <o4CBuHegbvp76-FPR2b7zNCHOTU4lBXPv4op43xc80g=.c7ab8e20-e685-4134-bc45-39b73cbc5324@github.com>
Message-ID: <RVptKfZZ4AX3lb5hYm-XVANy9Jj6k-tFdKzn0nG_C0U=.43427095-afdb-412e-add1-6c4299bb79ae@github.com>

On Mon, 14 Nov 2022 16:37:41 GMT, Xubo Zhang <duke at openjdk.org> wrote:

>> NativePRNG SecureRandom doesn?t scale with number of threads. The performance starts dropping as we increase the number of threads. Even going from 1 thread to 2 threads shows significant drop. The bottleneck is the singleton RandomIO instance. Making the RandomIO ThreadLocal helps in removing this bottleneck.
>> 
>> Here are the jmh  thrpt ops/s data for SecureRandomBench.nextBytes, algorithm=NativePRNGNonBlocking, datasize=64, notshared:
>> 
>> <html xmlns:v="urn:schemas-microsoft-com:vml"
>> xmlns:o="urn:schemas-microsoft-com:office:office"
>> xmlns:x="urn:schemas-microsoft-com:office:excel"
>> xmlns="http://www.w3.org/TR/REC-html40">
>> 
>> <head>
>> 
>> <meta name=ProgId content=Excel.Sheet>
>> <meta name=Generator content="Microsoft Excel 15">
>> <link id=Main-File rel=Main-File
>> href="file:///C:/Users/xbzhang/AppData/Local/Temp/msohtmlclip1/01/clip.htm">
>> <link rel=File-List
>> href="file:///C:/Users/xbzhang/AppData/Local/Temp/msohtmlclip1/01/clip_filelist.xml">
>> 
>> 
>> 
>> </head>
>> 
>> <body link="#0563C1" vlink="#954F72">
>> 
>> 
>> 
>> #threads | singleton RandomIO | ThreadLocal RandomIO
>> -- | -- | --
>> 1 | 1269133 | 1279088
>> 2 | 862923 | 1362066
>> 3 | 819734 | 1630522
>> 4 | 809128 | 1614500
>> 5 | 821514 | 1594965
>> 6 | 808795 | 1545045
>> 7 | 783050 | 1499388
>> 8 | 787236 | 1470004
>> 
>> 
>> 
>> </body>
>> 
>> </html>
>
> Xubo Zhang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update src/java.base/unix/classes/sun/security/provider/NativePRNG.java
>   
>   Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>

need to rethink about the comments made by [Alan Bateman](https://github.com/AlanBateman)

-------------

PR: https://git.openjdk.org/jdk/pull/11069

From duke at openjdk.org  Tue Jan  3 00:59:58 2023
From: duke at openjdk.org (Xubo Zhang)
Date: Tue, 3 Jan 2023 00:59:58 GMT
Subject: Withdrawn: 8296746: NativePRNG SecureRandom doesn't scale with threads
In-Reply-To: <cKk_qdPEmDSFPABJ3TKjNyjZKjvFsNZ2b7ZacZ3SajM=.261f426f-b38b-44f7-a59c-7276df76d666@github.com>
References: <cKk_qdPEmDSFPABJ3TKjNyjZKjvFsNZ2b7ZacZ3SajM=.261f426f-b38b-44f7-a59c-7276df76d666@github.com>
Message-ID: <No_9vas5TXqUsHE11qCTFnaO-TPVAcQ-vTr6iWt0D6Q=.813972d4-0ee3-4a5a-b334-fbf6b88258a1@github.com>

On Wed, 9 Nov 2022 20:15:57 GMT, Xubo Zhang <duke at openjdk.org> wrote:

> NativePRNG SecureRandom doesn?t scale with number of threads. The performance starts dropping as we increase the number of threads. Even going from 1 thread to 2 threads shows significant drop. The bottleneck is the singleton RandomIO instance. Making the RandomIO ThreadLocal helps in removing this bottleneck.
> 
> Here are the jmh  thrpt ops/s data for SecureRandomBench.nextBytes, algorithm=NativePRNGNonBlocking, datasize=64, notshared:
> 
> <html xmlns:v="urn:schemas-microsoft-com:vml"
> xmlns:o="urn:schemas-microsoft-com:office:office"
> xmlns:x="urn:schemas-microsoft-com:office:excel"
> xmlns="http://www.w3.org/TR/REC-html40">
> 
> <head>
> 
> <meta name=ProgId content=Excel.Sheet>
> <meta name=Generator content="Microsoft Excel 15">
> <link id=Main-File rel=Main-File
> href="file:///C:/Users/xbzhang/AppData/Local/Temp/msohtmlclip1/01/clip.htm">
> <link rel=File-List
> href="file:///C:/Users/xbzhang/AppData/Local/Temp/msohtmlclip1/01/clip_filelist.xml">
> 
> 
> 
> </head>
> 
> <body link="#0563C1" vlink="#954F72">
> 
> 
> 
> #threads | singleton RandomIO | ThreadLocal RandomIO
> -- | -- | --
> 1 | 1269133 | 1279088
> 2 | 862923 | 1362066
> 3 | 819734 | 1630522
> 4 | 809128 | 1614500
> 5 | 821514 | 1594965
> 6 | 808795 | 1545045
> 7 | 783050 | 1499388
> 8 | 787236 | 1470004
> 
> 
> 
> </body>
> 
> </html>

This pull request has been closed without being integrated.

-------------

PR: https://git.openjdk.org/jdk/pull/11069

From duke at openjdk.org  Tue Jan  3 08:35:27 2023
From: duke at openjdk.org (Ryan Wallace)
Date: Tue, 3 Jan 2023 08:35:27 GMT
Subject: RFR: 8294526: sun/security/provider/SubjectCodeSource.java no
 longer referenced [v4]
In-Reply-To: <HJ2p1lahCBTzUr3DFa6-m-WLX6UztdxtgJEhEpkWiak=.15fad302-3dac-4f5d-8cbc-0561b7e0fe06@github.com>
References: <HJ2p1lahCBTzUr3DFa6-m-WLX6UztdxtgJEhEpkWiak=.15fad302-3dac-4f5d-8cbc-0561b7e0fe06@github.com>
Message-ID: <BBT9J4Vrgp8z0fCphOmgt8SLHUI_a7A6e4xvnoWMd0E=.82ce17db-af1b-4aad-b2b9-5b7ea51588e1@github.com>

> SubjectCodeSource is no longer used, Class should be deleted and all references updated

Ryan Wallace has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 17 additional commits since the last revision:

 - Merge branch 'master' into 8294526
 - Merge branch 'master' into 8294526
 - Merge branch 'master' into 8294526
 - Merge branch 'master' into 8294526
 - Merge branch 'master' into 8294526
 - Merge branch 'master' into 8294526
 - Merge branch 'master' into 8294526
 - Merge branch 'master' into 8294526
 - 8294526: SubjectCodeSource is no longer referenced
 - Merge branch 'master' into 8294526
 - ... and 7 more: https://git.openjdk.org/jdk/compare/549718e3...3139091b

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/10550/files
  - new: https://git.openjdk.org/jdk/pull/10550/files/64972419..3139091b

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=10550&range=03
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=10550&range=02-03

  Stats: 115761 lines in 2534 files changed: 59975 ins; 42548 del; 13238 mod
  Patch: https://git.openjdk.org/jdk/pull/10550.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/10550/head:pull/10550

PR: https://git.openjdk.org/jdk/pull/10550

From duke at openjdk.org  Tue Jan  3 11:34:55 2023
From: duke at openjdk.org (Ryan Wallace)
Date: Tue, 3 Jan 2023 11:34:55 GMT
Subject: RFR: 8294526: sun/security/provider/SubjectCodeSource.java no
 longer referenced [v3]
In-Reply-To: <TNk_-Sga8jFBCUyIpnMnRlVjEqjnk-C8Fa_yKGg7qDA=.21c3efe4-c969-488b-bd9d-e7f2074a8bf9@github.com>
References: <HJ2p1lahCBTzUr3DFa6-m-WLX6UztdxtgJEhEpkWiak=.15fad302-3dac-4f5d-8cbc-0561b7e0fe06@github.com>
 <iHG9_BFeUGTf4-ZgKgM7fGf32MgsEL9A4ijXNaef0zI=.488c3511-9e43-4963-8e81-00ff70b1329e@github.com>
 <TNk_-Sga8jFBCUyIpnMnRlVjEqjnk-C8Fa_yKGg7qDA=.21c3efe4-c969-488b-bd9d-e7f2074a8bf9@github.com>
Message-ID: <ewx-MZianLWmHsVB7tpXae2wc4YXOLWDtgnYDY5iPds=.e4f1902e-7f66-4021-ad77-81325210f39a@github.com>

On Fri, 25 Nov 2022 06:08:30 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Ryan Wallace has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 14 additional commits since the last revision:
>> 
>>  - Merge branch 'master' into 8294526
>>  - Merge branch 'master' into 8294526
>>  - Merge branch 'master' into 8294526
>>  - Merge branch 'master' into 8294526
>>  - Merge branch 'master' into 8294526
>>  - 8294526: SubjectCodeSource is no longer referenced
>>  - Merge branch 'master' into 8294526
>>  - Merge branch 'master' into 8294526
>>  - Merge branch 'master' into 8294526
>>  - Merge branch 'master' into 8294526
>>  - ... and 4 more: https://git.openjdk.org/jdk/compare/01b03654...64972419
>
> Looks good to me.  Thanks!

@XueleiFan  / @wangweij Are you able to sponsor ?

-------------

PR: https://git.openjdk.org/jdk/pull/10550

From duke at openjdk.org  Tue Jan  3 13:55:56 2023
From: duke at openjdk.org (Ryan Wallace)
Date: Tue, 3 Jan 2023 13:55:56 GMT
Subject: Integrated: 8294526: sun/security/provider/SubjectCodeSource.java no
 longer referenced
In-Reply-To: <HJ2p1lahCBTzUr3DFa6-m-WLX6UztdxtgJEhEpkWiak=.15fad302-3dac-4f5d-8cbc-0561b7e0fe06@github.com>
References: <HJ2p1lahCBTzUr3DFa6-m-WLX6UztdxtgJEhEpkWiak=.15fad302-3dac-4f5d-8cbc-0561b7e0fe06@github.com>
Message-ID: <P-zRun7lPuzIKUQ9qPSY09Px6Knremal-LzRIpq7_4k=.794cbbfc-45bb-4021-8132-52ad68189ec8@github.com>

On Tue, 4 Oct 2022 08:25:10 GMT, Ryan Wallace <duke at openjdk.org> wrote:

> SubjectCodeSource is no longer used, Class should be deleted and all references updated

This pull request has now been integrated.

Changeset: 92dfc735
Author:    Ryan Wallace <ryan.w.wallace at oracle.com>
Committer: Weijun Wang <weijun at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/92dfc735f2297441a99b3e39464fb8f77a354d55
Stats:     822 lines in 5 files changed: 0 ins; 822 del; 0 mod

8294526: sun/security/provider/SubjectCodeSource.java no longer referenced

Reviewed-by: weijun, xuelei

-------------

PR: https://git.openjdk.org/jdk/pull/10550

From mullan at openjdk.org  Tue Jan  3 15:33:58 2023
From: mullan at openjdk.org (Sean Mullan)
Date: Tue, 3 Jan 2023 15:33:58 GMT
Subject: [jdk20] RFR: JDK-8299235 broken link referencing missing id
In-Reply-To: <b6NJKZqOS7aRXcmQyewzXO9whIulEYV5-pAw5rdEvmU=.4b2bd092-a489-485b-9b3a-9a8c1e668606@github.com>
References: <b6NJKZqOS7aRXcmQyewzXO9whIulEYV5-pAw5rdEvmU=.4b2bd092-a489-485b-9b3a-9a8c1e668606@github.com>
Message-ID: <bEYK1fr4sQOjk-tlyW-9Obejc_nWv7y7MGxA5j8M6lQ=.aec9f219-86d9-43af-a1ca-aac3bab5960d@github.com>

On Fri, 23 Dec 2022 21:22:00 GMT, Mark Powers <mpowers at openjdk.org> wrote:

> https://bugs.openjdk.org/browse/JDK-8299235

Marked as reviewed by mullan (Reviewer).

-------------

PR: https://git.openjdk.org/jdk20/pull/77

From mpowers at openjdk.org  Tue Jan  3 15:45:57 2023
From: mpowers at openjdk.org (Mark Powers)
Date: Tue, 3 Jan 2023 15:45:57 GMT
Subject: [jdk20] Integrated: JDK-8299235 broken link referencing missing id
In-Reply-To: <b6NJKZqOS7aRXcmQyewzXO9whIulEYV5-pAw5rdEvmU=.4b2bd092-a489-485b-9b3a-9a8c1e668606@github.com>
References: <b6NJKZqOS7aRXcmQyewzXO9whIulEYV5-pAw5rdEvmU=.4b2bd092-a489-485b-9b3a-9a8c1e668606@github.com>
Message-ID: <yakIEWXQDbNV_A5fD1DeVfSFdzaubOcMs1VRmOcL6Mc=.fc574936-adc7-49e3-83d9-0abce60e6021@github.com>

On Fri, 23 Dec 2022 21:22:00 GMT, Mark Powers <mpowers at openjdk.org> wrote:

> https://bugs.openjdk.org/browse/JDK-8299235

This pull request has now been integrated.

Changeset: 3eb85d19
Author:    Mark Powers <mpowers at openjdk.org>
Committer: Sean Mullan <mullan at openjdk.org>
URL:       https://git.openjdk.org/jdk20/commit/3eb85d19ec80105bcbc5ad5422d694c29a9029d2
Stats:     5 lines in 2 files changed: 0 ins; 0 del; 5 mod

8299235: broken link referencing missing id

Reviewed-by: mullan

-------------

PR: https://git.openjdk.org/jdk20/pull/77

From simonis at openjdk.org  Tue Jan  3 17:45:12 2023
From: simonis at openjdk.org (Volker Simonis)
Date: Tue, 3 Jan 2023 17:45:12 GMT
Subject: RFR: 8298381: Improve handling of session tickets for multiple
 SSLContexts [v6]
In-Reply-To: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
References: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
Message-ID: <NhQa1OLqeTYBYg2SaRxtroQ5WNHA2wMLTuv9wT9BBN4=.4fa60fa1-63b3-4206-91a6-607d86ef97be@github.com>

> Currently, TLS session tickets introduced by [JDK-8211018](https://bugs.openjdk.org/browse/JDK-8211018) in JDK 13 (i.e. `SessionTicketExtension$StatelessKey`) are generated in the class `SessionTicketExtension` and they use a single, global key ID (`currentKeyID`) for all `SSLContext`s.
> 
> This is problematic if more than one `SSLContext` is used, because every context which requests a session ticket will increment the global id `currentKeyID` when it creates a ticket. This means that in turn all the other contexts won't be able to find a ticket under the new id in their `SSLContextImpl` and create a new one (again incrementing `currentKeyID`). In fact, every time a ticket is requested from a different context, this will transitively trigger a new ticket creation in all the other contexts. We've observed millions of session ticket accumulating for some workloads.
> 
> Another issue with the curent implementation is that cleanup is racy because the underlying data structure (i.e. `keyHashMap` in `SSLContextImpl`) as well as the cleanup code itself are not threadsafe.
> 
> I therefor propose to move `currentKeyID` into the `SSLContextImpl` to solve these issues.
> 
> The following test program (contributed by Steven Collison (https://raycoll.com/)) can be used to demonstrate the current behaviour. It outputs the number of `StatelessKey` instances at the end of the program. Opening 1000 connections with a single `SSLContext` results in a single `StatelessKey` instance being created:
> 
> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext 9999 1 1000
> 605:             1             32  sun.security.ssl.SessionTicketExtension$StatelessKey (java.base at 20-internal)
> 
> The same example with the 1000 connections being opened alternatively on thwo different contexts will instead create 1000 `StatelessKey` instances:
> 
> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext 9999 2 1000
>   11:          1000          32000  sun.security.ssl.SessionTicketExtension$StatelessKey (java.base at 20-internal)
> 
> With my proposed patch, the numbers goes back to two instances again:
> 
> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext 9999 2 1000
> 611:             2             64  sun.security.ssl.SessionTicketExtension$StatelessKey (java.base at 20-internal)
> 
> 
> I've attached the test program to the [JBS issue](https://bugs.openjdk.org/browse/JDK-8298381). If you think it makes sense, I can probably convert it into a JTreg test.

Volker Simonis has updated the pull request incrementally with one additional commit since the last revision:

  Updated copyright year to 2023

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11590/files
  - new: https://git.openjdk.org/jdk/pull/11590/files/68ed71dd..eb2d8e25

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11590&range=05
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11590&range=04-05

  Stats: 3 lines in 3 files changed: 0 ins; 0 del; 3 mod
  Patch: https://git.openjdk.org/jdk/pull/11590.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11590/head:pull/11590

PR: https://git.openjdk.org/jdk/pull/11590

From simonis at openjdk.org  Tue Jan  3 17:46:57 2023
From: simonis at openjdk.org (Volker Simonis)
Date: Tue, 3 Jan 2023 17:46:57 GMT
Subject: RFR: 8298381: Improve handling of session tickets for multiple
 SSLContexts [v5]
In-Reply-To: <0DraNUgnD1sGBM7e3jj101i5Dso2znvuEU-z5GYDnPw=.8df7206e-9934-474d-b8c0-c3d87f628c79@github.com>
References: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
 <sZRhosUwjIv2lcRhOXsJ2qzKkhz9WpgKHvj8NkWaQfk=.3f1d0524-60fe-4095-b2b2-810c9b09bc1e@github.com>
 <0DraNUgnD1sGBM7e3jj101i5Dso2znvuEU-z5GYDnPw=.8df7206e-9934-474d-b8c0-c3d87f628c79@github.com>
Message-ID: <c8_oKudZ3wgGpNxSR9lRXtfnNr2ga3jZDRy6DRcp3q8=.6832f064-cf6b-4f0d-8835-6a997a295905@github.com>

On Mon, 2 Jan 2023 03:05:27 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

> Looks good to me. Thanks!

Thanks @XueleiFan!

I've updated the copyright year to 2023 and will wait one or two more days just in case @ascarpino wants to take one more look as well.

-------------

PR: https://git.openjdk.org/jdk/pull/11590

From jnimeh at openjdk.org  Tue Jan  3 20:21:59 2023
From: jnimeh at openjdk.org (Jamil Nimeh)
Date: Tue, 3 Jan 2023 20:21:59 GMT
Subject: RFR: 8298381: Improve handling of session tickets for multiple
 SSLContexts [v5]
In-Reply-To: <c8_oKudZ3wgGpNxSR9lRXtfnNr2ga3jZDRy6DRcp3q8=.6832f064-cf6b-4f0d-8835-6a997a295905@github.com>
References: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
 <sZRhosUwjIv2lcRhOXsJ2qzKkhz9WpgKHvj8NkWaQfk=.3f1d0524-60fe-4095-b2b2-810c9b09bc1e@github.com>
 <0DraNUgnD1sGBM7e3jj101i5Dso2znvuEU-z5GYDnPw=.8df7206e-9934-474d-b8c0-c3d87f628c79@github.com>
 <c8_oKudZ3wgGpNxSR9lRXtfnNr2ga3jZDRy6DRcp3q8=.6832f064-cf6b-4f0d-8835-6a997a295905@github.com>
Message-ID: <ddVelMxeSeU3tfy2EqUQSiySenbKYsTux21m3SSh9m4=.b5c9a859-62ec-4362-8e22-b49b1cfa16cd@github.com>

On Tue, 3 Jan 2023 17:43:43 GMT, Volker Simonis <simonis at openjdk.org> wrote:

>> Looks good to me.  Thanks!
>
>> Looks good to me. Thanks!
> 
> Thanks @XueleiFan!
> 
> I've updated the copyright year to 2023 and will wait one or two more days just in case @ascarpino wants to take one more look as well.

Hi @simonis, I am sorry for chiming in so late on this issue.  I do think it might be worthwhile to make your proof-of-concept code into a jtreg test as you mentioned in your summary.  I think it really comes down to how feasible the conversion would be.  It's always better to have an automated test if we can, but it depends on if jtreg code can get access to reliable information about the session tickets via the session cache and know that things are behaving as intended.

-------------

PR: https://git.openjdk.org/jdk/pull/11590

From jwilhelm at openjdk.org  Wed Jan  4 14:34:19 2023
From: jwilhelm at openjdk.org (Jesper Wilhelmsson)
Date: Wed, 4 Jan 2023 14:34:19 GMT
Subject: RFR: Merge jdk20
Message-ID: <zDvWYKrrzE24L5hYEI-x2F3F8HzwFFX8jhk9K7-uQgY=.35dbb7d4-fb82-4fa8-bf34-4de6a5b2bda4@github.com>

Forwardport JDK 20 -> JDK 21

-------------

Commit messages:
 - Merge remote-tracking branch 'jdk20/master' into Merge_jdk20
 - 8299476: PPC64 Zero build fails after JDK-8286302
 - 8293824: gc/whitebox/TestConcMarkCycleWB.java failed "RuntimeException: assertTrue: expected true, was false"
 - 8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
 - 8298324: Unable to run shell test with make
 - 8299235: broken link referencing missing id

The webrevs contain the adjustments done while merging with regards to each parent branch:
 - master: https://webrevs.openjdk.org/?repo=jdk&pr=11845&range=00.0
 - jdk20: https://webrevs.openjdk.org/?repo=jdk&pr=11845&range=00.1

Changes: https://git.openjdk.org/jdk/pull/11845/files
  Stats: 299 lines in 28 files changed: 101 ins; 131 del; 67 mod
  Patch: https://git.openjdk.org/jdk/pull/11845.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11845/head:pull/11845

PR: https://git.openjdk.org/jdk/pull/11845

From jwilhelm at openjdk.org  Wed Jan  4 16:06:57 2023
From: jwilhelm at openjdk.org (Jesper Wilhelmsson)
Date: Wed, 4 Jan 2023 16:06:57 GMT
Subject: Integrated: Merge jdk20
In-Reply-To: <zDvWYKrrzE24L5hYEI-x2F3F8HzwFFX8jhk9K7-uQgY=.35dbb7d4-fb82-4fa8-bf34-4de6a5b2bda4@github.com>
References: <zDvWYKrrzE24L5hYEI-x2F3F8HzwFFX8jhk9K7-uQgY=.35dbb7d4-fb82-4fa8-bf34-4de6a5b2bda4@github.com>
Message-ID: <Y9iOsvwOKa2PrIXFCB5jl5Sa5fBfVzSNRFNvEdGXuoE=.71580b8a-7e64-4ca9-828a-bdffc14b90cd@github.com>

On Wed, 4 Jan 2023 14:25:12 GMT, Jesper Wilhelmsson <jwilhelm at openjdk.org> wrote:

> Forwardport JDK 20 -> JDK 21

This pull request has now been integrated.

Changeset: df1caf90
Author:    Jesper Wilhelmsson <jwilhelm at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/df1caf90818558b897a6b8ab80757f2a03398c55
Stats:     299 lines in 28 files changed: 101 ins; 131 del; 67 mod

Merge

-------------

PR: https://git.openjdk.org/jdk/pull/11845

From duke at openjdk.org  Thu Jan  5 17:58:27 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Thu, 5 Jan 2023 17:58:27 GMT
Subject: RFR: 8298872: Update CheckStatus.java for changes to TLS
 implementation
Message-ID: <BxcoZLbQBeD88JiHK44NQBQahNsH-j3RhnbMYBvE_sU=.2f671e20-2cb5-4f79-8196-92520bcee655@github.com>

Updated the test for TLS 1.2 and removed from ProblemList.txt

-------------

Commit messages:
 - removed extra whitespace
 - 8298872: Update CheckStatus.java for changes to TLS implementation

Changes: https://git.openjdk.org/jdk/pull/11857/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11857&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8298872
  Stats: 319 lines in 3 files changed: 35 ins; 15 del; 269 mod
  Patch: https://git.openjdk.org/jdk/pull/11857.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11857/head:pull/11857

PR: https://git.openjdk.org/jdk/pull/11857

From duke at openjdk.org  Thu Jan  5 20:17:20 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Thu, 5 Jan 2023 20:17:20 GMT
Subject: RFR: 8298872: Update CheckStatus.java for changes to TLS
 implementation [v2]
In-Reply-To: <BxcoZLbQBeD88JiHK44NQBQahNsH-j3RhnbMYBvE_sU=.2f671e20-2cb5-4f79-8196-92520bcee655@github.com>
References: <BxcoZLbQBeD88JiHK44NQBQahNsH-j3RhnbMYBvE_sU=.2f671e20-2cb5-4f79-8196-92520bcee655@github.com>
Message-ID: <vvJ_0vvp36Wz68pFWTCpp56ksXsvt4fKlhki-1zve34=.22c89056-fae7-4634-adbe-22afcad80492@github.com>

> Updated the test for TLS 1.2 and removed from ProblemList.txt

Matthew Donovan has updated the pull request incrementally with two additional commits since the last revision:

 - updated copyright to correct year
 - updated copyright year

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11857/files
  - new: https://git.openjdk.org/jdk/pull/11857/files/685eb448..6b2596ee

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11857&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11857&range=00-01

  Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/11857.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11857/head:pull/11857

PR: https://git.openjdk.org/jdk/pull/11857

From duke at openjdk.org  Fri Jan  6 02:45:18 2023
From: duke at openjdk.org (Archie L. Cobbs)
Date: Fri, 6 Jan 2023 02:45:18 GMT
Subject: RFR: 8015831: Add lint check for calling overridable methods from a
 constructor
Message-ID: <Ms3zM2qC_QYF8OrfQ4mAi1weE5cHGfWCzPgwuxTLBKY=.d383ef5c-10d7-42de-8be0-03dd64a11af0@github.com>

This PR adds a new lint warning category `this-escape`.

It also adds `@SuppressWarnings` annotations as needed to the JDK itself to allow the JDK to continue to compile with `-Xlint:all`.

A 'this' escape warning is generated for a constructor `A()` in a class `A` when the compiler detects that the following situation is _in theory possible:_
* Some subclass `B extends A` exists, and `B` is defined in a separate source file (i.e., compilation unit)
* Some constructor `B()` of `B` invokes `A()` as its superclass constructor
* During the execution of `A()`, some non-static method of `B.foo()` could get invoked, perhaps indirectly

In the above scenario, `B.foo()` would execute before `A()` has returned and before `B()` has performed any initialization. To the extent `B.foo()` accesses any fields of `B` - all of which are still uninitialized - it is likely to function incorrectly.

Note, when determining if a 'this' escape is possible, the compiler makes no assumptions about code outside of the current compilation unit. It doesn't look outside of the current source file to see what might actually happen when a method is invoked. It does follow method and constructors within the current compilation unit, and applies a simplified union-of-all-possible-branches data flow analysis to see where 'this' could end up.

>From my review, virtually all of the warnings generated in the various JDK modules are valid warnings in the sense that a 'this' escape, as defined above, is really and truly possible. However, that doesn't imply that any bugs were found within the JDK - only that the possibility of a certain type of bug exists if certain superclass constructors are used by someone, somewhere, someday.

For several "popular" classes, this PR also adds `@implNote`'s to the offending constructors so that subclass implementors are made aware of the threat. For one example, `TreeMap(Map)` invokes `putAll()` and `put()`.

More details and a couple of motivating examples are given in an included [doc file](https://github.com/archiecobbs/jdk/blob/ThisEscape/src/java.base/share/classes/java/lang/doc-files/ThisEscape.html) that these `@implNote`'s link to. See also the recent thread on `amber-dev` for some background.

Ideally, over time the owners of the various modules would review their `@SuppressWarnings("this-escape")` annotations and determine which other constructors also warranted such an `@implNote`.

Because of all the`@SuppressWarnings` annotations, this PR touches a bunch of different JDK modules. My apologies for that. Adding these annotations was determined to be the more conservative approach, as compared to just excepting `this-escape` from various module builds globally.

**Patch Navigation Guide**

* Non-trivial compiler changes:
    * `src/jdk.compiler/share/classes/com/sun/tools/javac/code/Lint.java`
    * `src/jdk.compiler/share/classes/com/sun/tools/javac/code/Types.java`
    * `src/jdk.compiler/share/classes/com/sun/tools/javac/comp/Flow.java`
    * `src/jdk.compiler/share/classes/com/sun/tools/javac/tree/TreeInfo.java`
    * `src/jdk.compiler/share/classes/com/sun/tools/javac/comp/ThisEscapeAnalyzer.java`
    * `src/jdk.compiler/share/classes/com/sun/tools/javac/resources/compiler.properties`
    * `src/jdk.compiler/share/classes/com/sun/tools/javac/resources/javac.properties`

* Javadoc additions of `@implNote`:

    * `src/java.base/share/classes/java/io/PipedReader.java`
    * `src/java.base/share/classes/java/io/PipedWriter.java`
    * `src/java.base/share/classes/java/lang/Throwable.java`
    * `src/java.base/share/classes/java/util/ArrayDeque.java`
    * `src/java.base/share/classes/java/util/EnumMap.java`
    * `src/java.base/share/classes/java/util/HashSet.java`
    * `src/java.base/share/classes/java/util/Hashtable.java`
    * `src/java.base/share/classes/java/util/LinkedList.java`
    * `src/java.base/share/classes/java/util/TreeMap.java`
    * `src/java.base/share/classes/java/util/TreeSet.java`

* New unit tests
    * `test/langtools/tools/javac/warnings/ThisEscape/*.java`

* **Everything else** is just adding `@SuppressWarnings("this-escape")`

-------------

Commit messages:
 - Remove trailing whitespace.
 - Some documentation tweaks.
 - Treat method references like the equivalent lambda.
 - Fix bug where initializers could generate duplicate warnings.
 - Javadoc fix.
 - Add ThisEscape.html doc note and link the new @implNote's to it.
 - Add more @SuppressWarnings("this-escape") annotations.
 - Add more @SuppressWarnings("this-escape") annotations.
 - Add more @SuppressWarnings("this-escape") annotations.
 - Add more @SuppressWarnings("this-escape") annotations.
 - ... and 38 more: https://git.openjdk.org/jdk/compare/c6588d5b...9c162283

Changes: https://git.openjdk.org/jdk/pull/11874/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11874&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8015831
  Stats: 4326 lines in 1285 files changed: 4259 ins; 3 del; 64 mod
  Patch: https://git.openjdk.org/jdk/pull/11874.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11874/head:pull/11874

PR: https://git.openjdk.org/jdk/pull/11874

From dholmes at openjdk.org  Fri Jan  6 04:51:00 2023
From: dholmes at openjdk.org (David Holmes)
Date: Fri, 6 Jan 2023 04:51:00 GMT
Subject: RFR: 8015831: Add lint check for calling overridable methods from
 a constructor
In-Reply-To: <Ms3zM2qC_QYF8OrfQ4mAi1weE5cHGfWCzPgwuxTLBKY=.d383ef5c-10d7-42de-8be0-03dd64a11af0@github.com>
References: <Ms3zM2qC_QYF8OrfQ4mAi1weE5cHGfWCzPgwuxTLBKY=.d383ef5c-10d7-42de-8be0-03dd64a11af0@github.com>
Message-ID: <bT23KDnt3l6QShNPVLFoC9H88-v8djTLMxtXewI7gv4=.894547d3-a564-4a5d-9a6d-2264876ac642@github.com>

On Fri, 6 Jan 2023 02:20:53 GMT, Archie L. Cobbs <duke at openjdk.org> wrote:

> This PR adds a new lint warning category `this-escape`.
> 
> It also adds `@SuppressWarnings` annotations as needed to the JDK itself to allow the JDK to continue to compile with `-Xlint:all`.
> 
> A 'this' escape warning is generated for a constructor `A()` in a class `A` when the compiler detects that the following situation is _in theory possible:_
> * Some subclass `B extends A` exists, and `B` is defined in a separate source file (i.e., compilation unit)
> * Some constructor `B()` of `B` invokes `A()` as its superclass constructor
> * During the execution of `A()`, some non-static method of `B.foo()` could get invoked, perhaps indirectly
> 
> In the above scenario, `B.foo()` would execute before `A()` has returned and before `B()` has performed any initialization. To the extent `B.foo()` accesses any fields of `B` - all of which are still uninitialized - it is likely to function incorrectly.
> 
> Note, when determining if a 'this' escape is possible, the compiler makes no assumptions about code outside of the current compilation unit. It doesn't look outside of the current source file to see what might actually happen when a method is invoked. It does follow method and constructors within the current compilation unit, and applies a simplified union-of-all-possible-branches data flow analysis to see where 'this' could end up.
> 
> From my review, virtually all of the warnings generated in the various JDK modules are valid warnings in the sense that a 'this' escape, as defined above, is really and truly possible. However, that doesn't imply that any bugs were found within the JDK - only that the possibility of a certain type of bug exists if certain superclass constructors are used by someone, somewhere, someday.
> 
> For several "popular" classes, this PR also adds `@implNote`'s to the offending constructors so that subclass implementors are made aware of the threat. For one example, `TreeMap(Map)` invokes `putAll()` and `put()`.
> 
> More details and a couple of motivating examples are given in an included [doc file](https://github.com/archiecobbs/jdk/blob/ThisEscape/src/java.base/share/classes/java/lang/doc-files/ThisEscape.html) that these `@implNote`'s link to. See also the recent thread on `amber-dev` for some background.
> 
> Ideally, over time the owners of the various modules would review their `@SuppressWarnings("this-escape")` annotations and determine which other constructors also warranted such an `@implNote`.
> 
> Because of all the`@SuppressWarnings` annotations, this PR touches a bunch of different JDK modules. My apologies for that. Adding these annotations was determined to be the more conservative approach, as compared to just excepting `this-escape` from various module builds globally.
> 
> **Patch Navigation Guide**
> 
> * Non-trivial compiler changes:
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/code/Lint.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/code/Types.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/comp/Flow.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/tree/TreeInfo.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/comp/ThisEscapeAnalyzer.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/resources/compiler.properties`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/resources/javac.properties`
> 
> * Javadoc additions of `@implNote`:
> 
>     * `src/java.base/share/classes/java/io/PipedReader.java`
>     * `src/java.base/share/classes/java/io/PipedWriter.java`
>     * `src/java.base/share/classes/java/lang/Throwable.java`
>     * `src/java.base/share/classes/java/util/ArrayDeque.java`
>     * `src/java.base/share/classes/java/util/EnumMap.java`
>     * `src/java.base/share/classes/java/util/HashSet.java`
>     * `src/java.base/share/classes/java/util/Hashtable.java`
>     * `src/java.base/share/classes/java/util/LinkedList.java`
>     * `src/java.base/share/classes/java/util/TreeMap.java`
>     * `src/java.base/share/classes/java/util/TreeSet.java`
> 
> * New unit tests
>     * `test/langtools/tools/javac/warnings/ThisEscape/*.java`
> 
> * **Everything else** is just adding `@SuppressWarnings("this-escape")`

Hi Archie,

The associated JBS issue has been dormant for 6+ years and this is a very intrusive change affecting many, many files. Has the resurrection of this project previously been discussed somewhere?

-------------

PR: https://git.openjdk.org/jdk/pull/11874

From alanb at openjdk.org  Fri Jan  6 07:53:54 2023
From: alanb at openjdk.org (Alan Bateman)
Date: Fri, 6 Jan 2023 07:53:54 GMT
Subject: RFR: 8015831: Add lint check for calling overridable methods from
 a constructor
In-Reply-To: <Ms3zM2qC_QYF8OrfQ4mAi1weE5cHGfWCzPgwuxTLBKY=.d383ef5c-10d7-42de-8be0-03dd64a11af0@github.com>
References: <Ms3zM2qC_QYF8OrfQ4mAi1weE5cHGfWCzPgwuxTLBKY=.d383ef5c-10d7-42de-8be0-03dd64a11af0@github.com>
Message-ID: <Hnu2IeLr21reuXeHYgIlKiNCwQ9zJLeg9dykcL_Y8KM=.67209ee1-a778-4bae-a7a8-d61e860f7b23@github.com>

On Fri, 6 Jan 2023 02:20:53 GMT, Archie L. Cobbs <duke at openjdk.org> wrote:

> This PR adds a new lint warning category `this-escape`.
> 
> It also adds `@SuppressWarnings` annotations as needed to the JDK itself to allow the JDK to continue to compile with `-Xlint:all`.
> 
> A 'this' escape warning is generated for a constructor `A()` in a class `A` when the compiler detects that the following situation is _in theory possible:_
> * Some subclass `B extends A` exists, and `B` is defined in a separate source file (i.e., compilation unit)
> * Some constructor `B()` of `B` invokes `A()` as its superclass constructor
> * During the execution of `A()`, some non-static method of `B.foo()` could get invoked, perhaps indirectly
> 
> In the above scenario, `B.foo()` would execute before `A()` has returned and before `B()` has performed any initialization. To the extent `B.foo()` accesses any fields of `B` - all of which are still uninitialized - it is likely to function incorrectly.
> 
> Note, when determining if a 'this' escape is possible, the compiler makes no assumptions about code outside of the current compilation unit. It doesn't look outside of the current source file to see what might actually happen when a method is invoked. It does follow method and constructors within the current compilation unit, and applies a simplified union-of-all-possible-branches data flow analysis to see where 'this' could end up.
> 
> From my review, virtually all of the warnings generated in the various JDK modules are valid warnings in the sense that a 'this' escape, as defined above, is really and truly possible. However, that doesn't imply that any bugs were found within the JDK - only that the possibility of a certain type of bug exists if certain superclass constructors are used by someone, somewhere, someday.
> 
> For several "popular" classes, this PR also adds `@implNote`'s to the offending constructors so that subclass implementors are made aware of the threat. For one example, `TreeMap(Map)` invokes `putAll()` and `put()`.
> 
> More details and a couple of motivating examples are given in an included [doc file](https://github.com/archiecobbs/jdk/blob/ThisEscape/src/java.base/share/classes/java/lang/doc-files/ThisEscape.html) that these `@implNote`'s link to. See also the recent thread on `amber-dev` for some background.
> 
> Ideally, over time the owners of the various modules would review their `@SuppressWarnings("this-escape")` annotations and determine which other constructors also warranted such an `@implNote`.
> 
> Because of all the`@SuppressWarnings` annotations, this PR touches a bunch of different JDK modules. My apologies for that. Adding these annotations was determined to be the more conservative approach, as compared to just excepting `this-escape` from various module builds globally.
> 
> **Patch Navigation Guide**
> 
> * Non-trivial compiler changes:
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/code/Lint.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/code/Types.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/comp/Flow.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/tree/TreeInfo.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/comp/ThisEscapeAnalyzer.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/resources/compiler.properties`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/resources/javac.properties`
> 
> * Javadoc additions of `@implNote`:
> 
>     * `src/java.base/share/classes/java/io/PipedReader.java`
>     * `src/java.base/share/classes/java/io/PipedWriter.java`
>     * `src/java.base/share/classes/java/lang/Throwable.java`
>     * `src/java.base/share/classes/java/util/ArrayDeque.java`
>     * `src/java.base/share/classes/java/util/EnumMap.java`
>     * `src/java.base/share/classes/java/util/HashSet.java`
>     * `src/java.base/share/classes/java/util/Hashtable.java`
>     * `src/java.base/share/classes/java/util/LinkedList.java`
>     * `src/java.base/share/classes/java/util/TreeMap.java`
>     * `src/java.base/share/classes/java/util/TreeSet.java`
> 
> * New unit tests
>     * `test/langtools/tools/javac/warnings/ThisEscape/*.java`
> 
> * **Everything else** is just adding `@SuppressWarnings("this-escape")`

This looks like a very useful lint warning to have but this PR is unwieldy. If you haven't done so already then you probably should socialize on compiler-dev and get agreement on the semantics and other details. I think you will also need to separate the addition of the lint warning from the changes to the wider JDK. It might be okay to add the feature but have it disabled for the JDK build initially.

-------------

PR: https://git.openjdk.org/jdk/pull/11874

From duke at openjdk.org  Fri Jan  6 12:10:33 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Fri, 6 Jan 2023 12:10:33 GMT
Subject: RFR: 8298869: Update ConnectionTest.java for changes to TLS
 implementation
Message-ID: <g4Fj2Tc---U2ZQuqVCDNUDujto2caFMXGDmjl-7i5Eo=.0be004b3-245e-4816-8bb1-25dc411d9081@github.com>

* Updated the test for changes to the TLS implementation
* Test supports TLS 1.2 and 1.3
* Removed from ProblemList.txt
* Refactored code a bit

-------------

Commit messages:
 - removed extra whitespace
 - 8298869: Update ConnectionTest.java for changes to TLS implementation

Changes: https://git.openjdk.org/jdk/pull/11871/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11871&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8298869
  Stats: 512 lines in 2 files changed: 93 ins; 172 del; 247 mod
  Patch: https://git.openjdk.org/jdk/pull/11871.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11871/head:pull/11871

PR: https://git.openjdk.org/jdk/pull/11871

From duke at openjdk.org  Fri Jan  6 14:51:54 2023
From: duke at openjdk.org (Archie L. Cobbs)
Date: Fri, 6 Jan 2023 14:51:54 GMT
Subject: RFR: 8015831: Add lint check for calling overridable methods from
 a constructor
In-Reply-To: <bT23KDnt3l6QShNPVLFoC9H88-v8djTLMxtXewI7gv4=.894547d3-a564-4a5d-9a6d-2264876ac642@github.com>
References: <Ms3zM2qC_QYF8OrfQ4mAi1weE5cHGfWCzPgwuxTLBKY=.d383ef5c-10d7-42de-8be0-03dd64a11af0@github.com>
 <bT23KDnt3l6QShNPVLFoC9H88-v8djTLMxtXewI7gv4=.894547d3-a564-4a5d-9a6d-2264876ac642@github.com>
Message-ID: <MTkJNTvGepdVz-6gfrweOnP-8laNPOemoDSdZ6S8GBo=.51eabb04-75eb-40e6-b18c-203ee564b4ae@github.com>

On Fri, 6 Jan 2023 04:48:27 GMT, David Holmes <dholmes at openjdk.org> wrote:

> The associated JBS issue has been dormant for 6+ years and this is a very intrusive change affecting many, many files. Has the resurrection of this project previously been discussed somewhere?

Hi @dholmes-ora,

The work to add this warning has been guided by @briangoetz in discussions on the amber-dev mailing list. See that thread for how we came up with the current design, underlying motivation, etc.

Regarding intrusiveness (assuming you're referring simply to the number of files touched), as mentioned this was one of two options. The other option would be to patch to about ~30 `Java.gmk` files in `make/modules` to exclude `this-escape` from `-Xlint` during the various module builds.

Going this route is fine with me, but it has the downside that any new code being developed would not benefit from the new warning. This was in fact my original approach (and it was a lot easier :) but Brian rightly pointed out that adding `@SuppressWarnings` annotations was the the safer (i.e, more conservative) approach. 

> If you haven't done so already then you probably should socialize on compiler-dev and get agreement on the semantics and other details.

Hi @AlanBateman,

As mentioned this has been under discussion on amber-dev for a while. Happy to continue that discussion here as well.

> I think you will also need to separate the addition of the lint warning from the changes to the wider JDK. It might be okay to add the feature but have it disabled for the JDK build initially.

Sounds reasonable... so I take it you would also be in favor of patching `make/modules` instead of adding `@SuppressWarnings` annotations everywhere... is that correct?

If this is generally agreed as a better route then let me know and I'll update the patch.

Thanks for both of your comments.

-------------

PR: https://git.openjdk.org/jdk/pull/11874

From alanb at openjdk.org  Fri Jan  6 15:41:16 2023
From: alanb at openjdk.org (Alan Bateman)
Date: Fri, 6 Jan 2023 15:41:16 GMT
Subject: RFR: 8015831: Add lint check for calling overridable methods from
 a constructor
In-Reply-To: <MTkJNTvGepdVz-6gfrweOnP-8laNPOemoDSdZ6S8GBo=.51eabb04-75eb-40e6-b18c-203ee564b4ae@github.com>
References: <Ms3zM2qC_QYF8OrfQ4mAi1weE5cHGfWCzPgwuxTLBKY=.d383ef5c-10d7-42de-8be0-03dd64a11af0@github.com>
 <bT23KDnt3l6QShNPVLFoC9H88-v8djTLMxtXewI7gv4=.894547d3-a564-4a5d-9a6d-2264876ac642@github.com>
 <MTkJNTvGepdVz-6gfrweOnP-8laNPOemoDSdZ6S8GBo=.51eabb04-75eb-40e6-b18c-203ee564b4ae@github.com>
Message-ID: <zCh-SUG-aTKJSXkfjCsxJHyjB5CvrM4Jik_-zVvXICc=.caa64740-ee13-4c8d-8bc6-429148bb84e6@github.com>

On Fri, 6 Jan 2023 14:49:16 GMT, Archie L. Cobbs <duke at openjdk.org> wrote:

> Sounds reasonable... so I take it you would also be in favor of patching `make/modules` instead of adding `@SuppressWarnings` annotations everywhere... is that correct?
> 
> If this is generally agreed as a better route then let me know and I'll update the patch.

Yes, I think that would be better. It would remove most of the noise, 1200+ files, and 10+ mailing lists from this PR. I assume there will be at least some iteration on compiler-dev about the details and changes to javac. Once you get to the JDK changes then I suspect that some areas may want to fix issues rather than adding SW. Sadly, I see a few examples in your list where there have been attempts to avoid leaking "this" but where we backed away out of concern that 3rd party code was extending some class and overriding a method known to be invoked by the constructor. Also we have places that register themselves to cleaners. I suspect some of the suggestions to document leaking this in implNotes will need discussion too because they amount to documenting "hooks" that people will rely on, e.g. documenting in ArrayDeque that its constructor invokes addList could be read as an invite to override it.

-------------

PR: https://git.openjdk.org/jdk/pull/11874

From mcimadamore at openjdk.org  Fri Jan  6 15:57:50 2023
From: mcimadamore at openjdk.org (Maurizio Cimadamore)
Date: Fri, 6 Jan 2023 15:57:50 GMT
Subject: RFR: 8015831: Add lint check for calling overridable methods from
 a constructor
In-Reply-To: <zCh-SUG-aTKJSXkfjCsxJHyjB5CvrM4Jik_-zVvXICc=.caa64740-ee13-4c8d-8bc6-429148bb84e6@github.com>
References: <Ms3zM2qC_QYF8OrfQ4mAi1weE5cHGfWCzPgwuxTLBKY=.d383ef5c-10d7-42de-8be0-03dd64a11af0@github.com>
 <bT23KDnt3l6QShNPVLFoC9H88-v8djTLMxtXewI7gv4=.894547d3-a564-4a5d-9a6d-2264876ac642@github.com>
 <MTkJNTvGepdVz-6gfrweOnP-8laNPOemoDSdZ6S8GBo=.51eabb04-75eb-40e6-b18c-203ee564b4ae@github.com>
 <zCh-SUG-aTKJSXkfjCsxJHyjB5CvrM4Jik_-zVvXICc=.caa64740-ee13-4c8d-8bc6-429148bb84e6@github.com>
Message-ID: <D_mLssKO7VlglPgP2sf3S1seKgyuJazeTrpnURCpxQk=.7e318df2-ef54-484c-9cb2-bea1100fe949@github.com>

On Fri, 6 Jan 2023 15:38:31 GMT, Alan Bateman <alanb at openjdk.org> wrote:

>>> The associated JBS issue has been dormant for 6+ years and this is a very intrusive change affecting many, many files. Has the resurrection of this project previously been discussed somewhere?
>> 
>> Hi @dholmes-ora,
>> 
>> The work to add this warning has been guided by @briangoetz in discussions on the amber-dev mailing list. See that thread for how we came up with the current design, underlying motivation, etc.
>> 
>> Regarding intrusiveness (assuming you're referring simply to the number of files touched), as mentioned this was one of two options. The other option would be to patch to about ~30 `Java.gmk` files in `make/modules` to exclude `this-escape` from `-Xlint` during the various module builds.
>> 
>> Going this route is fine with me, but it has the downside that any new code being developed would not benefit from the new warning. This was in fact my original approach (and it was a lot easier :) but Brian rightly pointed out that adding `@SuppressWarnings` annotations was the the safer (i.e, more conservative) approach. 
>> 
>>> If you haven't done so already then you probably should socialize on compiler-dev and get agreement on the semantics and other details.
>> 
>> Hi @AlanBateman,
>> 
>> As mentioned this has been under discussion on amber-dev for a while. Happy to continue that discussion here as well.
>> 
>>> I think you will also need to separate the addition of the lint warning from the changes to the wider JDK. It might be okay to add the feature but have it disabled for the JDK build initially.
>> 
>> Sounds reasonable... so I take it you would also be in favor of patching `make/modules` instead of adding `@SuppressWarnings` annotations everywhere... is that correct?
>> 
>> If this is generally agreed as a better route then let me know and I'll update the patch.
>> 
>> Thanks for both of your comments.
>
>> Sounds reasonable... so I take it you would also be in favor of patching `make/modules` instead of adding `@SuppressWarnings` annotations everywhere... is that correct?
>> 
>> If this is generally agreed as a better route then let me know and I'll update the patch.
> 
> Yes, I think that would be better. It would remove most of the noise, 1200+ files, and 10+ mailing lists from this PR. I assume there will be at least some iteration on compiler-dev about the details and changes to javac. Once you get to the JDK changes then I suspect that some areas may want to fix issues rather than adding SW. Sadly, I see a few examples in your list where there have been attempts to avoid leaking "this" but where we backed away out of concern that 3rd party code was extending some class and overriding a method known to be invoked by the constructor. Also we have places that register themselves to cleaners. I suspect some of the suggestions to document leaking this in implNotes will need discussion too because they amount to documenting "hooks" that people will rely on, e.g. documenting in ArrayDeque that its constructor invokes addList could be read as an invite to override it.

I agree with @AlanBateman. When we introduced similar warnings in the past, we have enabled support in javac (with some test) in a separate PR, and then followed up with small dedicated PR for each of the various areas (enabling new warnings one by one).

See this great umbrella JBS issue (created by @asotona) which has details on all the issues that were filed when we added an extra Lint warning for lossy conversions:

https://bugs.openjdk.org/browse/JDK-8286374

They all refer to this:

https://bugs.openjdk.org/browse/JDK-8244681

Which was submitted as a separate javac-only PR:
https://github.com/openjdk/jdk/pull/8599

-------------

PR: https://git.openjdk.org/jdk/pull/11874

From weijun at openjdk.org  Fri Jan  6 15:59:36 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Fri, 6 Jan 2023 15:59:36 GMT
Subject: RFR: 8299746: Accept unknown signatureAlgorithm in PKCS7 SignerInfo
Message-ID: <NGxt83A2oqIF7SnNoASxaUaSRblwWYU4bZgYfIOzrx4=.1d9ec1f9-378c-403d-a1e6-b7cc55f7112c@github.com>

Modern signature algorithms provided by a 3rd-party provider might not be recognized by JDK code yet.

-------------

Commit messages:
 - the fix

Changes: https://git.openjdk.org/jdk/pull/11883/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11883&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8299746
  Stats: 62 lines in 2 files changed: 60 ins; 0 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/11883.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11883/head:pull/11883

PR: https://git.openjdk.org/jdk/pull/11883

From kdriver at openjdk.org  Fri Jan  6 17:35:51 2023
From: kdriver at openjdk.org (Kevin Driver)
Date: Fri, 6 Jan 2023 17:35:51 GMT
Subject: RFR: 8299746: Accept unknown signatureAlgorithm in PKCS7
 SignerInfo
In-Reply-To: <NGxt83A2oqIF7SnNoASxaUaSRblwWYU4bZgYfIOzrx4=.1d9ec1f9-378c-403d-a1e6-b7cc55f7112c@github.com>
References: <NGxt83A2oqIF7SnNoASxaUaSRblwWYU4bZgYfIOzrx4=.1d9ec1f9-378c-403d-a1e6-b7cc55f7112c@github.com>
Message-ID: <pCD17Ci37M2k6KFuU76HDrUXcv0ugJMCjyk4wvFpKIY=.1af9334b-ea4f-44b4-ac81-90ad2b80f4a1@github.com>

On Fri, 6 Jan 2023 15:52:03 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Modern signature algorithms provided by a 3rd-party provider might not be recognized by JDK code yet.

Marked as reviewed by kdriver (Author).

-------------

PR: https://git.openjdk.org/jdk/pull/11883

From ascarpino at openjdk.org  Fri Jan  6 18:26:33 2023
From: ascarpino at openjdk.org (Anthony Scarpino)
Date: Fri, 6 Jan 2023 18:26:33 GMT
Subject: RFR: 8299746: Accept unknown signatureAlgorithm in PKCS7
 SignerInfo
In-Reply-To: <NGxt83A2oqIF7SnNoASxaUaSRblwWYU4bZgYfIOzrx4=.1d9ec1f9-378c-403d-a1e6-b7cc55f7112c@github.com>
References: <NGxt83A2oqIF7SnNoASxaUaSRblwWYU4bZgYfIOzrx4=.1d9ec1f9-378c-403d-a1e6-b7cc55f7112c@github.com>
Message-ID: <0UZheOlB3pfGygmciZpDrfafjEQQI-bX2QRwViIBtf8=.a18a0d42-9137-4236-b40f-6f883b912e19@github.com>

On Fri, 6 Jan 2023 15:52:03 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Modern signature algorithms provided by a 3rd-party provider might not be recognized by JDK code yet.

looks good

-------------

Marked as reviewed by ascarpino (Reviewer).

PR: https://git.openjdk.org/jdk/pull/11883

From hchao at openjdk.org  Fri Jan  6 18:32:57 2023
From: hchao at openjdk.org (Hai-May Chao)
Date: Fri, 6 Jan 2023 18:32:57 GMT
Subject: RFR: 8299746: Accept unknown signatureAlgorithm in PKCS7
 SignerInfo
In-Reply-To: <NGxt83A2oqIF7SnNoASxaUaSRblwWYU4bZgYfIOzrx4=.1d9ec1f9-378c-403d-a1e6-b7cc55f7112c@github.com>
References: <NGxt83A2oqIF7SnNoASxaUaSRblwWYU4bZgYfIOzrx4=.1d9ec1f9-378c-403d-a1e6-b7cc55f7112c@github.com>
Message-ID: <XUBdMoWQVqfZXmzXFsZCBfMGXjxqO_yCRonH--0JSQM=.680cc20e-9a67-4969-afd3-e85008b0f578@github.com>

On Fri, 6 Jan 2023 15:52:03 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Modern signature algorithms provided by a 3rd-party provider might not be recognized by JDK code yet.

Marked as reviewed by hchao (Committer).

-------------

PR: https://git.openjdk.org/jdk/pull/11883

From weijun at openjdk.org  Fri Jan  6 18:52:03 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Fri, 6 Jan 2023 18:52:03 GMT
Subject: Integrated: 8299746: Accept unknown signatureAlgorithm in PKCS7
 SignerInfo
In-Reply-To: <NGxt83A2oqIF7SnNoASxaUaSRblwWYU4bZgYfIOzrx4=.1d9ec1f9-378c-403d-a1e6-b7cc55f7112c@github.com>
References: <NGxt83A2oqIF7SnNoASxaUaSRblwWYU4bZgYfIOzrx4=.1d9ec1f9-378c-403d-a1e6-b7cc55f7112c@github.com>
Message-ID: <hiNjn5iN_gSvUO8SkKp-iM5hApQI3f-2EshLuje_ufU=.de34a1fe-401d-4ca5-a150-b520caf90429@github.com>

On Fri, 6 Jan 2023 15:52:03 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Modern signature algorithms provided by a 3rd-party provider might not be recognized by JDK code yet.

This pull request has now been integrated.

Changeset: ba03f42a
Author:    Weijun Wang <weijun at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/ba03f42a50375c05400de9bd19d1d6d444f0a46d
Stats:     62 lines in 2 files changed: 60 ins; 0 del; 2 mod

8299746: Accept unknown signatureAlgorithm in PKCS7 SignerInfo

Reviewed-by: kdriver, ascarpino, hchao

-------------

PR: https://git.openjdk.org/jdk/pull/11883

From xuelei at openjdk.org  Fri Jan  6 18:52:01 2023
From: xuelei at openjdk.org (Xue-Lei Andrew Fan)
Date: Fri, 6 Jan 2023 18:52:01 GMT
Subject: RFR: 8299746: Accept unknown signatureAlgorithm in PKCS7
 SignerInfo
In-Reply-To: <NGxt83A2oqIF7SnNoASxaUaSRblwWYU4bZgYfIOzrx4=.1d9ec1f9-378c-403d-a1e6-b7cc55f7112c@github.com>
References: <NGxt83A2oqIF7SnNoASxaUaSRblwWYU4bZgYfIOzrx4=.1d9ec1f9-378c-403d-a1e6-b7cc55f7112c@github.com>
Message-ID: <mZc23muR12b1DzlFxKK5d7Sszg1fdAFxQO87AS3IrTs=.99fbab31-a334-487c-a4f3-ba67d71bb7bc@github.com>

On Fri, 6 Jan 2023 15:52:03 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Modern signature algorithms provided by a 3rd-party provider might not be recognized by JDK code yet.

src/java.base/share/classes/sun/security/pkcs/SignerInfo.java line 540:

> 538:                 }
> 539:                 if (keyAlg.equals("EC")) keyAlg = "ECDSA";
> 540:                 String sigAlg = digAlg + "with" + keyAlg;

The line could be moved into the try block.

-------------

PR: https://git.openjdk.org/jdk/pull/11883

From weijun at openjdk.org  Fri Jan  6 21:45:02 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Fri, 6 Jan 2023 21:45:02 GMT
Subject: RFR: 8299746: Accept unknown signatureAlgorithm in PKCS7
 SignerInfo
In-Reply-To: <mZc23muR12b1DzlFxKK5d7Sszg1fdAFxQO87AS3IrTs=.99fbab31-a334-487c-a4f3-ba67d71bb7bc@github.com>
References: <NGxt83A2oqIF7SnNoASxaUaSRblwWYU4bZgYfIOzrx4=.1d9ec1f9-378c-403d-a1e6-b7cc55f7112c@github.com>
 <mZc23muR12b1DzlFxKK5d7Sszg1fdAFxQO87AS3IrTs=.99fbab31-a334-487c-a4f3-ba67d71bb7bc@github.com>
Message-ID: <mrrV1nbpEftaJXsB0LRzYp9QsbBziP9ceCxoTs1H_ws=.a9371af4-fdf6-4d32-80e1-62628bf17c83@github.com>

On Fri, 6 Jan 2023 18:48:51 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Modern signature algorithms provided by a 3rd-party provider might not be recognized by JDK code yet.
>
> src/java.base/share/classes/sun/security/pkcs/SignerInfo.java line 540:
> 
>> 538:                 }
>> 539:                 if (keyAlg.equals("EC")) keyAlg = "ECDSA";
>> 540:                 String sigAlg = digAlg + "with" + keyAlg;
> 
> The line could be moved into the try block.

You're right. Unfortunately the PR is already closed. I'll remember to fix it next time I touch this code. Thanks.

-------------

PR: https://git.openjdk.org/jdk/pull/11883

From duke at openjdk.org  Fri Jan  6 23:13:09 2023
From: duke at openjdk.org (Archie L. Cobbs)
Date: Fri, 6 Jan 2023 23:13:09 GMT
Subject: RFR: 8015831: Add lint check for calling overridable methods from
 a constructor [v2]
In-Reply-To: <Ms3zM2qC_QYF8OrfQ4mAi1weE5cHGfWCzPgwuxTLBKY=.d383ef5c-10d7-42de-8be0-03dd64a11af0@github.com>
References: <Ms3zM2qC_QYF8OrfQ4mAi1weE5cHGfWCzPgwuxTLBKY=.d383ef5c-10d7-42de-8be0-03dd64a11af0@github.com>
Message-ID: <QUOGIQWxLc_RT0xtonZXdnCxSUR7Gkw3vj4MSp8wiW8=.23bbeb90-21fe-435a-a4e3-d631ebab9ad6@github.com>

> This PR adds a new lint warning category `this-escape`.
> 
> It also adds `@SuppressWarnings` annotations as needed to the JDK itself to allow the JDK to continue to compile with `-Xlint:all`.
> 
> A 'this' escape warning is generated for a constructor `A()` in a class `A` when the compiler detects that the following situation is _in theory possible:_
> * Some subclass `B extends A` exists, and `B` is defined in a separate source file (i.e., compilation unit)
> * Some constructor `B()` of `B` invokes `A()` as its superclass constructor
> * During the execution of `A()`, some non-static method of `B.foo()` could get invoked, perhaps indirectly
> 
> In the above scenario, `B.foo()` would execute before `A()` has returned and before `B()` has performed any initialization. To the extent `B.foo()` accesses any fields of `B` - all of which are still uninitialized - it is likely to function incorrectly.
> 
> Note, when determining if a 'this' escape is possible, the compiler makes no assumptions about code outside of the current compilation unit. It doesn't look outside of the current source file to see what might actually happen when a method is invoked. It does follow method and constructors within the current compilation unit, and applies a simplified union-of-all-possible-branches data flow analysis to see where 'this' could end up.
> 
> From my review, virtually all of the warnings generated in the various JDK modules are valid warnings in the sense that a 'this' escape, as defined above, is really and truly possible. However, that doesn't imply that any bugs were found within the JDK - only that the possibility of a certain type of bug exists if certain superclass constructors are used by someone, somewhere, someday.
> 
> For several "popular" classes, this PR also adds `@implNote`'s to the offending constructors so that subclass implementors are made aware of the threat. For one example, `TreeMap(Map)` invokes `putAll()` and `put()`.
> 
> More details and a couple of motivating examples are given in an included [doc file](https://github.com/archiecobbs/jdk/blob/ThisEscape/src/java.base/share/classes/java/lang/doc-files/ThisEscape.html) that these `@implNote`'s link to. See also the recent thread on `amber-dev` for some background.
> 
> Ideally, over time the owners of the various modules would review their `@SuppressWarnings("this-escape")` annotations and determine which other constructors also warranted such an `@implNote`.
> 
> Because of all the`@SuppressWarnings` annotations, this PR touches a bunch of different JDK modules. My apologies for that. Adding these annotations was determined to be the more conservative approach, as compared to just excepting `this-escape` from various module builds globally.
> 
> **Patch Navigation Guide**
> 
> * Non-trivial compiler changes:
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/code/Lint.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/code/Types.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/comp/Flow.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/tree/TreeInfo.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/comp/ThisEscapeAnalyzer.java`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/resources/compiler.properties`
>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/resources/javac.properties`
> 
> * Javadoc additions of `@implNote`:
> 
>     * `src/java.base/share/classes/java/io/PipedReader.java`
>     * `src/java.base/share/classes/java/io/PipedWriter.java`
>     * `src/java.base/share/classes/java/lang/Throwable.java`
>     * `src/java.base/share/classes/java/util/ArrayDeque.java`
>     * `src/java.base/share/classes/java/util/EnumMap.java`
>     * `src/java.base/share/classes/java/util/HashSet.java`
>     * `src/java.base/share/classes/java/util/Hashtable.java`
>     * `src/java.base/share/classes/java/util/LinkedList.java`
>     * `src/java.base/share/classes/java/util/TreeMap.java`
>     * `src/java.base/share/classes/java/util/TreeSet.java`
> 
> * New unit tests
>     * `test/langtools/tools/javac/warnings/ThisEscape/*.java`
> 
> * **Everything else** is just adding `@SuppressWarnings("this-escape")`

Archie L. Cobbs has updated the pull request incrementally with two additional commits since the last revision:

 - Update copyright year for newly added files to 2023.
 - Suppress "this-escape" warnings using build flags instead of @SuppressAnnotations annotations.

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11874/files
  - new: https://git.openjdk.org/jdk/pull/11874/files/9c162283..f667cd56

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11874&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11874&range=00-01

  Stats: 1935 lines in 1303 files changed: 60 ins; 1770 del; 105 mod
  Patch: https://git.openjdk.org/jdk/pull/11874.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11874/head:pull/11874

PR: https://git.openjdk.org/jdk/pull/11874

From duke at openjdk.org  Fri Jan  6 23:13:09 2023
From: duke at openjdk.org (Archie L. Cobbs)
Date: Fri, 6 Jan 2023 23:13:09 GMT
Subject: RFR: 8015831: Add lint check for calling overridable methods from
 a constructor
In-Reply-To: <zCh-SUG-aTKJSXkfjCsxJHyjB5CvrM4Jik_-zVvXICc=.caa64740-ee13-4c8d-8bc6-429148bb84e6@github.com>
References: <Ms3zM2qC_QYF8OrfQ4mAi1weE5cHGfWCzPgwuxTLBKY=.d383ef5c-10d7-42de-8be0-03dd64a11af0@github.com>
 <bT23KDnt3l6QShNPVLFoC9H88-v8djTLMxtXewI7gv4=.894547d3-a564-4a5d-9a6d-2264876ac642@github.com>
 <MTkJNTvGepdVz-6gfrweOnP-8laNPOemoDSdZ6S8GBo=.51eabb04-75eb-40e6-b18c-203ee564b4ae@github.com>
 <zCh-SUG-aTKJSXkfjCsxJHyjB5CvrM4Jik_-zVvXICc=.caa64740-ee13-4c8d-8bc6-429148bb84e6@github.com>
Message-ID: <D_16yzU3GKCNp3muk32Ykwpy9od0qdOohTmBO8Gt_Es=.c914efeb-2b98-44ef-891a-7480fb094315@github.com>

On Fri, 6 Jan 2023 15:38:31 GMT, Alan Bateman <alanb at openjdk.org> wrote:

>>> The associated JBS issue has been dormant for 6+ years and this is a very intrusive change affecting many, many files. Has the resurrection of this project previously been discussed somewhere?
>> 
>> Hi @dholmes-ora,
>> 
>> The work to add this warning has been guided by @briangoetz in discussions on the amber-dev mailing list. See that thread for how we came up with the current design, underlying motivation, etc.
>> 
>> Regarding intrusiveness (assuming you're referring simply to the number of files touched), as mentioned this was one of two options. The other option would be to patch to about ~30 `Java.gmk` files in `make/modules` to exclude `this-escape` from `-Xlint` during the various module builds.
>> 
>> Going this route is fine with me, but it has the downside that any new code being developed would not benefit from the new warning. This was in fact my original approach (and it was a lot easier :) but Brian rightly pointed out that adding `@SuppressWarnings` annotations was the the safer (i.e, more conservative) approach. 
>> 
>>> If you haven't done so already then you probably should socialize on compiler-dev and get agreement on the semantics and other details.
>> 
>> Hi @AlanBateman,
>> 
>> As mentioned this has been under discussion on amber-dev for a while. Happy to continue that discussion here as well.
>> 
>>> I think you will also need to separate the addition of the lint warning from the changes to the wider JDK. It might be okay to add the feature but have it disabled for the JDK build initially.
>> 
>> Sounds reasonable... so I take it you would also be in favor of patching `make/modules` instead of adding `@SuppressWarnings` annotations everywhere... is that correct?
>> 
>> If this is generally agreed as a better route then let me know and I'll update the patch.
>> 
>> Thanks for both of your comments.
>
>> Sounds reasonable... so I take it you would also be in favor of patching `make/modules` instead of adding `@SuppressWarnings` annotations everywhere... is that correct?
>> 
>> If this is generally agreed as a better route then let me know and I'll update the patch.
> 
> Yes, I think that would be better. It would remove most of the noise, 1200+ files, and 10+ mailing lists from this PR. I assume there will be at least some iteration on compiler-dev about the details and changes to javac. Once you get to the JDK changes then I suspect that some areas may want to fix issues rather than adding SW. Sadly, I see a few examples in your list where there have been attempts to avoid leaking "this" but where we backed away out of concern that 3rd party code was extending some class and overriding a method known to be invoked by the constructor. Also we have places that register themselves to cleaners. I suspect some of the suggestions to document leaking this in implNotes will need discussion too because they amount to documenting "hooks" that people will rely on, e.g. documenting in ArrayDeque that its constructor invokes addList could be read as an invite to override it.

Hi @AlanBateman,

OK that sounds like a plan. I've pushed a new commit to the `ThisEscape` branch that removes all the`@SuppressWarnings` annotations and replaces them with adjustments to build flags.

I've moved the `@SuppressWarnings` annotations onto a new branch `ThisEscapeAnnotations`. This is just for future reference in case somebody wants to add them back someday and doesn't want to start from scratch.

>  I suspect some of the suggestions to document leaking this in implNotes will need discussion too because they amount to documenting "hooks" that people will rely on, e.g. documenting in ArrayDeque that its constructor invokes addList could be read as an invite to override it.

Hmm. Hasn't that horse already left the barn? You kind of implied that when you said:

> I see a few examples in your list where there have been attempts to avoid leaking "this" but where we backed away out of concern that 3rd party code was extending some class and overriding a method known to be invoked by the constructor.

In other words, it doesn't sound like changing the behavior of these constructors is viable option at this point. And if that's the case, we might as well document and warn about the current behavior.

Of course I'd love to be wrong... in which case, we can fix these constructors.

Or, the third option - just do nothing yet. That would mean removing the warnings, which is fine.

But then the `ThisEscape.html` document is orphaned. What should we do with it? I can remove it, just leave it there, or put it somewhere else (where?).

It seems like having some documentation of the meaning of "this escape" would be helpful, because it's a subtle concept and there are multiple ways to define "escape".

Thanks.

@mcimadamore thanks for the bugs suggestion, I'll put that on the to-do list.

-------------

PR: https://git.openjdk.org/jdk/pull/11874

From serb at openjdk.org  Sat Jan  7 08:29:58 2023
From: serb at openjdk.org (Sergey Bylokhov)
Date: Sat, 7 Jan 2023 08:29:58 GMT
Subject: RFR: 8298381: Improve handling of session tickets for multiple
 SSLContexts [v6]
In-Reply-To: <NhQa1OLqeTYBYg2SaRxtroQ5WNHA2wMLTuv9wT9BBN4=.4fa60fa1-63b3-4206-91a6-607d86ef97be@github.com>
References: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
 <NhQa1OLqeTYBYg2SaRxtroQ5WNHA2wMLTuv9wT9BBN4=.4fa60fa1-63b3-4206-91a6-607d86ef97be@github.com>
Message-ID: <OL2W0uk0NOsRBl08xD77jO_405Ucknn8oQV8UqFhSCs=.70d472f3-3661-42c5-b814-e2421936f4b8@github.com>

On Tue, 3 Jan 2023 17:45:12 GMT, Volker Simonis <simonis at openjdk.org> wrote:

>> Currently, TLS session tickets introduced by [JDK-8211018](https://bugs.openjdk.org/browse/JDK-8211018) in JDK 13 (i.e. `SessionTicketExtension$StatelessKey`) are generated in the class `SessionTicketExtension` and they use a single, global key ID (`currentKeyID`) for all `SSLContext`s.
>> 
>> This is problematic if more than one `SSLContext` is used, because every context which requests a session ticket will increment the global id `currentKeyID` when it creates a ticket. This means that in turn all the other contexts won't be able to find a ticket under the new id in their `SSLContextImpl` and create a new one (again incrementing `currentKeyID`). In fact, every time a ticket is requested from a different context, this will transitively trigger a new ticket creation in all the other contexts. We've observed millions of session ticket accumulating for some workloads.
>> 
>> Another issue with the curent implementation is that cleanup is racy because the underlying data structure (i.e. `keyHashMap` in `SSLContextImpl`) as well as the cleanup code itself are not threadsafe.
>> 
>> I therefor propose to move `currentKeyID` into the `SSLContextImpl` to solve these issues.
>> 
>> The following test program (contributed by Steven Collison (https://raycoll.com/)) can be used to demonstrate the current behaviour. It outputs the number of `StatelessKey` instances at the end of the program. Opening 1000 connections with a single `SSLContext` results in a single `StatelessKey` instance being created:
>> 
>> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext 9999 1 1000
>> 605:             1             32  sun.security.ssl.SessionTicketExtension$StatelessKey (java.base at 20-internal)
>> 
>> The same example with the 1000 connections being opened alternatively on thwo different contexts will instead create 1000 `StatelessKey` instances:
>> 
>> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext 9999 2 1000
>>   11:          1000          32000  sun.security.ssl.SessionTicketExtension$StatelessKey (java.base at 20-internal)
>> 
>> With my proposed patch, the numbers goes back to two instances again:
>> 
>> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext 9999 2 1000
>> 611:             2             64  sun.security.ssl.SessionTicketExtension$StatelessKey (java.base at 20-internal)
>> 
>> 
>> I've attached the test program to the [JBS issue](https://bugs.openjdk.org/browse/JDK-8298381). If you think it makes sense, I can probably convert it into a JTreg test.
>
> Volker Simonis has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Updated copyright year to 2023

src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java line 199:

> 197:                 it.remove();
> 198:                 try {
> 199:                     k.key.destroy();

Is it safe to assume that "key.destroy()" is threadsafe?

src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java line 209:

> 207:     // Package-private, used only from SessionTicketExtension.KeyState::getCurrentKey.
> 208:     SessionTicketExtension.StatelessKey getKey(HandshakeContext hc) {
> 209:         SessionTicketExtension.StatelessKey ssk = keyHashMap.get(currentKeyID);

is it safe to assume that the "currentKeyID" initialized/updated before on a different thread can be correctly read here?

src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java line 220:

> 218:                 return ssk;
> 219:             }
> 220:             int newID = currentKeyID + 1;

Do we actually want to support the whole range of ints here? Probably some limitations can be applied?

-------------

PR: https://git.openjdk.org/jdk/pull/11590

From duke at openjdk.org  Sat Jan  7 16:24:56 2023
From: duke at openjdk.org (ExE Boss)
Date: Sat, 7 Jan 2023 16:24:56 GMT
Subject: RFR: 8015831: Add lint check for calling overridable methods from
 a constructor [v2]
In-Reply-To: <QUOGIQWxLc_RT0xtonZXdnCxSUR7Gkw3vj4MSp8wiW8=.23bbeb90-21fe-435a-a4e3-d631ebab9ad6@github.com>
References: <Ms3zM2qC_QYF8OrfQ4mAi1weE5cHGfWCzPgwuxTLBKY=.d383ef5c-10d7-42de-8be0-03dd64a11af0@github.com>
 <QUOGIQWxLc_RT0xtonZXdnCxSUR7Gkw3vj4MSp8wiW8=.23bbeb90-21fe-435a-a4e3-d631ebab9ad6@github.com>
Message-ID: <xWYztLE9Mx-jVzvGesQ0jF5PXrQYZE_aDpOvZ6EW5K8=.70ef0e5d-3fcc-4428-bbc4-d2847fd57e69@github.com>

On Fri, 6 Jan 2023 23:13:09 GMT, Archie L. Cobbs <duke at openjdk.org> wrote:

>> This PR adds a new lint warning category `this-escape`.
>> 
>> It also adds `@SuppressWarnings` annotations as needed to the JDK itself to allow the JDK to continue to compile with `-Xlint:all`.
>> 
>> A 'this' escape warning is generated for a constructor `A()` in a class `A` when the compiler detects that the following situation is _in theory possible:_
>> * Some subclass `B extends A` exists, and `B` is defined in a separate source file (i.e., compilation unit)
>> * Some constructor `B()` of `B` invokes `A()` as its superclass constructor
>> * During the execution of `A()`, some non-static method of `B.foo()` could get invoked, perhaps indirectly
>> 
>> In the above scenario, `B.foo()` would execute before `A()` has returned and before `B()` has performed any initialization. To the extent `B.foo()` accesses any fields of `B` - all of which are still uninitialized - it is likely to function incorrectly.
>> 
>> Note, when determining if a 'this' escape is possible, the compiler makes no assumptions about code outside of the current compilation unit. It doesn't look outside of the current source file to see what might actually happen when a method is invoked. It does follow method and constructors within the current compilation unit, and applies a simplified union-of-all-possible-branches data flow analysis to see where 'this' could end up.
>> 
>> From my review, virtually all of the warnings generated in the various JDK modules are valid warnings in the sense that a 'this' escape, as defined above, is really and truly possible. However, that doesn't imply that any bugs were found within the JDK - only that the possibility of a certain type of bug exists if certain superclass constructors are used by someone, somewhere, someday.
>> 
>> For several "popular" classes, this PR also adds `@implNote`'s to the offending constructors so that subclass implementors are made aware of the threat. For one example, `TreeMap(Map)` invokes `putAll()` and `put()`.
>> 
>> More details and a couple of motivating examples are given in an included [doc file](https://github.com/archiecobbs/jdk/blob/ThisEscape/src/java.base/share/classes/java/lang/doc-files/ThisEscape.html) that these `@implNote`'s link to. See also the recent thread on `amber-dev` for some background.
>> 
>> Ideally, over time the owners of the various modules would review their `@SuppressWarnings("this-escape")` annotations and determine which other constructors also warranted such an `@implNote`.
>> 
>> Because of all the`@SuppressWarnings` annotations, this PR touches a bunch of different JDK modules. My apologies for that. Adding these annotations was determined to be the more conservative approach, as compared to just excepting `this-escape` from various module builds globally.
>> 
>> **Patch Navigation Guide**
>> 
>> * Non-trivial compiler changes:
>>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/code/Lint.java`
>>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/code/Types.java`
>>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/comp/Flow.java`
>>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/tree/TreeInfo.java`
>>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/comp/ThisEscapeAnalyzer.java`
>>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/resources/compiler.properties`
>>     * `src/jdk.compiler/share/classes/com/sun/tools/javac/resources/javac.properties`
>> 
>> * Javadoc additions of `@implNote`:
>> 
>>     * `src/java.base/share/classes/java/io/PipedReader.java`
>>     * `src/java.base/share/classes/java/io/PipedWriter.java`
>>     * `src/java.base/share/classes/java/lang/Throwable.java`
>>     * `src/java.base/share/classes/java/util/ArrayDeque.java`
>>     * `src/java.base/share/classes/java/util/EnumMap.java`
>>     * `src/java.base/share/classes/java/util/HashSet.java`
>>     * `src/java.base/share/classes/java/util/Hashtable.java`
>>     * `src/java.base/share/classes/java/util/LinkedList.java`
>>     * `src/java.base/share/classes/java/util/TreeMap.java`
>>     * `src/java.base/share/classes/java/util/TreeSet.java`
>> 
>> * New unit tests
>>     * `test/langtools/tools/javac/warnings/ThisEscape/*.java`
>> 
>> * **Everything else** is just adding `@SuppressWarnings("this-escape")`
>
> Archie L. Cobbs has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - Update copyright year for newly added files to 2023.
>  - Suppress "this-escape" warnings using build flags instead of @SuppressAnnotations annotations.

src/java.base/share/classes/java/lang/AssertionError.java line 75:

> 73:      */
> 74:     @SuppressWarnings("this-escape")
> 75:     public AssertionError(Object detailMessage) {

The?Javadoc of?this?constructor should?probably?mention that?it?calls `initCause(?)` when?`detailMessage` is?a?`Throwable`.

src/java.base/share/classes/java/lang/BootstrapMethodError.java line 77:

> 75:      * Constructs a {@code BootstrapMethodError} with the specified
> 76:      * cause.
> 77:      *

Suggestion:

     *
     * @implNote This constructor invokes {@link #initCause initCause()}; see
     * <a href="{@docRoot}/java.base/java/lang/doc-files/ThisEscape.html">This Escape</a>.
     *

src/java.base/share/classes/java/lang/ExceptionInInitializerError.java line 54:

> 52:      * throwable object.
> 53:      * A detail message is a String that describes this particular exception.
> 54:      */

Suggestion:

     *
     * @implNote This constructor invokes {@link #initCause initCause()}; see
     * <a href="{@docRoot}/java.base/java/lang/doc-files/ThisEscape.html">This Escape</a>.
     */

-------------

PR: https://git.openjdk.org/jdk/pull/11874

From duke at openjdk.org  Mon Jan  9 14:52:47 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Mon, 9 Jan 2023 14:52:47 GMT
Subject: RFR: 8298868: Update EngineCloseOnAlert.java for changes to TLS
 implementation
Message-ID: <o2geplAugwgBwhlWtpQfkkmNyTPX-Wah6txhD5JqliY=.545458fa-8aaf-4024-8b8d-a41375349dcd@github.com>

Refactored the code a little bit and updated the test for changes to the TLS state machine.

-------------

Commit messages:
 - 8298868: Update EngineCloseOnAlert.java for changes to TLS implementation

Changes: https://git.openjdk.org/jdk/pull/11903/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11903&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8298868
  Stats: 57 lines in 2 files changed: 16 ins; 9 del; 32 mod
  Patch: https://git.openjdk.org/jdk/pull/11903.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11903/head:pull/11903

PR: https://git.openjdk.org/jdk/pull/11903

From simonis at openjdk.org  Mon Jan  9 16:15:00 2023
From: simonis at openjdk.org (Volker Simonis)
Date: Mon, 9 Jan 2023 16:15:00 GMT
Subject: RFR: 8298381: Improve handling of session tickets for multiple
 SSLContexts [v6]
In-Reply-To: <OL2W0uk0NOsRBl08xD77jO_405Ucknn8oQV8UqFhSCs=.70d472f3-3661-42c5-b814-e2421936f4b8@github.com>
References: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
 <NhQa1OLqeTYBYg2SaRxtroQ5WNHA2wMLTuv9wT9BBN4=.4fa60fa1-63b3-4206-91a6-607d86ef97be@github.com>
 <OL2W0uk0NOsRBl08xD77jO_405Ucknn8oQV8UqFhSCs=.70d472f3-3661-42c5-b814-e2421936f4b8@github.com>
Message-ID: <w7MZiLAWlQ0xS3myEtWmivxni4B8migCcsuLMu6IAsw=.6bd0ab4a-7b89-472c-8172-75c8bab47898@github.com>

On Sat, 7 Jan 2023 08:21:38 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:

>> Volker Simonis has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Updated copyright year to 2023
>
> src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java line 209:
> 
>> 207:     // Package-private, used only from SessionTicketExtension.KeyState::getCurrentKey.
>> 208:     SessionTicketExtension.StatelessKey getKey(HandshakeContext hc) {
>> 209:         SessionTicketExtension.StatelessKey ssk = keyHashMap.get(currentKeyID);
> 
> is it safe to assume that the "currentKeyID" initialized/updated before on a different thread can be correctly read here?

Yes, because `currentKeyID` is updated in a synchronized section *after* the corresponding key was added to `keyHashMap`.

-------------

PR: https://git.openjdk.org/jdk/pull/11590

From simonis at openjdk.org  Mon Jan  9 17:01:00 2023
From: simonis at openjdk.org (Volker Simonis)
Date: Mon, 9 Jan 2023 17:01:00 GMT
Subject: RFR: 8298381: Improve handling of session tickets for multiple
 SSLContexts [v6]
In-Reply-To: <OL2W0uk0NOsRBl08xD77jO_405Ucknn8oQV8UqFhSCs=.70d472f3-3661-42c5-b814-e2421936f4b8@github.com>
References: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
 <NhQa1OLqeTYBYg2SaRxtroQ5WNHA2wMLTuv9wT9BBN4=.4fa60fa1-63b3-4206-91a6-607d86ef97be@github.com>
 <OL2W0uk0NOsRBl08xD77jO_405Ucknn8oQV8UqFhSCs=.70d472f3-3661-42c5-b814-e2421936f4b8@github.com>
Message-ID: <MheHOPe1eZPtrRct3Cs0K5bP9T3MQMwAlg-vB5bc4-E=.bedb14d7-40bd-489a-aeb9-0d50c04e7bf8@github.com>

On Sat, 7 Jan 2023 08:26:12 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:

>> Volker Simonis has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Updated copyright year to 2023
>
> src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java line 199:
> 
>> 197:                 it.remove();
>> 198:                 try {
>> 199:                     k.key.destroy();
> 
> Is it safe to assume that "key.destroy()" is threadsafe?

First of all, this isn't a change with regards to the old implementation.

But in general I don't think this is a problem because the current implementation is using "AES" keys which are generated by `AESKeyGenerator` and are actually plain `SecretKeySpec` keys. These keys don't even implement a `destroy()` method so they will throw `DestroyFailedException` anyway (that's the default implementation of `Destroyable::destroy()`).

-------------

PR: https://git.openjdk.org/jdk/pull/11590

From simonis at openjdk.org  Mon Jan  9 17:06:04 2023
From: simonis at openjdk.org (Volker Simonis)
Date: Mon, 9 Jan 2023 17:06:04 GMT
Subject: RFR: 8298381: Improve handling of session tickets for multiple
 SSLContexts [v6]
In-Reply-To: <OL2W0uk0NOsRBl08xD77jO_405Ucknn8oQV8UqFhSCs=.70d472f3-3661-42c5-b814-e2421936f4b8@github.com>
References: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
 <NhQa1OLqeTYBYg2SaRxtroQ5WNHA2wMLTuv9wT9BBN4=.4fa60fa1-63b3-4206-91a6-607d86ef97be@github.com>
 <OL2W0uk0NOsRBl08xD77jO_405Ucknn8oQV8UqFhSCs=.70d472f3-3661-42c5-b814-e2421936f4b8@github.com>
Message-ID: <C5Usb5cetzrLQWJwxip2XNc4hNcgD1uw3oONb5zu9G8=.709a21dd-cd6e-488b-a5b6-4b70450c2267@github.com>

On Sat, 7 Jan 2023 08:24:42 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:

>> Volker Simonis has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Updated copyright year to 2023
>
> src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java line 220:
> 
>> 218:                 return ssk;
>> 219:             }
>> 220:             int newID = currentKeyID + 1;
> 
> Do we actually want to support the whole range of ints here? Probably some limitations can be applied?

Why, we used the full range before and with this change we will produce significantly less keys anyway.

-------------

PR: https://git.openjdk.org/jdk/pull/11590

From simonis at openjdk.org  Mon Jan  9 17:32:01 2023
From: simonis at openjdk.org (Volker Simonis)
Date: Mon, 9 Jan 2023 17:32:01 GMT
Subject: RFR: 8298381: Improve handling of session tickets for multiple
 SSLContexts [v5]
In-Reply-To: <c8_oKudZ3wgGpNxSR9lRXtfnNr2ga3jZDRy6DRcp3q8=.6832f064-cf6b-4f0d-8835-6a997a295905@github.com>
References: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
 <sZRhosUwjIv2lcRhOXsJ2qzKkhz9WpgKHvj8NkWaQfk=.3f1d0524-60fe-4095-b2b2-810c9b09bc1e@github.com>
 <0DraNUgnD1sGBM7e3jj101i5Dso2znvuEU-z5GYDnPw=.8df7206e-9934-474d-b8c0-c3d87f628c79@github.com>
 <c8_oKudZ3wgGpNxSR9lRXtfnNr2ga3jZDRy6DRcp3q8=.6832f064-cf6b-4f0d-8835-6a997a295905@github.com>
Message-ID: <6eqKCkoL9tPM47hTpuY_gmmT4aI2HpjPvH6D2IpFlVE=.b1d8efd3-248f-4726-ba05-f5ee7478857f@github.com>

On Tue, 3 Jan 2023 17:43:43 GMT, Volker Simonis <simonis at openjdk.org> wrote:

>> Looks good to me.  Thanks!
>
>> Looks good to me. Thanks!
> 
> Thanks @XueleiFan!
> 
> I've updated the copyright year to 2023 and will wait one or two more days just in case @ascarpino wants to take one more look as well.

> Hi @simonis, I am sorry for chiming in so late on this issue. I do think it might be worthwhile to make your proof-of-concept code into a jtreg test as you mentioned in your summary. I think it really comes down to how feasible the conversion would be. It's always better to have an automated test if we can, but it depends on if jtreg code can get access to reliable information about the session tickets via the session cache and know that things are behaving as intended.

I don't think the current reproducer can easily be converted into a cheap and stable jterg test. The current version is quite heavyweight because it calls `jcmd GC.class_histogram` and not really stable because it depends on the number of live `StatelessKey` objects in the heap. So for now I'd prefer to finally fix this issue even without an attached automatic test.

-------------

PR: https://git.openjdk.org/jdk/pull/11590

From serb at openjdk.org  Mon Jan  9 17:37:04 2023
From: serb at openjdk.org (Sergey Bylokhov)
Date: Mon, 9 Jan 2023 17:37:04 GMT
Subject: RFR: 8298381: Improve handling of session tickets for multiple
 SSLContexts [v6]
In-Reply-To: <w7MZiLAWlQ0xS3myEtWmivxni4B8migCcsuLMu6IAsw=.6bd0ab4a-7b89-472c-8172-75c8bab47898@github.com>
References: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
 <NhQa1OLqeTYBYg2SaRxtroQ5WNHA2wMLTuv9wT9BBN4=.4fa60fa1-63b3-4206-91a6-607d86ef97be@github.com>
 <OL2W0uk0NOsRBl08xD77jO_405Ucknn8oQV8UqFhSCs=.70d472f3-3661-42c5-b814-e2421936f4b8@github.com>
 <w7MZiLAWlQ0xS3myEtWmivxni4B8migCcsuLMu6IAsw=.6bd0ab4a-7b89-472c-8172-75c8bab47898@github.com>
Message-ID: <Qtd-Xml6IhSOa0y4FCyRiEwf95t8seDEM3-OF8dcuV8=.ef23c4c5-0371-47f6-a529-0506f01e5872@github.com>

On Mon, 9 Jan 2023 16:12:18 GMT, Volker Simonis <simonis at openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java line 209:
>> 
>>> 207:     // Package-private, used only from SessionTicketExtension.KeyState::getCurrentKey.
>>> 208:     SessionTicketExtension.StatelessKey getKey(HandshakeContext hc) {
>>> 209:         SessionTicketExtension.StatelessKey ssk = keyHashMap.get(currentKeyID);
>> 
>> is it safe to assume that the "currentKeyID" initialized/updated before on a different thread can be correctly read here?
>
> Yes, because `currentKeyID` is updated in a synchronized section *after* the corresponding key was added to `keyHashMap`.

Please clarify that, if the field is updated on one thread under synchronized block, why we will read the correct "currentKeyID" here on another thread if no synchronization is used in this place?

-------------

PR: https://git.openjdk.org/jdk/pull/11590

From simonis at openjdk.org  Mon Jan  9 18:40:56 2023
From: simonis at openjdk.org (Volker Simonis)
Date: Mon, 9 Jan 2023 18:40:56 GMT
Subject: RFR: 8298381: Improve handling of session tickets for multiple
 SSLContexts [v6]
In-Reply-To: <Qtd-Xml6IhSOa0y4FCyRiEwf95t8seDEM3-OF8dcuV8=.ef23c4c5-0371-47f6-a529-0506f01e5872@github.com>
References: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
 <NhQa1OLqeTYBYg2SaRxtroQ5WNHA2wMLTuv9wT9BBN4=.4fa60fa1-63b3-4206-91a6-607d86ef97be@github.com>
 <OL2W0uk0NOsRBl08xD77jO_405Ucknn8oQV8UqFhSCs=.70d472f3-3661-42c5-b814-e2421936f4b8@github.com>
 <w7MZiLAWlQ0xS3myEtWmivxni4B8migCcsuLMu6IAsw=.6bd0ab4a-7b89-472c-8172-75c8bab47898@github.com>
 <Qtd-Xml6IhSOa0y4FCyRiEwf95t8seDEM3-OF8dcuV8=.ef23c4c5-0371-47f6-a529-0506f01e5872@github.com>
Message-ID: <wM5mwxa8hs6m_jZ_rbln57RFP78hn-nHQflx_KjBk0k=.7c6b4210-c3df-42e0-83d5-ff4a5c72065d@github.com>

On Mon, 9 Jan 2023 17:34:06 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:

> Please clarify that, if the field is updated on one thread under synchronized block, why we will read the correct "currentKeyID" here on another thread if no synchronization is used in this place?

I only said that if another thread reads the new value of `currentKeyID`, the corresponding key will already be in the `keyHashMap` because that happened before updating `currentKeyID`. If another thread will read the old value of `currentKeyID` that also will be no problem as discussed before in this PR.

-------------

PR: https://git.openjdk.org/jdk/pull/11590

From kdriver at openjdk.org  Mon Jan  9 21:55:57 2023
From: kdriver at openjdk.org (Kevin Driver)
Date: Mon, 9 Jan 2023 21:55:57 GMT
Subject: RFR: 8297972: Poly1305 Endianness on ByteBuffer not enforced
In-Reply-To: <d5Eh66F_jaKsA7WCj4Gjdu1iND8Inz6Z-kBVwHzCF7s=.b5da3bb1-dae7-4ff2-b711-b405b008ca29@github.com>
References: <d5Eh66F_jaKsA7WCj4Gjdu1iND8Inz6Z-kBVwHzCF7s=.b5da3bb1-dae7-4ff2-b711-b405b008ca29@github.com>
Message-ID: <DGFzrFUPOsyR2BPGrNMuE3--0evFETbtU5f-AuV38Wg=.d8e97d44-5ae6-4388-aced-9a24776bc7cf@github.com>

On Thu, 1 Dec 2022 18:28:21 GMT, Volodymyr Paprotski <duke at openjdk.org> wrote:

> Per rfc7539 Section 2.5, "Read the block as a little-endian number."
> 
> sun.security.util.math.intpoly.IntegerPolynomial1305 enforces this on input when input is provided as `[]byte` but not when input is in `ByteBuffer`
> 
> Tested with `Poly1305IntrinsicFuzzTest.java` from https://github.com/openjdk/jdk/pull/11338 which compares Poly1305 MAC between `ByteBuffer` and `[]byte`

?

-------------

PR: https://git.openjdk.org/jdk/pull/11463

From jamil.j.nimeh at oracle.com  Tue Jan 10 14:44:36 2023
From: jamil.j.nimeh at oracle.com (Jamil Nimeh)
Date: Tue, 10 Jan 2023 06:44:36 -0800
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP response
Message-ID: <f1e4e650-3a2f-c743-3f5c-955400c9a419@oracle.com>

Hello all,

This fixes an issue in OCSP where HTTP responses that do not have an 
explicit Content-Length are causing an EOFException which unravels into 
a CertPathValidatorException during validations that involve OCSP checks.

  * JBS: https://bugs.openjdk.org/browse/JDK-8296343


https://github.com/openjdk/jdk/pull/11917

Thanks,

--Jamil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230110/870c2b48/attachment.htm>

From mpowers at openjdk.org  Tue Jan 10 16:02:56 2023
From: mpowers at openjdk.org (Mark Powers)
Date: Tue, 10 Jan 2023 16:02:56 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response
In-Reply-To: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
Message-ID: <KVzP0mzBa_KLt3d1smeWYEj6i52t1haLxWuolMrbm2c=.d5846028-6d85-4f47-a48a-d35bc9f94bac@github.com>

On Tue, 10 Jan 2023 06:02:29 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
> 
> - JBS: https://bugs.openjdk.org/browse/JDK-8296343

test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java line 58:

> 56: 
> 57:     // Turn on debugging
> 58:     static final boolean debug = true;

Do you really mean to set `debug` to `true`?

-------------

PR: https://git.openjdk.org/jdk/pull/11917

From jnimeh at openjdk.org  Tue Jan 10 16:49:52 2023
From: jnimeh at openjdk.org (Jamil Nimeh)
Date: Tue, 10 Jan 2023 16:49:52 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response
In-Reply-To: <KVzP0mzBa_KLt3d1smeWYEj6i52t1haLxWuolMrbm2c=.d5846028-6d85-4f47-a48a-d35bc9f94bac@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
 <KVzP0mzBa_KLt3d1smeWYEj6i52t1haLxWuolMrbm2c=.d5846028-6d85-4f47-a48a-d35bc9f94bac@github.com>
Message-ID: <Y6oUBqLTFufStKJZwKbPqm2UtFlBMquqlW_UIh0ZAUE=.e31c03a3-2fa6-4f21-b19a-14f9cf73af1f@github.com>

On Tue, 10 Jan 2023 15:49:26 GMT, Mark Powers <mpowers at openjdk.org> wrote:

>> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
>> 
>> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
>
> test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java line 58:
> 
>> 56: 
>> 57:     // Turn on debugging
>> 58:     static final boolean debug = true;
> 
> Do you really mean to set `debug` to `true`?

The overall output is pretty small even with it on, but I'll switch it off.

-------------

PR: https://git.openjdk.org/jdk/pull/11917

From xuelei at openjdk.org  Tue Jan 10 17:33:00 2023
From: xuelei at openjdk.org (Xue-Lei Andrew Fan)
Date: Tue, 10 Jan 2023 17:33:00 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response
In-Reply-To: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
Message-ID: <zQhhtJuTifJ4miV8C8WPyGL4E-AoArlVTWIGCAN2GL8=.bfdd8b6e-9ab2-4f50-baa9-3aa39b6fb1f5@github.com>

On Tue, 10 Jan 2023 06:02:29 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
> 
> - JBS: https://bugs.openjdk.org/browse/JDK-8296343

src/java.base/share/classes/sun/security/provider/certpath/OCSP.java line 217:

> 215: 
> 216:             int contentLength = con.getContentLength();
> 217:             return (contentLength == -1) ? con.getInputStream().readAllBytes() :

For the returned OCSP bytes, what if the response code is not OK?

-------------

PR: https://git.openjdk.org/jdk/pull/11917

From jnimeh at openjdk.org  Tue Jan 10 17:52:56 2023
From: jnimeh at openjdk.org (Jamil Nimeh)
Date: Tue, 10 Jan 2023 17:52:56 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response
In-Reply-To: <zQhhtJuTifJ4miV8C8WPyGL4E-AoArlVTWIGCAN2GL8=.bfdd8b6e-9ab2-4f50-baa9-3aa39b6fb1f5@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
 <zQhhtJuTifJ4miV8C8WPyGL4E-AoArlVTWIGCAN2GL8=.bfdd8b6e-9ab2-4f50-baa9-3aa39b6fb1f5@github.com>
Message-ID: <LwVKHioqdlrEApYahfFF9dE1TcVy5ICmG53LiY2e3oY=.a8b5dbba-182b-472f-be61-19ed86e9821c@github.com>

On Tue, 10 Jan 2023 17:30:08 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
>> 
>> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
>
> src/java.base/share/classes/sun/security/provider/certpath/OCSP.java line 217:
> 
>> 215: 
>> 216:             int contentLength = con.getContentLength();
>> 217:             return (contentLength == -1) ? con.getInputStream().readAllBytes() :
> 
> For the returned OCSP bytes, what if the response code is not OK?

Well, in the case of a 404 what appears to happen is that HttpURLConnection would throw a FileNotFoundException.  That ultimately would result in a CPVE if there were no other sources of revocation information (e.g. CRL) for that certificate.

-------------

PR: https://git.openjdk.org/jdk/pull/11917

From xuelei at openjdk.org  Tue Jan 10 18:29:53 2023
From: xuelei at openjdk.org (Xue-Lei Andrew Fan)
Date: Tue, 10 Jan 2023 18:29:53 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response
In-Reply-To: <LwVKHioqdlrEApYahfFF9dE1TcVy5ICmG53LiY2e3oY=.a8b5dbba-182b-472f-be61-19ed86e9821c@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
 <zQhhtJuTifJ4miV8C8WPyGL4E-AoArlVTWIGCAN2GL8=.bfdd8b6e-9ab2-4f50-baa9-3aa39b6fb1f5@github.com>
 <LwVKHioqdlrEApYahfFF9dE1TcVy5ICmG53LiY2e3oY=.a8b5dbba-182b-472f-be61-19ed86e9821c@github.com>
Message-ID: <mxNLbcZRbFPlCQlXFIstj3U4LkG65Ha_uxMOL5ZabJk=.2047869c-4c55-4dcb-9142-1c1bea1715d3@github.com>

On Tue, 10 Jan 2023 17:50:23 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/provider/certpath/OCSP.java line 217:
>> 
>>> 215: 
>>> 216:             int contentLength = con.getContentLength();
>>> 217:             return (contentLength == -1) ? con.getInputStream().readAllBytes() :
>> 
>> For the returned OCSP bytes, what if the response code is not OK?
>
> Well, in the case of a 404 what appears to happen is that HttpURLConnection would throw a FileNotFoundException.  That ultimately would result in a CPVE if there were no other sources of revocation information (e.g. CRL) for that certificate.

It may be more effective/accuracy to stop read OCSP response bytes if response code is not OK.

-------------

PR: https://git.openjdk.org/jdk/pull/11917

From jnimeh at openjdk.org  Tue Jan 10 18:34:54 2023
From: jnimeh at openjdk.org (Jamil Nimeh)
Date: Tue, 10 Jan 2023 18:34:54 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response
In-Reply-To: <mxNLbcZRbFPlCQlXFIstj3U4LkG65Ha_uxMOL5ZabJk=.2047869c-4c55-4dcb-9142-1c1bea1715d3@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
 <zQhhtJuTifJ4miV8C8WPyGL4E-AoArlVTWIGCAN2GL8=.bfdd8b6e-9ab2-4f50-baa9-3aa39b6fb1f5@github.com>
 <LwVKHioqdlrEApYahfFF9dE1TcVy5ICmG53LiY2e3oY=.a8b5dbba-182b-472f-be61-19ed86e9821c@github.com>
 <mxNLbcZRbFPlCQlXFIstj3U4LkG65Ha_uxMOL5ZabJk=.2047869c-4c55-4dcb-9142-1c1bea1715d3@github.com>
Message-ID: <LTPWKKzx4DJBkRwv2zqZMWl24IpqvQ4OJJXmyZKTmhw=.c92fe18d-1d1f-41da-bf0a-101fbf8aba94@github.com>

On Tue, 10 Jan 2023 18:26:50 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Well, in the case of a 404 what appears to happen is that HttpURLConnection would throw a FileNotFoundException.  That ultimately would result in a CPVE if there were no other sources of revocation information (e.g. CRL) for that certificate.
>
> It may be more effective/accuracy to stop read OCSP response bytes if response code is not OK.

Logging the error code and returning with no read and not throwing an exception I believe would still work since the revocation information would be missing.  I'm wondering though if this needs to be a separate issue given that we're talking about a different use case, and one that involves the behavior of HttpURLConnection when dealing with different response codes.  I'll also check to see if there are existing tests that make CPV checks against URIs that have non-200 response codes.

-------------

PR: https://git.openjdk.org/jdk/pull/11917

From duke at openjdk.org  Tue Jan 10 18:34:56 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Tue, 10 Jan 2023 18:34:56 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response
In-Reply-To: <Y6oUBqLTFufStKJZwKbPqm2UtFlBMquqlW_UIh0ZAUE=.e31c03a3-2fa6-4f21-b19a-14f9cf73af1f@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
 <KVzP0mzBa_KLt3d1smeWYEj6i52t1haLxWuolMrbm2c=.d5846028-6d85-4f47-a48a-d35bc9f94bac@github.com>
 <Y6oUBqLTFufStKJZwKbPqm2UtFlBMquqlW_UIh0ZAUE=.e31c03a3-2fa6-4f21-b19a-14f9cf73af1f@github.com>
Message-ID: <W4z3Hvfb9tYw37i0wt6MILSrX4rvzvjqJ12-06MlWtI=.c2f38113-0395-4ec5-be00-c604285ebfb2@github.com>

On Tue, 10 Jan 2023 16:47:18 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java line 58:
>> 
>>> 56: 
>>> 57:     // Turn on debugging
>>> 58:     static final boolean debug = true;
>> 
>> Do you really mean to set `debug` to `true`?
>
> The overall output is pretty small even with it on, but I'll switch it off.

You could also use `Boolean.getBoolean("test.debug")` (or some other property name) so it can be set on the command line when the test is run.

-------------

PR: https://git.openjdk.org/jdk/pull/11917

From duke at openjdk.org  Tue Jan 10 18:34:58 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Tue, 10 Jan 2023 18:34:58 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response
In-Reply-To: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
Message-ID: <nqqT7sGgIXGLiZg075UQIxB53ZMGFCTxSGtXoxcJN-Y=.7f2d6562-0a5f-447b-a47c-145c1a6641aa@github.com>

On Tue, 10 Jan 2023 06:02:29 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
> 
> - JBS: https://bugs.openjdk.org/browse/JDK-8296343

test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java line 146:

> 144: 
> 145:         // Wait 5 seconds for server ready
> 146:         for (int i = 0; (i < 100 && !rootOcsp.isServerReady()); i++) {

This pattern is repeated over 20 times in the code. Instead of spinning on a boolean, the SimpleOCSPServer class could use a CountdownLatch to signal when it's ready. Then, instead of having an `isServerReady()` method, it would just have a method e.g., `boolean waitForServer(long timeout, TimeUnit unit)` which just delegates to `CountdownLatch.await(long, TimeUnit)`.

And to avoid changing 20+ other tests, just mark `isServerReady()` as deprecated.

-------------

PR: https://git.openjdk.org/jdk/pull/11917

From jnimeh at openjdk.org  Tue Jan 10 18:45:53 2023
From: jnimeh at openjdk.org (Jamil Nimeh)
Date: Tue, 10 Jan 2023 18:45:53 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response
In-Reply-To: <LTPWKKzx4DJBkRwv2zqZMWl24IpqvQ4OJJXmyZKTmhw=.c92fe18d-1d1f-41da-bf0a-101fbf8aba94@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
 <zQhhtJuTifJ4miV8C8WPyGL4E-AoArlVTWIGCAN2GL8=.bfdd8b6e-9ab2-4f50-baa9-3aa39b6fb1f5@github.com>
 <LwVKHioqdlrEApYahfFF9dE1TcVy5ICmG53LiY2e3oY=.a8b5dbba-182b-472f-be61-19ed86e9821c@github.com>
 <mxNLbcZRbFPlCQlXFIstj3U4LkG65Ha_uxMOL5ZabJk=.2047869c-4c55-4dcb-9142-1c1bea1715d3@github.com>
 <LTPWKKzx4DJBkRwv2zqZMWl24IpqvQ4OJJXmyZKTmhw=.c92fe18d-1d1f-41da-bf0a-101fbf8aba94@github.com>
Message-ID: <34IDqy7bba43bqvs2KPBHn9QrxS7_CC8tLoPSE7WXbY=.45bd78e8-2a12-44bf-9da9-d345fecfce25@github.com>

On Tue, 10 Jan 2023 18:32:08 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> It may be more effective/accuracy to stop read OCSP response bytes if response code is not OK.
>
> Logging the error code and returning with no read and not throwing an exception I believe would still work since the revocation information would be missing.  I'm wondering though if this needs to be a separate issue given that we're talking about a different use case, and one that involves the behavior of HttpURLConnection when dealing with different response codes.  I'll also check to see if there are existing tests that make CPV checks against URIs that have non-200 response codes.

Hmmm, I was not quite correct about the HttpURLConnection behavior - it's not the 404 that's causing the issue directly, it is indeed the getContentLength when the 404 happens.  So forget a separate issue, I will deal with non-200 codes in this PR.

-------------

PR: https://git.openjdk.org/jdk/pull/11917

From duke at openjdk.org  Tue Jan 10 19:07:43 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Tue, 10 Jan 2023 19:07:43 GMT
Subject: RFR: 8299870: TLS record version check allows invalid records
Message-ID: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>

- Updated ProtocolVersion.isNegotiable() to check a bounded range of version numbers.
- Removed IllegalRecordVersion.java from ProblemList.txt 

Tested with jdk_security and jdk_security3 test groups.

-------------

Commit messages:
 - 8299870: TLS record version check allows invalid records

Changes: https://git.openjdk.org/jdk/pull/11929/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11929&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8299870
  Stats: 8 lines in 2 files changed: 5 ins; 2 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/11929.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11929/head:pull/11929

PR: https://git.openjdk.org/jdk/pull/11929

From xuelei at openjdk.org  Tue Jan 10 19:27:53 2023
From: xuelei at openjdk.org (Xue-Lei Andrew Fan)
Date: Tue, 10 Jan 2023 19:27:53 GMT
Subject: RFR: 8299870: TLS record version check allows invalid records
In-Reply-To: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
Message-ID: <5Kw5Tu4OL_pC4mqLq5npJfETL_JXJY5uYLJXQX1fUtA=.46ee8d70-6a13-444d-bc3b-fb58ef83a6ef@github.com>

On Tue, 10 Jan 2023 18:59:30 GMT, Matthew Donovan <duke at openjdk.org> wrote:

> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version numbers.
> - Removed IllegalRecordVersion.java from ProblemList.txt 
> 
> Tested with jdk_security and jdk_security3 test groups.

This update will introduce version negotiation issues.    Per TLS spec, version 105.106 should be allowed and the version could be negotiated properly.  When TLS 1.4 is defined later in the future, the code update here will cause serious compatibility issues.  This has been a well-known issue in some implementations.

If you want to fix the javax/net/ssl/SSLEngine/IllegalRecordVersion.java issue, please refer to the JDK-8042449 patch details.

-------------

Changes requested by xuelei (Reviewer).

PR: https://git.openjdk.org/jdk/pull/11929

From duke at openjdk.org  Tue Jan 10 20:18:55 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Tue, 10 Jan 2023 20:18:55 GMT
Subject: RFR: 8299870: TLS record version check allows invalid records
In-Reply-To: <5Kw5Tu4OL_pC4mqLq5npJfETL_JXJY5uYLJXQX1fUtA=.46ee8d70-6a13-444d-bc3b-fb58ef83a6ef@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
 <5Kw5Tu4OL_pC4mqLq5npJfETL_JXJY5uYLJXQX1fUtA=.46ee8d70-6a13-444d-bc3b-fb58ef83a6ef@github.com>
Message-ID: <yScUBuITSPy411wOg9JriRPKgjRbPneSH4d72G7Oyds=.5fb454e2-dcf4-49bb-a52a-78f3e3ed724f@github.com>

On Tue, 10 Jan 2023 19:25:32 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

> This update will introduce version negotiation issues. Per TLS spec, version 105.106 should be allowed and the version could be negotiated properly. When TLS 1.4 is defined later in the future, the code update here will cause serious compatibility issues. This has been a well-known issue in some implementations.

I'm not sure what you mean here. Can you point me towards the spec that you're referring to? 

If we need to support later, currently undefined, versions then is IllegalRecordVersion a valid test?

> 
> If you want to fix the javax/net/ssl/SSLEngine/IllegalRecordVersion.java issue, please refer to the JDK-8042449 patch details.

I looked at that original patch and the code history after that. The original patch (JDK-8042449) created/updated `InputRecord.checkRecordVersion()` But then in this [commit](https://github.com/openjdk/jdk/commit/87c6761704ad5ae5f03c0cbc4de33a97ddb9317c#diff-0598abb15a2271a12c36131833ff938ab9d841b1ed69bc1b4eeabfcc460067d8) the `checkRecordVersion()` method was removed entirely and any version-checking was moved to `ProtocolVersion.isNegotiable()`.

The original `checkRecordVersion()` is:

if ((version.v < ProtocolVersion.MIN.v) ||
            ((version.major & 0xFF) > (ProtocolVersion.MAX.major & 0xFF))) {

            // if it's not SSLv2, we're out of here.
            if (!allowSSL20Hello ||
                    (version.v != ProtocolVersion.SSL20Hello.v)) {
                throw new SSLException("Unsupported record version " + version);
            }
        }


The logic is structured differently, but I'm pretty sure that it's has the same result.

-------------

PR: https://git.openjdk.org/jdk/pull/11929

From xuelei at openjdk.org  Tue Jan 10 20:38:53 2023
From: xuelei at openjdk.org (Xue-Lei Andrew Fan)
Date: Tue, 10 Jan 2023 20:38:53 GMT
Subject: RFR: 8299870: TLS record version check allows invalid records
In-Reply-To: <yScUBuITSPy411wOg9JriRPKgjRbPneSH4d72G7Oyds=.5fb454e2-dcf4-49bb-a52a-78f3e3ed724f@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
 <5Kw5Tu4OL_pC4mqLq5npJfETL_JXJY5uYLJXQX1fUtA=.46ee8d70-6a13-444d-bc3b-fb58ef83a6ef@github.com>
 <yScUBuITSPy411wOg9JriRPKgjRbPneSH4d72G7Oyds=.5fb454e2-dcf4-49bb-a52a-78f3e3ed724f@github.com>
Message-ID: <EKeb5OpbOc1LOIU8r6oxpP3_7o_8_oVdw2eMqOrBDxg=.a810faf5-f4da-4f85-941f-75ff933155f5@github.com>

On Tue, 10 Jan 2023 20:16:02 GMT, Matthew Donovan <duke at openjdk.org> wrote:

> > This update will introduce version negotiation issues. Per TLS spec, version 105.106 should be allowed and the version could be negotiated properly. When TLS 1.4 is defined later in the future, the code update here will cause serious compatibility issues. This has been a well-known issue in some implementations.
> 
> I'm not sure what you mean here. Can you point me towards the spec that you're referring to?
> 
Please refer to ["Appendix E.  Backward Compatibility"](https://www.rfc-editor.org/rfc/rfc5246#appendix-E) of RFC 5246.  Let see an example, suppose TLS 1.4 is defined. If the server is only able to accept TLS 1.3, if the client is using TLS 1.4 format, the connection cannot be established.  But TLS 1.3 should be negotiated.

BTW, this filed has been deprecated and "MUST be ignored for all purposes" since TLS 1.3 (See RFC 8446).

> If we need to support later, currently undefined, versions then is IllegalRecordVersion a valid test?
That's the good question.  It may worthy of further evaluation and the test case could be removed if it is not valid.

-------------

PR: https://git.openjdk.org/jdk/pull/11929

From rhalade at openjdk.org  Tue Jan 10 22:49:14 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Tue, 10 Jan 2023 22:49:14 GMT
Subject: RFR: 8299870: TLS record version check allows invalid records
In-Reply-To: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
Message-ID: <FmvFbYytX_7ebByjE9KxbDyF5SybR5qG77h_VFOt-1U=.8aad09a5-73f0-4e0e-8d26-4dd6f3d6f0f6@github.com>

On Tue, 10 Jan 2023 18:59:30 GMT, Matthew Donovan <duke at openjdk.org> wrote:

> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version numbers.
> - Removed IllegalRecordVersion.java from ProblemList.txt 
> 
> Tested with jdk_security and jdk_security3 test groups.

test/jdk/ProblemList.txt line 590:

> 588: 
> 589: javax/net/ssl/SSLEngine/TestAllSuites.java                      8298874 generic-all
> 590: javax/net/ssl/SSLEngine/IllegalRecordVersion.java               8298873 generic-all

I have closed 8298873 as duplicate of this bug. Can you please update IllegalRecordVersion test to list 8299870 under `@bug`.

-------------

PR: https://git.openjdk.org/jdk/pull/11929

From serb at openjdk.org  Wed Jan 11 02:39:26 2023
From: serb at openjdk.org (Sergey Bylokhov)
Date: Wed, 11 Jan 2023 02:39:26 GMT
Subject: RFR: 8298381: Improve handling of session tickets for multiple
 SSLContexts [v6]
In-Reply-To: <wM5mwxa8hs6m_jZ_rbln57RFP78hn-nHQflx_KjBk0k=.7c6b4210-c3df-42e0-83d5-ff4a5c72065d@github.com>
References: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
 <NhQa1OLqeTYBYg2SaRxtroQ5WNHA2wMLTuv9wT9BBN4=.4fa60fa1-63b3-4206-91a6-607d86ef97be@github.com>
 <OL2W0uk0NOsRBl08xD77jO_405Ucknn8oQV8UqFhSCs=.70d472f3-3661-42c5-b814-e2421936f4b8@github.com>
 <w7MZiLAWlQ0xS3myEtWmivxni4B8migCcsuLMu6IAsw=.6bd0ab4a-7b89-472c-8172-75c8bab47898@github.com>
 <Qtd-Xml6IhSOa0y4FCyRiEwf95t8seDEM3-OF8dcuV8=.ef23c4c5-0371-47f6-a529-0506f01e5872@github.com>
 <wM5mwxa8hs6m_jZ_rbln57RFP78hn-nHQflx_KjBk0k=.7c6b4210-c3df-42e0-83d5-ff4a5c72065d@github.com>
Message-ID: <k4Egn2rTlydwlOrQwfQ5J-fP_I-FQJgBfes5lABgJtg=.8643181f-d868-4e66-a56c-9c3411450b76@github.com>

On Mon, 9 Jan 2023 18:38:33 GMT, Volker Simonis <simonis at openjdk.org> wrote:

>> Please clarify that, if the field is updated on one thread under synchronized block, why we will read the correct "currentKeyID" here on another thread if no synchronization is used in this place?
>
>> Please clarify that, if the field is updated on one thread under synchronized block, why we will read the correct "currentKeyID" here on another thread if no synchronization is used in this place?
> 
> I only said that if another thread reads the new value of `currentKeyID`, the corresponding key will already be in the `keyHashMap` because that happened before updating `currentKeyID`. If another thread will read the old value of `currentKeyID` that also will be no problem as discussed before in this PR.

So it is possible to have a kind of race here, which is solved by the "synchronized" block below? - If one thread will update the `currentKeyID` and later when other threads will ask for the new key, they might get the old expired key, and to get the new one all those threads have to enter the "synchronized"  block.

Not sure if is it worth it to skip the volatile keyword or not to get some perf here. But if we cared about performance so much and skip volatile then why we cannot get rid of the `currentKeyID' completely and store the currentkey directly, to skip the map-lookup on a hotpath? The `currentKeyID` will be the id of the current key. The map will contain only expired keys.

-------------

PR: https://git.openjdk.org/jdk/pull/11590

From simonis at openjdk.org  Wed Jan 11 02:39:28 2023
From: simonis at openjdk.org (Volker Simonis)
Date: Wed, 11 Jan 2023 02:39:28 GMT
Subject: Integrated: 8298381: Improve handling of session tickets for multiple
 SSLContexts
In-Reply-To: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
References: <wSSObs5K1aJksbR02e7l1lByF2Nw0QjOzrAEiC5BA2w=.71f5b651-542c-40ac-8a71-e5d4001f5ba4@github.com>
Message-ID: <JfDlKKJYUPX9fJtDzc0uOE6Ab6AsDrDC1LclS-GS4QA=.bb5e5d49-ae1c-4370-bff0-4fd57ed2faa9@github.com>

On Thu, 8 Dec 2022 13:09:11 GMT, Volker Simonis <simonis at openjdk.org> wrote:

> Currently, TLS session tickets introduced by [JDK-8211018](https://bugs.openjdk.org/browse/JDK-8211018) in JDK 13 (i.e. `SessionTicketExtension$StatelessKey`) are generated in the class `SessionTicketExtension` and they use a single, global key ID (`currentKeyID`) for all `SSLContext`s.
> 
> This is problematic if more than one `SSLContext` is used, because every context which requests a session ticket will increment the global id `currentKeyID` when it creates a ticket. This means that in turn all the other contexts won't be able to find a ticket under the new id in their `SSLContextImpl` and create a new one (again incrementing `currentKeyID`). In fact, every time a ticket is requested from a different context, this will transitively trigger a new ticket creation in all the other contexts. We've observed millions of session ticket accumulating for some workloads.
> 
> Another issue with the curent implementation is that cleanup is racy because the underlying data structure (i.e. `keyHashMap` in `SSLContextImpl`) as well as the cleanup code itself are not threadsafe.
> 
> I therefor propose to move `currentKeyID` into the `SSLContextImpl` to solve these issues.
> 
> The following test program (contributed by Steven Collison (https://raycoll.com/)) can be used to demonstrate the current behaviour. It outputs the number of `StatelessKey` instances at the end of the program. Opening 1000 connections with a single `SSLContext` results in a single `StatelessKey` instance being created:
> 
> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext 9999 1 1000
> 605:             1             32  sun.security.ssl.SessionTicketExtension$StatelessKey (java.base at 20-internal)
> 
> The same example with the 1000 connections being opened alternatively on thwo different contexts will instead create 1000 `StatelessKey` instances:
> 
> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext 9999 2 1000
>   11:          1000          32000  sun.security.ssl.SessionTicketExtension$StatelessKey (java.base at 20-internal)
> 
> With my proposed patch, the numbers goes back to two instances again:
> 
> $ java -XX:+UseSerialGC -Xmx16m -cp ~/Java/ SSLSocketServerMultipleSSLContext 9999 2 1000
> 611:             2             64  sun.security.ssl.SessionTicketExtension$StatelessKey (java.base at 20-internal)
> 
> 
> I've attached the test program to the [JBS issue](https://bugs.openjdk.org/browse/JDK-8298381). If you think it makes sense, I can probably convert it into a JTreg test.

This pull request has now been integrated.

Changeset: debe5879
Author:    Volker Simonis <simonis at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/debe5879aa7118a114ff6fcf8d15951757ae70a8
Stats:     143 lines in 3 files changed: 67 ins; 65 del; 11 mod

8298381: Improve handling of session tickets for multiple SSLContexts

Reviewed-by: xuelei, ascarpino, serb

-------------

PR: https://git.openjdk.org/jdk/pull/11590

From duke at openjdk.org  Wed Jan 11 19:52:14 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Wed, 11 Jan 2023 19:52:14 GMT
Subject: RFR: 8299870: TLS record version check allows invalid records
In-Reply-To: <EKeb5OpbOc1LOIU8r6oxpP3_7o_8_oVdw2eMqOrBDxg=.a810faf5-f4da-4f85-941f-75ff933155f5@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
 <5Kw5Tu4OL_pC4mqLq5npJfETL_JXJY5uYLJXQX1fUtA=.46ee8d70-6a13-444d-bc3b-fb58ef83a6ef@github.com>
 <yScUBuITSPy411wOg9JriRPKgjRbPneSH4d72G7Oyds=.5fb454e2-dcf4-49bb-a52a-78f3e3ed724f@github.com>
 <EKeb5OpbOc1LOIU8r6oxpP3_7o_8_oVdw2eMqOrBDxg=.a810faf5-f4da-4f85-941f-75ff933155f5@github.com>
Message-ID: <GeN0vmEXNDGRCzUVZWqdaPWD3V_fXwLG86F2R3Jak7c=.dabbc704-80db-4405-a3d9-fcdd0c16b309@github.com>

On Tue, 10 Jan 2023 20:34:49 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

> > If we need to support later, currently undefined, versions then is IllegalRecordVersion a valid test?
> That's the good question. It may worthy of further evaluation and the test case could be removed if it is not valid.

I reworked `IllegalRecordVersion.java` so that it creates a ClientHello with a bad value in that version field, continues the handshake to the end, and then verifies that a version was agreed upon.

If that sounds legitimate, I can clean up the code a little and push it.

-------------

PR: https://git.openjdk.org/jdk/pull/11929

From xuelei at openjdk.org  Thu Jan 12 07:18:14 2023
From: xuelei at openjdk.org (Xue-Lei Andrew Fan)
Date: Thu, 12 Jan 2023 07:18:14 GMT
Subject: RFR: 8299870: TLS record version check allows invalid records
In-Reply-To: <GeN0vmEXNDGRCzUVZWqdaPWD3V_fXwLG86F2R3Jak7c=.dabbc704-80db-4405-a3d9-fcdd0c16b309@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
 <5Kw5Tu4OL_pC4mqLq5npJfETL_JXJY5uYLJXQX1fUtA=.46ee8d70-6a13-444d-bc3b-fb58ef83a6ef@github.com>
 <yScUBuITSPy411wOg9JriRPKgjRbPneSH4d72G7Oyds=.5fb454e2-dcf4-49bb-a52a-78f3e3ed724f@github.com>
 <EKeb5OpbOc1LOIU8r6oxpP3_7o_8_oVdw2eMqOrBDxg=.a810faf5-f4da-4f85-941f-75ff933155f5@github.com>
 <GeN0vmEXNDGRCzUVZWqdaPWD3V_fXwLG86F2R3Jak7c=.dabbc704-80db-4405-a3d9-fcdd0c16b309@github.com>
Message-ID: <yzy3GEAo81iPbYpO7keFnBpUQm4b-QaXTob8Lw1ULN4=.7cb4cbf5-d7b3-451e-b47a-9b0eb9d0223c@github.com>

On Wed, 11 Jan 2023 19:49:14 GMT, Matthew Donovan <duke at openjdk.org> wrote:

> > > If we need to support later, currently undefined, versions then is IllegalRecordVersion a valid test?
> > > That's the good question. It may worthy of further evaluation and the test case could be removed if it is not valid.
> 
> I reworked `IllegalRecordVersion.java` so that it creates a ClientHello with a bad value in that version field, continues the handshake to the end, and then verifies that a version was agreed upon.
> 
> If that sounds legitimate, I can clean up the code a little and push it.

I'm fine for this approach.  The file/class name could be revised.

-------------

PR: https://git.openjdk.org/jdk/pull/11929

From jnimeh at openjdk.org  Thu Jan 12 14:41:51 2023
From: jnimeh at openjdk.org (Jamil Nimeh)
Date: Thu, 12 Jan 2023 14:41:51 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response [v2]
In-Reply-To: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
Message-ID: <YF2mJ_xQUriI1MNITUOgA7hVoETgNNsBNgdVpeo56rc=.3015eeca-9bda-4a84-a0f4-05558d353346@github.com>

> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
> 
> - JBS: https://bugs.openjdk.org/browse/JDK-8296343

Jamil Nimeh has updated the pull request incrementally with two additional commits since the last revision:

 - Throw exception directly from non 200 HTTP response codes
 - Moved SimpleOCSPServer to use CountdownLatch for ready state, updated tests

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11917/files
  - new: https://git.openjdk.org/jdk/pull/11917/files/16a60c85..36a0911c

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11917&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11917&range=00-01

  Stats: 151 lines in 9 files changed: 28 ins; 38 del; 85 mod
  Patch: https://git.openjdk.org/jdk/pull/11917.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11917/head:pull/11917

PR: https://git.openjdk.org/jdk/pull/11917

From lucy at openjdk.org  Thu Jan 12 14:44:35 2023
From: lucy at openjdk.org (Lutz Schmidt)
Date: Thu, 12 Jan 2023 14:44:35 GMT
Subject: RFR: 8299817: [s390] AES-CTR mode intrinsic fails with multiple short
 update() calls
Message-ID: <T74rRuRd-JMM5a32uAJm5sQudG8l_pVjIs_vkzqK-fg=.76580ae6-dad7-4572-9b14-c839b342854f@github.com>

This PR addresses an issue in the AES-CTR mode intrinsic on s390. When a message is ciphered in multiple, small (< 16 bytes) segments, the result is incorrect.

This is not just a band-aid fix. The issue was taken as a chance to restructure the code. though still complicated, It is now easier to read and (hopefully) understand.

Except for the new jetreg test, the changes are purely s390. There are no side effects on other platforms. Issue-specific tests pass. Other tests are in progress. I will update this PR once they are complete. 

**Reviews and comments are very much appreciated.**

@backwaterred could you please run some "official" s390 tests? Thanks.

-------------

Commit messages:
 - 8299817: [s390] AES-CTR mode intrinsic fails with multiple short update() calls

Changes: https://git.openjdk.org/jdk/pull/11967/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11967&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8299817
  Stats: 714 lines in 5 files changed: 513 ins; 61 del; 140 mod
  Patch: https://git.openjdk.org/jdk/pull/11967.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11967/head:pull/11967

PR: https://git.openjdk.org/jdk/pull/11967

From duke at openjdk.org  Thu Jan 12 15:32:23 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Thu, 12 Jan 2023 15:32:23 GMT
Subject: RFR: 8299870: TLS record version check allows invalid records [v2]
In-Reply-To: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
Message-ID: <lNgg89yYkKkqSz3SSEADX3b8baKjdGl4CsoRxjXXvIg=.cf92a563-cecc-47fa-ac83-804e224babd6@github.com>

> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version numbers.
> - Removed IllegalRecordVersion.java from ProblemList.txt 
> 
> Tested with jdk_security and jdk_security3 test groups.

Matthew Donovan has updated the pull request incrementally with three additional commits since the last revision:

 - renamed IllegalRecordVersion to HandshakeWithInvalidRecordVersion
 - Updated IllegalRecordVersion
 - reverted change in ProtocolVersion, updated IllegalRecordVersion

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11929/files
  - new: https://git.openjdk.org/jdk/pull/11929/files/8157cef3..01e0a60a

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11929&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11929&range=00-01

  Stats: 337 lines in 3 files changed: 258 ins; 79 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/11929.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11929/head:pull/11929

PR: https://git.openjdk.org/jdk/pull/11929

From duke at openjdk.org  Thu Jan 12 15:36:19 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Thu, 12 Jan 2023 15:36:19 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response [v2]
In-Reply-To: <YF2mJ_xQUriI1MNITUOgA7hVoETgNNsBNgdVpeo56rc=.3015eeca-9bda-4a84-a0f4-05558d353346@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
 <YF2mJ_xQUriI1MNITUOgA7hVoETgNNsBNgdVpeo56rc=.3015eeca-9bda-4a84-a0f4-05558d353346@github.com>
Message-ID: <Sy8Qnga4fiet6LeqhI-7zdR-bWxDmaqoauVan-9ZM6w=.6b7c6c2e-bed2-497a-8c24-a39dc3896f09@github.com>

On Thu, 12 Jan 2023 14:41:51 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
>> 
>> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
>
> Jamil Nimeh has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - Throw exception directly from non 200 HTTP response codes
>  - Moved SimpleOCSPServer to use CountdownLatch for ready state, updated tests

test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java line 154:

> 152: //        if (!rootOcsp.isServerReady()) {
> 153: //            throw new RuntimeException("Server not ready yet");
> 154: //        }

Lines 149-154 can be deleted

-------------

PR: https://git.openjdk.org/jdk/pull/11917

From jnimeh at openjdk.org  Thu Jan 12 15:46:46 2023
From: jnimeh at openjdk.org (Jamil Nimeh)
Date: Thu, 12 Jan 2023 15:46:46 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response [v3]
In-Reply-To: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
Message-ID: <4PA3y3TEQaFdMcfGKuOGPLW7vk1sMElsRnjYma1qVn4=.5a66c30e-4cfe-4174-a34b-300f785a64d5@github.com>

> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
> 
> - JBS: https://bugs.openjdk.org/browse/JDK-8296343

Jamil Nimeh has updated the pull request incrementally with one additional commit since the last revision:

  Remove dead commented code

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11917/files
  - new: https://git.openjdk.org/jdk/pull/11917/files/36a0911c..ddcd124a

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11917&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11917&range=01-02

  Stats: 6 lines in 1 file changed: 0 ins; 6 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/11917.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11917/head:pull/11917

PR: https://git.openjdk.org/jdk/pull/11917

From jnimeh at openjdk.org  Thu Jan 12 15:46:47 2023
From: jnimeh at openjdk.org (Jamil Nimeh)
Date: Thu, 12 Jan 2023 15:46:47 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response [v2]
In-Reply-To: <Sy8Qnga4fiet6LeqhI-7zdR-bWxDmaqoauVan-9ZM6w=.6b7c6c2e-bed2-497a-8c24-a39dc3896f09@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
 <YF2mJ_xQUriI1MNITUOgA7hVoETgNNsBNgdVpeo56rc=.3015eeca-9bda-4a84-a0f4-05558d353346@github.com>
 <Sy8Qnga4fiet6LeqhI-7zdR-bWxDmaqoauVan-9ZM6w=.6b7c6c2e-bed2-497a-8c24-a39dc3896f09@github.com>
Message-ID: <IeZBdvfNGviO3djkdBl9fojkM9ePgUXDYWssjxONej0=.cd955d20-dac3-4236-9a47-d0220e766622@github.com>

On Thu, 12 Jan 2023 15:31:30 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> Jamil Nimeh has updated the pull request incrementally with two additional commits since the last revision:
>> 
>>  - Throw exception directly from non 200 HTTP response codes
>>  - Moved SimpleOCSPServer to use CountdownLatch for ready state, updated tests
>
> test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java line 154:
> 
>> 152: //        if (!rootOcsp.isServerReady()) {
>> 153: //            throw new RuntimeException("Server not ready yet");
>> 154: //        }
> 
> Lines 149-154 can be deleted

I thought I caught all the dead comments, but I guess I missed this one.  Good catch, will fix.

-------------

PR: https://git.openjdk.org/jdk/pull/11917

From xuelei at openjdk.org  Thu Jan 12 16:08:20 2023
From: xuelei at openjdk.org (Xue-Lei Andrew Fan)
Date: Thu, 12 Jan 2023 16:08:20 GMT
Subject: RFR: 8299870: TLS record version check allows invalid records [v2]
In-Reply-To: <lNgg89yYkKkqSz3SSEADX3b8baKjdGl4CsoRxjXXvIg=.cf92a563-cecc-47fa-ac83-804e224babd6@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
 <lNgg89yYkKkqSz3SSEADX3b8baKjdGl4CsoRxjXXvIg=.cf92a563-cecc-47fa-ac83-804e224babd6@github.com>
Message-ID: <O8VJ-Mef3vMZbvCxfpbHEoWbs7ZKrxWM9DfoDqYrXm0=.1f7af21b-a3ce-466a-a928-2329a9398d74@github.com>

On Thu, 12 Jan 2023 15:32:23 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version numbers.
>> - Removed IllegalRecordVersion.java from ProblemList.txt 
>> 
>> Tested with jdk_security and jdk_security3 test groups.
>
> Matthew Donovan has updated the pull request incrementally with three additional commits since the last revision:
> 
>  - renamed IllegalRecordVersion to HandshakeWithInvalidRecordVersion
>  - Updated IllegalRecordVersion
>  - reverted change in ProtocolVersion, updated IllegalRecordVersion

Would you please update the subject and description of JDK-8299870 so that it fit better with the purpose of the patch?

src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java line 70:

> 68:     static final ProtocolVersion MAX_TLS_SUPPORTED = TLS13;
> 69:     static final ProtocolVersion MIN_TLS_SUPPORTED = SSL30;
> 70: 

Would you mind restore the update for ProrocolVersion.java?

test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java line 51:

> 49:     private static final String TRUSTSTORE_PATH =
> 50:             System.getProperty("test.src", "./") + "/" + PATH_TO_STORES +
> 51:                     "/" + TRUSTSTORE_FILE;

It would be nice to avoid to use binary files.  Would you mind to check if test/jdk/javax/net/ssl/templates/SSLContextTemplate.java could be used for the generation of SSLContext (for example test/jdk/javax/net/ssl/templates/SSLEngineTemplate.java)?

-------------

PR: https://git.openjdk.org/jdk/pull/11929

From duke at openjdk.org  Fri Jan 13 04:03:51 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Fri, 13 Jan 2023 04:03:51 GMT
Subject: RFR: 8299870: TLS record version check allows invalid records [v3]
In-Reply-To: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
Message-ID: <3N1LFwhJpVmWEo6RqVog2Erol7F_h69fcklCeGHgl3s=.54584cfc-e729-42f7-b93b-46a386945baf@github.com>

> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version numbers.
> - Removed IllegalRecordVersion.java from ProblemList.txt 
> 
> Tested with jdk_security and jdk_security3 test groups.

Matthew Donovan has updated the pull request incrementally with two additional commits since the last revision:

 - revert one more chnage
 - reverted ProtocolVersion and changed to use SSLContextTemplate

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11929/files
  - new: https://git.openjdk.org/jdk/pull/11929/files/01e0a60a..b67c9deb

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11929&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11929&range=01-02

  Stats: 40 lines in 2 files changed: 2 ins; 26 del; 12 mod
  Patch: https://git.openjdk.org/jdk/pull/11929.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11929/head:pull/11929

PR: https://git.openjdk.org/jdk/pull/11929

From rhalade at openjdk.org  Fri Jan 13 04:03:53 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Fri, 13 Jan 2023 04:03:53 GMT
Subject: RFR: 8299870: TLS record version check allows invalid records [v3]
In-Reply-To: <3N1LFwhJpVmWEo6RqVog2Erol7F_h69fcklCeGHgl3s=.54584cfc-e729-42f7-b93b-46a386945baf@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
 <3N1LFwhJpVmWEo6RqVog2Erol7F_h69fcklCeGHgl3s=.54584cfc-e729-42f7-b93b-46a386945baf@github.com>
Message-ID: <0eq695H27ozQdlZCog6JZWUsf4N_q159ScujHwgI_Fs=.a5e15d15-85d4-4573-9924-472912437dfb@github.com>

On Fri, 13 Jan 2023 00:28:32 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version numbers.
>> - Removed IllegalRecordVersion.java from ProblemList.txt 
>> 
>> Tested with jdk_security and jdk_security3 test groups.
>
> Matthew Donovan has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - revert one more chnage
>  - reverted ProtocolVersion and changed to use SSLContextTemplate

src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java line 410:

> 408:         return selectedVersion;
> 409:     }
> 410: }

revert this change as well.

-------------

PR: https://git.openjdk.org/jdk/pull/11929

From Alan.Bateman at oracle.com  Fri Jan 13 08:32:06 2023
From: Alan.Bateman at oracle.com (Alan Bateman)
Date: Fri, 13 Jan 2023 08:32:06 +0000
Subject: ZipFile.isSignatureRelated returns true for files in META-INF
 subdirectories
In-Reply-To: <CA+pBWhs9EpASb6JGpcy5x2H4ToRZoALkhv1oJFe0Sw4qExB6dA@mail.gmail.com>
References: <CA+pBWhs9EpASb6JGpcy5x2H4ToRZoALkhv1oJFe0Sw4qExB6dA@mail.gmail.com>
Message-ID: <018e02d9-4d16-65ca-a7b0-c085c01af67b@oracle.com>


Forwarding to security-dev as that is where issues around signed JARs 
are usually discussed.

-Alan.


On 10/01/2023 17:00, Eirik Bj?rsn?s wrote:
> Hi,
>
> ZipFile.isSignatureRelated currently returns true for paths such as 
> the following:
>
> META-INF/libraries/org.bouncycastle:bcprov-jdk15on:jar-1.70/META-INF/BC2048KE.DSA
>
> While this path does start?with "META-INF/" and ends with ".DSA", 
> the?file does not live in the META-INF/ directory _directly_, but 
> rather several directories below.
>
> This causes such .DSA files to be incorrectly (?) included in the 
> verification of META-INF/MANIFEST.MF in JarFile.initializeVerifier, 
> which then fails with:
>
>     Exception in thread "main" java.lang.SecurityException: Invalid
>     signature file digest for Manifest main attributes
>     at
>     java.base/sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:340)
>     at
>     java.base/sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:282)
>     at
>     java.base/java.util.jar.JarVerifier.processEntry(JarVerifier.java:327)
>     at java.base/java.util.jar.JarVerifier.update(JarVerifier.java:239)
>     at
>     java.base/java.util.jar.JarFile.initializeVerifier(JarFile.java:760)
>     at
>     java.base/java.util.jar.JarFile.ensureInitialization(JarFile.java:1058)
>     at
>     java.base/java.util.jar.JavaUtilJarAccessImpl.ensureInitialization(JavaUtilJarAccessImpl.java:72)
>     at
>     java.base/jdk.internal.loader.URLClassPath$JarLoader$2.getManifest(URLClassPath.java:883)
>     at
>     java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:848)
>     at
>     java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:760)
>     at
>     java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:681)
>     at
>     java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:639)
>     at
>     java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
>     at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521) 
>
>
> A few questions:
>
> 1: Where Is the exact location of signature related files specified?
>
> 2: Is the current behaviour indeed incorrect?
>
> 3: Should ZipFile.isSignatureRelated be updated such that it only 
> matches signature related files which reside?exactly in "META-INF/" ?
>
> The context for this is that I'm making a fat jar Maven plugin which 
> embeds dependency jars by "unpacking" them into subdirectories of 
> META-INF/libraries/.
>
> Cheers,
> Eirik.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230113/fe979f16/attachment.htm>

From eirbjo at gmail.com  Fri Jan 13 11:40:47 2023
From: eirbjo at gmail.com (=?UTF-8?B?RWlyaWsgQmrDuHJzbsO4cw==?=)
Date: Fri, 13 Jan 2023 12:40:47 +0100
Subject: ZipFile.isSignatureRelated returns true for files in META-INF
 subdirectories
In-Reply-To: <018e02d9-4d16-65ca-a7b0-c085c01af67b@oracle.com>
References: <CA+pBWhs9EpASb6JGpcy5x2H4ToRZoALkhv1oJFe0Sw4qExB6dA@mail.gmail.com>
 <018e02d9-4d16-65ca-a7b0-c085c01af67b@oracle.com>
Message-ID: <CA+pBWhtqz3niA6HeAUhG93JMOOe6RygJBdZVNd-PiLvy9x_DQA@mail.gmail.com>

Thanks for forwarding me to the right list, Alan

For context, I posted a follow-up on the core-libs-dev thread yesterday
showing that some other methods have the same problem:

https://mail.openjdk.org/pipermail/core-libs-dev/2023-January/098656.html

And here's a draft PR for a fix, including a test which provokes the
various code paths:

https://github.com/openjdk/jdk/pull/11976

Cheers,
Eirik.


On Fri, Jan 13, 2023 at 9:32 AM Alan Bateman <Alan.Bateman at oracle.com>
wrote:

>
> Forwarding to security-dev as that is where issues around signed JARs are
> usually discussed.
>
> -Alan.
>
>
> On 10/01/2023 17:00, Eirik Bj?rsn?s wrote:
>
> Hi,
>
> ZipFile.isSignatureRelated currently returns true for paths such as the
> following:
>
>
> META-INF/libraries/org.bouncycastle:bcprov-jdk15on:jar-1.70/META-INF/BC2048KE.DSA
>
> While this path does start with "META-INF/" and ends with ".DSA", the file
> does not live in the META-INF/ directory _directly_, but rather several
> directories below.
>
> This causes such .DSA files to be incorrectly (?) included in the
> verification of META-INF/MANIFEST.MF in JarFile.initializeVerifier, which
> then fails with:
>
> Exception in thread "main" java.lang.SecurityException: Invalid signature
>> file digest for Manifest main attributes
>> at
>> java.base/sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:340)
>> at
>> java.base/sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:282)
>> at java.base/java.util.jar.JarVerifier.processEntry(JarVerifier.java:327)
>> at java.base/java.util.jar.JarVerifier.update(JarVerifier.java:239)
>> at java.base/java.util.jar.JarFile.initializeVerifier(JarFile.java:760)
>> at java.base/java.util.jar.JarFile.ensureInitialization(JarFile.java:1058)
>> at
>> java.base/java.util.jar.JavaUtilJarAccessImpl.ensureInitialization(JavaUtilJarAccessImpl.java:72)
>> at
>> java.base/jdk.internal.loader.URLClassPath$JarLoader$2.getManifest(URLClassPath.java:883)
>> at
>> java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:848)
>> at
>> java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:760)
>> at
>> java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:681)
>> at
>> java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:639)
>> at
>> java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
>> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
>
>
> A few questions:
>
> 1: Where Is the exact location of signature related files specified?
>
> 2: Is the current behaviour indeed incorrect?
>
> 3: Should ZipFile.isSignatureRelated be updated such that it only matches
> signature related files which reside exactly in "META-INF/" ?
>
> The context for this is that I'm making a fat jar Maven plugin which
> embeds dependency jars by "unpacking" them into subdirectories of
> META-INF/libraries/.
>
> Cheers,
> Eirik.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230113/dc2a05ba/attachment-0001.htm>

From duke at openjdk.org  Fri Jan 13 16:32:17 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Fri, 13 Jan 2023 16:32:17 GMT
Subject: RFR: 8278349: JarSigner javadoc example uses SHA-1
Message-ID: <9uGCpt-jvZ-pEeMr9nByvFAKuoxUnhFJ6wkH0Si2mVE=.51622afc-2747-47ed-b0c5-6d57c0eb6fb7@github.com>

Please review this trivial PR which updates javadoc sample code in jdk.security.jarsigner.JarSigner to use SHA-256, SHA256withRSA instead of the now considered weak algorithms SHA-1, SHA1withDSA.

The sample code is also updated to use the new snippet syntax.

-------------

Commit messages:
 - Replace use of weak algorithms SHA-1 and SHA1withDSA in JarSigner javadoc with SHA-256 and SHA256withRSA. Update to use @snippet syntax.

Changes: https://git.openjdk.org/jdk/pull/11992/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11992&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8278349
  Stats: 5 lines in 1 file changed: 0 ins; 0 del; 5 mod
  Patch: https://git.openjdk.org/jdk/pull/11992.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11992/head:pull/11992

PR: https://git.openjdk.org/jdk/pull/11992

From weijun at openjdk.org  Fri Jan 13 16:43:16 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Fri, 13 Jan 2023 16:43:16 GMT
Subject: RFR: 8278349: JarSigner javadoc example uses SHA-1
In-Reply-To: <9uGCpt-jvZ-pEeMr9nByvFAKuoxUnhFJ6wkH0Si2mVE=.51622afc-2747-47ed-b0c5-6d57c0eb6fb7@github.com>
References: <9uGCpt-jvZ-pEeMr9nByvFAKuoxUnhFJ6wkH0Si2mVE=.51622afc-2747-47ed-b0c5-6d57c0eb6fb7@github.com>
Message-ID: <WvbxqDOkDX0c_m_R7EAgqhJpaAAbyQ9pWAViwgc7yuU=.fc1ce098-b62d-41c3-91af-85095d848488@github.com>

On Fri, 13 Jan 2023 16:23:13 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

> Please review this trivial PR which updates javadoc sample code in jdk.security.jarsigner.JarSigner to use SHA-256, SHA256withRSA instead of the now considered weak algorithms SHA-1, SHA1withDSA.
> 
> The sample code is also updated to use the new snippet syntax.

src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java line 88:

> 86:  *     signer.sign(in, out);
> 87:  * }
> 88:  * }

You can probably indent the code so that the last 2 lines do not look strange.

-------------

PR: https://git.openjdk.org/jdk/pull/11992

From mullan at openjdk.org  Fri Jan 13 17:00:15 2023
From: mullan at openjdk.org (Sean Mullan)
Date: Fri, 13 Jan 2023 17:00:15 GMT
Subject: RFR: 8278349: JarSigner javadoc example uses SHA-1
In-Reply-To: <WvbxqDOkDX0c_m_R7EAgqhJpaAAbyQ9pWAViwgc7yuU=.fc1ce098-b62d-41c3-91af-85095d848488@github.com>
References: <9uGCpt-jvZ-pEeMr9nByvFAKuoxUnhFJ6wkH0Si2mVE=.51622afc-2747-47ed-b0c5-6d57c0eb6fb7@github.com>
 <WvbxqDOkDX0c_m_R7EAgqhJpaAAbyQ9pWAViwgc7yuU=.fc1ce098-b62d-41c3-91af-85095d848488@github.com>
Message-ID: <v5Wkh2vDJDK7ZCSUv_2tUeYFK24jd4iw23EajmXXzKo=.ced24ed0-bdec-4d56-92bf-20a8d815db99@github.com>

On Fri, 13 Jan 2023 16:40:03 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Please review this trivial PR which updates javadoc sample code in jdk.security.jarsigner.JarSigner to use SHA-256, SHA256withRSA instead of the now considered weak algorithms SHA-1, SHA1withDSA.
>> 
>> The sample code is also updated to use the new snippet syntax.
>
> src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java line 88:
> 
>> 86:  *     signer.sign(in, out);
>> 87:  * }
>> 88:  * }
> 
> You can probably indent the code so that the last 2 lines do not look strange.

This might also be a good opportunity to use the new javadoc @snippet tag (see [JEP 413](url)) which I think has some features to handle the indentation in a consistent manner.

-------------

PR: https://git.openjdk.org/jdk/pull/11992

From mullan at openjdk.org  Fri Jan 13 17:11:20 2023
From: mullan at openjdk.org (Sean Mullan)
Date: Fri, 13 Jan 2023 17:11:20 GMT
Subject: RFR: 8278349: JarSigner javadoc example uses SHA-1
In-Reply-To: <v5Wkh2vDJDK7ZCSUv_2tUeYFK24jd4iw23EajmXXzKo=.ced24ed0-bdec-4d56-92bf-20a8d815db99@github.com>
References: <9uGCpt-jvZ-pEeMr9nByvFAKuoxUnhFJ6wkH0Si2mVE=.51622afc-2747-47ed-b0c5-6d57c0eb6fb7@github.com>
 <WvbxqDOkDX0c_m_R7EAgqhJpaAAbyQ9pWAViwgc7yuU=.fc1ce098-b62d-41c3-91af-85095d848488@github.com>
 <v5Wkh2vDJDK7ZCSUv_2tUeYFK24jd4iw23EajmXXzKo=.ced24ed0-bdec-4d56-92bf-20a8d815db99@github.com>
Message-ID: <C1_jMYlelEqxKXy7g7mDhyXUBdTYc9OzBZbh7e6zCJw=.425407ff-1e1c-4a1f-b6d6-e18ae1f0e079@github.com>

On Fri, 13 Jan 2023 16:57:36 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java line 88:
>> 
>>> 86:  *     signer.sign(in, out);
>>> 87:  * }
>>> 88:  * }
>> 
>> You can probably indent the code so that the last 2 lines do not look strange.
>
> This might also be a good opportunity to use the new javadoc @snippet tag (see [JEP 413](url)) which I think has some features to handle the indentation in a consistent manner.

Oh, cool, missed that.

Eirik, this issue is currently assigned to @haimaychao, but we can still accept your contribution. Have you or your company signed the OCA?

-------------

PR: https://git.openjdk.org/jdk/pull/11992

From sean.mullan at oracle.com  Fri Jan 13 17:17:18 2023
From: sean.mullan at oracle.com (Sean Mullan)
Date: Fri, 13 Jan 2023 12:17:18 -0500
Subject: ZipFile.isSignatureRelated returns true for files in META-INF
 subdirectories
In-Reply-To: <CA+pBWhtqz3niA6HeAUhG93JMOOe6RygJBdZVNd-PiLvy9x_DQA@mail.gmail.com>
References: <CA+pBWhs9EpASb6JGpcy5x2H4ToRZoALkhv1oJFe0Sw4qExB6dA@mail.gmail.com>
 <018e02d9-4d16-65ca-a7b0-c085c01af67b@oracle.com>
 <CA+pBWhtqz3niA6HeAUhG93JMOOe6RygJBdZVNd-PiLvy9x_DQA@mail.gmail.com>
Message-ID: <2a2cebb7-00a6-8401-1e92-ae9cb11a3d62@oracle.com>

Off hand it seems like a bug to me, can you file one? The jar 
specification says that the SF file resides in the META-INF directory 
and says nothing about subdirectories.

--Sean

On 1/13/23 6:40 AM, Eirik Bj?rsn?s wrote:
> Thanks for forwarding me to the right list, Alan
> 
> For context, I posted a follow-up on the core-libs-dev thread yesterday 
> showing that some other methods have the same problem:
> 
> https://mail.openjdk.org/pipermail/core-libs-dev/2023-January/098656.html <https://mail.openjdk.org/pipermail/core-libs-dev/2023-January/098656.html>
> 
> And here's a draft PR for a fix, including a test which provokes the 
> various code paths:
> 
> https://github.com/openjdk/jdk/pull/11976 
> <https://github.com/openjdk/jdk/pull/11976>
> 
> Cheers,
> Eirik.
> 
> 
> On Fri, Jan 13, 2023 at 9:32 AM Alan Bateman <Alan.Bateman at oracle.com 
> <mailto:Alan.Bateman at oracle.com>> wrote:
> 
> 
>     Forwarding to security-dev as that is where issues around signed
>     JARs are usually discussed.
> 
>     -Alan.
> 
> 
>     On 10/01/2023 17:00, Eirik Bj?rsn?s wrote:
>>     Hi,
>>
>>     ZipFile.isSignatureRelated currently returns true for paths such
>>     as the following:
>>
>>     META-INF/libraries/org.bouncycastle:bcprov-jdk15on:jar-1.70/META-INF/BC2048KE.DSA
>>
>>     While this path does start?with "META-INF/" and ends with ".DSA",
>>     the?file does not live in the META-INF/ directory _directly_, but
>>     rather several directories below.
>>
>>     This causes such .DSA files to be incorrectly (?) included in the
>>     verification of META-INF/MANIFEST.MF in
>>     JarFile.initializeVerifier, which then fails with:
>>
>>         Exception in thread "main" java.lang.SecurityException:
>>         Invalid signature file digest for Manifest main attributes
>>         at
>>         java.base/sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:340)
>>         at
>>         java.base/sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:282)
>>         at
>>         java.base/java.util.jar.JarVerifier.processEntry(JarVerifier.java:327)
>>         at
>>         java.base/java.util.jar.JarVerifier.update(JarVerifier.java:239)
>>         at
>>         java.base/java.util.jar.JarFile.initializeVerifier(JarFile.java:760)
>>         at
>>         java.base/java.util.jar.JarFile.ensureInitialization(JarFile.java:1058)
>>         at
>>         java.base/java.util.jar.JavaUtilJarAccessImpl.ensureInitialization(JavaUtilJarAccessImpl.java:72)
>>         at
>>         java.base/jdk.internal.loader.URLClassPath$JarLoader$2.getManifest(URLClassPath.java:883)
>>         at
>>         java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:848)
>>         at
>>         java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:760)
>>         at
>>         java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:681)
>>         at
>>         java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:639)
>>         at
>>         java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
>>         at
>>         java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521) 
>>
>>
>>     A few questions:
>>
>>     1: Where Is the exact location of signature related files specified?
>>
>>     2: Is the current behaviour indeed incorrect?
>>
>>     3: Should ZipFile.isSignatureRelated be updated such that it only
>>     matches signature related files which reside?exactly in "META-INF/" ?
>>
>>     The context for this is that I'm making a fat jar Maven plugin
>>     which embeds dependency jars by "unpacking" them into
>>     subdirectories of META-INF/libraries/.
>>
>>     Cheers,
>>     Eirik.
> 

From duke at openjdk.org  Fri Jan 13 17:18:41 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Fri, 13 Jan 2023 17:18:41 GMT
Subject: RFR: 8278349: JarSigner javadoc example uses SHA-1 [v2]
In-Reply-To: <9uGCpt-jvZ-pEeMr9nByvFAKuoxUnhFJ6wkH0Si2mVE=.51622afc-2747-47ed-b0c5-6d57c0eb6fb7@github.com>
References: <9uGCpt-jvZ-pEeMr9nByvFAKuoxUnhFJ6wkH0Si2mVE=.51622afc-2747-47ed-b0c5-6d57c0eb6fb7@github.com>
Message-ID: <YmypU7E3U6964vAJ5_0R0w51QkVOJUUfAwqMHqFCPJ4=.934dfde4-9f67-4d2e-914f-3838d8fd6ee9@github.com>

> Please review this trivial PR which updates javadoc sample code in jdk.security.jarsigner.JarSigner to use SHA-256, SHA256withRSA instead of the now considered weak algorithms SHA-1, SHA1withDSA.
> 
> The sample code is also updated to use the new snippet syntax.

Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:

  Indent the javadoc code snippet to make it easier to separate from the snippet syntax

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11992/files
  - new: https://git.openjdk.org/jdk/pull/11992/files/b288d1fd..56079e31

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11992&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11992&range=00-01

  Stats: 8 lines in 1 file changed: 0 ins; 0 del; 8 mod
  Patch: https://git.openjdk.org/jdk/pull/11992.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11992/head:pull/11992

PR: https://git.openjdk.org/jdk/pull/11992

From duke at openjdk.org  Fri Jan 13 17:18:44 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Fri, 13 Jan 2023 17:18:44 GMT
Subject: RFR: 8278349: JarSigner javadoc example uses SHA-1 [v2]
In-Reply-To: <C1_jMYlelEqxKXy7g7mDhyXUBdTYc9OzBZbh7e6zCJw=.425407ff-1e1c-4a1f-b6d6-e18ae1f0e079@github.com>
References: <9uGCpt-jvZ-pEeMr9nByvFAKuoxUnhFJ6wkH0Si2mVE=.51622afc-2747-47ed-b0c5-6d57c0eb6fb7@github.com>
 <WvbxqDOkDX0c_m_R7EAgqhJpaAAbyQ9pWAViwgc7yuU=.fc1ce098-b62d-41c3-91af-85095d848488@github.com>
 <v5Wkh2vDJDK7ZCSUv_2tUeYFK24jd4iw23EajmXXzKo=.ced24ed0-bdec-4d56-92bf-20a8d815db99@github.com>
 <C1_jMYlelEqxKXy7g7mDhyXUBdTYc9OzBZbh7e6zCJw=.425407ff-1e1c-4a1f-b6d6-e18ae1f0e079@github.com>
Message-ID: <XmRAPpGPHmi7n2J0tIFa48_J0FjNCpbA1nBOdQNirj8=.b23f201f-473e-4e86-9885-a82962d7150d@github.com>

On Fri, 13 Jan 2023 17:08:01 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> This might also be a good opportunity to use the new javadoc @snippet tag (see [JEP 413](url)) which I think has some features to handle the indentation in a consistent manner.
>
> Oh, cool, missed that.
> 
> Eirik, this issue is currently assigned to @haimaychao, but we can still accept your contribution. Have you or your company signed the OCA?

Indented the code as suggested to make it easier to separate from the snippet syntax.

@seanjmullan This is already using the snippet tag :-)

-------------

PR: https://git.openjdk.org/jdk/pull/11992

From weijun at openjdk.org  Fri Jan 13 17:21:14 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Fri, 13 Jan 2023 17:21:14 GMT
Subject: RFR: 8278349: JarSigner javadoc example uses SHA-1 [v2]
In-Reply-To: <YmypU7E3U6964vAJ5_0R0w51QkVOJUUfAwqMHqFCPJ4=.934dfde4-9f67-4d2e-914f-3838d8fd6ee9@github.com>
References: <9uGCpt-jvZ-pEeMr9nByvFAKuoxUnhFJ6wkH0Si2mVE=.51622afc-2747-47ed-b0c5-6d57c0eb6fb7@github.com>
 <YmypU7E3U6964vAJ5_0R0w51QkVOJUUfAwqMHqFCPJ4=.934dfde4-9f67-4d2e-914f-3838d8fd6ee9@github.com>
Message-ID: <r1Jz-yminhqcM3RCnRqpg3d0RgwCaf5aef0v7nZRehE=.79c91775-c7e9-45bc-86ca-f70af89fab22@github.com>

On Fri, 13 Jan 2023 17:18:41 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> Please review this trivial PR which updates javadoc sample code in jdk.security.jarsigner.JarSigner to use SHA-256, SHA256withRSA instead of the now considered weak algorithms SHA-1, SHA1withDSA.
>> 
>> The sample code is also updated to use the new snippet syntax.
>
> Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Indent the javadoc code snippet to make it easier to separate from the snippet syntax

Marked as reviewed by weijun (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/11992

From duke at openjdk.org  Fri Jan 13 17:21:17 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Fri, 13 Jan 2023 17:21:17 GMT
Subject: RFR: 8278349: JarSigner javadoc example uses SHA-1 [v2]
In-Reply-To: <C1_jMYlelEqxKXy7g7mDhyXUBdTYc9OzBZbh7e6zCJw=.425407ff-1e1c-4a1f-b6d6-e18ae1f0e079@github.com>
References: <9uGCpt-jvZ-pEeMr9nByvFAKuoxUnhFJ6wkH0Si2mVE=.51622afc-2747-47ed-b0c5-6d57c0eb6fb7@github.com>
 <WvbxqDOkDX0c_m_R7EAgqhJpaAAbyQ9pWAViwgc7yuU=.fc1ce098-b62d-41c3-91af-85095d848488@github.com>
 <v5Wkh2vDJDK7ZCSUv_2tUeYFK24jd4iw23EajmXXzKo=.ced24ed0-bdec-4d56-92bf-20a8d815db99@github.com>
 <C1_jMYlelEqxKXy7g7mDhyXUBdTYc9OzBZbh7e6zCJw=.425407ff-1e1c-4a1f-b6d6-e18ae1f0e079@github.com>
Message-ID: <h2XdgxjSWxKkzif6ewx8q-YkrmpWt7Jm-rdWlP9Hego=.74ef93a0-a951-4f8a-a79b-5bf2cb6aef55@github.com>

On Fri, 13 Jan 2023 17:08:01 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> This might also be a good opportunity to use the new javadoc @snippet tag (see [JEP 413](url)) which I think has some features to handle the indentation in a consistent manner.
>
> Oh, cool, missed that.
> 
> Eirik, this issue is currently assigned to @haimaychao, but we can still accept your contribution. Have you or your company signed the OCA?

@seanjmullan I'm already an OCA sigantory, yes. As a contributor, I have no access to JBS so I'll need with that part. Can you sponsor?

-------------

PR: https://git.openjdk.org/jdk/pull/11992

From eirbjo at gmail.com  Fri Jan 13 17:22:27 2023
From: eirbjo at gmail.com (=?UTF-8?B?RWlyaWsgQmrDuHJzbsO4cw==?=)
Date: Fri, 13 Jan 2023 18:22:27 +0100
Subject: ZipFile.isSignatureRelated returns true for files in META-INF
 subdirectories
In-Reply-To: <2a2cebb7-00a6-8401-1e92-ae9cb11a3d62@oracle.com>
References: <CA+pBWhs9EpASb6JGpcy5x2H4ToRZoALkhv1oJFe0Sw4qExB6dA@mail.gmail.com>
 <018e02d9-4d16-65ca-a7b0-c085c01af67b@oracle.com>
 <CA+pBWhtqz3niA6HeAUhG93JMOOe6RygJBdZVNd-PiLvy9x_DQA@mail.gmail.com>
 <2a2cebb7-00a6-8401-1e92-ae9cb11a3d62@oracle.com>
Message-ID: <CA+pBWhvLxvpB88c0r6jw3aTH-eUR=GAh9fUUi3zWSmCzYo_0tQ@mail.gmail.com>

Sean,

I'm not an Author (yet! :), so I can't log in to JBS and create issues.

I guess the title and description of the draft PR could serve as a
starting point for a bug.

Note that the Jar File Specification does explicitly say:

"Note that if such files are located in META-INF subdirectories, they are
not considered signature-related"

Thanks,
Eirik.

On Fri, Jan 13, 2023 at 6:17 PM Sean Mullan <sean.mullan at oracle.com> wrote:

> Off hand it seems like a bug to me, can you file one? The jar
> specification says that the SF file resides in the META-INF directory
> and says nothing about subdirectories.
>
> --Sean
>
> On 1/13/23 6:40 AM, Eirik Bj?rsn?s wrote:
> > Thanks for forwarding me to the right list, Alan
> >
> > For context, I posted a follow-up on the core-libs-dev thread yesterday
> > showing that some other methods have the same problem:
> >
> >
> https://mail.openjdk.org/pipermail/core-libs-dev/2023-January/098656.html
> <https://mail.openjdk.org/pipermail/core-libs-dev/2023-January/098656.html
> >
> >
> > And here's a draft PR for a fix, including a test which provokes the
> > various code paths:
> >
> > https://github.com/openjdk/jdk/pull/11976
> > <https://github.com/openjdk/jdk/pull/11976>
> >
> > Cheers,
> > Eirik.
> >
> >
> > On Fri, Jan 13, 2023 at 9:32 AM Alan Bateman <Alan.Bateman at oracle.com
> > <mailto:Alan.Bateman at oracle.com>> wrote:
> >
> >
> >     Forwarding to security-dev as that is where issues around signed
> >     JARs are usually discussed.
> >
> >     -Alan.
> >
> >
> >     On 10/01/2023 17:00, Eirik Bj?rsn?s wrote:
> >>     Hi,
> >>
> >>     ZipFile.isSignatureRelated currently returns true for paths such
> >>     as the following:
> >>
> >>
>  META-INF/libraries/org.bouncycastle:bcprov-jdk15on:jar-1.70/META-INF/BC2048KE.DSA
> >>
> >>     While this path does start with "META-INF/" and ends with ".DSA",
> >>     the file does not live in the META-INF/ directory _directly_, but
> >>     rather several directories below.
> >>
> >>     This causes such .DSA files to be incorrectly (?) included in the
> >>     verification of META-INF/MANIFEST.MF in
> >>     JarFile.initializeVerifier, which then fails with:
> >>
> >>         Exception in thread "main" java.lang.SecurityException:
> >>         Invalid signature file digest for Manifest main attributes
> >>         at
> >>
>  java.base/sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:340)
> >>         at
> >>
>  java.base/sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:282)
> >>         at
> >>
>  java.base/java.util.jar.JarVerifier.processEntry(JarVerifier.java:327)
> >>         at
> >>         java.base/java.util.jar.JarVerifier.update(JarVerifier.java:239)
> >>         at
> >>
>  java.base/java.util.jar.JarFile.initializeVerifier(JarFile.java:760)
> >>         at
> >>
>  java.base/java.util.jar.JarFile.ensureInitialization(JarFile.java:1058)
> >>         at
> >>
>  java.base/java.util.jar.JavaUtilJarAccessImpl.ensureInitialization(JavaUtilJarAccessImpl.java:72)
> >>         at
> >>
>  java.base/jdk.internal.loader.URLClassPath$JarLoader$2.getManifest(URLClassPath.java:883)
> >>         at
> >>
>  java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:848)
> >>         at
> >>
>  java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:760)
> >>         at
> >>
>  java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:681)
> >>         at
> >>
>  java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:639)
> >>         at
> >>
>  java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
> >>         at
> >>         java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
> >>
> >>
> >>     A few questions:
> >>
> >>     1: Where Is the exact location of signature related files specified?
> >>
> >>     2: Is the current behaviour indeed incorrect?
> >>
> >>     3: Should ZipFile.isSignatureRelated be updated such that it only
> >>     matches signature related files which reside exactly in "META-INF/"
> ?
> >>
> >>     The context for this is that I'm making a fat jar Maven plugin
> >>     which embeds dependency jars by "unpacking" them into
> >>     subdirectories of META-INF/libraries/.
> >>
> >>     Cheers,
> >>     Eirik.
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230113/dbadebce/attachment-0001.htm>

From weijun at openjdk.org  Fri Jan 13 17:47:13 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Fri, 13 Jan 2023 17:47:13 GMT
Subject: RFR: 8278349: JarSigner javadoc example uses SHA-1 [v2]
In-Reply-To: <YmypU7E3U6964vAJ5_0R0w51QkVOJUUfAwqMHqFCPJ4=.934dfde4-9f67-4d2e-914f-3838d8fd6ee9@github.com>
References: <9uGCpt-jvZ-pEeMr9nByvFAKuoxUnhFJ6wkH0Si2mVE=.51622afc-2747-47ed-b0c5-6d57c0eb6fb7@github.com>
 <YmypU7E3U6964vAJ5_0R0w51QkVOJUUfAwqMHqFCPJ4=.934dfde4-9f67-4d2e-914f-3838d8fd6ee9@github.com>
Message-ID: <9gxbzvi0VHbxBSSMZcQ1u8QGo4_YEX3CKoHgTZbRkXc=.743dbaae-6d37-4c17-8f91-3b6c9828b72d@github.com>

On Fri, 13 Jan 2023 17:18:41 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> Please review this trivial PR which updates javadoc sample code in jdk.security.jarsigner.JarSigner to use SHA-256, SHA256withRSA instead of the now considered weak algorithms SHA-1, SHA1withDSA.
>> 
>> The sample code is also updated to use the new snippet syntax.
>
> Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Indent the javadoc code snippet to make it easier to separate from the snippet syntax

@eirbjo, you can now type `/integrate` and I'll type `/sponsor`. Thanks for the fix!

-------------

PR: https://git.openjdk.org/jdk/pull/11992

From duke at openjdk.org  Fri Jan 13 17:58:38 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Fri, 13 Jan 2023 17:58:38 GMT
Subject: Integrated: 8278349: JarSigner javadoc example uses SHA-1
In-Reply-To: <9uGCpt-jvZ-pEeMr9nByvFAKuoxUnhFJ6wkH0Si2mVE=.51622afc-2747-47ed-b0c5-6d57c0eb6fb7@github.com>
References: <9uGCpt-jvZ-pEeMr9nByvFAKuoxUnhFJ6wkH0Si2mVE=.51622afc-2747-47ed-b0c5-6d57c0eb6fb7@github.com>
Message-ID: <ntNxefzWtBmwraoT3FPRXcr_dPOC480xwEZ1C6Opz7I=.307740b0-5242-4cc9-934c-85da356161b3@github.com>

On Fri, 13 Jan 2023 16:23:13 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

> Please review this trivial PR which updates javadoc sample code in jdk.security.jarsigner.JarSigner to use SHA-256, SHA256withRSA instead of the now considered weak algorithms SHA-1, SHA1withDSA.
> 
> The sample code is also updated to use the new snippet syntax.

This pull request has now been integrated.

Changeset: 4ec36598
Author:    Eirik Bjorsnos <eirbjo at gmail.com>
Committer: Weijun Wang <weijun at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/4ec3659845486ee9f9227cdfb3f8b47f19462b19
Stats:     11 lines in 1 file changed: 1 ins; 1 del; 9 mod

8278349: JarSigner javadoc example uses SHA-1

Reviewed-by: weijun

-------------

PR: https://git.openjdk.org/jdk/pull/11992

From eirbjo at gmail.com  Fri Jan 13 20:24:25 2023
From: eirbjo at gmail.com (=?UTF-8?B?RWlyaWsgQmrDuHJzbsO4cw==?=)
Date: Fri, 13 Jan 2023 21:24:25 +0100
Subject: JarWithOneNonDisabledDigestAlg could be made easier to follow
Message-ID: <CA+pBWhswiiadBKnnxDH5qtnBnfbJB9HC6vpW5RVoJCROQgybBQ@mail.gmail.com>

Hi,

While reviewing the JarWithOneNonDisabledDigestAlg test, I found that the
code could perhaps be easier to follow if some updates would be made in the
choice of keystore naming and choice of algorithms.

I also found potential for some more general code cleanups, and also a way
to move expectations of signing counts out of checkThatJarIsSigned method.

Knowing well that this fixes no bug, I wanted to hear what people think
about the usefulness of such changes before I go the JBS route with a
proper PR.

Here's a draft PR with my proposed changes:

https://github.com/openjdk/jdk/pull/11997

Cheers,
Eirik.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230113/c509dbcd/attachment.htm>

From sean.mullan at oracle.com  Fri Jan 13 20:42:47 2023
From: sean.mullan at oracle.com (Sean Mullan)
Date: Fri, 13 Jan 2023 15:42:47 -0500
Subject: ZipFile.isSignatureRelated returns true for files in META-INF
 subdirectories
In-Reply-To: <CA+pBWhvLxvpB88c0r6jw3aTH-eUR=GAh9fUUi3zWSmCzYo_0tQ@mail.gmail.com>
References: <CA+pBWhs9EpASb6JGpcy5x2H4ToRZoALkhv1oJFe0Sw4qExB6dA@mail.gmail.com>
 <018e02d9-4d16-65ca-a7b0-c085c01af67b@oracle.com>
 <CA+pBWhtqz3niA6HeAUhG93JMOOe6RygJBdZVNd-PiLvy9x_DQA@mail.gmail.com>
 <2a2cebb7-00a6-8401-1e92-ae9cb11a3d62@oracle.com>
 <CA+pBWhvLxvpB88c0r6jw3aTH-eUR=GAh9fUUi3zWSmCzYo_0tQ@mail.gmail.com>
Message-ID: <21a016bd-da35-c099-a09a-5ea7e7006f3e@oracle.com>

Sure, no problem. I filed https://bugs.openjdk.org/browse/JDK-8300140 
for this issue.

Thanks,
Sean

On 1/13/23 12:22 PM, Eirik Bj?rsn?s wrote:
> Sean,
> 
> I'm not an Author (yet! :), so I can't log in to JBS and create issues.
> 
> I guess the title and description of the draft PR could serve as a 
> starting?point for a bug.
> 
> Note that the Jar File Specification does explicitly say:
> 
> "Note that if such files are located in META-INF subdirectories, they 
> are not considered signature-related"
> 
> Thanks,
> Eirik.
> 
> On Fri, Jan 13, 2023 at 6:17 PM Sean Mullan <sean.mullan at oracle.com 
> <mailto:sean.mullan at oracle.com>> wrote:
> 
>     Off hand it seems like a bug to me, can you file one? The jar
>     specification says that the SF file resides in the META-INF directory
>     and says nothing about subdirectories.
> 
>     --Sean
> 
>     On 1/13/23 6:40 AM, Eirik Bj?rsn?s wrote:
>      > Thanks for forwarding me to the right list, Alan
>      >
>      > For context, I posted a follow-up on the core-libs-dev thread
>     yesterday
>      > showing that some other methods have the same problem:
>      >
>      >
>     https://mail.openjdk.org/pipermail/core-libs-dev/2023-January/098656.html <https://mail.openjdk.org/pipermail/core-libs-dev/2023-January/098656.html> <https://mail.openjdk.org/pipermail/core-libs-dev/2023-January/098656.html <https://mail.openjdk.org/pipermail/core-libs-dev/2023-January/098656.html>>
>      >
>      > And here's a draft PR for a fix, including a test which provokes the
>      > various code paths:
>      >
>      > https://github.com/openjdk/jdk/pull/11976
>     <https://github.com/openjdk/jdk/pull/11976>
>      > <https://github.com/openjdk/jdk/pull/11976
>     <https://github.com/openjdk/jdk/pull/11976>>
>      >
>      > Cheers,
>      > Eirik.
>      >
>      >
>      > On Fri, Jan 13, 2023 at 9:32 AM Alan Bateman
>     <Alan.Bateman at oracle.com <mailto:Alan.Bateman at oracle.com>
>      > <mailto:Alan.Bateman at oracle.com
>     <mailto:Alan.Bateman at oracle.com>>> wrote:
>      >
>      >
>      >? ? ?Forwarding to security-dev as that is where issues around signed
>      >? ? ?JARs are usually discussed.
>      >
>      >? ? ?-Alan.
>      >
>      >
>      >? ? ?On 10/01/2023 17:00, Eirik Bj?rsn?s wrote:
>      >>? ? ?Hi,
>      >>
>      >>? ? ?ZipFile.isSignatureRelated currently returns true for paths such
>      >>? ? ?as the following:
>      >>
>      >>   
>      ?META-INF/libraries/org.bouncycastle:bcprov-jdk15on:jar-1.70/META-INF/BC2048KE.DSA
>      >>
>      >>? ? ?While this path does start?with "META-INF/" and ends with
>     ".DSA",
>      >>? ? ?the?file does not live in the META-INF/ directory
>     _directly_, but
>      >>? ? ?rather several directories below.
>      >>
>      >>? ? ?This causes such .DSA files to be incorrectly (?) included
>     in the
>      >>? ? ?verification of META-INF/MANIFEST.MF in
>      >>? ? ?JarFile.initializeVerifier, which then fails with:
>      >>
>      >>? ? ? ? ?Exception in thread "main" java.lang.SecurityException:
>      >>? ? ? ? ?Invalid signature file digest for Manifest main attributes
>      >>? ? ? ? ?at
>      >>       
>      ?java.base/sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:340)
>      >>? ? ? ? ?at
>      >>       
>      ?java.base/sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:282)
>      >>? ? ? ? ?at
>      >>       
>      ?java.base/java.util.jar.JarVerifier.processEntry(JarVerifier.java:327)
>      >>? ? ? ? ?at
>      >>       
>      ?java.base/java.util.jar.JarVerifier.update(JarVerifier.java:239)
>      >>? ? ? ? ?at
>      >>       
>      ?java.base/java.util.jar.JarFile.initializeVerifier(JarFile.java:760)
>      >>? ? ? ? ?at
>      >>       
>      ?java.base/java.util.jar.JarFile.ensureInitialization(JarFile.java:1058)
>      >>? ? ? ? ?at
>      >>       
>      ?java.base/java.util.jar.JavaUtilJarAccessImpl.ensureInitialization(JavaUtilJarAccessImpl.java:72)
>      >>? ? ? ? ?at
>      >>       
>      ?java.base/jdk.internal.loader.URLClassPath$JarLoader$2.getManifest(URLClassPath.java:883)
>      >>? ? ? ? ?at
>      >>       
>      ?java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:848)
>      >>? ? ? ? ?at
>      >>       
>      ?java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:760)
>      >>? ? ? ? ?at
>      >>       
>      ?java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:681)
>      >>? ? ? ? ?at
>      >>       
>      ?java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:639)
>      >>? ? ? ? ?at
>      >>       
>      ?java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
>      >>? ? ? ? ?at
>      >>       
>      ?java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
>      >>
>      >>
>      >>? ? ?A few questions:
>      >>
>      >>? ? ?1: Where Is the exact location of signature related files
>     specified?
>      >>
>      >>? ? ?2: Is the current behaviour indeed incorrect?
>      >>
>      >>? ? ?3: Should ZipFile.isSignatureRelated be updated such that it
>     only
>      >>? ? ?matches signature related files which reside?exactly in
>     "META-INF/" ?
>      >>
>      >>? ? ?The context for this is that I'm making a fat jar Maven plugin
>      >>? ? ?which embeds dependency jars by "unpacking" them into
>      >>? ? ?subdirectories of META-INF/libraries/.
>      >>
>      >>? ? ?Cheers,
>      >>? ? ?Eirik.
>      >
> 

From duke at openjdk.org  Fri Jan 13 20:56:19 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Fri, 13 Jan 2023 20:56:19 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories
Message-ID: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>

Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.

The mentioned call sites needs updates to check and ignore such files.

A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

-------------

Commit messages:
 - Merge branch 'master' into signature-related-subdirs
 - Files residing in subdirectories of META-INF/ should not be treated as signature related

Changes: https://git.openjdk.org/jdk/pull/11976/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8300140
  Stats: 235 lines in 5 files changed: 227 ins; 1 del; 7 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From darcy at openjdk.org  Fri Jan 13 21:52:55 2023
From: darcy at openjdk.org (Joe Darcy)
Date: Fri, 13 Jan 2023 21:52:55 GMT
Subject: RFR: JDK-8300133: Use generalized see and link tags in core libs
Message-ID: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>

With generalized see and link tags that can refer to anchors (JDK-8200337), the see and link tags in core libraries should be updated to use this feature when possible. This PR covers such updates for java.base.

-------------

Commit messages:
 - JDK-8300133: Use generalized see and link tags in core libs

Changes: https://git.openjdk.org/jdk/pull/12000/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12000&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8300133
  Stats: 107 lines in 10 files changed: 0 ins; 19 del; 88 mod
  Patch: https://git.openjdk.org/jdk/pull/12000.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12000/head:pull/12000

PR: https://git.openjdk.org/jdk/pull/12000

From jjg at openjdk.org  Fri Jan 13 22:33:13 2023
From: jjg at openjdk.org (Jonathan Gibbons)
Date: Fri, 13 Jan 2023 22:33:13 GMT
Subject: RFR: JDK-8300133: Use generalized see and link tags in core libs
In-Reply-To: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
References: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
Message-ID: <GL3iQNQ868XqguVyGBQXvoNlfUJ5QXfFLUeaDtUcmyo=.cd2265cc-f6e1-4947-97db-d2b350d1ede6@github.com>

On Fri, 13 Jan 2023 21:30:06 GMT, Joe Darcy <darcy at openjdk.org> wrote:

> With generalized see and link tags that can refer to anchors (JDK-8200337), the see and link tags in core libraries should be updated to use this feature when possible. This PR covers such updates for java.base.

Nice to see all those `<a href="{@docRoot}/..."` references go away.

-------------

Marked as reviewed by jjg (Reviewer).

PR: https://git.openjdk.org/jdk/pull/12000

From weijun at openjdk.org  Fri Jan 13 22:40:12 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Fri, 13 Jan 2023 22:40:12 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>

On Thu, 12 Jan 2023 18:44:26 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Just some comments before the end of week.

src/java.base/share/classes/java/util/zip/ZipFile.java line 1748:

> 1746:                 .isBlockOrSF(new String(name, off, len, UTF_8.INSTANCE)
> 1747:                     .toUpperCase(Locale.ENGLISH)));
> 1748: 

How about updating `SignatureFileVerifier.isBlockOrSF` so that it only returns true for files inside `META-INF/`. This way it's consistent to this method.

src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java line 980:

> 978:      * Returns true iff the entry resides directly in the META-INF/ directory
> 979:      */
> 980:     private boolean isInMetaInf(ZipEntry ze) {

Maybe move this method and the one in `JarVerifier` to a common place like `sun.security.util.SignatureFileVerifier`?

test/jdk/java/util/jar/JarFile/VerifyUnrelatedSignatureFiles.java line 61:

> 59:         File j = createJarFile();
> 60:         File s = signJarFile(j, "signed");
> 61:         File m = moveSignatureRelated(s);

Try sign it again to a different file. Let's see if the moved files are also signed.

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From naoto at openjdk.org  Fri Jan 13 22:41:12 2023
From: naoto at openjdk.org (Naoto Sato)
Date: Fri, 13 Jan 2023 22:41:12 GMT
Subject: RFR: JDK-8300133: Use generalized see and link tags in core libs
In-Reply-To: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
References: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
Message-ID: <AnFmzaFhCPqbDlhKqw1PFBszKd2dOzIfHg_w4msphqo=.a69cd439-29c0-49bf-b87e-ac1b02501603@github.com>

On Fri, 13 Jan 2023 21:30:06 GMT, Joe Darcy <darcy at openjdk.org> wrote:

> With generalized see and link tags that can refer to anchors (JDK-8200337), the see and link tags in core libraries should be updated to use this feature when possible. This PR covers such updates for java.base.

src/java.base/share/classes/java/util/ResourceBundle.java line 270:

> 268:  * are packaged in a JAR file.  Resource bundle only JAR file can be readily
> 269:  * deployed as an {@linkplain java.lang.module.ModuleFinder##automatic-modules
> 270:  * automatic module1}.  For example, if the JAR file contains the

Typo: extra `1`

-------------

PR: https://git.openjdk.org/jdk/pull/12000

From mchung at openjdk.org  Fri Jan 13 22:46:10 2023
From: mchung at openjdk.org (Mandy Chung)
Date: Fri, 13 Jan 2023 22:46:10 GMT
Subject: RFR: JDK-8300133: Use generalized see and link tags in core libs
In-Reply-To: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
References: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
Message-ID: <i1LCnsYL9CNeIelNI5_eP4EuEVJk6B-FoBYzdmfE_jo=.a379409a-b6c4-42d7-849c-e325b34f581a@github.com>

On Fri, 13 Jan 2023 21:30:06 GMT, Joe Darcy <darcy at openjdk.org> wrote:

> With generalized see and link tags that can refer to anchors (JDK-8200337), the see and link tags in core libraries should be updated to use this feature when possible. This PR covers such updates for java.base.

src/java.base/share/classes/java/util/ResourceBundle.java line 270:

> 268:  * are packaged in a JAR file.  Resource bundle only JAR file can be readily
> 269:  * deployed as an {@linkplain java.lang.module.ModuleFinder##automatic-modules
> 270:  * automatic module1}.  For example, if the JAR file contains the

typo : `module1`?

-------------

PR: https://git.openjdk.org/jdk/pull/12000

From darcy at openjdk.org  Fri Jan 13 22:54:47 2023
From: darcy at openjdk.org (Joe Darcy)
Date: Fri, 13 Jan 2023 22:54:47 GMT
Subject: RFR: JDK-8300133: Use generalized see and link tags in core libs
 [v2]
In-Reply-To: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
References: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
Message-ID: <UaBeX5RWQwJrv1XbJifhCHhwaBjdm_dj8PUfvCeSeE0=.671a345f-d1d7-4656-b944-fab90cab5b84@github.com>

> With generalized see and link tags that can refer to anchors (JDK-8200337), the see and link tags in core libraries should be updated to use this feature when possible. This PR covers such updates for java.base.

Joe Darcy has updated the pull request incrementally with one additional commit since the last revision:

  Fix typo found in code review.

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/12000/files
  - new: https://git.openjdk.org/jdk/pull/12000/files/aa623f2a..0e4d4e4b

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=12000&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=12000&range=00-01

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/12000.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12000/head:pull/12000

PR: https://git.openjdk.org/jdk/pull/12000

From mchung at openjdk.org  Fri Jan 13 22:54:47 2023
From: mchung at openjdk.org (Mandy Chung)
Date: Fri, 13 Jan 2023 22:54:47 GMT
Subject: RFR: JDK-8300133: Use generalized see and link tags in core libs
 [v2]
In-Reply-To: <UaBeX5RWQwJrv1XbJifhCHhwaBjdm_dj8PUfvCeSeE0=.671a345f-d1d7-4656-b944-fab90cab5b84@github.com>
References: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
 <UaBeX5RWQwJrv1XbJifhCHhwaBjdm_dj8PUfvCeSeE0=.671a345f-d1d7-4656-b944-fab90cab5b84@github.com>
Message-ID: <1y-NxkBIqDQ4RlBuXC7czlGB-jsPd3m8jNrPD9-wzUk=.9eb0f9d7-a9cc-4791-88c8-b3253ea97607@github.com>

On Fri, 13 Jan 2023 22:50:53 GMT, Joe Darcy <darcy at openjdk.org> wrote:

>> With generalized see and link tags that can refer to anchors (JDK-8200337), the see and link tags in core libraries should be updated to use this feature when possible. This PR covers such updates for java.base.
>
> Joe Darcy has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix typo found in code review.

Marked as reviewed by mchung (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/12000

From naoto at openjdk.org  Fri Jan 13 22:54:47 2023
From: naoto at openjdk.org (Naoto Sato)
Date: Fri, 13 Jan 2023 22:54:47 GMT
Subject: RFR: JDK-8300133: Use generalized see and link tags in core libs
 [v2]
In-Reply-To: <UaBeX5RWQwJrv1XbJifhCHhwaBjdm_dj8PUfvCeSeE0=.671a345f-d1d7-4656-b944-fab90cab5b84@github.com>
References: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
 <UaBeX5RWQwJrv1XbJifhCHhwaBjdm_dj8PUfvCeSeE0=.671a345f-d1d7-4656-b944-fab90cab5b84@github.com>
Message-ID: <0TIQXjqLz5hGjV--Pr4KjUIloBfbXIRlXf5j9EK4TnA=.970794a6-fc1e-4b6b-a82a-9e886abd0111@github.com>

On Fri, 13 Jan 2023 22:50:53 GMT, Joe Darcy <darcy at openjdk.org> wrote:

>> With generalized see and link tags that can refer to anchors (JDK-8200337), the see and link tags in core libraries should be updated to use this feature when possible. This PR covers such updates for java.base.
>
> Joe Darcy has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix typo found in code review.

Changes in `ResoruceBundle` look good.

-------------

Marked as reviewed by naoto (Reviewer).

PR: https://git.openjdk.org/jdk/pull/12000

From darcy at openjdk.org  Fri Jan 13 22:54:48 2023
From: darcy at openjdk.org (Joe Darcy)
Date: Fri, 13 Jan 2023 22:54:48 GMT
Subject: RFR: JDK-8300133: Use generalized see and link tags in core libs
 [v2]
In-Reply-To: <AnFmzaFhCPqbDlhKqw1PFBszKd2dOzIfHg_w4msphqo=.a69cd439-29c0-49bf-b87e-ac1b02501603@github.com>
References: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
 <AnFmzaFhCPqbDlhKqw1PFBszKd2dOzIfHg_w4msphqo=.a69cd439-29c0-49bf-b87e-ac1b02501603@github.com>
Message-ID: <eKt9806kMYaKXmUlFI27gbptmClaz4e5Cffz8ITt3NM=.d0d988fa-44b2-4993-bec2-eb446f45cd49@github.com>

On Fri, 13 Jan 2023 22:38:32 GMT, Naoto Sato <naoto at openjdk.org> wrote:

>> Joe Darcy has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Fix typo found in code review.
>
> src/java.base/share/classes/java/util/ResourceBundle.java line 270:
> 
>> 268:  * are packaged in a JAR file.  Resource bundle only JAR file can be readily
>> 269:  * deployed as an {@linkplain java.lang.module.ModuleFinder##automatic-modules
>> 270:  * automatic module1}.  For example, if the JAR file contains the
> 
> Typo: extra `1`

Doh! Thanks; fixed in next push.

-------------

PR: https://git.openjdk.org/jdk/pull/12000

From duke at openjdk.org  Sat Jan 14 12:05:10 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Sat, 14 Jan 2023 12:05:10 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories
In-Reply-To: <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>
Message-ID: <UCsro35XQhSOoB-nQEfp_JJ2JlxbkMzBHJOSlK0XmkA=.5911e2e8-b406-43eb-92c1-3d4bb5bd5306@github.com>

On Fri, 13 Jan 2023 22:31:28 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
>> 
>> The mentioned call sites needs updates to check and ignore such files.
>> 
>> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.
>
> src/java.base/share/classes/java/util/zip/ZipFile.java line 1748:
> 
>> 1746:                 .isBlockOrSF(new String(name, off, len, UTF_8.INSTANCE)
>> 1747:                     .toUpperCase(Locale.ENGLISH)));
>> 1748: 
> 
> How about updating `SignatureFileVerifier.isBlockOrSF` so that it only returns true for files inside `META-INF/`. This way it's consistent to this method.

I started there, but ran into some problems:

SignatureFileVerifier.isSigningRelated calls isBlockOrSF, but it removes the "META-INF/" prefix from the path first. So we can't assume that input to isBlockOrSF is the full path.

I could update SignatureFileVerifier.isSigningRelated to send the full path, but we still have another problem:

JarSigner.sign0 puts META-INF/ files in a vector, such that it can output them first. We want to update this method such that it outputs only files which live directly in META-INF/ first. So we still need to check for "directness" outside isBlockOrSF.

isBlockOrSF has 8 call sites, most of them in security sensitive and tricky code. In the end, I felt safer leaving isBlockOrSF alone and just fix the bug-relevant call sites instead. Also, being a new contributor to security-dev, I wanted to keep the PR relatively simple and easy to review.

WDYT?

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Sat Jan 14 12:17:09 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Sat, 14 Jan 2023 12:17:09 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories
In-Reply-To: <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>
Message-ID: <HW2c5J32At6oouTNDIR8yuz5ikaUADNTAmEsfb7jdvA=.e6c5195f-a563-40d4-8b25-877c155edb68@github.com>

On Fri, 13 Jan 2023 22:36:01 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
>> 
>> The mentioned call sites needs updates to check and ignore such files.
>> 
>> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.
>
> src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java line 980:
> 
>> 978:      * Returns true iff the entry resides directly in the META-INF/ directory
>> 979:      */
>> 980:     private boolean isInMetaInf(ZipEntry ze) {
> 
> Maybe move this method and the one in `JarVerifier` to a common place like `sun.security.util.SignatureFileVerifier`?

This duplicated check annoyed me also, but the existing checks have different behavior:

- JarVerifier.beginEntry normalizes the path to uppercase, them checks that it starts with "META-INF/" or "/META-INF/"
- JarSigner.sign0 does not normalize to uppercase , then checks that the path starts with "META-INF/"

Introducing a common method would need change behaviour of one of these methods. This change of behaviour would not be relevant to the bug being fixed in this PR.

Since I'm cautious of changing behaviour, I decided to keep the two methods.

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Sat Jan 14 13:21:43 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Sat, 14 Jan 2023 13:21:43 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v2]
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <1bc5eaRMn8lxh_J9-83_9C8gKpMY47JaJUc-t3REtEQ=.b55308cd-46e3-4595-b229-e6f6eb62cc8b@github.com>

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Eirik Bjorsnos has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision:

 - Check that non-signature related .SF, .RSA files are treated as regular (non signature related) files during signing
 - Merge branch 'master' into signature-related-subdirs
 - Simplify comment by removing a negative and changing "these paths" to "this path"
 - Use @modules tags instead of explicit --add-exports args
 - Merge branch 'master' into signature-related-subdirs
 - Files residing in subdirectories of META-INF/ should not be treated as signature related

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11976/files
  - new: https://git.openjdk.org/jdk/pull/11976/files/342b3c20..828e083c

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=00-01

  Stats: 738 lines in 32 files changed: 484 ins; 86 del; 168 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Sat Jan 14 13:21:43 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Sat, 14 Jan 2023 13:21:43 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v2]
In-Reply-To: <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>
Message-ID: <svOLKLcH7IMWPV8vw7zs___cH_fdkCq_Ov2fNPRuwzE=.bca897ad-5379-403c-bc8b-9747fd6665ac@github.com>

On Fri, 13 Jan 2023 22:36:47 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Eirik Bjorsnos has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision:
>> 
>>  - Check that non-signature related .SF, .RSA files are treated as regular (non signature related) files during signing
>>  - Merge branch 'master' into signature-related-subdirs
>>  - Simplify comment by removing a negative and changing "these paths" to "this path"
>>  - Use @modules tags instead of explicit --add-exports args
>>  - Merge branch 'master' into signature-related-subdirs
>>  - Files residing in subdirectories of META-INF/ should not be treated as signature related
>
> test/jdk/java/util/jar/JarFile/VerifyUnrelatedSignatureFiles.java line 61:
> 
>> 59:         File j = createJarFile();
>> 60:         File s = signJarFile(j, "signed");
>> 61:         File m = moveSignatureRelated(s);
> 
> Try sign it again to a different file. Let's see if the moved files are also signed.

Nice, I added a check which verifies that a JAR containing non signature related files is signed as expected

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Sun Jan 15 14:34:34 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Sun, 15 Jan 2023 14:34:34 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v3]
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <IDs2Av3VY7g5XLqxsLYYe3PcaS12MliDd_HQkMsXi7o=.fc0f366c-5d1e-4056-be88-55ff40406c61@github.com>

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:

  Check that JarSigner does not move unrelated [SF,RSA] files to the beginning of signed JARs

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11976/files
  - new: https://git.openjdk.org/jdk/pull/11976/files/828e083c..209d12ea

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=01-02

  Stats: 56 lines in 1 file changed: 35 ins; 13 del; 8 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Sun Jan 15 14:40:11 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Sun, 15 Jan 2023 14:40:11 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v3]
In-Reply-To: <svOLKLcH7IMWPV8vw7zs___cH_fdkCq_Ov2fNPRuwzE=.bca897ad-5379-403c-bc8b-9747fd6665ac@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>
 <svOLKLcH7IMWPV8vw7zs___cH_fdkCq_Ov2fNPRuwzE=.bca897ad-5379-403c-bc8b-9747fd6665ac@github.com>
Message-ID: <KiD5t_vuj7MDd202RffTqpx0d4nFDvIPS2ML_qu7s7o=.68c5738b-facc-447c-8175-958bea785710@github.com>

On Sat, 14 Jan 2023 13:17:32 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> test/jdk/java/util/jar/JarFile/VerifyUnrelatedSignatureFiles.java line 61:
>> 
>>> 59:         File j = createJarFile();
>>> 60:         File s = signJarFile(j, "signed");
>>> 61:         File m = moveSignatureRelated(s);
>> 
>> Try sign it again to a different file. Let's see if the moved files are also signed.
>
> Nice, I added a check which verifies that a JAR containing non signature related files is signed as expected

I also added a check verifying that JarSigner does not move unrelated signature files to the beginning of the signed JAR

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Sun Jan 15 15:15:34 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Sun, 15 Jan 2023 15:15:34 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v4]
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <GXTAkOshirWSlMC6ETjHhE3J0_zfMnILf3pm0-bHG8Y=.80f5b1fe-ed3b-4a3c-a635-01df2387923e@github.com>

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:

  To ensure that the "unrelated signature files" code path of JarVerifier is actually being exercised by our tests, add unrelated signature files also at the beginning of the test JAR

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11976/files
  - new: https://git.openjdk.org/jdk/pull/11976/files/209d12ea..f264547a

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=03
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=02-03

  Stats: 10 lines in 1 file changed: 6 ins; 1 del; 3 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Sun Jan 15 22:26:47 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Sun, 15 Jan 2023 22:26:47 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v5]
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <cf1tLLC7Kz9x0trxiK3WPGLTkFJZy6vZzCt2lj8y8-Q=.4f8e666e-b3ff-4df5-afa0-a5597bba3116@github.com>

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:

  Tag the test with the bug number

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11976/files
  - new: https://git.openjdk.org/jdk/pull/11976/files/f264547a..6d0f6904

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=04
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=03-04

  Stats: 1 line in 1 file changed: 1 ins; 0 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Mon Jan 16 04:31:09 2023
From: duke at openjdk.org (Amit Kumar)
Date: Mon, 16 Jan 2023 04:31:09 GMT
Subject: RFR: 8299817: [s390] AES-CTR mode intrinsic fails with multiple
 short update() calls
In-Reply-To: <T74rRuRd-JMM5a32uAJm5sQudG8l_pVjIs_vkzqK-fg=.76580ae6-dad7-4572-9b14-c839b342854f@github.com>
References: <T74rRuRd-JMM5a32uAJm5sQudG8l_pVjIs_vkzqK-fg=.76580ae6-dad7-4572-9b14-c839b342854f@github.com>
Message-ID: <IYr3qqMf8id5qF0zqTNFO38KH5Mhv6Q1ndpFFuweLIs=.cc21be8c-3e02-4e14-92a7-4868e4393e2f@github.com>

On Thu, 12 Jan 2023 14:29:34 GMT, Lutz Schmidt <lucy at openjdk.org> wrote:

> This PR addresses an issue in the AES-CTR mode intrinsic on s390. When a message is ciphered in multiple, small (< 16 bytes) segments, the result is incorrect.
> 
> This is not just a band-aid fix. The issue was taken as a chance to restructure the code. though still complicated, It is now easier to read and (hopefully) understand.
> 
> Except for the new jetreg test, the changes are purely s390. There are no side effects on other platforms. Issue-specific tests pass. Other tests are in progress. I will update this PR once they are complete. 
> 
> **Reviews and comments are very much appreciated.**
> 
> @backwaterred could you please run some "official" s390 tests? Thanks.

Hi @RealLucy , Sorry for kept you waiting. I've run tests over s390/Z machine and everything seems fine (Test failures I'm seeing were already there even before this PR). 

But please let me know if anything specific you want me to test, as of now I've run tier1 test in fast & slow debug build for this PR.

-------------

PR: https://git.openjdk.org/jdk/pull/11967

From lucy at openjdk.org  Mon Jan 16 08:40:09 2023
From: lucy at openjdk.org (Lutz Schmidt)
Date: Mon, 16 Jan 2023 08:40:09 GMT
Subject: RFR: 8299817: [s390] AES-CTR mode intrinsic fails with multiple
 short update() calls
In-Reply-To: <T74rRuRd-JMM5a32uAJm5sQudG8l_pVjIs_vkzqK-fg=.76580ae6-dad7-4572-9b14-c839b342854f@github.com>
References: <T74rRuRd-JMM5a32uAJm5sQudG8l_pVjIs_vkzqK-fg=.76580ae6-dad7-4572-9b14-c839b342854f@github.com>
Message-ID: <ZRAxJLSPp6K8WEWt7mySGna4UPNL1HbfeEXP5PLzvyU=.596bd4de-fcab-44f0-904a-c0eb970ff949@github.com>

On Thu, 12 Jan 2023 14:29:34 GMT, Lutz Schmidt <lucy at openjdk.org> wrote:

> This PR addresses an issue in the AES-CTR mode intrinsic on s390. When a message is ciphered in multiple, small (< 16 bytes) segments, the result is incorrect.
> 
> This is not just a band-aid fix. The issue was taken as a chance to restructure the code. though still complicated, It is now easier to read and (hopefully) understand.
> 
> Except for the new jetreg test, the changes are purely s390. There are no side effects on other platforms. Issue-specific tests pass. Other tests are in progress. I will update this PR once they are complete. 
> 
> **Reviews and comments are very much appreciated.**
> 
> @backwaterred could you please run some "official" s390 tests? Thanks.

Thank you for testing, Amit. 
In addition to that, an identical version of the code runs in our internal tests for our commercial product. Everything is fine there as well.

-------------

PR: https://git.openjdk.org/jdk/pull/11967

From eirbjo at gmail.com  Mon Jan 16 11:52:42 2023
From: eirbjo at gmail.com (=?UTF-8?B?RWlyaWsgQmrDuHJzbsO4cw==?=)
Date: Mon, 16 Jan 2023 12:52:42 +0100
Subject: Missing test coverage for processing of pending block files in signed
 JARs
Message-ID: <CA+pBWhtTNVDO3t9FN3ESYV1w6ZWFy1G0KSXRM2FC5Gv9VuLKNQ@mail.gmail.com>

Hi,

JarVerifier supports processing of signed JARs where the block file [RSA,
DSA, EC] file comes before its corresponding SF signature file. There seems
to be no test coverage for this code path.

This draft PR adds test coverage for processing of pending block files:

https://github.com/openjdk/jdk/pull/12009

If such a contribution is welcome, can someone please add a JBS bug and I
can go ahead and mark the PR ready for review?

Cheers,
Eirik.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230116/9621ab7f/attachment.htm>

From duke at openjdk.org  Mon Jan 16 12:08:43 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Mon, 16 Jan 2023 12:08:43 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v6]
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <iaUQqY_Lff1wlMD25Ex76-fcePZjHXTH64-E4Gm8d-4=.b0743dd8-a1f1-4771-bff1-1dfe87860619@github.com>

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:

  Fix copyright year of newly added test

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11976/files
  - new: https://git.openjdk.org/jdk/pull/11976/files/6d0f6904..808d1f41

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=05
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=04-05

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From dfuchs at openjdk.org  Mon Jan 16 15:14:11 2023
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 16 Jan 2023 15:14:11 GMT
Subject: RFR: JDK-8300133: Use generalized see and link tags in core libs
 [v2]
In-Reply-To: <UaBeX5RWQwJrv1XbJifhCHhwaBjdm_dj8PUfvCeSeE0=.671a345f-d1d7-4656-b944-fab90cab5b84@github.com>
References: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
 <UaBeX5RWQwJrv1XbJifhCHhwaBjdm_dj8PUfvCeSeE0=.671a345f-d1d7-4656-b944-fab90cab5b84@github.com>
Message-ID: <FkPLDaxSwyRWsh6wE9m2HCmZSkHinDCMbGuWJs28npk=.93efb630-22ba-4f5a-8867-b06477c9a9d1@github.com>

On Fri, 13 Jan 2023 22:54:47 GMT, Joe Darcy <darcy at openjdk.org> wrote:

>> With generalized see and link tags that can refer to anchors (JDK-8200337), the see and link tags in core libraries should be updated to use this feature when possible. This PR covers such updates for java.base.
>
> Joe Darcy has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix typo found in code review.

src/java.base/share/classes/java/lang/CharSequence.java line 76:

> 74:      *
> 75:      * <p>If the {@code char} value specified by the index is a
> 76:      * {@linkplain Character##unicode surrogate}, the surrogate value

I didn't know about the `##` trick. Is that a new feature to target an HTML anchor?

-------------

PR: https://git.openjdk.org/jdk/pull/12000

From dfuchs at openjdk.org  Mon Jan 16 17:33:10 2023
From: dfuchs at openjdk.org (Daniel Fuchs)
Date: Mon, 16 Jan 2023 17:33:10 GMT
Subject: RFR: JDK-8300133: Use generalized see and link tags in core libs
 [v2]
In-Reply-To: <UaBeX5RWQwJrv1XbJifhCHhwaBjdm_dj8PUfvCeSeE0=.671a345f-d1d7-4656-b944-fab90cab5b84@github.com>
References: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
 <UaBeX5RWQwJrv1XbJifhCHhwaBjdm_dj8PUfvCeSeE0=.671a345f-d1d7-4656-b944-fab90cab5b84@github.com>
Message-ID: <Q4GEjiaxLkldqkJXNeul0z_mVwiUC45g_OohzMGzkh0=.868ced78-7eb5-4ed0-a21d-f40de2c5d37b@github.com>

On Fri, 13 Jan 2023 22:54:47 GMT, Joe Darcy <darcy at openjdk.org> wrote:

>> With generalized see and link tags that can refer to anchors (JDK-8200337), the see and link tags in core libraries should be updated to use this feature when possible. This PR covers such updates for java.base.
>
> Joe Darcy has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix typo found in code review.

Changes to InetAddressResolverProvider.java look good.

-------------

PR: https://git.openjdk.org/jdk/pull/12000

From rriggs at openjdk.org  Mon Jan 16 17:33:12 2023
From: rriggs at openjdk.org (Roger Riggs)
Date: Mon, 16 Jan 2023 17:33:12 GMT
Subject: RFR: JDK-8300133: Use generalized see and link tags in core libs
 [v2]
In-Reply-To: <FkPLDaxSwyRWsh6wE9m2HCmZSkHinDCMbGuWJs28npk=.93efb630-22ba-4f5a-8867-b06477c9a9d1@github.com>
References: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
 <UaBeX5RWQwJrv1XbJifhCHhwaBjdm_dj8PUfvCeSeE0=.671a345f-d1d7-4656-b944-fab90cab5b84@github.com>
 <FkPLDaxSwyRWsh6wE9m2HCmZSkHinDCMbGuWJs28npk=.93efb630-22ba-4f5a-8867-b06477c9a9d1@github.com>
Message-ID: <DYRxgbuPf5iMH6ax_QCLGm9IefmnXHLMDw3i3gQIXUo=.a1fe4f71-0258-4bbd-8521-cc15eccd0b00@github.com>

On Mon, 16 Jan 2023 15:06:25 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Joe Darcy has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Fix typo found in code review.
>
> src/java.base/share/classes/java/lang/CharSequence.java line 76:
> 
>> 74:      *
>> 75:      * <p>If the {@code char} value specified by the index is a
>> 76:      * {@linkplain Character##unicode surrogate}, the surrogate value
> 
> I didn't know about the `##` trick. Is that a new feature to target an HTML anchor?

The CSR has a concise description: [JDK-8294195](https://bugs.openjdk.org/browse/JDK-8294195) Generalize see and link tags for user-defined anchors

-------------

PR: https://git.openjdk.org/jdk/pull/12000

From duke at openjdk.org  Tue Jan 17 04:45:20 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Tue, 17 Jan 2023 04:45:20 GMT
Subject: Integrated: 8298867: Basics.java fails with SSL handshake exception
In-Reply-To: <iilf9g2RDQHqcqXmPjmSO_nEcJN0rPJxNiiVU8Ekq1s=.002f56ef-cf01-465c-8e88-4cda4e95b023@github.com>
References: <iilf9g2RDQHqcqXmPjmSO_nEcJN0rPJxNiiVU8Ekq1s=.002f56ef-cf01-465c-8e88-4cda4e95b023@github.com>
Message-ID: <1YCL3Piahq2X3Ou-O5XVxZgLS59OVB-0K5vu_NPIxcg=.c53671bf-a07a-4a9c-9f53-36d59e75638c@github.com>

On Wed, 21 Dec 2022 23:42:48 GMT, Matthew Donovan <duke at openjdk.org> wrote:

> Updated to use specific ciphersuite and TLS protocol.
> Updated tests based on changes to SSLEngine implementation

This pull request has now been integrated.

Changeset: 06f9374e
Author:    Matthew Donovan <matthew.p.donovan at oracle.com>
Committer: Julian Waters <jwaters at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/06f9374e0c59fa666e6f120749d9170f65fadc4f
Stats:     99 lines in 2 files changed: 34 ins; 7 del; 58 mod

8298867: Basics.java fails with SSL handshake exception

Reviewed-by: xuelei, rhalade

-------------

PR: https://git.openjdk.org/jdk/pull/11760

From weijun at openjdk.org  Tue Jan 17 16:14:34 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Tue, 17 Jan 2023 16:14:34 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v6]
In-Reply-To: <HW2c5J32At6oouTNDIR8yuz5ikaUADNTAmEsfb7jdvA=.e6c5195f-a563-40d4-8b25-877c155edb68@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>
 <HW2c5J32At6oouTNDIR8yuz5ikaUADNTAmEsfb7jdvA=.e6c5195f-a563-40d4-8b25-877c155edb68@github.com>
Message-ID: <z3HmhFZiy2-qDk23oZG-_jFAx27K4PL5YC7dzX-Li5Y=.a7d0dc20-37c1-4620-bc58-390610ba721f@github.com>

On Sat, 14 Jan 2023 12:14:54 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java line 980:
>> 
>>> 978:      * Returns true iff the entry resides directly in the META-INF/ directory
>>> 979:      */
>>> 980:     private boolean isInMetaInf(ZipEntry ze) {
>> 
>> Maybe move this method and the one in `JarVerifier` to a common place like `sun.security.util.SignatureFileVerifier`?
>
> This duplicated check annoyed me also, but the existing checks have different behavior:
> 
> - JarVerifier.beginEntry normalizes the path to uppercase, them checks that it starts with "META-INF/" or "/META-INF/"
> - JarSigner.sign0 does not normalize to uppercase , then checks that the path starts with "META-INF/"
> 
> Introducing a common method would need change behaviour of one of these methods. This change of behaviour would not be relevant to the bug being fixed in this PR.
> 
> Since I'm cautious of changing behaviour, I decided to keep the two methods.

While `JarSigner` has not normalize to uppercase, the check is the same. As for `/META-INF/`, it must be very broken now since `JarFile::maybeInstantiateVerifier` is using `JUZFA.getManifestName(this,true)` to read the manifest and `ZipFile` will not see the signature-related files. We can probably clean these up in a different PR.

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From weijun at openjdk.org  Tue Jan 17 16:49:23 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Tue, 17 Jan 2023 16:49:23 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v6]
In-Reply-To: <UCsro35XQhSOoB-nQEfp_JJ2JlxbkMzBHJOSlK0XmkA=.5911e2e8-b406-43eb-92c1-3d4bb5bd5306@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>
 <UCsro35XQhSOoB-nQEfp_JJ2JlxbkMzBHJOSlK0XmkA=.5911e2e8-b406-43eb-92c1-3d4bb5bd5306@github.com>
Message-ID: <A2yY5Asj7ib13Fd5FxZ-bk8WzKUSzEmBFLs0NPrT6G4=.87c3c9c8-2dc2-4868-a2ea-bb256f073c3e@github.com>

On Sat, 14 Jan 2023 12:02:11 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> src/java.base/share/classes/java/util/zip/ZipFile.java line 1748:
>> 
>>> 1746:                 .isBlockOrSF(new String(name, off, len, UTF_8.INSTANCE)
>>> 1747:                     .toUpperCase(Locale.ENGLISH)));
>>> 1748: 
>> 
>> How about updating `SignatureFileVerifier.isBlockOrSF` so that it only returns true for files inside `META-INF/`. This way it's consistent to this method.
>
> I started there, but ran into some problems:
> 
> SignatureFileVerifier.isSigningRelated calls isBlockOrSF, but it removes the "META-INF/" prefix from the path first. So we can't assume that input to isBlockOrSF is the full path.
> 
> I could update SignatureFileVerifier.isSigningRelated to send the full path, but we still have another problem:
> 
> JarSigner.sign0 puts META-INF/ files in a vector, such that it can output them first. We want to update this method such that it outputs only files which live directly in META-INF/ first. So we still need to check for "directness" outside isBlockOrSF.
> 
> isBlockOrSF has 8 call sites, most of them in security sensitive and tricky code. In the end, I felt safer leaving isBlockOrSF alone and just fix the bug-relevant call sites instead. Also, being a new contributor to security-dev, I wanted to keep the PR relatively simple and easy to review.
> 
> WDYT?

In almost every call to `isBlockOrSF`, there is already an `isInMetaInf` (or equivalent) call right before it so it's always safe. The only exception is in `jarsigner`'s `verifyJar` method:

                    hasSignature = hasSignature
                            || SignatureFileVerifier.isBlockOrSF(name);

and it makes a subtle difference. The `unrelated-signature-files-modified.jar` your test created has SF/block files inside a sub-directory. Try verifying it with jarsigner. Here `hasSignature` is true but the SF/block is not considered signature-related, an error message will show `Signature is either not parsable or not verifiable`. If `isBlockOrSF` is modified to return false, it will be simply `jar is unsigned`.

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Tue Jan 17 17:12:05 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Tue, 17 Jan 2023 17:12:05 GMT
Subject: RFR: 8299870: TLS record version check allows invalid records [v4]
In-Reply-To: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
Message-ID: <Et0SrLplrrNLVxW7PPHVA_govd2f-jSd7AjOJfB0Z7w=.92c7eccb-b3cd-4d63-b881-d93506c66927@github.com>

> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version numbers.
> - Removed IllegalRecordVersion.java from ProblemList.txt 
> 
> Tested with jdk_security and jdk_security3 test groups.

Matthew Donovan has updated the pull request incrementally with one additional commit since the last revision:

  removed extra whitespace

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11929/files
  - new: https://git.openjdk.org/jdk/pull/11929/files/b67c9deb..13643dd6

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11929&range=03
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11929&range=02-03

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/11929.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11929/head:pull/11929

PR: https://git.openjdk.org/jdk/pull/11929

From weijun at openjdk.org  Tue Jan 17 18:07:52 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Tue, 17 Jan 2023 18:07:52 GMT
Subject: RFR: 8300259: Add test coverage for processing of pending block
 files in signed JARs
In-Reply-To: <cyoAdel_KXj3W8Giw6FWoblQM3zXAJBoks4AG1jqZgo=.3b04f7ca-d8eb-40da-812f-c371210b1f8b@github.com>
References: <cyoAdel_KXj3W8Giw6FWoblQM3zXAJBoks4AG1jqZgo=.3b04f7ca-d8eb-40da-812f-c371210b1f8b@github.com>
Message-ID: <bp_JV29s-XS3IOdQq25wATufxh3F9-9zBIuEoDwalgs=.7cbd18cf-136f-404f-9340-b294becc5e63@github.com>

On Mon, 16 Jan 2023 11:44:36 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

> This PR adds test coverage for pending block files in signed JAR files
> 
> A signed JAR has pending block files if the block file [RSA, DSA, EC] comes before the corresponding signature file [SF] in the JAR. 
> 
> JarVerifier.processEntry supports processing of such pending block files, but this code path does not seem to be exercised by current test.
> 
> The new test PendingBlocksJar checks that signed JARs  with pending blocks are processed correctly, both for the valid and invalid cases.

Thanks for the fix. I've created https://bugs.openjdk.org/browse/JDK-8300259.

I'll run this test on some platforms before approving it. Whenever such a test fails, it's on Windows because this or that file is still opened, but I see you've used try-with-resources all the time and hopefully everything is fine.

test/jdk/java/util/jar/JarFile/PendingBlocksJar.java line 72:

> 70: 
> 71:     private static void checkSigned(File b) throws Exception {
> 72:         try(JarFile jf = new JarFile(b, true)) {

We usually add a whitespace between a keyword (`try` here) and a left parenthesis. Also lines 75, 87, 90, 109, 128, 157, 172.

test/jdk/java/util/jar/JarFile/PendingBlocksJar.java line 85:

> 83:      */
> 84:     private static File invalidate(File s) throws Exception{
> 85:         File invalid = File.createTempFile("pending-block-file-invalidated-", ".jar");

Another suggestion. We usually just create a file in the current directory and leave it there. If the test passes, all files in the current directory are cleaned up (and yes, it also helps you confirm newly created files are properly closed on Windows). Otherwise, the files are stored in a bundle (see `jtreg -retain` option) for your diagnosis. It's a little difficult to locate these files in a shared temporary directory. If the OS is not good at clean up the directory, then it's also a waste of disk space.

test/jdk/java/util/jar/JarFile/PendingBlocksJar.java line 151:

> 149:                 .generateCertPath(Arrays.asList(ks.getCertificateChain("r")));
> 150: 
> 151:         JarSigner signer = new JarSigner.Builder(pkr, cp)

There is a `Builder` constructor that takes a `PrivateKeyEntry`.

-------------

PR: https://git.openjdk.org/jdk/pull/12009

From duke at openjdk.org  Tue Jan 17 18:07:49 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Tue, 17 Jan 2023 18:07:49 GMT
Subject: RFR: 8300259: Add test coverage for processing of pending block files
 in signed JARs
Message-ID: <cyoAdel_KXj3W8Giw6FWoblQM3zXAJBoks4AG1jqZgo=.3b04f7ca-d8eb-40da-812f-c371210b1f8b@github.com>

This PR adds test coverage for pending block files in signed JAR files

A signed JAR has pending block files if the block file [RSA, DSA, EC] comes before the corresponding signature file [SF] in the JAR. 

JarVerifier.processEntry supports processing of such pending block files, but this code path does not seem to be exercised by current test.

The new test PendingBlocksJar checks that signed JARs  with pending blocks are processed correctly, both for the valid and invalid cases.

-------------

Commit messages:
 - Create JAR files in the current directory and let jtreg handle any deletion or retention of the files
 - Style: Add separating whitespace between keywords (such as try,for) and a left parenthesis
 - Use the JarSigner.Builder constructor which takes PrivateKeyEntry
 - Adds test coverage for pending block files in JarVerifier.processEntry

Changes: https://git.openjdk.org/jdk/pull/12009/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12009&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8300259
  Stats: 173 lines in 1 file changed: 173 ins; 0 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/12009.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12009/head:pull/12009

PR: https://git.openjdk.org/jdk/pull/12009

From duke at openjdk.org  Tue Jan 17 18:07:54 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Tue, 17 Jan 2023 18:07:54 GMT
Subject: RFR: 8300259: Add test coverage for processing of pending block
 files in signed JARs
In-Reply-To: <bp_JV29s-XS3IOdQq25wATufxh3F9-9zBIuEoDwalgs=.7cbd18cf-136f-404f-9340-b294becc5e63@github.com>
References: <cyoAdel_KXj3W8Giw6FWoblQM3zXAJBoks4AG1jqZgo=.3b04f7ca-d8eb-40da-812f-c371210b1f8b@github.com>
 <bp_JV29s-XS3IOdQq25wATufxh3F9-9zBIuEoDwalgs=.7cbd18cf-136f-404f-9340-b294becc5e63@github.com>
Message-ID: <Aa-XVfwHC2FXYRscLYhiL4V7jcxnZXgsqXzPpanG4wg=.34e08370-e247-4928-805c-b4714aebd133@github.com>

On Tue, 17 Jan 2023 14:07:01 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> This PR adds test coverage for pending block files in signed JAR files
>> 
>> A signed JAR has pending block files if the block file [RSA, DSA, EC] comes before the corresponding signature file [SF] in the JAR. 
>> 
>> JarVerifier.processEntry supports processing of such pending block files, but this code path does not seem to be exercised by current test.
>> 
>> The new test PendingBlocksJar checks that signed JARs  with pending blocks are processed correctly, both for the valid and invalid cases.
>
> test/jdk/java/util/jar/JarFile/PendingBlocksJar.java line 72:
> 
>> 70: 
>> 71:     private static void checkSigned(File b) throws Exception {
>> 72:         try(JarFile jf = new JarFile(b, true)) {
> 
> We usually add a whitespace between a keyword (`try` here) and a left parenthesis. Also lines 75, 87, 90, 109, 128, 157, 172.

Fixed

> test/jdk/java/util/jar/JarFile/PendingBlocksJar.java line 85:
> 
>> 83:      */
>> 84:     private static File invalidate(File s) throws Exception{
>> 85:         File invalid = File.createTempFile("pending-block-file-invalidated-", ".jar");
> 
> Another suggestion. We usually just create a file in the current directory and leave it there. If the test passes, all files in the current directory are cleaned up (and yes, it also helps you confirm newly created files are properly closed on Windows). Otherwise, the files are stored in a bundle (see `jtreg -retain` option) for your diagnosis. It's a little difficult to locate these files in a shared temporary directory. If the OS is not good at clean up the directory, then it's also a waste of disk space.

I'm fairly new to jteg, so this was very useful, thanks! 

I replaced Files.createTempFile with Path.of.

> test/jdk/java/util/jar/JarFile/PendingBlocksJar.java line 151:
> 
>> 149:                 .generateCertPath(Arrays.asList(ks.getCertificateChain("r")));
>> 150: 
>> 151:         JarSigner signer = new JarSigner.Builder(pkr, cp)
> 
> There is a `Builder` constructor that takes a `PrivateKeyEntry`.

Thanks, I fixed this. It was just copy/pasted over, most probably from Spec.java

-------------

PR: https://git.openjdk.org/jdk/pull/12009

From alanb at openjdk.org  Tue Jan 17 18:18:08 2023
From: alanb at openjdk.org (Alan Bateman)
Date: Tue, 17 Jan 2023 18:18:08 GMT
Subject: RFR: 8300259: Add test coverage for processing of pending block
 files in signed JARs
In-Reply-To: <cyoAdel_KXj3W8Giw6FWoblQM3zXAJBoks4AG1jqZgo=.3b04f7ca-d8eb-40da-812f-c371210b1f8b@github.com>
References: <cyoAdel_KXj3W8Giw6FWoblQM3zXAJBoks4AG1jqZgo=.3b04f7ca-d8eb-40da-812f-c371210b1f8b@github.com>
Message-ID: <tXwFisLWyZ0WzcvKfBzjUYLcANeotLNqmshBUDalRVE=.0d54a978-6b28-4c0a-b811-24ca7974b839@github.com>

On Mon, 16 Jan 2023 11:44:36 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

> This PR adds test coverage for pending block files in signed JAR files
> 
> A signed JAR has pending block files if the block file [RSA, DSA, EC] comes before the corresponding signature file [SF] in the JAR. 
> 
> JarVerifier.processEntry supports processing of such pending block files, but this code path does not seem to be exercised by current test.
> 
> The new test PendingBlocksJar checks that signed JARs  with pending blocks are processed correctly, both for the valid and invalid cases.

test/jdk/java/util/jar/JarFile/PendingBlocksJar.java line 45:

> 43: import java.util.zip.ZipOutputStream;
> 44: 
> 45: public class PendingBlocksJar {

Would it be possible to rename this to something like SignedJarPendingBlocks or something like that so that it's clear that this is a test for signed JARs? Or maybe we created a sub-directory and move the tests for signed JARs there.

-------------

PR: https://git.openjdk.org/jdk/pull/12009

From duke at openjdk.org  Tue Jan 17 18:54:13 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Tue, 17 Jan 2023 18:54:13 GMT
Subject: RFR: 8300259: Add test coverage for processing of pending block
 files in signed JARs [v2]
In-Reply-To: <cyoAdel_KXj3W8Giw6FWoblQM3zXAJBoks4AG1jqZgo=.3b04f7ca-d8eb-40da-812f-c371210b1f8b@github.com>
References: <cyoAdel_KXj3W8Giw6FWoblQM3zXAJBoks4AG1jqZgo=.3b04f7ca-d8eb-40da-812f-c371210b1f8b@github.com>
Message-ID: <C6eR-gsDGOO9u4-ELduSXdACSe_sdwkGW_p5hVuC3ug=.5fdb1397-16d0-4922-b8cb-33c5dcb859e0@github.com>

> This PR adds test coverage for pending block files in signed JAR files
> 
> A signed JAR has pending block files if the block file [RSA, DSA, EC] comes before the corresponding signature file [SF] in the JAR. 
> 
> JarVerifier.processEntry supports processing of such pending block files, but this code path does not seem to be exercised by current test.
> 
> The new test PendingBlocksJar checks that signed JARs  with pending blocks are processed correctly, both for the valid and invalid cases.

Eirik Bjorsnos has updated the pull request incrementally with two additional commits since the last revision:

 - Make it more clear in the @summary tag that it is the block file that is pending, not the signature file
 - Renamed test from PendingBlocksJar to more descriptive SignedJarPendingBlock

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/12009/files
  - new: https://git.openjdk.org/jdk/pull/12009/files/acaad55c..162744ff

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=12009&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=12009&range=00-01

  Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/12009.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12009/head:pull/12009

PR: https://git.openjdk.org/jdk/pull/12009

From duke at openjdk.org  Tue Jan 17 18:54:16 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Tue, 17 Jan 2023 18:54:16 GMT
Subject: RFR: 8300259: Add test coverage for processing of pending block
 files in signed JARs [v2]
In-Reply-To: <tXwFisLWyZ0WzcvKfBzjUYLcANeotLNqmshBUDalRVE=.0d54a978-6b28-4c0a-b811-24ca7974b839@github.com>
References: <cyoAdel_KXj3W8Giw6FWoblQM3zXAJBoks4AG1jqZgo=.3b04f7ca-d8eb-40da-812f-c371210b1f8b@github.com>
 <tXwFisLWyZ0WzcvKfBzjUYLcANeotLNqmshBUDalRVE=.0d54a978-6b28-4c0a-b811-24ca7974b839@github.com>
Message-ID: <Z2S6rt6KCjnZKh9rKIgOWkKqWQhzxdG5UtysM4znI_U=.144b346d-e6f7-4ef4-a6ca-7c7ca7b6b07b@github.com>

On Tue, 17 Jan 2023 18:15:21 GMT, Alan Bateman <alanb at openjdk.org> wrote:

>> Eirik Bjorsnos has updated the pull request incrementally with two additional commits since the last revision:
>> 
>>  - Make it more clear in the @summary tag that it is the block file that is pending, not the signature file
>>  - Renamed test from PendingBlocksJar to more descriptive SignedJarPendingBlock
>
> test/jdk/java/util/jar/JarFile/PendingBlocksJar.java line 45:
> 
>> 43: import java.util.zip.ZipOutputStream;
>> 44: 
>> 45: public class PendingBlocksJar {
> 
> Would it be possible to rename this to something like SignedJarPendingBlocks or something like that so that it's clear that this is a test for signed JARs? Or maybe we created a sub-directory and move the tests for signed JARs there.

Thanks Alan, I've renamed to 'SignedJarPendingBlock' for now!

Not sure I feel familiar enough with the code base to have a strong opinion on moving to a subdirectory. The majority (albeit small) of the tests in this folder seems to already be somehow signature-related.

Moving them in this PR would introduce conflicts with some other ongoing PRs in this area though.  Perhaps work for a separate, later PR?

-------------

PR: https://git.openjdk.org/jdk/pull/12009

From duke at openjdk.org  Tue Jan 17 19:59:30 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Tue, 17 Jan 2023 19:59:30 GMT
Subject: RFR: 8300272: Improve readability of the test
 JarWithOneNonDisabledDigestAlg
Message-ID: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>

This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to read. 

Some changes are made in the choice of algorithms and naming. The intent here is to reduce confusion and make the purpose of the test clearer:

- Updated the **enabled** digestAlgorithm in use from SHA1 to SHA256. The use of SHA1 here seems just a bit confusing, since it has been considered weak for a while 
- The two different signer aliases are now named SIGNER1, SIGNER2 instead of the somewhat confusing SHA1, SHA256
- Both signing keys are now generated with -sigalg SHA256withRSA since the sigalg of the keys does not seem to matter for this test

There are also some general code cleanups:

- Moved loading of the key store into the new method loadKeyStore
- Updated checkThatJarIsSigned to take a parameter Map<String, Integer> representing the expected signer counts for each path in the JAR. This provides a cleaner separation between expectiations and the enforcement of expectations.
- Introduced Path constants for various file names used throughout the test, reducing a number of redundant Path.of calls which seemed to clutter the code a bit
- Updated IO code to use new APIs, such as Files.newOutputStream, Files.newInputStream, InputStream.transferTo and OutputStream.nullOutputStream.
- Added/updated some comments where appropriate

-------------

Commit messages:
 - The test assumes that MD5 is disabled, SHA256 is enabled digest algorithms. Assert this assumption in the test.
 - Fix copyright years to 2022, 2023
 - An attempt to make JarWithOneNonDisabledDigestAlg a little easier to follow

Changes: https://git.openjdk.org/jdk/pull/11997/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11997&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8300272
  Stats: 89 lines in 1 file changed: 37 ins; 8 del; 44 mod
  Patch: https://git.openjdk.org/jdk/pull/11997.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11997/head:pull/11997

PR: https://git.openjdk.org/jdk/pull/11997

From weijun at openjdk.org  Tue Jan 17 19:59:35 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Tue, 17 Jan 2023 19:59:35 GMT
Subject: RFR: 8300272: Improve readability of the test
 JarWithOneNonDisabledDigestAlg
In-Reply-To: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
References: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
Message-ID: <lX4EdrVRFeiW_GEw9lf5uz1K4algDvjj2cD68aWw0FE=.6ced6f3a-19e6-49a4-9399-96048ae53353@github.com>

On Fri, 13 Jan 2023 20:12:56 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to read. 
> 
> Some changes are made in the choice of algorithms and naming. The intent here is to reduce confusion and make the purpose of the test clearer:
> 
> - Updated the **enabled** digestAlgorithm in use from SHA1 to SHA256. The use of SHA1 here seems just a bit confusing, since it has been considered weak for a while 
> - The two different signer aliases are now named SIGNER1, SIGNER2 instead of the somewhat confusing SHA1, SHA256
> - Both signing keys are now generated with -sigalg SHA256withRSA since the sigalg of the keys does not seem to matter for this test
> 
> There are also some general code cleanups:
> 
> - Moved loading of the key store into the new method loadKeyStore
> - Updated checkThatJarIsSigned to take a parameter Map<String, Integer> representing the expected signer counts for each path in the JAR. This provides a cleaner separation between expectiations and the enforcement of expectations.
> - Introduced Path constants for various file names used throughout the test, reducing a number of redundant Path.of calls which seemed to clutter the code a bit
> - Updated IO code to use new APIs, such as Files.newOutputStream, Files.newInputStream, InputStream.transferTo and OutputStream.nullOutputStream.
> - Added/updated some comments where appropriate

https://bugs.openjdk.org/browse/JDK-8300272 filed.

test/jdk/jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java line 2:

> 1: /*
> 2:  * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.

Should be `Copyright (c) 2022, 2023,`.

test/jdk/jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java line 67:

> 65:     public static void main(String[] args) throws Exception {
> 66:         SecurityUtils.removeFromDisabledAlgs("jdk.jar.disabledAlgorithms",
> 67:                 List.of("SHA256"));

There is no need to remove SHA256. It is not disabled by default.

-------------

PR: https://git.openjdk.org/jdk/pull/11997

From duke at openjdk.org  Tue Jan 17 19:59:36 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Tue, 17 Jan 2023 19:59:36 GMT
Subject: RFR: 8300272: Improve readability of the test
 JarWithOneNonDisabledDigestAlg
In-Reply-To: <lX4EdrVRFeiW_GEw9lf5uz1K4algDvjj2cD68aWw0FE=.6ced6f3a-19e6-49a4-9399-96048ae53353@github.com>
References: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
 <lX4EdrVRFeiW_GEw9lf5uz1K4algDvjj2cD68aWw0FE=.6ced6f3a-19e6-49a4-9399-96048ae53353@github.com>
Message-ID: <-fd14bZvbqk2eud-Huc9lb29joXwhvYYeAwLNwCnViM=.aa664645-4fd8-48b2-822d-4d9d15bbc0c0@github.com>

On Tue, 17 Jan 2023 15:08:36 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to read. 
>> 
>> Some changes are made in the choice of algorithms and naming. The intent here is to reduce confusion and make the purpose of the test clearer:
>> 
>> - Updated the **enabled** digestAlgorithm in use from SHA1 to SHA256. The use of SHA1 here seems just a bit confusing, since it has been considered weak for a while 
>> - The two different signer aliases are now named SIGNER1, SIGNER2 instead of the somewhat confusing SHA1, SHA256
>> - Both signing keys are now generated with -sigalg SHA256withRSA since the sigalg of the keys does not seem to matter for this test
>> 
>> There are also some general code cleanups:
>> 
>> - Moved loading of the key store into the new method loadKeyStore
>> - Updated checkThatJarIsSigned to take a parameter Map<String, Integer> representing the expected signer counts for each path in the JAR. This provides a cleaner separation between expectiations and the enforcement of expectations.
>> - Introduced Path constants for various file names used throughout the test, reducing a number of redundant Path.of calls which seemed to clutter the code a bit
>> - Updated IO code to use new APIs, such as Files.newOutputStream, Files.newInputStream, InputStream.transferTo and OutputStream.nullOutputStream.
>> - Added/updated some comments where appropriate
>
> test/jdk/jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java line 2:
> 
>> 1: /*
>> 2:  * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
> 
> Should be `Copyright (c) 2022, 2023,`.

Thanks, fixed. Funny how the brain switches into mechanical pattern matching and then the matching isn't all that great :-)

> test/jdk/jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java line 67:
> 
>> 65:     public static void main(String[] args) throws Exception {
>> 66:         SecurityUtils.removeFromDisabledAlgs("jdk.jar.disabledAlgorithms",
>> 67:                 List.of("SHA256"));
> 
> There is no need to remove SHA256. It is not disabled by default.

@wangweij 

I initially removed this code, then restored it because I thought the original author might have intended to future-proof the test. It also serves as a sort of documentation of the implicit assumtions the test makes about the permitted state of digest algorithms in the JVM.

I have now instead added a method which explicitly asserts that MD5 is disabled and SHA256 is permitted in the very beginning of the test. This way the assumtions are made clear and the test will fail clear and loudly should these assumtions fail in the future.

What do you think of this update?

-------------

PR: https://git.openjdk.org/jdk/pull/11997

From weijun at openjdk.org  Tue Jan 17 22:13:35 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Tue, 17 Jan 2023 22:13:35 GMT
Subject: RFR: 8300272: Improve readability of the test
 JarWithOneNonDisabledDigestAlg
In-Reply-To: <-fd14bZvbqk2eud-Huc9lb29joXwhvYYeAwLNwCnViM=.aa664645-4fd8-48b2-822d-4d9d15bbc0c0@github.com>
References: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
 <lX4EdrVRFeiW_GEw9lf5uz1K4algDvjj2cD68aWw0FE=.6ced6f3a-19e6-49a4-9399-96048ae53353@github.com>
 <-fd14bZvbqk2eud-Huc9lb29joXwhvYYeAwLNwCnViM=.aa664645-4fd8-48b2-822d-4d9d15bbc0c0@github.com>
Message-ID: <1xZa5PinbFaxJtRwCUM3UP_sLMpxUdkR68kqUaR1N8Y=.48dff1aa-1008-4eaf-b2b7-8eb4bfb58f31@github.com>

On Tue, 17 Jan 2023 19:50:46 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> test/jdk/jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java line 67:
>> 
>>> 65:     public static void main(String[] args) throws Exception {
>>> 66:         SecurityUtils.removeFromDisabledAlgs("jdk.jar.disabledAlgorithms",
>>> 67:                 List.of("SHA256"));
>> 
>> There is no need to remove SHA256. It is not disabled by default.
>
> @wangweij 
> 
> I initially removed this code, then restored it because I thought the original author might have intended to future-proof the test. It also serves as a sort of documentation of the implicit assumtions the test makes about the permitted state of digest algorithms in the JVM.
> 
> I have now instead added a method which explicitly asserts that MD5 is disabled and SHA256 is permitted in the very beginning of the test. This way the assumtions are made clear and the test will fail clear and loudly should these assumtions fail in the future.
> 
> What do you think of this update?

That's OK, but believe me if one day SHA-256 is disabled we will update a lot of tests anyway.

-------------

PR: https://git.openjdk.org/jdk/pull/11997

From duke at openjdk.org  Tue Jan 17 22:26:57 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Tue, 17 Jan 2023 22:26:57 GMT
Subject: RFR: 8300272: Improve readability of the test
 JarWithOneNonDisabledDigestAlg
In-Reply-To: <1xZa5PinbFaxJtRwCUM3UP_sLMpxUdkR68kqUaR1N8Y=.48dff1aa-1008-4eaf-b2b7-8eb4bfb58f31@github.com>
References: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
 <lX4EdrVRFeiW_GEw9lf5uz1K4algDvjj2cD68aWw0FE=.6ced6f3a-19e6-49a4-9399-96048ae53353@github.com>
 <-fd14bZvbqk2eud-Huc9lb29joXwhvYYeAwLNwCnViM=.aa664645-4fd8-48b2-822d-4d9d15bbc0c0@github.com>
 <1xZa5PinbFaxJtRwCUM3UP_sLMpxUdkR68kqUaR1N8Y=.48dff1aa-1008-4eaf-b2b7-8eb4bfb58f31@github.com>
Message-ID: <6aZ-m2XM7lIHBScg7sJ-tBIFT5_vlY0ejmPR8TTFGh0=.a4bbfd2e-9363-4dfb-8931-dfcc2e2fdc4a@github.com>

On Tue, 17 Jan 2023 22:10:44 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> @wangweij 
>> 
>> I initially removed this code, then restored it because I thought the original author might have intended to future-proof the test. It also serves as a sort of documentation of the implicit assumtions the test makes about the permitted state of digest algorithms in the JVM.
>> 
>> I have now instead added a method which explicitly asserts that MD5 is disabled and SHA256 is permitted in the very beginning of the test. This way the assumtions are made clear and the test will fail clear and loudly should these assumtions fail in the future.
>> 
>> What do you think of this update?
>
> That's OK, but believe me if one day SHA-256 is disabled we will update a lot of tests anyway.

True, making assumptions clear is maybe more important than future-proofing here. 

(Although we do actually have at least one example of a signed jar test today where the jar is no longer treated as signed because the jar was signed with SHA-1 before 2019. See VerifySignedJar which seems to not actually test much)

-------------

PR: https://git.openjdk.org/jdk/pull/11997

From duke at openjdk.org  Tue Jan 17 23:08:10 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Tue, 17 Jan 2023 23:08:10 GMT
Subject: RFR: 8300272: Improve readability of the test
 JarWithOneNonDisabledDigestAlg [v2]
In-Reply-To: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
References: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
Message-ID: <GRE0zkcfoKsn5LxZyWgASQSZjWWj953HdCygOp9gQZA=.cb5e1cbd-2ed7-476f-b2c3-a0c14a0e5476@github.com>

> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to read. 
> 
> Some changes are made in the choice of algorithms and naming. The intent here is to reduce confusion and make the purpose of the test clearer:
> 
> - Updated the **enabled** digestAlgorithm in use from SHA1 to SHA256. The use of SHA1 here seems just a bit confusing, since it has been considered weak for a while 
> - The two different signer aliases are now named SIGNER1, SIGNER2 instead of the somewhat confusing SHA1, SHA256
> - Both signing keys are now generated with -sigalg SHA256withRSA since the sigalg of the keys does not seem to matter for this test
> 
> There are also some general code cleanups:
> 
> - Moved loading of the key store into the new method loadKeyStore
> - Updated checkThatJarIsSigned to take a parameter Map<String, Integer> representing the expected signer counts for each path in the JAR. This provides a cleaner separation between expectiations and the enforcement of expectations.
> - Introduced Path constants for various file names used throughout the test, reducing a number of redundant Path.of calls which seemed to clutter the code a bit
> - Updated IO code to use new APIs, such as Files.newOutputStream, Files.newInputStream, InputStream.transferTo and OutputStream.nullOutputStream.
> - Added/updated some comments where appropriate

Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:

  Replace wildcard imports with single-class imports

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11997/files
  - new: https://git.openjdk.org/jdk/pull/11997/files/b5fe5d30..36b1a831

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11997&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11997&range=00-01

  Stats: 5 lines in 1 file changed: 4 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/11997.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11997/head:pull/11997

PR: https://git.openjdk.org/jdk/pull/11997

From hchao at openjdk.org  Tue Jan 17 23:51:25 2023
From: hchao at openjdk.org (Hai-May Chao)
Date: Tue, 17 Jan 2023 23:51:25 GMT
Subject: RFR: 8286907: keytool should warn about weak PBE algorithms
Message-ID: <rWP9qmG41dCr9TXex7yYUXQBZoWksArIHUqomJ88LRY=.98cc8849-5878-4c84-a126-b2ef0286aa41@github.com>

Please review the fix to address the problem in keytool -genseckey and -importpass.

-------------

Commit messages:
 - 8286907: keytool should warn about weak PBE algorithms

Changes: https://git.openjdk.org/jdk/pull/12056/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12056&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8286907
  Stats: 31 lines in 2 files changed: 28 ins; 0 del; 3 mod
  Patch: https://git.openjdk.org/jdk/pull/12056.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12056/head:pull/12056

PR: https://git.openjdk.org/jdk/pull/12056

From weijun at openjdk.org  Wed Jan 18 03:32:20 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Wed, 18 Jan 2023 03:32:20 GMT
Subject: RFR: 8286907: keytool should warn about weak PBE algorithms
In-Reply-To: <rWP9qmG41dCr9TXex7yYUXQBZoWksArIHUqomJ88LRY=.98cc8849-5878-4c84-a126-b2ef0286aa41@github.com>
References: <rWP9qmG41dCr9TXex7yYUXQBZoWksArIHUqomJ88LRY=.98cc8849-5878-4c84-a126-b2ef0286aa41@github.com>
Message-ID: <YEMuYjnE0MmeqzXK71eQLskTcUy7tp8-KWd1fT9MPnM=.367d96cc-fa68-4403-8b92-4c0e83a99d46@github.com>

On Tue, 17 Jan 2023 23:25:42 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

> Please review the fix to address the problem in keytool -genseckey and -importpass.

src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1840:

> 1838:             }
> 1839: 
> 1840:             String[] weakAlgs = new String[] {"DES", "DESEDE", "MD5", "SHA1", "RC2", "RC4"};

Instead of hardcoding the weak algorithms here, the security property `jdk.security.legacyAlgorithms` should probably be used. We can decompose the PBE algorithm name to parts and make the comparison. For example, "PBEWithSHA1AndDESede" should only match "DESede" but not "DES".

-------------

PR: https://git.openjdk.org/jdk/pull/12056

From weijun at openjdk.org  Wed Jan 18 03:36:58 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Wed, 18 Jan 2023 03:36:58 GMT
Subject: RFR: 8300399: EdDSA does not verify when there is no message
Message-ID: <nA84rgcnE1TPwT0OPFf551_HeYtFMnpZ7MUpFVSFyJ0=.67bb58af-a5c7-4b94-9a61-8217ea2d9d75@github.com>

Verify should go on even if there is no message.

-------------

Commit messages:
 - chmod
 - the fix

Changes: https://git.openjdk.org/jdk/pull/12059/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12059&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8300399
  Stats: 54 lines in 2 files changed: 50 ins; 2 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/12059.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12059/head:pull/12059

PR: https://git.openjdk.org/jdk/pull/12059

From ascarpino at openjdk.org  Wed Jan 18 04:01:23 2023
From: ascarpino at openjdk.org (Anthony Scarpino)
Date: Wed, 18 Jan 2023 04:01:23 GMT
Subject: RFR: 8300399: EdDSA does not verify when there is no message
In-Reply-To: <nA84rgcnE1TPwT0OPFf551_HeYtFMnpZ7MUpFVSFyJ0=.67bb58af-a5c7-4b94-9a61-8217ea2d9d75@github.com>
References: <nA84rgcnE1TPwT0OPFf551_HeYtFMnpZ7MUpFVSFyJ0=.67bb58af-a5c7-4b94-9a61-8217ea2d9d75@github.com>
Message-ID: <1X60v8ZHotwCyKGtkvP5dYrnjitj12hoJUWO9viLWQ4=.bc29400f-6573-4d40-b133-f7dc74598bac@github.com>

On Wed, 18 Jan 2023 03:21:29 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Verify should go on even if there is no message.

The test in jdk/sun/security/ec/ed/TestEdDSA.java has a 448 test case on line 160 that sends a blank message "".  I would expect that to fail if this is situation is a bug.

-------------

PR: https://git.openjdk.org/jdk/pull/12059

From weijun at openjdk.org  Wed Jan 18 04:31:25 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Wed, 18 Jan 2023 04:31:25 GMT
Subject: RFR: 8300399: EdDSA does not verify when there is no message
In-Reply-To: <nA84rgcnE1TPwT0OPFf551_HeYtFMnpZ7MUpFVSFyJ0=.67bb58af-a5c7-4b94-9a61-8217ea2d9d75@github.com>
References: <nA84rgcnE1TPwT0OPFf551_HeYtFMnpZ7MUpFVSFyJ0=.67bb58af-a5c7-4b94-9a61-8217ea2d9d75@github.com>
Message-ID: <l4wB2B9oxm58aoMinS9Ghx4wrWiv4k8g5J5_3oL8zLY=.a9f3f0d6-60fb-407f-a31c-edbc23cdcebd@github.com>

On Wed, 18 Jan 2023 03:21:29 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Verify should go on even if there is no message.

As long as update() is called, even if the argument is empty, message is initialized.

-------------

PR: https://git.openjdk.org/jdk/pull/12059

From duke at openjdk.org  Wed Jan 18 09:47:29 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 18 Jan 2023 09:47:29 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v7]
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <DOefX0_u6CvCPOh9ilDphlmXnVT_PJtTuG1dx0Fhc_4=.e130c1ee-dd64-4819-90a8-49ffd00e454f@github.com>

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Eirik Bjorsnos has updated the pull request incrementally with four additional commits since the last revision:

 - Introduce SignatureFileVerifier.isInMetaInf as a common method to replace duplicated logic in JarVerifier, JarSigner and SignatureFileVerifier.isSigningRelated.
   
   This introduces two subtle behavioural changes:
   
   - JarSigner is relaxed to ignore case when checking isInMetaInf, meaning "meta-inf/" files will now be moved to the beginning of the signed JAR
   - JarVerifier is tightened to reject /META-INF/ as not in META-INF/. This is believed to have little impact, since ZipFile.Source.isMetaName already rejects such paths.
 - jarsigner -verify should also ignore unrelated signature files
 - Style: Added whitespace separators between keyword and left parenthesis for try,while,if.Removed final accessors for some local variables.
 - Replacing File.createTempFile with Path.of lets jtreg handle retention of JARs created during the test

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11976/files
  - new: https://git.openjdk.org/jdk/pull/11976/files/808d1f41..eadcc2c0

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=06
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=05-06

  Stats: 114 lines in 5 files changed: 48 ins; 24 del; 42 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Wed Jan 18 09:51:26 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 18 Jan 2023 09:51:26 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v7]
In-Reply-To: <A2yY5Asj7ib13Fd5FxZ-bk8WzKUSzEmBFLs0NPrT6G4=.87c3c9c8-2dc2-4868-a2ea-bb256f073c3e@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>
 <UCsro35XQhSOoB-nQEfp_JJ2JlxbkMzBHJOSlK0XmkA=.5911e2e8-b406-43eb-92c1-3d4bb5bd5306@github.com>
 <A2yY5Asj7ib13Fd5FxZ-bk8WzKUSzEmBFLs0NPrT6G4=.87c3c9c8-2dc2-4868-a2ea-bb256f073c3e@github.com>
Message-ID: <i8usZN-kCjg8FvLP3pQI392DAP0n8sRErbyTE8hLODk=.23987ad0-5f60-4852-a262-2ab64bbcef1d@github.com>

On Tue, 17 Jan 2023 16:46:28 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> I started there, but ran into some problems:
>> 
>> SignatureFileVerifier.isSigningRelated calls isBlockOrSF, but it removes the "META-INF/" prefix from the path first. So we can't assume that input to isBlockOrSF is the full path.
>> 
>> I could update SignatureFileVerifier.isSigningRelated to send the full path, but we still have another problem:
>> 
>> JarSigner.sign0 puts META-INF/ files in a vector, such that it can output them first. We want to update this method such that it outputs only files which live directly in META-INF/ first. So we still need to check for "directness" outside isBlockOrSF.
>> 
>> isBlockOrSF has 8 call sites, most of them in security sensitive and tricky code. In the end, I felt safer leaving isBlockOrSF alone and just fix the bug-relevant call sites instead. Also, being a new contributor to security-dev, I wanted to keep the PR relatively simple and easy to review.
>> 
>> WDYT?
>
> In almost every call to `isBlockOrSF`, there is already an `isInMetaInf` (or equivalent) call right before it so it's always safe. The only exception is in `jarsigner`'s `verifyJar` method:
> 
>                     hasSignature = hasSignature
>                             || SignatureFileVerifier.isBlockOrSF(name);
> 
> and it makes a subtle difference. The `unrelated-signature-files-modified.jar` your test created has SF/block files inside a sub-directory. Try verifying it with jarsigner. Here `hasSignature` is true but the SF/block is not considered signature-related, an error message will show `Signature is either not parsable or not verifiable`. If `isBlockOrSF` is modified to return false, it will be simply `jar is unsigned`.

Good catch!

I've added a guarding call to SignatureFileVerifier.isSigningRelated here, similar to the earlier call site of isBlockOrSf in this methid. I've also added a new check to the test to verify that there is no WARNING when calling jarsigner with the modified jar.

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Wed Jan 18 09:56:26 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 18 Jan 2023 09:56:26 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v7]
In-Reply-To: <DOefX0_u6CvCPOh9ilDphlmXnVT_PJtTuG1dx0Fhc_4=.e130c1ee-dd64-4819-90a8-49ffd00e454f@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <DOefX0_u6CvCPOh9ilDphlmXnVT_PJtTuG1dx0Fhc_4=.e130c1ee-dd64-4819-90a8-49ffd00e454f@github.com>
Message-ID: <r3R8gFstRZGxQb_V6cApkc-qTmBEKsZqznB2ZqDFzy4=.76c057f2-3f98-42a6-a93c-971dc1b03d73@github.com>

On Wed, 18 Jan 2023 09:47:29 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
>> 
>> The mentioned call sites needs updates to check and ignore such files.
>> 
>> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.
>
> Eirik Bjorsnos has updated the pull request incrementally with four additional commits since the last revision:
> 
>  - Introduce SignatureFileVerifier.isInMetaInf as a common method to replace duplicated logic in JarVerifier, JarSigner and SignatureFileVerifier.isSigningRelated.
>    
>    This introduces two subtle behavioural changes:
>    
>    - JarSigner is relaxed to ignore case when checking isInMetaInf, meaning "meta-inf/" files will now be moved to the beginning of the signed JAR
>    - JarVerifier is tightened to reject /META-INF/ as not in META-INF/. This is believed to have little impact, since ZipFile.Source.isMetaName already rejects such paths.
>  - jarsigner -verify should also ignore unrelated signature files
>  - Style: Added whitespace separators between keyword and left parenthesis for try,while,if.Removed final accessors for some local variables.
>  - Replacing File.createTempFile with Path.of lets jtreg handle retention of JARs created during the test

I added a few style fixes to the test which primarily adds whitespace between try,for,while,if and their following left parenthesis.

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Wed Jan 18 09:56:28 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 18 Jan 2023 09:56:28 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v7]
In-Reply-To: <z3HmhFZiy2-qDk23oZG-_jFAx27K4PL5YC7dzX-Li5Y=.a7d0dc20-37c1-4620-bc58-390610ba721f@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>
 <HW2c5J32At6oouTNDIR8yuz5ikaUADNTAmEsfb7jdvA=.e6c5195f-a563-40d4-8b25-877c155edb68@github.com>
 <z3HmhFZiy2-qDk23oZG-_jFAx27K4PL5YC7dzX-Li5Y=.a7d0dc20-37c1-4620-bc58-390610ba721f@github.com>
Message-ID: <KZFoIQoo0ovarcLVnVgEe_aJ_zsycz3hCJklKYbYSgo=.4da464bb-1b7d-4d09-83f9-fac12844a04b@github.com>

On Tue, 17 Jan 2023 16:11:42 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> This duplicated check annoyed me also, but the existing checks have different behavior:
>> 
>> - JarVerifier.beginEntry normalizes the path to uppercase, them checks that it starts with "META-INF/" or "/META-INF/"
>> - JarSigner.sign0 does not normalize to uppercase , then checks that the path starts with "META-INF/"
>> 
>> Introducing a common method would need change behaviour of one of these methods. This change of behaviour would not be relevant to the bug being fixed in this PR.
>> 
>> Since I'm cautious of changing behaviour, I decided to keep the two methods.
>
> While `JarSigner` has not normalize to uppercase, the check is the same. As for `/META-INF/`, it must be very broken now since `JarFile::maybeInstantiateVerifier` is using `JUZFA.getManifestName(this,true)` to read the manifest and since `ZipFile` cannot see the signature-related files starting with `/META-INF/` this method will always return null.

I agree this deserves a cleanup, and since we're already deep into it it can make sense to fix this in this PR.

I have introduced SignatureFileVerifier.isInMetaInf as a common method to replace duplicated logic in JarVerifier and  JarSigner. I also noticed that SignatureFileVerifier.isSigningRelated performs the same check, so I updated that method to also call the isInMetaInf.

This introduces two subtle behavioural changes:

- JarSigner is relaxed to ignore case when checking isInMetaInf, meaning "meta-inf/" files will now be moved to the beginning of the signed JAR
- JarVerifier is tightened to reject /META-INF/ as not in META-INF/. This is believed to have little practical impact, since ZipFile.Source.isMetaName already rejects such paths.

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Wed Jan 18 10:02:00 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 18 Jan 2023 10:02:00 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v8]
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <o_IKu0SAyT_1BSgo0dRulW1xPMJgeIH0L6AMcNXKpgA=.3eb9c889-1f86-4a88-add3-d2e67b439955@github.com>

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:

  Renaming the test to IgnoreUnrelatedSignatureFiles to make it clear that unrelated files should be ignored.

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11976/files
  - new: https://git.openjdk.org/jdk/pull/11976/files/eadcc2c0..0cd4cc4a

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=07
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=06-07

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Wed Jan 18 10:23:54 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 18 Jan 2023 10:23:54 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v9]
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <sOkMRnxmqlxYTZxC6eOwmndErXgtaow-tkM2hS0g1K0=.8c168d84-a70e-44f0-acdc-044ecce37e23@github.com>

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:

  Update copyright year of SignatureFileVerifier.java

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11976/files
  - new: https://git.openjdk.org/jdk/pull/11976/files/0cd4cc4a..e0283565

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=08
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=07-08

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Wed Jan 18 10:31:33 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 18 Jan 2023 10:31:33 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v10]
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <bUFhyvY2dqd5T-sM4-RIkASOh-CDn9o4wC_AfmPJi68=.94336b08-1da5-4781-944c-91d2d10a4c84@github.com>

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:

  Update copyright year of s.s.t.jarsigner.Main.java

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11976/files
  - new: https://git.openjdk.org/jdk/pull/11976/files/e0283565..c3a19971

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=09
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=08-09

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Wed Jan 18 12:56:32 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 18 Jan 2023 12:56:32 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v11]
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <uFn5EC45layGJeaCz2on57PUiWq7GUxd-D1QShZiqeQ=.97a43c0d-81d6-44ae-a0ec-4e8b5e3b7529@github.com>

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Eirik Bjorsnos has updated the pull request incrementally with two additional commits since the last revision:

 - The accidental regression where MANIFEST.MF was incorrecly not matched by SignatureFileVerifier.isSigningRelated revealed was not caught by any test. Adding a sanity check to IgnoreUnrelatedSignatureFiles which verifies that a basic signed JAR has the expected manifest sections.
 - The update of SignatureFileVerifier.isSigningRelated to call isInMetaInf accidentally removed "META-INF/" prefix stripping. This broke some checks in the remainder of this method.
   
   I chose to restore current behaviour by comparing MANIFEST.MF and "SIG-" files using the full path. This saves the allocation caused by substring and also makes sure isBlockOrSF now always called with the full path.

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11976/files
  - new: https://git.openjdk.org/jdk/pull/11976/files/c3a19971..34873625

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=10
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=09-10

  Stats: 21 lines in 2 files changed: 17 ins; 0 del; 4 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Wed Jan 18 13:01:23 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 18 Jan 2023 13:01:23 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v11]
In-Reply-To: <KZFoIQoo0ovarcLVnVgEe_aJ_zsycz3hCJklKYbYSgo=.4da464bb-1b7d-4d09-83f9-fac12844a04b@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>
 <HW2c5J32At6oouTNDIR8yuz5ikaUADNTAmEsfb7jdvA=.e6c5195f-a563-40d4-8b25-877c155edb68@github.com>
 <z3HmhFZiy2-qDk23oZG-_jFAx27K4PL5YC7dzX-Li5Y=.a7d0dc20-37c1-4620-bc58-390610ba721f@github.com>
 <KZFoIQoo0ovarcLVnVgEe_aJ_zsycz3hCJklKYbYSgo=.4da464bb-1b7d-4d09-83f9-fac12844a04b@github.com>
Message-ID: <zs0q4DEMrm_AC2VVhv5e08IwlgHC2bnzKbnSJ88uFjM=.ab0f4fc9-cfc6-4a03-9576-5e3e582d7428@github.com>

On Wed, 18 Jan 2023 09:51:35 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> While `JarSigner` has not normalize to uppercase, the check is the same. As for `/META-INF/`, it must be very broken now since `JarFile::maybeInstantiateVerifier` is using `JUZFA.getManifestName(this,true)` to read the manifest and since `ZipFile` cannot see the signature-related files starting with `/META-INF/` this method will always return null.
>
> I agree this deserves a cleanup, and since we're already deep into it it can make sense to fix this in this PR.
> 
> I have introduced SignatureFileVerifier.isInMetaInf as a common method to replace duplicated logic in JarVerifier and  JarSigner. I also noticed that SignatureFileVerifier.isSigningRelated performs the same check, so I updated that method to also call the isInMetaInf.
> 
> This introduces two subtle behavioural changes:
> 
> - JarSigner is relaxed to ignore case when checking isInMetaInf, meaning "meta-inf/" files will now be moved to the beginning of the signed JAR
> - JarVerifier is tightened to reject /META-INF/ as not in META-INF/. This is believed to have little practical impact, since ZipFile.Source.isMetaName already rejects such paths.

When introducing the call to isInMetaInf in isSigningRelated, I accidentally broke the matching of MANIFEST.MF and SIG-* files.

When fixing this regression, I now match against the full path instead of the existing prefix stripping substring. (A nice side effect of this is that isBlockOrSF is now always called with the full path)

Since the regression was not caught by any existing test, I'm also adding a sanity check that a basic signed JAR has the expected sections in MANIFEST.MF. (The regression introduced a section for META-INF/MANIFEST.MF which seemed to not be caught by tests)

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Wed Jan 18 13:44:37 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 18 Jan 2023 13:44:37 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v11]
In-Reply-To: <zs0q4DEMrm_AC2VVhv5e08IwlgHC2bnzKbnSJ88uFjM=.ab0f4fc9-cfc6-4a03-9576-5e3e582d7428@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>
 <HW2c5J32At6oouTNDIR8yuz5ikaUADNTAmEsfb7jdvA=.e6c5195f-a563-40d4-8b25-877c155edb68@github.com>
 <z3HmhFZiy2-qDk23oZG-_jFAx27K4PL5YC7dzX-Li5Y=.a7d0dc20-37c1-4620-bc58-390610ba721f@github.com>
 <KZFoIQoo0ovarcLVnVgEe_aJ_zsycz3hCJklKYbYSgo=.4da464bb-1b7d-4d09-83f9-fac12844a04b@github.com>
 <zs0q4DEMrm_AC2VVhv5e08IwlgHC2bnzKbnSJ88uFjM=.ab0f4fc9-cfc6-4a03-9576-5e3e582d7428@github.com>
Message-ID: <MiMON9m1-uVAqR28j0nHDAX52rnuxzf1XeIPREJqat8=.2c5bf31f-339d-486f-94a6-3a8c28ea9233@github.com>

On Wed, 18 Jan 2023 12:57:17 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> I agree this deserves a cleanup, and since we're already deep into it it can make sense to fix this in this PR.
>> 
>> I have introduced SignatureFileVerifier.isInMetaInf as a common method to replace duplicated logic in JarVerifier and  JarSigner. I also noticed that SignatureFileVerifier.isSigningRelated performs the same check, so I updated that method to also call the isInMetaInf.
>> 
>> This introduces two subtle behavioural changes:
>> 
>> - JarSigner is relaxed to ignore case when checking isInMetaInf, meaning "meta-inf/" files will now be moved to the beginning of the signed JAR
>> - JarVerifier is tightened to reject /META-INF/ as not in META-INF/. This is believed to have little practical impact, since ZipFile.Source.isMetaName already rejects such paths.
>
> When introducing the call to isInMetaInf in isSigningRelated, I accidentally broke the matching of MANIFEST.MF and SIG-* files.
> 
> When fixing this regression, I now match against the full path instead of the existing prefix stripping substring. (A nice side effect of this is that isBlockOrSF is now always called with the full path)
> 
> Since the regression was not caught by any existing test, I'm also adding a sanity check that a basic signed JAR has the expected sections in MANIFEST.MF. (The regression introduced a section for META-INF/MANIFEST.MF which seemed to not be caught by tests)

On a similar note, I added test covering for the matching of custom SIG-* files in SignatureFileVerifier.isSigningRelated.

The test now checks both valid and invalid SIG- file extensions and directory locations inside/outside META-INF

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Wed Jan 18 13:49:18 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 18 Jan 2023 13:49:18 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v12]
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <jBcH93F2Suf-8tWoZRudDUVm5EdRSjc-kv7vQdb-tKo=.e8e56802-14a9-454a-9569-c04c864532a6@github.com>

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Eirik Bjorsnos has updated the pull request incrementally with two additional commits since the last revision:

 - Link to a more recent version of the JAR File Specification
 - Add test coverage for matching of custom SIG-* files in SignatureFileVerifier.isSigningRelated

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11976/files
  - new: https://git.openjdk.org/jdk/pull/11976/files/34873625..de3c6781

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=11
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=10-11

  Stats: 64 lines in 2 files changed: 56 ins; 5 del; 3 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Wed Jan 18 13:53:55 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 18 Jan 2023 13:53:55 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v13]
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <Il3x5im9gDa_41gaQWfosmqAzTFx9SOmQuwN7jDQjjg=.794938c4-87e2-4f3f-b844-cb59e50a705b@github.com>

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:

  Style: Add whitespace between if and left parenthesis

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11976/files
  - new: https://git.openjdk.org/jdk/pull/11976/files/de3c6781..7aeef1c6

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=12
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=11-12

  Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Wed Jan 18 16:08:39 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 18 Jan 2023 16:08:39 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v14]
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <Ew0IE4upWagFso8S3tQ_JgcJ6g_MUX8_aZEjvI9cO8Q=.ad65e88e-6e43-4143-8fc3-e7134c655e11@github.com>

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test VerifyUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:

  Improve test coverage of SignatureFileVerifier.isSigningRelated by adding META-INF/unrelated.txt and META-INF/SIG- files with invalid as well as no file extension

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11976/files
  - new: https://git.openjdk.org/jdk/pull/11976/files/7aeef1c6..cf93bfc1

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=13
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=12-13

  Stats: 14 lines in 1 file changed: 10 ins; 0 del; 4 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Wed Jan 18 16:13:17 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 18 Jan 2023 16:13:17 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v14]
In-Reply-To: <MiMON9m1-uVAqR28j0nHDAX52rnuxzf1XeIPREJqat8=.2c5bf31f-339d-486f-94a6-3a8c28ea9233@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <iVPOOL5BevDfD4plUWFMzKMR04sGeGiIO9iIbnxIGhI=.5d7ad297-85fb-4d9d-9d8c-44abece9daf1@github.com>
 <HW2c5J32At6oouTNDIR8yuz5ikaUADNTAmEsfb7jdvA=.e6c5195f-a563-40d4-8b25-877c155edb68@github.com>
 <z3HmhFZiy2-qDk23oZG-_jFAx27K4PL5YC7dzX-Li5Y=.a7d0dc20-37c1-4620-bc58-390610ba721f@github.com>
 <KZFoIQoo0ovarcLVnVgEe_aJ_zsycz3hCJklKYbYSgo=.4da464bb-1b7d-4d09-83f9-fac12844a04b@github.com>
 <zs0q4DEMrm_AC2VVhv5e08IwlgHC2bnzKbnSJ88uFjM=.ab0f4fc9-cfc6-4a03-9576-5e3e582d7428@github.com>
 <MiMON9m1-uVAqR28j0nHDAX52rnuxzf1XeIPREJqat8=.2c5bf31f-339d-486f-94a6-3a8c28ea9233@github.com>
Message-ID: <pPUHq7nvqzph7KpOY-CZIe0XB1IsbHgjqUtxlwtYvJM=.5e2bd42f-cc47-46fc-bafb-c50a1f522839@github.com>

On Wed, 18 Jan 2023 13:42:12 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> When introducing the call to isInMetaInf in isSigningRelated, I accidentally broke the matching of MANIFEST.MF and SIG-* files.
>> 
>> When fixing this regression, I now match against the full path instead of the existing prefix stripping substring. (A nice side effect of this is that isBlockOrSF is now always called with the full path)
>> 
>> Since the regression was not caught by any existing test, I'm also adding a sanity check that a basic signed JAR has the expected sections in MANIFEST.MF. (The regression introduced a section for META-INF/MANIFEST.MF which seemed to not be caught by tests)
>
> On a similar note, I added test covering for the matching of custom SIG-* files in SignatureFileVerifier.isSigningRelated.
> 
> The test now checks both valid and invalid SIG- file extensions and directory locations inside/outside META-INF

Added test cases for:

- META-INF/unrelated.txt (Unrelated file in META-INF)
- META-INF/SIG-CUSTOM (No extension is ok)
- META-INF/SIG-CUSTOM2. (Extension too short)
- META-INF/SIG-CUSTOM2.ABCD (Extension too long)

Reading the Jar File Specification, I cannot see that it explicitly allows no extension for SIG- files, but that's what the current code does. It feels safest to leave it that way.

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From redestad at openjdk.org  Wed Jan 18 17:02:09 2023
From: redestad at openjdk.org (Claes Redestad)
Date: Wed, 18 Jan 2023 17:02:09 GMT
Subject: RFR: 8300493: Use ArraysSupport.vectorizedHashCode in j.u.zip.ZipCoder
Message-ID: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>

`ZipCoder::checkedHashCode` emulates `StringLatin1::hashCode` but operates on a `byte[]` subrange. It can profitably use the recently introduced `ArraysSupport::vectorizedHashCode` method to see a speed-up, which translates to a small but significant speed-up on `ZipFile` creation.

Before:

Benchmark                     (size)  Mode  Cnt       Score      Error  Units
ZipFileOpen.openCloseZipFile     512  avgt   15   83007.325 ? 1446.716  ns/op
ZipFileOpen.openCloseZipFile    1024  avgt   15  154550.631 ? 2166.673  ns/op

After:

Benchmark                     (size)  Mode  Cnt       Score      Error  Units
ZipFileOpen.openCloseZipFile     512  avgt   15   79512.902 ?  814.449  ns/op
ZipFileOpen.openCloseZipFile    1024  avgt   15  147892.522 ? 2744.017  ns/op

-------------

Commit messages:
 - Use ArraysSupport.vectorizedHashCode in j.u.zip.ZipCoder

Changes: https://git.openjdk.org/jdk/pull/12077/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12077&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8300493
  Stats: 116 lines in 4 files changed: 99 ins; 8 del; 9 mod
  Patch: https://git.openjdk.org/jdk/pull/12077.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12077/head:pull/12077

PR: https://git.openjdk.org/jdk/pull/12077

From alanb at openjdk.org  Wed Jan 18 18:42:15 2023
From: alanb at openjdk.org (Alan Bateman)
Date: Wed, 18 Jan 2023 18:42:15 GMT
Subject: RFR: 8300493: Use ArraysSupport.vectorizedHashCode in
 j.u.zip.ZipCoder
In-Reply-To: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
References: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
Message-ID: <8PUJ0Q50q_biw8S6-8-em8pmp9SNt9sqpt_vZx7mQ4c=.8f788eeb-7f2b-4bc9-a4ff-abc2aec4b37b@github.com>

On Wed, 18 Jan 2023 16:53:04 GMT, Claes Redestad <redestad at openjdk.org> wrote:

> `ZipCoder::checkedHashCode` emulates `StringLatin1::hashCode` but operates on a `byte[]` subrange. It can profitably use the recently introduced `ArraysSupport::vectorizedHashCode` method to see a speed-up, which translates to a small but significant speed-up on `ZipFile` creation.
> 
> Before:
> 
> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
> ZipFileOpen.openCloseZipFile     512  avgt   15   83007.325 ? 1446.716  ns/op
> ZipFileOpen.openCloseZipFile    1024  avgt   15  154550.631 ? 2166.673  ns/op
> 
> After:
> 
> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
> ZipFileOpen.openCloseZipFile     512  avgt   15   79512.902 ?  814.449  ns/op
> ZipFileOpen.openCloseZipFile    1024  avgt   15  147892.522 ? 2744.017  ns/op

Using countPositives, and vectorizedHashCode(T_BOOLEAN) for unsigned bytes, make sense here. I don't have time to study the micro right now.

-------------

PR: https://git.openjdk.org/jdk/pull/12077

From smarks at openjdk.org  Wed Jan 18 18:50:16 2023
From: smarks at openjdk.org (Stuart Marks)
Date: Wed, 18 Jan 2023 18:50:16 GMT
Subject: RFR: JDK-8300133: Use generalized see and link tags in core libs
 [v2]
In-Reply-To: <UaBeX5RWQwJrv1XbJifhCHhwaBjdm_dj8PUfvCeSeE0=.671a345f-d1d7-4656-b944-fab90cab5b84@github.com>
References: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
 <UaBeX5RWQwJrv1XbJifhCHhwaBjdm_dj8PUfvCeSeE0=.671a345f-d1d7-4656-b944-fab90cab5b84@github.com>
Message-ID: <EbBI_PyKevovi8qoAwSXAkUEvtSxG2pkGaST26W8IZU=.d2c46d50-ce7a-42de-b2b5-fd9ff986830f@github.com>

On Fri, 13 Jan 2023 22:54:47 GMT, Joe Darcy <darcy at openjdk.org> wrote:

>> With generalized see and link tags that can refer to anchors (JDK-8200337), the see and link tags in core libraries should be updated to use this feature when possible. This PR covers such updates for java.base.
>
> Joe Darcy has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix typo found in code review.

Changes in collections look good. I think there are a bunch of other places where this could be used, but fixing up optional-restrictions is a good start.

-------------

Marked as reviewed by smarks (Reviewer).

PR: https://git.openjdk.org/jdk/pull/12000

From darcy at openjdk.org  Wed Jan 18 18:57:23 2023
From: darcy at openjdk.org (Joe Darcy)
Date: Wed, 18 Jan 2023 18:57:23 GMT
Subject: Integrated: JDK-8300133: Use generalized see and link tags in core
 libs
In-Reply-To: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
References: <PxuKaVNs1sUw-9f9v1_QsWnjBriZbWOyqa2sjFoXZLE=.11aef1c3-15d4-4637-b7e2-6f7790d22568@github.com>
Message-ID: <neLsXfKFzhxMMpVw2LwhHIq5Wx-BUZb0d0Dgtuh83MY=.92353314-ac4e-453a-875c-dd201b3df505@github.com>

On Fri, 13 Jan 2023 21:30:06 GMT, Joe Darcy <darcy at openjdk.org> wrote:

> With generalized see and link tags that can refer to anchors (JDK-8200337), the see and link tags in core libraries should be updated to use this feature when possible. This PR covers such updates for java.base.

This pull request has now been integrated.

Changeset: 7bf0d146
Author:    Joe Darcy <darcy at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/7bf0d1465e73d83aae30f1cd9fd318af9e9c1b70
Stats:     107 lines in 10 files changed: 0 ins; 19 del; 88 mod

8300133: Use generalized see and link tags in core libs

Reviewed-by: jjg, mchung, naoto, smarks

-------------

PR: https://git.openjdk.org/jdk/pull/12000

From jwilhelm at openjdk.org  Wed Jan 18 22:07:58 2023
From: jwilhelm at openjdk.org (Jesper Wilhelmsson)
Date: Wed, 18 Jan 2023 22:07:58 GMT
Subject: RFR: Merge jdk20
Message-ID: <aoXMpcOdw9mIXTxDzeZ_BL-vPIIxG7Cno_7ULOPDUcA=.587db5a6-79dc-4420-b76f-161ec629277d@github.com>

Forwardport JDK 20 -> JDK 21

-------------

Commit messages:
 - Merge remote-tracking branch 'jdk20/master' into Merge_jdk20
 - 8300275: SegmentScope.isAccessibleBy returning incorrect values
 - 8300195: Fall-through issue occurs when using record pattern in switch statements
 - 8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error
 - 8295687: Better BMP bounds
 - 8293742: Better Banking of Sounds
 - 8293554: Enhanced DH Key Exchanges
 - 8287411: Enhance DTLS Performance
 - 8293717: Objective view of ObjectView
 - 8293734: Improve BMP image handling
 - ... and 5 more: https://git.openjdk.org/jdk/compare/8b70c432...77fb81ec

The webrevs contain the adjustments done while merging with regards to each parent branch:
 - master: https://webrevs.openjdk.org/?repo=jdk&pr=12085&range=00.0
 - jdk20: https://webrevs.openjdk.org/?repo=jdk&pr=12085&range=00.1

Changes: https://git.openjdk.org/jdk/pull/12085/files
  Stats: 564 lines in 27 files changed: 332 ins; 117 del; 115 mod
  Patch: https://git.openjdk.org/jdk/pull/12085.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12085/head:pull/12085

PR: https://git.openjdk.org/jdk/pull/12085

From jwilhelm at openjdk.org  Wed Jan 18 23:32:35 2023
From: jwilhelm at openjdk.org (Jesper Wilhelmsson)
Date: Wed, 18 Jan 2023 23:32:35 GMT
Subject: Integrated: Merge jdk20
In-Reply-To: <aoXMpcOdw9mIXTxDzeZ_BL-vPIIxG7Cno_7ULOPDUcA=.587db5a6-79dc-4420-b76f-161ec629277d@github.com>
References: <aoXMpcOdw9mIXTxDzeZ_BL-vPIIxG7Cno_7ULOPDUcA=.587db5a6-79dc-4420-b76f-161ec629277d@github.com>
Message-ID: <WxP2Ie203v7YoiY0G-tY2xbu4Xnajzc2aRYwLBvaUtY=.ef8aa6e1-64b4-4e60-8898-4aaf24188522@github.com>

On Wed, 18 Jan 2023 21:56:13 GMT, Jesper Wilhelmsson <jwilhelm at openjdk.org> wrote:

> Forwardport JDK 20 -> JDK 21

This pull request has now been integrated.

Changeset: fc9f8baf
Author:    Jesper Wilhelmsson <jwilhelm at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/fc9f8baf56a8888362ad60d0e6dc8953690b80d3
Stats:     564 lines in 27 files changed: 332 ins; 117 del; 115 mod

Merge

-------------

PR: https://git.openjdk.org/jdk/pull/12085

From redestad at openjdk.org  Thu Jan 19 09:49:12 2023
From: redestad at openjdk.org (Claes Redestad)
Date: Thu, 19 Jan 2023 09:49:12 GMT
Subject: RFR: 8300493: Use ArraysSupport.vectorizedHashCode in
 j.u.zip.ZipCoder
In-Reply-To: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
References: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
Message-ID: <O28fzZHNH9u_7MPG3IuJS27_4FJrKB_PTq6h_eXxgIU=.c9b6675e-9f00-4f57-8068-28ca5fea7583@github.com>

On Wed, 18 Jan 2023 16:53:04 GMT, Claes Redestad <redestad at openjdk.org> wrote:

> `ZipCoder::checkedHashCode` emulates `StringLatin1::hashCode` but operates on a `byte[]` subrange. It can profitably use the recently introduced `ArraysSupport::vectorizedHashCode` method to see a speed-up, which translates to a small but significant speed-up on `ZipFile` creation.
> 
> Before:
> 
> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
> ZipFileOpen.openCloseZipFile     512  avgt   15   83007.325 ? 1446.716  ns/op
> ZipFileOpen.openCloseZipFile    1024  avgt   15  154550.631 ? 2166.673  ns/op
> 
> After:
> 
> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
> ZipFileOpen.openCloseZipFile     512  avgt   15   79512.902 ?  814.449  ns/op
> ZipFileOpen.openCloseZipFile    1024  avgt   15  147892.522 ? 2744.017  ns/op

FWIW the micro is derived from the sibling `ZipFileGetEntry` micro in the same directory. It's not exactly necessary for this use case to add such a benchmark, but I think there's value in verifying that optimizing `checkedHash` improves `ZipFile` setup and adding the micro might allow us to find further opportunities down the line.

-------------

PR: https://git.openjdk.org/jdk/pull/12077

From redestad at openjdk.org  Thu Jan 19 11:53:12 2023
From: redestad at openjdk.org (Claes Redestad)
Date: Thu, 19 Jan 2023 11:53:12 GMT
Subject: RFR: 8300647: Miscellaneous hashCode improvements in java.base
Message-ID: <bzI9l77v1uNq75LYTF5o4z0mJK_-wVtXn9j18EzDb7E=.ba37e142-66e4-45e2-8ec2-c94e7e6c19d4@github.com>

Went through the jdk and found a few more places where `ArraysSupport::vectorizedHashCode` can be used, and a few where adhoc methods could be replaced with a plain call to `java.util.Arrays` equivalents. This patch addresses that.

After this, #12068, and #12077 I think we're reaching the limit of sensible direct use of `AS::vectorizedHashCode`. I've found a few places outside of java.base where `vectorizedHashCode` might be applicable, but none that seem important enough to warrant an export of this method outside of java.base.

-------------

Commit messages:
 - Miscellaneous hashCode improvements in java.base

Changes: https://git.openjdk.org/jdk/pull/12093/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12093&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8300647
  Stats: 44 lines in 3 files changed: 3 ins; 33 del; 8 mod
  Patch: https://git.openjdk.org/jdk/pull/12093.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12093/head:pull/12093

PR: https://git.openjdk.org/jdk/pull/12093

From redestad at openjdk.org  Thu Jan 19 13:46:26 2023
From: redestad at openjdk.org (Claes Redestad)
Date: Thu, 19 Jan 2023 13:46:26 GMT
Subject: RFR: 8300647: Miscellaneous hashCode improvements in java.base
 [v2]
In-Reply-To: <bzI9l77v1uNq75LYTF5o4z0mJK_-wVtXn9j18EzDb7E=.ba37e142-66e4-45e2-8ec2-c94e7e6c19d4@github.com>
References: <bzI9l77v1uNq75LYTF5o4z0mJK_-wVtXn9j18EzDb7E=.ba37e142-66e4-45e2-8ec2-c94e7e6c19d4@github.com>
Message-ID: <SNrwfrYRctLBfjgisY-ugVVS4JUIzpGcYZVDWH6uyUE=.cf081e73-deed-45d4-b517-48850a0e8ba8@github.com>

> Went through the jdk and found a few more places where `ArraysSupport::vectorizedHashCode` can be used, and a few where adhoc methods could be replaced with a plain call to `java.util.Arrays` equivalents. This patch addresses that.
> 
> After this, #12068, and #12077 I think we're reaching the limit of sensible direct use of `AS::vectorizedHashCode`. I've found a few places outside of java.base where `vectorizedHashCode` might be applicable, but none that seem important enough to warrant an export of this method outside of java.base.

Claes Redestad has updated the pull request incrementally with one additional commit since the last revision:

  Revert ZipFileSystem changes since it's additionally built as a library dependency and can't rely on jdk.internal

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/12093/files
  - new: https://git.openjdk.org/jdk/pull/12093/files/5f36ebd7..b1507e69

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=12093&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=12093&range=00-01

  Stats: 7 lines in 1 file changed: 2 ins; 2 del; 3 mod
  Patch: https://git.openjdk.org/jdk/pull/12093.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12093/head:pull/12093

PR: https://git.openjdk.org/jdk/pull/12093

From duke at openjdk.org  Thu Jan 19 14:15:40 2023
From: duke at openjdk.org (Viktor Klang)
Date: Thu, 19 Jan 2023 14:15:40 GMT
Subject: RFR: 8300647: Miscellaneous hashCode improvements in java.base
 [v2]
In-Reply-To: <SNrwfrYRctLBfjgisY-ugVVS4JUIzpGcYZVDWH6uyUE=.cf081e73-deed-45d4-b517-48850a0e8ba8@github.com>
References: <bzI9l77v1uNq75LYTF5o4z0mJK_-wVtXn9j18EzDb7E=.ba37e142-66e4-45e2-8ec2-c94e7e6c19d4@github.com>
 <SNrwfrYRctLBfjgisY-ugVVS4JUIzpGcYZVDWH6uyUE=.cf081e73-deed-45d4-b517-48850a0e8ba8@github.com>
Message-ID: <SjaOe6Vm1GtA6r8KFqDFGz-v0Ta-5RaEnbJfZB2uB_4=.b1c5dfab-64d3-4f44-9316-380df0f0bf0b@github.com>

On Thu, 19 Jan 2023 13:46:26 GMT, Claes Redestad <redestad at openjdk.org> wrote:

>> Went through the jdk and found a few more places where `ArraysSupport::vectorizedHashCode` can be used, and a few where adhoc methods could be replaced with a plain call to `java.util.Arrays` equivalents. This patch addresses that.
>> 
>> After this, #12068, and #12077 I think we're reaching the limit of sensible direct use of `AS::vectorizedHashCode`. I've found a few places outside of java.base where `vectorizedHashCode` might be applicable, but none that seem important enough to warrant an export of this method outside of java.base.
>
> Claes Redestad has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Revert ZipFileSystem changes since it's additionally built as a library dependency and can't rely on jdk.internal

src/java.base/unix/classes/java/lang/ProcessEnvironment.java line 415:

> 413:     }
> 414: 
> 415:     // Replace with general purpose method someday

@cl4es Nice work addressing this 16+ year old comment! ?

-------------

PR: https://git.openjdk.org/jdk/pull/12093

From stsypanov at openjdk.org  Thu Jan 19 15:11:16 2023
From: stsypanov at openjdk.org (Sergey Tsypanov)
Date: Thu, 19 Jan 2023 15:11:16 GMT
Subject: RFR: 8300647: Miscellaneous hashCode improvements in java.base
 [v2]
In-Reply-To: <SNrwfrYRctLBfjgisY-ugVVS4JUIzpGcYZVDWH6uyUE=.cf081e73-deed-45d4-b517-48850a0e8ba8@github.com>
References: <bzI9l77v1uNq75LYTF5o4z0mJK_-wVtXn9j18EzDb7E=.ba37e142-66e4-45e2-8ec2-c94e7e6c19d4@github.com>
 <SNrwfrYRctLBfjgisY-ugVVS4JUIzpGcYZVDWH6uyUE=.cf081e73-deed-45d4-b517-48850a0e8ba8@github.com>
Message-ID: <n--mZU3I8wsgJUZIlpE7fUvpuOJ39ZOX7QB0y3HjYZk=.a696e43d-e53c-4c8a-8c3f-0d860dc1551b@github.com>

On Thu, 19 Jan 2023 13:46:26 GMT, Claes Redestad <redestad at openjdk.org> wrote:

>> Went through the jdk and found a few more places where `ArraysSupport::vectorizedHashCode` can be used, and a few where adhoc methods could be replaced with a plain call to `java.util.Arrays` equivalents. This patch addresses that.
>> 
>> After this, #12068, and #12077 I think we're reaching the limit of sensible direct use of `AS::vectorizedHashCode`. I've found a few places outside of java.base where `vectorizedHashCode` might be applicable, but none that seem important enough to warrant an export of this method outside of java.base.
>
> Claes Redestad has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Revert ZipFileSystem changes since it's additionally built as a library dependency and can't rely on jdk.internal

Marked as reviewed by stsypanov (Author).

-------------

PR: https://git.openjdk.org/jdk/pull/12093

From rriggs at openjdk.org  Thu Jan 19 15:29:04 2023
From: rriggs at openjdk.org (Roger Riggs)
Date: Thu, 19 Jan 2023 15:29:04 GMT
Subject: RFR: 8300647: Miscellaneous hashCode improvements in java.base
 [v2]
In-Reply-To: <SNrwfrYRctLBfjgisY-ugVVS4JUIzpGcYZVDWH6uyUE=.cf081e73-deed-45d4-b517-48850a0e8ba8@github.com>
References: <bzI9l77v1uNq75LYTF5o4z0mJK_-wVtXn9j18EzDb7E=.ba37e142-66e4-45e2-8ec2-c94e7e6c19d4@github.com>
 <SNrwfrYRctLBfjgisY-ugVVS4JUIzpGcYZVDWH6uyUE=.cf081e73-deed-45d4-b517-48850a0e8ba8@github.com>
Message-ID: <xgmrvYPitrnZKY0hV3HtNmu0sU5i5b5_AOHbJgHSyns=.cd115921-2d54-40b4-92a6-fc4c48de2663@github.com>

On Thu, 19 Jan 2023 13:46:26 GMT, Claes Redestad <redestad at openjdk.org> wrote:

>> Went through the jdk and found a few more places where `ArraysSupport::vectorizedHashCode` can be used, and a few where adhoc methods could be replaced with a plain call to `java.util.Arrays` equivalents. This patch addresses that.
>> 
>> After this, #12068, and #12077 I think we're reaching the limit of sensible direct use of `AS::vectorizedHashCode`. I've found a few places outside of java.base where `vectorizedHashCode` might be applicable, but none that seem important enough to warrant an export of this method outside of java.base.
>
> Claes Redestad has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Revert ZipFileSystem changes since it's additionally built as a library dependency and can't rely on jdk.internal

Marked as reviewed by rriggs (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/12093

From redestad at openjdk.org  Thu Jan 19 16:53:22 2023
From: redestad at openjdk.org (Claes Redestad)
Date: Thu, 19 Jan 2023 16:53:22 GMT
Subject: RFR: 8300647: Miscellaneous hashCode improvements in java.base
 [v2]
In-Reply-To: <SNrwfrYRctLBfjgisY-ugVVS4JUIzpGcYZVDWH6uyUE=.cf081e73-deed-45d4-b517-48850a0e8ba8@github.com>
References: <bzI9l77v1uNq75LYTF5o4z0mJK_-wVtXn9j18EzDb7E=.ba37e142-66e4-45e2-8ec2-c94e7e6c19d4@github.com>
 <SNrwfrYRctLBfjgisY-ugVVS4JUIzpGcYZVDWH6uyUE=.cf081e73-deed-45d4-b517-48850a0e8ba8@github.com>
Message-ID: <Jn4bBHwvc-DJXxGYz3TcB2LsUuLNdOVeCGvd1C0soro=.eea243f7-3180-4ebb-828d-ab14c86ec420@github.com>

On Thu, 19 Jan 2023 13:46:26 GMT, Claes Redestad <redestad at openjdk.org> wrote:

>> Went through the jdk and found a few more places where `ArraysSupport::vectorizedHashCode` can be used, and a few where adhoc methods could be replaced with a plain call to `java.util.Arrays` equivalents. This patch addresses that.
>> 
>> After this, #12068, and #12077 I think we're reaching the limit of sensible direct use of `AS::vectorizedHashCode`. I've found a few places outside of java.base where `vectorizedHashCode` might be applicable, but none that seem important enough to warrant an export of this method outside of java.base.
>
> Claes Redestad has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Revert ZipFileSystem changes since it's additionally built as a library dependency and can't rely on jdk.internal

Thanks for reviewing!

-------------

PR: https://git.openjdk.org/jdk/pull/12093

From redestad at openjdk.org  Thu Jan 19 16:53:24 2023
From: redestad at openjdk.org (Claes Redestad)
Date: Thu, 19 Jan 2023 16:53:24 GMT
Subject: Integrated: 8300647: Miscellaneous hashCode improvements in java.base
In-Reply-To: <bzI9l77v1uNq75LYTF5o4z0mJK_-wVtXn9j18EzDb7E=.ba37e142-66e4-45e2-8ec2-c94e7e6c19d4@github.com>
References: <bzI9l77v1uNq75LYTF5o4z0mJK_-wVtXn9j18EzDb7E=.ba37e142-66e4-45e2-8ec2-c94e7e6c19d4@github.com>
Message-ID: <rKwYRyhMV_RjfrardfY3C2eA9RY-5kCdEEz0Zp9sjt8=.3093891f-b681-45e5-8c58-a6fa10296fb0@github.com>

On Thu, 19 Jan 2023 11:45:12 GMT, Claes Redestad <redestad at openjdk.org> wrote:

> Went through the jdk and found a few more places where `ArraysSupport::vectorizedHashCode` can be used, and a few where adhoc methods could be replaced with a plain call to `java.util.Arrays` equivalents. This patch addresses that.
> 
> After this, #12068, and #12077 I think we're reaching the limit of sensible direct use of `AS::vectorizedHashCode`. I've found a few places outside of java.base where `vectorizedHashCode` might be applicable, but none that seem important enough to warrant an export of this method outside of java.base.

This pull request has now been integrated.

Changeset: d85243f0
Author:    Claes Redestad <redestad at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/d85243f02b34d03bd7af63a5bcbc73f500f720df
Stats:     37 lines in 2 files changed: 1 ins; 31 del; 5 mod

8300647: Miscellaneous hashCode improvements in java.base

Reviewed-by: stsypanov, rriggs

-------------

PR: https://git.openjdk.org/jdk/pull/12093

From ascarpino at openjdk.org  Thu Jan 19 16:59:32 2023
From: ascarpino at openjdk.org (Anthony Scarpino)
Date: Thu, 19 Jan 2023 16:59:32 GMT
Subject: RFR: 8300399: EdDSA does not verify when there is no message
In-Reply-To: <nA84rgcnE1TPwT0OPFf551_HeYtFMnpZ7MUpFVSFyJ0=.67bb58af-a5c7-4b94-9a61-8217ea2d9d75@github.com>
References: <nA84rgcnE1TPwT0OPFf551_HeYtFMnpZ7MUpFVSFyJ0=.67bb58af-a5c7-4b94-9a61-8217ea2d9d75@github.com>
Message-ID: <ew0-RH09S_RGSE1P8Gt0oDaP_CMRRVdZcEkYwgo29sQ=.4457d553-1c02-4b3c-80e6-31e04006cfdf@github.com>

On Wed, 18 Jan 2023 03:21:29 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Verify should go on even if there is no message.

Marked as reviewed by ascarpino (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/12059

From duke at openjdk.org  Thu Jan 19 18:30:04 2023
From: duke at openjdk.org (Volodymyr Paprotski)
Date: Thu, 19 Jan 2023 18:30:04 GMT
Subject: RFR: 8297972: Poly1305 Endianness on ByteBuffer not enforced [v2]
In-Reply-To: <d5Eh66F_jaKsA7WCj4Gjdu1iND8Inz6Z-kBVwHzCF7s=.b5da3bb1-dae7-4ff2-b711-b405b008ca29@github.com>
References: <d5Eh66F_jaKsA7WCj4Gjdu1iND8Inz6Z-kBVwHzCF7s=.b5da3bb1-dae7-4ff2-b711-b405b008ca29@github.com>
Message-ID: <gVsoRykojNo4L5GhQy1Z4b1t7wJ8qKEjc4Dcn0KM-9U=.d0898beb-ba91-4fea-b811-5829ce40f65d@github.com>

> Per rfc7539 Section 2.5, "Read the block as a little-endian number."
> 
> sun.security.util.math.intpoly.IntegerPolynomial1305 enforces this on input when input is provided as `[]byte` but not when input is in `ByteBuffer`
> 
> Tested with `Poly1305IntrinsicFuzzTest.java` from https://github.com/openjdk/jdk/pull/11338 which compares Poly1305 MAC between `ByteBuffer` and `[]byte`

Volodymyr Paprotski has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:

 - remove workaround from test
 - Merge remote-tracking branch 'origin/master' into endian-poly1305
 - enforce reading input as little_endian numbers

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11463/files
  - new: https://git.openjdk.org/jdk/pull/11463/files/db17dd19..e21c845b

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11463&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11463&range=00-01

  Stats: 119592 lines in 3135 files changed: 60780 ins; 42414 del; 16398 mod
  Patch: https://git.openjdk.org/jdk/pull/11463.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11463/head:pull/11463

PR: https://git.openjdk.org/jdk/pull/11463

From weijun at openjdk.org  Thu Jan 19 18:35:13 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Thu, 19 Jan 2023 18:35:13 GMT
Subject: Integrated: 8300399: EdDSA does not verify when there is no message
In-Reply-To: <nA84rgcnE1TPwT0OPFf551_HeYtFMnpZ7MUpFVSFyJ0=.67bb58af-a5c7-4b94-9a61-8217ea2d9d75@github.com>
References: <nA84rgcnE1TPwT0OPFf551_HeYtFMnpZ7MUpFVSFyJ0=.67bb58af-a5c7-4b94-9a61-8217ea2d9d75@github.com>
Message-ID: <z3-21GIuecdxvoS0htgKaJQkB2oJeC28RUQXLkWmtf8=.e119e284-b9c7-4ff4-98cb-073ef74a0671@github.com>

On Wed, 18 Jan 2023 03:21:29 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Verify should go on even if there is no message.

This pull request has now been integrated.

Changeset: b317658d
Author:    Weijun Wang <weijun at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/b317658d69a477df04ded3cc2e107970f8a6e20d
Stats:     54 lines in 2 files changed: 50 ins; 2 del; 2 mod

8300399: EdDSA does not verify when there is no message

Reviewed-by: ascarpino

-------------

PR: https://git.openjdk.org/jdk/pull/12059

From jnimeh at openjdk.org  Thu Jan 19 18:51:56 2023
From: jnimeh at openjdk.org (Jamil Nimeh)
Date: Thu, 19 Jan 2023 18:51:56 GMT
Subject: RFR: 8297972: Poly1305 Endianness on ByteBuffer not enforced [v2]
In-Reply-To: <gVsoRykojNo4L5GhQy1Z4b1t7wJ8qKEjc4Dcn0KM-9U=.d0898beb-ba91-4fea-b811-5829ce40f65d@github.com>
References: <d5Eh66F_jaKsA7WCj4Gjdu1iND8Inz6Z-kBVwHzCF7s=.b5da3bb1-dae7-4ff2-b711-b405b008ca29@github.com>
 <gVsoRykojNo4L5GhQy1Z4b1t7wJ8qKEjc4Dcn0KM-9U=.d0898beb-ba91-4fea-b811-5829ce40f65d@github.com>
Message-ID: <p4CG9xvBp7YslSRu4tkyveoH5Gs1tFc0F40v1SgfI-4=.98032631-67b8-4682-8857-e2253a2e3198@github.com>

On Thu, 19 Jan 2023 18:30:04 GMT, Volodymyr Paprotski <duke at openjdk.org> wrote:

>> Per rfc7539 Section 2.5, "Read the block as a little-endian number."
>> 
>> sun.security.util.math.intpoly.IntegerPolynomial1305 enforces this on input when input is provided as `[]byte` but not when input is in `ByteBuffer`
>> 
>> Tested with `Poly1305IntrinsicFuzzTest.java` from https://github.com/openjdk/jdk/pull/11338 which compares Poly1305 MAC between `ByteBuffer` and `[]byte`
>
> Volodymyr Paprotski has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
> 
>  - remove workaround from test
>  - Merge remote-tracking branch 'origin/master' into endian-poly1305
>  - enforce reading input as little_endian numbers

Looks good to me.

-------------

Marked as reviewed by jnimeh (Reviewer).

PR: https://git.openjdk.org/jdk/pull/11463

From rhalade at openjdk.org  Thu Jan 19 18:56:19 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Thu, 19 Jan 2023 18:56:19 GMT
Subject: RFR: 8299870: TLS record version check allows invalid records [v4]
In-Reply-To: <FmvFbYytX_7ebByjE9KxbDyF5SybR5qG77h_VFOt-1U=.8aad09a5-73f0-4e0e-8d26-4dd6f3d6f0f6@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
 <FmvFbYytX_7ebByjE9KxbDyF5SybR5qG77h_VFOt-1U=.8aad09a5-73f0-4e0e-8d26-4dd6f3d6f0f6@github.com>
Message-ID: <iWaN4DM_6pT-1eIAlCot6J_WxzyKuKFMGjGqPp8cIqI=.471af8bf-8bf1-48aa-a9c3-19371f918a68@github.com>

On Tue, 10 Jan 2023 22:46:06 GMT, Rajan Halade <rhalade at openjdk.org> wrote:

>> Matthew Donovan has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   removed extra whitespace
>
> test/jdk/ProblemList.txt line 590:
> 
>> 588: 
>> 589: javax/net/ssl/SSLEngine/TestAllSuites.java                      8298874 generic-all
>> 590: javax/net/ssl/SSLEngine/IllegalRecordVersion.java               8298873 generic-all
> 
> I have closed 8298873 as duplicate of this bug. Can you please update IllegalRecordVersion test to list 8299870 under `@bug`.

Since 8299870 is test only bug now, we don't need to list it.

-------------

PR: https://git.openjdk.org/jdk/pull/11929

From rhalade at openjdk.org  Thu Jan 19 19:02:26 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Thu, 19 Jan 2023 19:02:26 GMT
Subject: RFR: 8299870: TLS record version check allows invalid records [v4]
In-Reply-To: <Et0SrLplrrNLVxW7PPHVA_govd2f-jSd7AjOJfB0Z7w=.92c7eccb-b3cd-4d63-b881-d93506c66927@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
 <Et0SrLplrrNLVxW7PPHVA_govd2f-jSd7AjOJfB0Z7w=.92c7eccb-b3cd-4d63-b881-d93506c66927@github.com>
Message-ID: <If1r5p7-yHZibspFyveBs2B1ps-0ncjF_NQ9HAd39Bg=.4e9356ef-d14b-4697-9d69-3277e0bd09d9@github.com>

On Tue, 17 Jan 2023 17:12:05 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version numbers.
>> - Removed IllegalRecordVersion.java from ProblemList.txt 
>> 
>> Tested with jdk_security and jdk_security3 test groups.
>
> Matthew Donovan has updated the pull request incrementally with one additional commit since the last revision:
> 
>   removed extra whitespace

Thinking may be it is better to close JDK-8299870 and "Not an Issue" for archival purpose and address the test fix as part of  JDK-8298873. What do you think?

-------------

PR: https://git.openjdk.org/jdk/pull/11929

From duke at openjdk.org  Thu Jan 19 22:15:48 2023
From: duke at openjdk.org (Volodymyr Paprotski)
Date: Thu, 19 Jan 2023 22:15:48 GMT
Subject: RFR: 8297972: Poly1305 Endianness on ByteBuffer not enforced [v2]
In-Reply-To: <p4CG9xvBp7YslSRu4tkyveoH5Gs1tFc0F40v1SgfI-4=.98032631-67b8-4682-8857-e2253a2e3198@github.com>
References: <d5Eh66F_jaKsA7WCj4Gjdu1iND8Inz6Z-kBVwHzCF7s=.b5da3bb1-dae7-4ff2-b711-b405b008ca29@github.com>
 <gVsoRykojNo4L5GhQy1Z4b1t7wJ8qKEjc4Dcn0KM-9U=.d0898beb-ba91-4fea-b811-5829ce40f65d@github.com>
 <p4CG9xvBp7YslSRu4tkyveoH5Gs1tFc0F40v1SgfI-4=.98032631-67b8-4682-8857-e2253a2e3198@github.com>
Message-ID: <oQu18C3V0cxu1Xvs_Z5AwdqYy--69U17BqlsVPE1GbA=.b89607b0-4425-4fd9-891e-450ab7e81487@github.com>

On Thu, 19 Jan 2023 18:49:30 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> Volodymyr Paprotski has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
>> 
>>  - remove workaround from test
>>  - Merge remote-tracking branch 'origin/master' into endian-poly1305
>>  - enforce reading input as little_endian numbers
>
> Looks good to me.

@jnimeh would you mind running this through your tests? The build failures reported above seem unrelated..

-------------

PR: https://git.openjdk.org/jdk/pull/11463

From jnimeh at openjdk.org  Thu Jan 19 22:25:57 2023
From: jnimeh at openjdk.org (Jamil Nimeh)
Date: Thu, 19 Jan 2023 22:25:57 GMT
Subject: RFR: 8297972: Poly1305 Endianness on ByteBuffer not enforced [v2]
In-Reply-To: <oQu18C3V0cxu1Xvs_Z5AwdqYy--69U17BqlsVPE1GbA=.b89607b0-4425-4fd9-891e-450ab7e81487@github.com>
References: <d5Eh66F_jaKsA7WCj4Gjdu1iND8Inz6Z-kBVwHzCF7s=.b5da3bb1-dae7-4ff2-b711-b405b008ca29@github.com>
 <gVsoRykojNo4L5GhQy1Z4b1t7wJ8qKEjc4Dcn0KM-9U=.d0898beb-ba91-4fea-b811-5829ce40f65d@github.com>
 <p4CG9xvBp7YslSRu4tkyveoH5Gs1tFc0F40v1SgfI-4=.98032631-67b8-4682-8857-e2253a2e3198@github.com>
 <oQu18C3V0cxu1Xvs_Z5AwdqYy--69U17BqlsVPE1GbA=.b89607b0-4425-4fd9-891e-450ab7e81487@github.com>
Message-ID: <A6WO0RQFnQTqzQf2bKaWXYzq8Lo_KCXo5uL2lXKgPQM=.70f549cd-19fe-4ab2-9d2f-c78e2e837dd3@github.com>

On Thu, 19 Jan 2023 22:13:07 GMT, Volodymyr Paprotski <duke at openjdk.org> wrote:

>> Looks good to me.
>
> @jnimeh would you mind running this through your tests? The build failures reported above seem unrelated..

@vpaprotsk Yes, happy to take it through a regression run on my side.  I'll will run it later tonight.

-------------

PR: https://git.openjdk.org/jdk/pull/11463

From mullan at openjdk.org  Thu Jan 19 23:12:56 2023
From: mullan at openjdk.org (Sean Mullan)
Date: Thu, 19 Jan 2023 23:12:56 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response [v3]
In-Reply-To: <4PA3y3TEQaFdMcfGKuOGPLW7vk1sMElsRnjYma1qVn4=.5a66c30e-4cfe-4174-a34b-300f785a64d5@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
 <4PA3y3TEQaFdMcfGKuOGPLW7vk1sMElsRnjYma1qVn4=.5a66c30e-4cfe-4174-a34b-300f785a64d5@github.com>
Message-ID: <cU3dQ6V8lFVmC7QybMMn6FmHsg9CmeKCUz2MIIpVavo=.49b4be8c-7249-4c5e-93c2-986f3c5082b9@github.com>

On Thu, 12 Jan 2023 15:46:46 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
>> 
>> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
>
> Jamil Nimeh has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Remove dead commented code

I have reviewed the code changes to OCSP.java and it looks fine. I have not reviewed the test changes though, please find a separate Reviewer for those changes.

-------------

Marked as reviewed by mullan (Reviewer).

PR: https://git.openjdk.org/jdk/pull/11917

From jamil.j.nimeh at oracle.com  Fri Jan 20 02:59:22 2023
From: jamil.j.nimeh at oracle.com (Jamil Nimeh)
Date: Thu, 19 Jan 2023 18:59:22 -0800
Subject: CSR RFR: JDK-8300722: The unit of OCSP timeout should be changed from
 seconds to milliseconds
Message-ID: <33d4b895-154c-28cc-0464-9ae9a9b81bad@oracle.com>

Hello all,

I put together a draft CSR for enhancing the 
com.sun.security.ocsp.timeout System property to allow it to be 
specified either in seconds (as it is currently done, no change to the 
format) or by appending "ms" (case-insensitive) to allow the numeric 
value to be interpreted in milliseconds.? I could use a review before 
proposing it.

https://bugs.openjdk.org/browse/JDK-8300722

Thanks,

--Jamil


From alanb at openjdk.org  Fri Jan 20 11:13:28 2023
From: alanb at openjdk.org (Alan Bateman)
Date: Fri, 20 Jan 2023 11:13:28 GMT
Subject: RFR: 8300493: Use ArraysSupport.vectorizedHashCode in
 j.u.zip.ZipCoder
In-Reply-To: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
References: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
Message-ID: <sJymL4dGb-pt1BOOWtf20pyDq-PKMByzk-lv2raWRnA=.b49e56fe-ab81-4ec0-a6dc-afecc04e45f8@github.com>

On Wed, 18 Jan 2023 16:53:04 GMT, Claes Redestad <redestad at openjdk.org> wrote:

> `ZipCoder::checkedHashCode` emulates `StringLatin1::hashCode` but operates on a `byte[]` subrange. It can profitably use the recently introduced `ArraysSupport::vectorizedHashCode` method to see a speed-up, which translates to a small but significant speed-up on `ZipFile` creation.
> 
> Before:
> 
> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
> ZipFileOpen.openCloseZipFile     512  avgt   15   83007.325 ? 1446.716  ns/op
> ZipFileOpen.openCloseZipFile    1024  avgt   15  154550.631 ? 2166.673  ns/op
> 
> After:
> 
> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
> ZipFileOpen.openCloseZipFile     512  avgt   15   79512.902 ?  814.449  ns/op
> ZipFileOpen.openCloseZipFile    1024  avgt   15  147892.522 ? 2744.017  ns/op

Marked as reviewed by alanb (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/12077

From alanb at openjdk.org  Fri Jan 20 11:13:30 2023
From: alanb at openjdk.org (Alan Bateman)
Date: Fri, 20 Jan 2023 11:13:30 GMT
Subject: RFR: 8300493: Use ArraysSupport.vectorizedHashCode in
 j.u.zip.ZipCoder
In-Reply-To: <O28fzZHNH9u_7MPG3IuJS27_4FJrKB_PTq6h_eXxgIU=.c9b6675e-9f00-4f57-8068-28ca5fea7583@github.com>
References: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
 <O28fzZHNH9u_7MPG3IuJS27_4FJrKB_PTq6h_eXxgIU=.c9b6675e-9f00-4f57-8068-28ca5fea7583@github.com>
Message-ID: <C1hBiWxu20d3ORDa6E-EXMeqGVSa5F6jC9lYCZvm6QE=.d994559d-ee95-4abf-bcf7-12a97a1ac76f@github.com>

On Thu, 19 Jan 2023 09:46:12 GMT, Claes Redestad <redestad at openjdk.org> wrote:

> FWIW the micro is derived from the sibling `ZipFileGetEntry` micro in the same directory. It's not exactly necessary for this use case to add such a benchmark, but I think there's value in verifying that optimizing `checkedHash` improves `ZipFile` setup and adding the micro might allow us to find further opportunities down the line.

I've no doubt it improves checkedHash, it's just that open the zip file and reading in the CEN probably dominates when not in the file system cache.

-------------

PR: https://git.openjdk.org/jdk/pull/12077

From lancea at openjdk.org  Fri Jan 20 11:28:29 2023
From: lancea at openjdk.org (Lance Andersen)
Date: Fri, 20 Jan 2023 11:28:29 GMT
Subject: RFR: 8300493: Use ArraysSupport.vectorizedHashCode in
 j.u.zip.ZipCoder
In-Reply-To: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
References: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
Message-ID: <W41khs1GzpWZpMyMm6CKI8eREAiyTGovbH7yxSncX-0=.3c3b59a1-0735-4e01-ad08-6e502fa832b2@github.com>

On Wed, 18 Jan 2023 16:53:04 GMT, Claes Redestad <redestad at openjdk.org> wrote:

> `ZipCoder::checkedHashCode` emulates `StringLatin1::hashCode` but operates on a `byte[]` subrange. It can profitably use the recently introduced `ArraysSupport::vectorizedHashCode` method to see a speed-up, which translates to a small but significant speed-up on `ZipFile` creation.
> 
> Before:
> 
> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
> ZipFileOpen.openCloseZipFile     512  avgt   15   83007.325 ? 1446.716  ns/op
> ZipFileOpen.openCloseZipFile    1024  avgt   15  154550.631 ? 2166.673  ns/op
> 
> After:
> 
> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
> ZipFileOpen.openCloseZipFile     512  avgt   15   79512.902 ?  814.449  ns/op
> ZipFileOpen.openCloseZipFile    1024  avgt   15  147892.522 ? 2744.017  ns/op

test/micro/org/openjdk/bench/java/util/zip/ZipFileOpen.java line 69:

> 67: 
> 68:                 ename += "long-entry-name-"  + (random.nextInt(90000) + 10000)  + "-" + i;
> 69:                 zos.putNextEntry(new ZipEntry(ename));

Would it be worth to add some random sized data when the entries are created to allow for getting a bit more insight, or  perhaps do that in a separate benchmark>

-------------

PR: https://git.openjdk.org/jdk/pull/12077

From redestad at openjdk.org  Fri Jan 20 11:46:27 2023
From: redestad at openjdk.org (Claes Redestad)
Date: Fri, 20 Jan 2023 11:46:27 GMT
Subject: RFR: 8300493: Use ArraysSupport.vectorizedHashCode in
 j.u.zip.ZipCoder
In-Reply-To: <C1hBiWxu20d3ORDa6E-EXMeqGVSa5F6jC9lYCZvm6QE=.d994559d-ee95-4abf-bcf7-12a97a1ac76f@github.com>
References: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
 <O28fzZHNH9u_7MPG3IuJS27_4FJrKB_PTq6h_eXxgIU=.c9b6675e-9f00-4f57-8068-28ca5fea7583@github.com>
 <C1hBiWxu20d3ORDa6E-EXMeqGVSa5F6jC9lYCZvm6QE=.d994559d-ee95-4abf-bcf7-12a97a1ac76f@github.com>
Message-ID: <4B70ZXaRM2xrMkafrLTYQz9FgsvK13J2XQpO6FTyJNY=.49000c80-5fa0-4402-b2ea-51110e3b75f5@github.com>

On Fri, 20 Jan 2023 11:10:13 GMT, Alan Bateman <alanb at openjdk.org> wrote:

> > FWIW the micro is derived from the sibling `ZipFileGetEntry` micro in the same directory. It's not exactly necessary for this use case to add such a benchmark, but I think there's value in verifying that optimizing `checkedHash` improves `ZipFile` setup and adding the micro might allow us to find further opportunities down the line.
> 
> I've no doubt it improves checkedHash, it's just that open the zip file and reading in the CEN probably dominates when not in the file system cache.

Right, the micro is a poor proxy for real-world implications since time to open a zip file very much depends on the filesystem speed but this is sort of by design. We have separate startup tests that tries to emulate more "cold start" scenarios, which micros like this are complementary to and not a substitute for.

-------------

PR: https://git.openjdk.org/jdk/pull/12077

From redestad at openjdk.org  Fri Jan 20 11:52:30 2023
From: redestad at openjdk.org (Claes Redestad)
Date: Fri, 20 Jan 2023 11:52:30 GMT
Subject: RFR: 8300493: Use ArraysSupport.vectorizedHashCode in
 j.u.zip.ZipCoder
In-Reply-To: <W41khs1GzpWZpMyMm6CKI8eREAiyTGovbH7yxSncX-0=.3c3b59a1-0735-4e01-ad08-6e502fa832b2@github.com>
References: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
 <W41khs1GzpWZpMyMm6CKI8eREAiyTGovbH7yxSncX-0=.3c3b59a1-0735-4e01-ad08-6e502fa832b2@github.com>
Message-ID: <k6XfIrziJI5x3vMRfN-xT8U2BHD5Qeqlgu2iKYiUwcc=.66cf9054-925d-4d7f-97af-989c981da29b@github.com>

On Fri, 20 Jan 2023 11:25:22 GMT, Lance Andersen <lancea at openjdk.org> wrote:

>> `ZipCoder::checkedHashCode` emulates `StringLatin1::hashCode` but operates on a `byte[]` subrange. It can profitably use the recently introduced `ArraysSupport::vectorizedHashCode` method to see a speed-up, which translates to a small but significant speed-up on `ZipFile` creation.
>> 
>> Before:
>> 
>> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
>> ZipFileOpen.openCloseZipFile     512  avgt   15   83007.325 ? 1446.716  ns/op
>> ZipFileOpen.openCloseZipFile    1024  avgt   15  154550.631 ? 2166.673  ns/op
>> 
>> After:
>> 
>> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
>> ZipFileOpen.openCloseZipFile     512  avgt   15   79512.902 ?  814.449  ns/op
>> ZipFileOpen.openCloseZipFile    1024  avgt   15  147892.522 ? 2744.017  ns/op
>
> test/micro/org/openjdk/bench/java/util/zip/ZipFileOpen.java line 69:
> 
>> 67: 
>> 68:                 ename += "long-entry-name-"  + (random.nextInt(90000) + 10000)  + "-" + i;
>> 69:                 zos.putNextEntry(new ZipEntry(ename));
> 
> Would it be worth to add some random sized data when the entries are created to allow for getting a bit more insight, or  perhaps do that in a separate benchmark>

I was experimenting with varying the entry names length to see what - if any - impact it had and saw a small effect on the micro. It does make more sense to vary lengths now that very long names will take different paths in the vectorized intrinsic. I'll see what I can do without overengineering this.

-------------

PR: https://git.openjdk.org/jdk/pull/12077

From redestad at openjdk.org  Fri Jan 20 12:19:50 2023
From: redestad at openjdk.org (Claes Redestad)
Date: Fri, 20 Jan 2023 12:19:50 GMT
Subject: RFR: 8300493: Use ArraysSupport.vectorizedHashCode in
 j.u.zip.ZipCoder [v2]
In-Reply-To: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
References: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
Message-ID: <iGhC2WYtZkfCY9nF42qr13RRJH14sQOiXq9sjFbS114=.aaf4005b-f4c6-45bc-9e62-3713f876f3d4@github.com>

> `ZipCoder::checkedHashCode` emulates `StringLatin1::hashCode` but operates on a `byte[]` subrange. It can profitably use the recently introduced `ArraysSupport::vectorizedHashCode` method to see a speed-up, which translates to a small but significant speed-up on `ZipFile` creation.
> 
> Before:
> 
> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
> ZipFileOpen.openCloseZipFile     512  avgt   15   83007.325 ? 1446.716  ns/op
> ZipFileOpen.openCloseZipFile    1024  avgt   15  154550.631 ? 2166.673  ns/op
> 
> After:
> 
> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
> ZipFileOpen.openCloseZipFile     512  avgt   15   79512.902 ?  814.449  ns/op
> ZipFileOpen.openCloseZipFile    1024  avgt   15  147892.522 ? 2744.017  ns/op

Claes Redestad has updated the pull request incrementally with one additional commit since the last revision:

  Vary dir and entry name lengths across a wider spread, keeping most entries short but making the longest paths longer

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/12077/files
  - new: https://git.openjdk.org/jdk/pull/12077/files/0c7f0f4f..369537c5

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=12077&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=12077&range=00-01

  Stats: 9 lines in 1 file changed: 5 ins; 1 del; 3 mod
  Patch: https://git.openjdk.org/jdk/pull/12077.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12077/head:pull/12077

PR: https://git.openjdk.org/jdk/pull/12077

From redestad at openjdk.org  Fri Jan 20 12:19:51 2023
From: redestad at openjdk.org (Claes Redestad)
Date: Fri, 20 Jan 2023 12:19:51 GMT
Subject: RFR: 8300493: Use ArraysSupport.vectorizedHashCode in
 j.u.zip.ZipCoder
In-Reply-To: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
References: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
Message-ID: <KDCDyyE7MUFmWDgberfSN2cSpdsu0LviaA8GbmWe7e8=.ed235b1d-6d64-4201-8fd2-bffd904cf002@github.com>

On Wed, 18 Jan 2023 16:53:04 GMT, Claes Redestad <redestad at openjdk.org> wrote:

> `ZipCoder::checkedHashCode` emulates `StringLatin1::hashCode` but operates on a `byte[]` subrange. It can profitably use the recently introduced `ArraysSupport::vectorizedHashCode` method to see a speed-up, which translates to a small but significant speed-up on `ZipFile` creation.
> 
> Before:
> 
> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
> ZipFileOpen.openCloseZipFile     512  avgt   15   83007.325 ? 1446.716  ns/op
> ZipFileOpen.openCloseZipFile    1024  avgt   15  154550.631 ? 2166.673  ns/op
> 
> After:
> 
> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
> ZipFileOpen.openCloseZipFile     512  avgt   15   79512.902 ?  814.449  ns/op
> ZipFileOpen.openCloseZipFile    1024  avgt   15  147892.522 ? 2744.017  ns/op

Updated micro to vary entry sizes more to ensure we exercise the different code paths through the `hashCode` intrinsic. The new setup generates both longer and shorter entries than before, weighting up the average length a bit by increasing the spread. The longer entries see a proportionately larger speed-up, as expected since they benefit from vectorization. Removed some pointless randomness.

Baseline:

Benchmark                     (size)  Mode  Cnt       Score      Error  Units
ZipFileOpen.openCloseZipFile     512  avgt   15   98832.801 ? 2155.928  ns/op
ZipFileOpen.openCloseZipFile    1024  avgt   15  187373.545 ? 2296.779  ns/op


Patched:

Benchmark                     (size)  Mode  Cnt       Score      Error  Units
ZipFileOpen.openCloseZipFile     512  avgt   15   85574.648 ?  920.477  ns/op
ZipFileOpen.openCloseZipFile    1024  avgt   15  160493.277 ? 3450.928  ns/op

-------------

PR: https://git.openjdk.org/jdk/pull/12077

From lancea at openjdk.org  Fri Jan 20 16:45:58 2023
From: lancea at openjdk.org (Lance Andersen)
Date: Fri, 20 Jan 2023 16:45:58 GMT
Subject: RFR: 8300493: Use ArraysSupport.vectorizedHashCode in
 j.u.zip.ZipCoder [v2]
In-Reply-To: <iGhC2WYtZkfCY9nF42qr13RRJH14sQOiXq9sjFbS114=.aaf4005b-f4c6-45bc-9e62-3713f876f3d4@github.com>
References: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
 <iGhC2WYtZkfCY9nF42qr13RRJH14sQOiXq9sjFbS114=.aaf4005b-f4c6-45bc-9e62-3713f876f3d4@github.com>
Message-ID: <SjOTACcmFHekHFtO_0BhyP750WypfJ4gncQq1nKYIfw=.17926940-d9bc-435b-8ed9-b6599af83517@github.com>

On Fri, 20 Jan 2023 12:19:50 GMT, Claes Redestad <redestad at openjdk.org> wrote:

>> `ZipCoder::checkedHashCode` emulates `StringLatin1::hashCode` but operates on a `byte[]` subrange. It can profitably use the recently introduced `ArraysSupport::vectorizedHashCode` method to see a speed-up, which translates to a small but significant speed-up on `ZipFile` creation.
>> 
>> Before:
>> 
>> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
>> ZipFileOpen.openCloseZipFile     512  avgt   15   83007.325 ? 1446.716  ns/op
>> ZipFileOpen.openCloseZipFile    1024  avgt   15  154550.631 ? 2166.673  ns/op
>> 
>> After:
>> 
>> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
>> ZipFileOpen.openCloseZipFile     512  avgt   15   79512.902 ?  814.449  ns/op
>> ZipFileOpen.openCloseZipFile    1024  avgt   15  147892.522 ? 2744.017  ns/op
>
> Claes Redestad has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Vary dir and entry name lengths across a wider spread, keeping most entries short but making the longest paths longer

Thank you Claes

-------------

Marked as reviewed by lancea (Reviewer).

PR: https://git.openjdk.org/jdk/pull/12077

From jnimeh at openjdk.org  Fri Jan 20 17:08:05 2023
From: jnimeh at openjdk.org (Jamil Nimeh)
Date: Fri, 20 Jan 2023 17:08:05 GMT
Subject: RFR: 8297972: Poly1305 Endianness on ByteBuffer not enforced [v2]
In-Reply-To: <oQu18C3V0cxu1Xvs_Z5AwdqYy--69U17BqlsVPE1GbA=.b89607b0-4425-4fd9-891e-450ab7e81487@github.com>
References: <d5Eh66F_jaKsA7WCj4Gjdu1iND8Inz6Z-kBVwHzCF7s=.b5da3bb1-dae7-4ff2-b711-b405b008ca29@github.com>
 <gVsoRykojNo4L5GhQy1Z4b1t7wJ8qKEjc4Dcn0KM-9U=.d0898beb-ba91-4fea-b811-5829ce40f65d@github.com>
 <p4CG9xvBp7YslSRu4tkyveoH5Gs1tFc0F40v1SgfI-4=.98032631-67b8-4682-8857-e2253a2e3198@github.com>
 <oQu18C3V0cxu1Xvs_Z5AwdqYy--69U17BqlsVPE1GbA=.b89607b0-4425-4fd9-891e-450ab7e81487@github.com>
Message-ID: <rAAvZcbfgemx_HrJXt19d0vI3i8BCKN9m2OTpKvgNow=.09041dac-1bc3-4776-a4e7-ad9ce3823839@github.com>

On Thu, 19 Jan 2023 22:13:07 GMT, Volodymyr Paprotski <duke at openjdk.org> wrote:

>> Looks good to me.
>
> @jnimeh would you mind running this through your tests? The build failures reported above seem unrelated..

@vpaprotsk regression tests completed successfully on my end.

-------------

PR: https://git.openjdk.org/jdk/pull/11463

From duke at openjdk.org  Fri Jan 20 19:35:29 2023
From: duke at openjdk.org (Volodymyr Paprotski)
Date: Fri, 20 Jan 2023 19:35:29 GMT
Subject: RFR: 8297972: Poly1305 Endianness on ByteBuffer not enforced [v2]
In-Reply-To: <rAAvZcbfgemx_HrJXt19d0vI3i8BCKN9m2OTpKvgNow=.09041dac-1bc3-4776-a4e7-ad9ce3823839@github.com>
References: <d5Eh66F_jaKsA7WCj4Gjdu1iND8Inz6Z-kBVwHzCF7s=.b5da3bb1-dae7-4ff2-b711-b405b008ca29@github.com>
 <gVsoRykojNo4L5GhQy1Z4b1t7wJ8qKEjc4Dcn0KM-9U=.d0898beb-ba91-4fea-b811-5829ce40f65d@github.com>
 <p4CG9xvBp7YslSRu4tkyveoH5Gs1tFc0F40v1SgfI-4=.98032631-67b8-4682-8857-e2253a2e3198@github.com>
 <oQu18C3V0cxu1Xvs_Z5AwdqYy--69U17BqlsVPE1GbA=.b89607b0-4425-4fd9-891e-450ab7e81487@github.com>
 <rAAvZcbfgemx_HrJXt19d0vI3i8BCKN9m2OTpKvgNow=.09041dac-1bc3-4776-a4e7-ad9ce3823839@github.com>
Message-ID: <VFA5C2xdMjx17IRX21rHC4Pnjnwq2e3AGuuYtg--Fgw=.44d0d823-496e-4fab-a893-36076b843534@github.com>

On Fri, 20 Jan 2023 17:05:44 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> @jnimeh would you mind running this through your tests? The build failures reported above seem unrelated..
>
> @vpaprotsk regression tests completed successfully on my end.

Thanks @jnimeh

-------------

PR: https://git.openjdk.org/jdk/pull/11463

From duke at openjdk.org  Fri Jan 20 20:02:00 2023
From: duke at openjdk.org (Volodymyr Paprotski)
Date: Fri, 20 Jan 2023 20:02:00 GMT
Subject: Integrated: 8297972: Poly1305 Endianness on ByteBuffer not enforced
In-Reply-To: <d5Eh66F_jaKsA7WCj4Gjdu1iND8Inz6Z-kBVwHzCF7s=.b5da3bb1-dae7-4ff2-b711-b405b008ca29@github.com>
References: <d5Eh66F_jaKsA7WCj4Gjdu1iND8Inz6Z-kBVwHzCF7s=.b5da3bb1-dae7-4ff2-b711-b405b008ca29@github.com>
Message-ID: <piKeVekp9sUha2cAQ-K1cGY6TuipLoOKBv23Hls10_w=.00d78692-f3aa-469f-8ecb-9433d57809a7@github.com>

On Thu, 1 Dec 2022 18:28:21 GMT, Volodymyr Paprotski <duke at openjdk.org> wrote:

> Per rfc7539 Section 2.5, "Read the block as a little-endian number."
> 
> sun.security.util.math.intpoly.IntegerPolynomial1305 enforces this on input when input is provided as `[]byte` but not when input is in `ByteBuffer`
> 
> Tested with `Poly1305IntrinsicFuzzTest.java` from https://github.com/openjdk/jdk/pull/11338 which compares Poly1305 MAC between `ByteBuffer` and `[]byte`

This pull request has now been integrated.

Changeset: 9d44dd0c
Author:    Volodymyr Paprotski <volodymyr.paprotski at intel.com>
Committer: Jamil Nimeh <jnimeh at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/9d44dd0cca620ef8e16e0c4306e6e54d8de6d1e8
Stats:     8 lines in 2 files changed: 3 ins; 3 del; 2 mod

8297972: Poly1305 Endianness on ByteBuffer not enforced

Reviewed-by: jnimeh

-------------

PR: https://git.openjdk.org/jdk/pull/11463

From sean.mullan at oracle.com  Fri Jan 20 21:09:27 2023
From: sean.mullan at oracle.com (Sean Mullan)
Date: Fri, 20 Jan 2023 16:09:27 -0500
Subject: CSR RFR: JDK-8300722: The unit of OCSP timeout should be changed
 from seconds to milliseconds
In-Reply-To: <33d4b895-154c-28cc-0464-9ae9a9b81bad@oracle.com>
References: <33d4b895-154c-28cc-0464-9ae9a9b81bad@oracle.com>
Message-ID: <8a7df158-2231-bd4f-0063-4cffff8bf68b@oracle.com>

While you are doing this, I recommend we do the same for the CRL timeout 
properties to be consistent: com.sun.security.crl.timeout and 
com.sun.security.crl.readtimeout

--Sean

On 1/19/23 9:59 PM, Jamil Nimeh wrote:
> Hello all,
> 
> I put together a draft CSR for enhancing the
> com.sun.security.ocsp.timeout System property to allow it to be
> specified either in seconds (as it is currently done, no change to the
> format) or by appending "ms" (case-insensitive) to allow the numeric
> value to be interpreted in milliseconds.? I could use a review before
> proposing it.
> 
> https://bugs.openjdk.org/browse/JDK-8300722
> 
> Thanks,
> 
> --Jamil
> 

From hchao at openjdk.org  Fri Jan 20 22:03:29 2023
From: hchao at openjdk.org (Hai-May Chao)
Date: Fri, 20 Jan 2023 22:03:29 GMT
Subject: RFR: 8286907: keytool should warn about weak PBE algorithms [v2]
In-Reply-To: <rWP9qmG41dCr9TXex7yYUXQBZoWksArIHUqomJ88LRY=.98cc8849-5878-4c84-a126-b2ef0286aa41@github.com>
References: <rWP9qmG41dCr9TXex7yYUXQBZoWksArIHUqomJ88LRY=.98cc8849-5878-4c84-a126-b2ef0286aa41@github.com>
Message-ID: <E8YD7T_tgsYHud7KZZSNFLbo71ZFtPHDtUmzbGMJPR8=.e5f0c397-2c70-4d62-990b-2ae2730347fb@github.com>

> Please review the fix to address the problem in keytool -genseckey and -importpass.

Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:

  Update with Max's comment

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/12056/files
  - new: https://git.openjdk.org/jdk/pull/12056/files/dd0b15e3..391c2bb0

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=12056&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=12056&range=00-01

  Stats: 18 lines in 1 file changed: 10 ins; 4 del; 4 mod
  Patch: https://git.openjdk.org/jdk/pull/12056.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12056/head:pull/12056

PR: https://git.openjdk.org/jdk/pull/12056

From aturbanov at openjdk.org  Sat Jan 21 11:33:04 2023
From: aturbanov at openjdk.org (Andrey Turbanov)
Date: Sat, 21 Jan 2023 11:33:04 GMT
Subject: RFR: 8300272: Improve readability of the test
 JarWithOneNonDisabledDigestAlg [v2]
In-Reply-To: <GRE0zkcfoKsn5LxZyWgASQSZjWWj953HdCygOp9gQZA=.cb5e1cbd-2ed7-476f-b2c3-a0c14a0e5476@github.com>
References: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
 <GRE0zkcfoKsn5LxZyWgASQSZjWWj953HdCygOp9gQZA=.cb5e1cbd-2ed7-476f-b2c3-a0c14a0e5476@github.com>
Message-ID: <mrP-ONmhGbu7G0JT2X70TKkZSmEtRvbvFmvFTJiDX_E=.7d3d59bc-06ae-4704-912c-227d4ffb94a0@github.com>

On Tue, 17 Jan 2023 23:08:10 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to read. 
>> 
>> Some changes are made in the choice of algorithms and naming. The intent here is to reduce confusion and make the purpose of the test clearer:
>> 
>> - Updated the **enabled** digestAlgorithm in use from SHA1 to SHA256. The use of SHA1 here seems just a bit confusing, since it has been considered weak for a while 
>> - The two different signer aliases are now named SIGNER1, SIGNER2 instead of the somewhat confusing SHA1, SHA256
>> - Both signing keys are now generated with -sigalg SHA256withRSA since the sigalg of the keys does not seem to matter for this test
>> 
>> There are also some general code cleanups:
>> 
>> - Moved loading of the key store into the new method loadKeyStore
>> - Updated checkThatJarIsSigned to take a parameter Map<String, Integer> representing the expected signer counts for each path in the JAR. This provides a cleaner separation between expectiations and the enforcement of expectations.
>> - Introduced Path constants for various file names used throughout the test, reducing a number of redundant Path.of calls which seemed to clutter the code a bit
>> - Updated IO code to use new APIs, such as Files.newOutputStream, Files.newInputStream, InputStream.transferTo and OutputStream.nullOutputStream.
>> - Added/updated some comments where appropriate
>
> Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Replace wildcard imports with single-class imports

test/jdk/jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java line 168:

> 166:                     continue;
> 167:                 }
> 168:                 try(InputStream is = jf.getInputStream(entry)) {

Suggestion:

                try (InputStream is = jf.getInputStream(entry)) {

-------------

PR: https://git.openjdk.org/jdk/pull/11997

From redestad at openjdk.org  Sat Jan 21 11:53:02 2023
From: redestad at openjdk.org (Claes Redestad)
Date: Sat, 21 Jan 2023 11:53:02 GMT
Subject: RFR: 8300493: Use ArraysSupport.vectorizedHashCode in
 j.u.zip.ZipCoder [v2]
In-Reply-To: <SjOTACcmFHekHFtO_0BhyP750WypfJ4gncQq1nKYIfw=.17926940-d9bc-435b-8ed9-b6599af83517@github.com>
References: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
 <iGhC2WYtZkfCY9nF42qr13RRJH14sQOiXq9sjFbS114=.aaf4005b-f4c6-45bc-9e62-3713f876f3d4@github.com>
 <SjOTACcmFHekHFtO_0BhyP750WypfJ4gncQq1nKYIfw=.17926940-d9bc-435b-8ed9-b6599af83517@github.com>
Message-ID: <y4JOzbXy0YFtKZZ-rAKQDwSuwWPs0TDZ3mS2Zx9DYCk=.a396d8f9-eb99-4611-bc4a-e10f0604c2ba@github.com>

On Fri, 20 Jan 2023 16:42:47 GMT, Lance Andersen <lancea at openjdk.org> wrote:

>> Claes Redestad has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Vary dir and entry name lengths across a wider spread, keeping most entries short but making the longest paths longer
>
> Thank you Claes

Thanks @LanceAndersen and @AlanBateman for reviewing!

-------------

PR: https://git.openjdk.org/jdk/pull/12077

From redestad at openjdk.org  Sat Jan 21 12:03:12 2023
From: redestad at openjdk.org (Claes Redestad)
Date: Sat, 21 Jan 2023 12:03:12 GMT
Subject: Integrated: 8300493: Use ArraysSupport.vectorizedHashCode in
 j.u.zip.ZipCoder
In-Reply-To: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
References: <9j6QqB9rpu2xNHY1DwfCH-8UnxwRExgROAn0EidBzAY=.b4b611b7-e94a-4299-83a0-f99ee52b5484@github.com>
Message-ID: <qZQ5yohRsZqQZNLJBgvUkrWVw5RBQmB_XRFK91eddzw=.4ba0e7a8-19f9-424a-81bb-1e55e61e1ab3@github.com>

On Wed, 18 Jan 2023 16:53:04 GMT, Claes Redestad <redestad at openjdk.org> wrote:

> `ZipCoder::checkedHashCode` emulates `StringLatin1::hashCode` but operates on a `byte[]` subrange. It can profitably use the recently introduced `ArraysSupport::vectorizedHashCode` method to see a speed-up, which translates to a small but significant speed-up on `ZipFile` creation.
> 
> Before:
> 
> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
> ZipFileOpen.openCloseZipFile     512  avgt   15   83007.325 ? 1446.716  ns/op
> ZipFileOpen.openCloseZipFile    1024  avgt   15  154550.631 ? 2166.673  ns/op
> 
> After:
> 
> Benchmark                     (size)  Mode  Cnt       Score      Error  Units
> ZipFileOpen.openCloseZipFile     512  avgt   15   79512.902 ?  814.449  ns/op
> ZipFileOpen.openCloseZipFile    1024  avgt   15  147892.522 ? 2744.017  ns/op

This pull request has now been integrated.

Changeset: bb42e61a
Author:    Claes Redestad <redestad at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/bb42e61a6176a7f4f9485efa47a248b23b09a16d
Stats:     120 lines in 4 files changed: 103 ins; 8 del; 9 mod

8300493: Use ArraysSupport.vectorizedHashCode in j.u.zip.ZipCoder

Reviewed-by: alanb, lancea

-------------

PR: https://git.openjdk.org/jdk/pull/12077

From dholmes at openjdk.org  Mon Jan 23 03:24:47 2023
From: dholmes at openjdk.org (David Holmes)
Date: Mon, 23 Jan 2023 03:24:47 GMT
Subject: [jdk20] RFR: 8290919: Update nroff pages in JDK 20 before RC
Message-ID: <SyU5zAE6E3mMET4AP63fG_w1UpddoQ4AgBIC2eWLeTk=.e225c518-64bc-4683-9a43-52e31ceaae79@github.com>

There was one missing update in javac.1 from:

[JDK-8245246](https://bugs.openjdk.org/browse/JDK-8245246): Deprecate -profile option in javac

otherwise the change is limited to dropping the "-ea".

Thanks.

-------------

Commit messages:
 - Merge branch 'master' into 8290919-manpages
 - 8290919: Update nroff pages in JDK 20 before RC

Changes: https://git.openjdk.org/jdk20/pull/112/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk20&pr=112&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8290919
  Stats: 29 lines in 28 files changed: 1 ins; 0 del; 28 mod
  Patch: https://git.openjdk.org/jdk20/pull/112.diff
  Fetch: git fetch https://git.openjdk.org/jdk20 pull/112/head:pull/112

PR: https://git.openjdk.org/jdk20/pull/112

From iris at openjdk.org  Mon Jan 23 07:18:06 2023
From: iris at openjdk.org (Iris Clark)
Date: Mon, 23 Jan 2023 07:18:06 GMT
Subject: [jdk20] RFR: 8290919: Update nroff pages in JDK 20 before RC
In-Reply-To: <SyU5zAE6E3mMET4AP63fG_w1UpddoQ4AgBIC2eWLeTk=.e225c518-64bc-4683-9a43-52e31ceaae79@github.com>
References: <SyU5zAE6E3mMET4AP63fG_w1UpddoQ4AgBIC2eWLeTk=.e225c518-64bc-4683-9a43-52e31ceaae79@github.com>
Message-ID: <zTbsPP6FQdxsnX2181x-9yetNohJa3OoX3624PuEaho=.2cbbf84d-5540-4004-bb83-6563eb2ce449@github.com>

On Mon, 23 Jan 2023 02:59:42 GMT, David Holmes <dholmes at openjdk.org> wrote:

> There was one missing update in javac.1 from:
> 
> [JDK-8245246](https://bugs.openjdk.org/browse/JDK-8245246): Deprecate -profile option in javac
> 
> otherwise the change is limited to dropping the "-ea".
> 
> Thanks.

Marked as reviewed by iris (Reviewer).

-------------

PR: https://git.openjdk.org/jdk20/pull/112

From alanb at openjdk.org  Mon Jan 23 07:35:07 2023
From: alanb at openjdk.org (Alan Bateman)
Date: Mon, 23 Jan 2023 07:35:07 GMT
Subject: [jdk20] RFR: 8290919: Update nroff pages in JDK 20 before RC
In-Reply-To: <SyU5zAE6E3mMET4AP63fG_w1UpddoQ4AgBIC2eWLeTk=.e225c518-64bc-4683-9a43-52e31ceaae79@github.com>
References: <SyU5zAE6E3mMET4AP63fG_w1UpddoQ4AgBIC2eWLeTk=.e225c518-64bc-4683-9a43-52e31ceaae79@github.com>
Message-ID: <CcuKhKwN8fhfI6JUo2ZNpUhSE3fYU_MvLJPwlQC_RVU=.857d1c1c-5eab-4227-9d82-e336b453b5bc@github.com>

On Mon, 23 Jan 2023 02:59:42 GMT, David Holmes <dholmes at openjdk.org> wrote:

> There was one missing update in javac.1 from:
> 
> [JDK-8245246](https://bugs.openjdk.org/browse/JDK-8245246): Deprecate -profile option in javac
> 
> otherwise the change is limited to dropping the "-ea".
> 
> Thanks.

Marked as reviewed by alanb (Reviewer).

-------------

PR: https://git.openjdk.org/jdk20/pull/112

From dholmes at openjdk.org  Mon Jan 23 07:39:08 2023
From: dholmes at openjdk.org (David Holmes)
Date: Mon, 23 Jan 2023 07:39:08 GMT
Subject: [jdk20] RFR: 8290919: Update nroff pages in JDK 20 before RC
In-Reply-To: <zTbsPP6FQdxsnX2181x-9yetNohJa3OoX3624PuEaho=.2cbbf84d-5540-4004-bb83-6563eb2ce449@github.com>
References: <SyU5zAE6E3mMET4AP63fG_w1UpddoQ4AgBIC2eWLeTk=.e225c518-64bc-4683-9a43-52e31ceaae79@github.com>
 <zTbsPP6FQdxsnX2181x-9yetNohJa3OoX3624PuEaho=.2cbbf84d-5540-4004-bb83-6563eb2ce449@github.com>
Message-ID: <u1wD_gDb92UKvCJ1F7oeU5B_qheQnCLzhigA0xWrWT4=.e22a7ead-90a2-4067-a7b5-c2d3110d0168@github.com>

On Mon, 23 Jan 2023 07:15:08 GMT, Iris Clark <iris at openjdk.org> wrote:

>> There was one missing update in javac.1 from:
>> 
>> [JDK-8245246](https://bugs.openjdk.org/browse/JDK-8245246): Deprecate -profile option in javac
>> 
>> otherwise the change is limited to dropping the "-ea".
>> 
>> Thanks.
>
> Marked as reviewed by iris (Reviewer).

Thanks for the reviews @irisclark  and @AlanBateman !

-------------

PR: https://git.openjdk.org/jdk20/pull/112

From dholmes at openjdk.org  Mon Jan 23 07:53:05 2023
From: dholmes at openjdk.org (David Holmes)
Date: Mon, 23 Jan 2023 07:53:05 GMT
Subject: [jdk20] Integrated: 8290919: Update nroff pages in JDK 20 before RC
In-Reply-To: <SyU5zAE6E3mMET4AP63fG_w1UpddoQ4AgBIC2eWLeTk=.e225c518-64bc-4683-9a43-52e31ceaae79@github.com>
References: <SyU5zAE6E3mMET4AP63fG_w1UpddoQ4AgBIC2eWLeTk=.e225c518-64bc-4683-9a43-52e31ceaae79@github.com>
Message-ID: <KE_2Ova-N0oR1H4fRLDBGDGftIvFdJXnyuI0uIKIBgE=.ae8b19ec-0a7f-410c-a5ae-fb5967780360@github.com>

On Mon, 23 Jan 2023 02:59:42 GMT, David Holmes <dholmes at openjdk.org> wrote:

> There was one missing update in javac.1 from:
> 
> [JDK-8245246](https://bugs.openjdk.org/browse/JDK-8245246): Deprecate -profile option in javac
> 
> otherwise the change is limited to dropping the "-ea".
> 
> Thanks.

This pull request has now been integrated.

Changeset: fd752178
Author:    David Holmes <dholmes at openjdk.org>
URL:       https://git.openjdk.org/jdk20/commit/fd752178e364fb5deeec062bef3dde1fea1dcbe3
Stats:     29 lines in 28 files changed: 1 ins; 0 del; 28 mod

8290919: Update nroff pages in JDK 20 before RC

Reviewed-by: iris, alanb

-------------

PR: https://git.openjdk.org/jdk20/pull/112

From mdoerr at openjdk.org  Mon Jan 23 09:27:06 2023
From: mdoerr at openjdk.org (Martin Doerr)
Date: Mon, 23 Jan 2023 09:27:06 GMT
Subject: RFR: 8299817: [s390] AES-CTR mode intrinsic fails with multiple
 short update() calls
In-Reply-To: <T74rRuRd-JMM5a32uAJm5sQudG8l_pVjIs_vkzqK-fg=.76580ae6-dad7-4572-9b14-c839b342854f@github.com>
References: <T74rRuRd-JMM5a32uAJm5sQudG8l_pVjIs_vkzqK-fg=.76580ae6-dad7-4572-9b14-c839b342854f@github.com>
Message-ID: <fAsaF6fyT1YZ9OZavWdgxSjPcUpAfodGLRd-gu9Tit4=.a4084b67-d8d8-4672-a540-73f3ec000c7a@github.com>

On Thu, 12 Jan 2023 14:29:34 GMT, Lutz Schmidt <lucy at openjdk.org> wrote:

> This PR addresses an issue in the AES-CTR mode intrinsic on s390. When a message is ciphered in multiple, small (< 16 bytes) segments, the result is incorrect.
> 
> This is not just a band-aid fix. The issue was taken as a chance to restructure the code. though still complicated, It is now easier to read and (hopefully) understand.
> 
> Except for the new jetreg test, the changes are purely s390. There are no side effects on other platforms. Issue-specific tests pass. Other tests are in progress. I will update this PR once they are complete. 
> 
> **Reviews and comments are very much appreciated.**
> 
> @backwaterred could you please run some "official" s390 tests? Thanks.

test/hotspot/jtreg/compiler/codegen/aes/Test8299817.java line 4:

> 2:  * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
> 3:  * Copyright (c) 2022 SAP SE. All rights reserved.
> 4:  * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

Wrong Copyright header! Please also update the Copyright years.

-------------

PR: https://git.openjdk.org/jdk/pull/11967

From rhalade at openjdk.org  Mon Jan 23 17:47:54 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Mon, 23 Jan 2023 17:47:54 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response [v3]
In-Reply-To: <4PA3y3TEQaFdMcfGKuOGPLW7vk1sMElsRnjYma1qVn4=.5a66c30e-4cfe-4174-a34b-300f785a64d5@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
 <4PA3y3TEQaFdMcfGKuOGPLW7vk1sMElsRnjYma1qVn4=.5a66c30e-4cfe-4174-a34b-300f785a64d5@github.com>
Message-ID: <KLgYkOgDVwUPPSDpRoYNKrtEQYEvAZMwba9npY-F_HY=.d51c94b8-ddbf-4a99-8863-3d9bd6e9ffcf@github.com>

On Thu, 12 Jan 2023 15:46:46 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
>> 
>> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
>
> Jamil Nimeh has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Remove dead commented code

Marked as reviewed by rhalade (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/11917

From xuelei at openjdk.org  Mon Jan 23 18:08:59 2023
From: xuelei at openjdk.org (Xue-Lei Andrew Fan)
Date: Mon, 23 Jan 2023 18:08:59 GMT
Subject: RFR: 8296343: CPVE thrown on missing content-length in OCSP
 response [v3]
In-Reply-To: <4PA3y3TEQaFdMcfGKuOGPLW7vk1sMElsRnjYma1qVn4=.5a66c30e-4cfe-4174-a34b-300f785a64d5@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
 <4PA3y3TEQaFdMcfGKuOGPLW7vk1sMElsRnjYma1qVn4=.5a66c30e-4cfe-4174-a34b-300f785a64d5@github.com>
Message-ID: <4giRE9Lifwg4SuZ61JvVwZaLayqmys0u_nThVBh0CaU=.abfecb21-34ff-4b08-95e2-02691e56bf77@github.com>

On Thu, 12 Jan 2023 15:46:46 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
>> 
>> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
>
> Jamil Nimeh has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Remove dead commented code

Marked as reviewed by xuelei (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/11917

From jnimeh at openjdk.org  Mon Jan 23 18:15:39 2023
From: jnimeh at openjdk.org (Jamil Nimeh)
Date: Mon, 23 Jan 2023 18:15:39 GMT
Subject: Integrated: 8296343: CPVE thrown on missing content-length in OCSP
 response
In-Reply-To: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
References: <lCBCERXuXnPiQbPYtRB7YuI5h0jOvKMZltuCM1dQjeI=.532a73b6-07ff-4bfc-acfb-f690736f8b57@github.com>
Message-ID: <DqlGU1LRat8YsNlsESpJUQcgWU7TQ-OmePYSQ5AlsvI=.602a0ba6-f240-47ba-9248-28d57b460b81@github.com>

On Tue, 10 Jan 2023 06:02:29 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
> 
> - JBS: https://bugs.openjdk.org/browse/JDK-8296343

This pull request has now been integrated.

Changeset: 1a3cb8c5
Author:    Jamil Nimeh <jnimeh at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/1a3cb8c5018bc016c2ad6b078e4abe13b39d151c
Stats:     399 lines in 9 files changed: 283 ins; 37 del; 79 mod

8296343: CPVE thrown on missing content-length in OCSP response

Reviewed-by: mullan, rhalade

-------------

PR: https://git.openjdk.org/jdk/pull/11917

From jwilhelm at openjdk.org  Mon Jan 23 20:27:19 2023
From: jwilhelm at openjdk.org (Jesper Wilhelmsson)
Date: Mon, 23 Jan 2023 20:27:19 GMT
Subject: RFR: Merge jdk20
Message-ID: <pokCkee1DfuOIEQv6RHt9z_BrsN-hJ0qXl0Hk9z9-sQ=.672d620d-6762-4c02-9b5b-0fe5692f9319@github.com>

Forwardport JDK 20 -> JDK 21

-------------

Commit messages:
 - Merge
 - 8290919: Update nroff pages in JDK 20 before RC

The webrevs contain the adjustments done while merging with regards to each parent branch:
 - master: https://webrevs.openjdk.org/?repo=jdk&pr=12150&range=00.0
 - jdk20: https://webrevs.openjdk.org/?repo=jdk&pr=12150&range=00.1

Changes: https://git.openjdk.org/jdk/pull/12150/files
  Stats: 28 lines in 27 files changed: 1 ins; 0 del; 27 mod
  Patch: https://git.openjdk.org/jdk/pull/12150.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12150/head:pull/12150

PR: https://git.openjdk.org/jdk/pull/12150

From jwilhelm at openjdk.org  Mon Jan 23 21:07:12 2023
From: jwilhelm at openjdk.org (Jesper Wilhelmsson)
Date: Mon, 23 Jan 2023 21:07:12 GMT
Subject: Integrated: Merge jdk20
In-Reply-To: <pokCkee1DfuOIEQv6RHt9z_BrsN-hJ0qXl0Hk9z9-sQ=.672d620d-6762-4c02-9b5b-0fe5692f9319@github.com>
References: <pokCkee1DfuOIEQv6RHt9z_BrsN-hJ0qXl0Hk9z9-sQ=.672d620d-6762-4c02-9b5b-0fe5692f9319@github.com>
Message-ID: <jc-2DZXsCFnZ4DgMc7Q4WsZBG_yjfOYZu7gAGUrUclg=.9818bae6-0897-43b8-99de-d16ef32ea613@github.com>

On Mon, 23 Jan 2023 19:52:49 GMT, Jesper Wilhelmsson <jwilhelm at openjdk.org> wrote:

> Forwardport JDK 20 -> JDK 21

This pull request has now been integrated.

Changeset: 56dc3b08
Author:    Jesper Wilhelmsson <jwilhelm at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/56dc3b08a62f651835c5bccca987d93ba2bb8961
Stats:     28 lines in 27 files changed: 1 ins; 0 del; 27 mod

Merge

-------------

PR: https://git.openjdk.org/jdk/pull/12150

From dholmes at openjdk.org  Mon Jan 23 23:21:44 2023
From: dholmes at openjdk.org (David Holmes)
Date: Mon, 23 Jan 2023 23:21:44 GMT
Subject: RFR: 8290918: Initial nroff manpage generation for JDK 21
Message-ID: <_l9LWouUV22whyL4PTf1esOed9cZw1jyKKVBozovayE=.f79dbc18-b48e-4e52-8a16-f9e1b732ce50@github.com>

Please review this simple update to the manpage to set the version to 21-ea.

This change also corrects a typo in javac.1 that was manually introduced by JDK-8300591

Thanks.

-------------

Commit messages:
 - 8290918: Initial nroff manpage generation for JDK 21

Changes: https://git.openjdk.org/jdk/pull/12154/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12154&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8290918
  Stats: 28 lines in 27 files changed: 0 ins; 0 del; 28 mod
  Patch: https://git.openjdk.org/jdk/pull/12154.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12154/head:pull/12154

PR: https://git.openjdk.org/jdk/pull/12154

From lancea at openjdk.org  Mon Jan 23 23:27:05 2023
From: lancea at openjdk.org (Lance Andersen)
Date: Mon, 23 Jan 2023 23:27:05 GMT
Subject: RFR: 8290918: Initial nroff manpage generation for JDK 21
In-Reply-To: <_l9LWouUV22whyL4PTf1esOed9cZw1jyKKVBozovayE=.f79dbc18-b48e-4e52-8a16-f9e1b732ce50@github.com>
References: <_l9LWouUV22whyL4PTf1esOed9cZw1jyKKVBozovayE=.f79dbc18-b48e-4e52-8a16-f9e1b732ce50@github.com>
Message-ID: <EbXKptkoNTm2NF30bRhqf-W6JKJOPmf7-cw1nHRvjsM=.63bb3cc8-822f-465a-b11d-8a6ac3738cbf@github.com>

On Mon, 23 Jan 2023 22:59:22 GMT, David Holmes <dholmes at openjdk.org> wrote:

> Please review this simple update to the manpage to set the version to 21-ea.
> 
> This change also corrects a typo in javac.1 that was manually introduced by JDK-8300591
> 
> Thanks.

Marked as reviewed by lancea (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/12154

From dholmes at openjdk.org  Tue Jan 24 00:49:08 2023
From: dholmes at openjdk.org (David Holmes)
Date: Tue, 24 Jan 2023 00:49:08 GMT
Subject: RFR: 8290918: Initial nroff manpage generation for JDK 21
In-Reply-To: <EbXKptkoNTm2NF30bRhqf-W6JKJOPmf7-cw1nHRvjsM=.63bb3cc8-822f-465a-b11d-8a6ac3738cbf@github.com>
References: <_l9LWouUV22whyL4PTf1esOed9cZw1jyKKVBozovayE=.f79dbc18-b48e-4e52-8a16-f9e1b732ce50@github.com>
 <EbXKptkoNTm2NF30bRhqf-W6JKJOPmf7-cw1nHRvjsM=.63bb3cc8-822f-465a-b11d-8a6ac3738cbf@github.com>
Message-ID: <yE85rgB7_qg4o3c-mk_jRsmG7TE1n7zIaGJfSVpVqHo=.2458fd66-6316-444b-a2f8-ae550fdfdaf7@github.com>

On Mon, 23 Jan 2023 23:24:06 GMT, Lance Andersen <lancea at openjdk.org> wrote:

>> Please review this simple update to the manpage to set the version to 21-ea.
>> 
>> This change also corrects a typo in javac.1 that was manually introduced by JDK-8300591
>> 
>> Thanks.
>
> Marked as reviewed by lancea (Reviewer).

Thanks for the review @LanceAndersen

-------------

PR: https://git.openjdk.org/jdk/pull/12154

From iris at openjdk.org  Tue Jan 24 01:32:03 2023
From: iris at openjdk.org (Iris Clark)
Date: Tue, 24 Jan 2023 01:32:03 GMT
Subject: RFR: 8290918: Initial nroff manpage generation for JDK 21
In-Reply-To: <_l9LWouUV22whyL4PTf1esOed9cZw1jyKKVBozovayE=.f79dbc18-b48e-4e52-8a16-f9e1b732ce50@github.com>
References: <_l9LWouUV22whyL4PTf1esOed9cZw1jyKKVBozovayE=.f79dbc18-b48e-4e52-8a16-f9e1b732ce50@github.com>
Message-ID: <GzoeZ25yXzQRU34W-uihZpovZkP20uGvqRaAFukzT1g=.9acb2ba3-5d00-4ae4-afdb-a3c23bed4e01@github.com>

On Mon, 23 Jan 2023 22:59:22 GMT, David Holmes <dholmes at openjdk.org> wrote:

> Please review this simple update to the manpage to set the version to 21-ea.
> 
> This change also corrects a typo in javac.1 that was manually introduced by JDK-8300591
> 
> Thanks.

Marked as reviewed by iris (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/12154

From jnimeh at openjdk.org  Tue Jan 24 01:59:40 2023
From: jnimeh at openjdk.org (Jamil Nimeh)
Date: Tue, 24 Jan 2023 01:59:40 GMT
Subject: RFR: 8300946: Add
 sun/security/provider/certpath/OCSP/OCSPNoContentLength to ProblemList
Message-ID: <mcJe9L6ilXf7EllKw9ztVoW8-OPYsgMhEGtt-I_uTeI=.b9272b2d-71ce-490e-a297-eb9114e75da5@github.com>

This adds the OCSPNoContentLength test recently added as part of JDK-8296343.  The test exposes what looks to be an intermittent socket closure issue in SimpleOCSPServer.  In order to take the time to solve it properly, I'd like to add this test to the problem list.

- JBS: https://bugs.openjdk.org/browse/JDK-8300946
- See also: https://bugs.openjdk.org/browse/JDK-8300939

-------------

Commit messages:
 - Restore policy Root.java lost during merge
 - Merge with main
 - 8300946: Add sun/security/provider/certpath/OCSP/OCSPNoContentLength to ProblemList
 - Remove dead commented code
 - Throw exception directly from non 200 HTTP response codes
 - Moved SimpleOCSPServer to use CountdownLatch for ready state, updated tests
 - 8296343: CPVE thrown on missing content-length in OCSP response

Changes: https://git.openjdk.org/jdk/pull/12156/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12156&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8300946
  Stats: 1 line in 1 file changed: 1 ins; 0 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/12156.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12156/head:pull/12156

PR: https://git.openjdk.org/jdk/pull/12156

From jpai at openjdk.org  Tue Jan 24 02:09:02 2023
From: jpai at openjdk.org (Jaikiran Pai)
Date: Tue, 24 Jan 2023 02:09:02 GMT
Subject: RFR: 8300946: Add
 sun/security/provider/certpath/OCSP/OCSPNoContentLength to ProblemList
In-Reply-To: <mcJe9L6ilXf7EllKw9ztVoW8-OPYsgMhEGtt-I_uTeI=.b9272b2d-71ce-490e-a297-eb9114e75da5@github.com>
References: <mcJe9L6ilXf7EllKw9ztVoW8-OPYsgMhEGtt-I_uTeI=.b9272b2d-71ce-490e-a297-eb9114e75da5@github.com>
Message-ID: <RVKGFgGt_CLA2xI9vqNhfjtQUslrTfMJIU_lolkpeJ4=.872bb156-d8e7-4212-92ab-26e2750b63e7@github.com>

On Tue, 24 Jan 2023 01:50:52 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

> This adds the OCSPNoContentLength test recently added as part of JDK-8296343.  The test exposes what looks to be an intermittent socket closure issue in SimpleOCSPServer.  In order to take the time to solve it properly, I'd like to add this test to the problem list.
> 
> - JBS: https://bugs.openjdk.org/browse/JDK-8300946
> - See also: https://bugs.openjdk.org/browse/JDK-8300939

Marked as reviewed by jpai (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/12156

From jnimeh at openjdk.org  Tue Jan 24 02:15:11 2023
From: jnimeh at openjdk.org (Jamil Nimeh)
Date: Tue, 24 Jan 2023 02:15:11 GMT
Subject: Integrated: 8300946: Add
 sun/security/provider/certpath/OCSP/OCSPNoContentLength to ProblemList
In-Reply-To: <mcJe9L6ilXf7EllKw9ztVoW8-OPYsgMhEGtt-I_uTeI=.b9272b2d-71ce-490e-a297-eb9114e75da5@github.com>
References: <mcJe9L6ilXf7EllKw9ztVoW8-OPYsgMhEGtt-I_uTeI=.b9272b2d-71ce-490e-a297-eb9114e75da5@github.com>
Message-ID: <AJkRXqIpzKiLCOMaua9fkY3PxmwSU2Nh_iwglVvHNMk=.6b08b56e-5d07-4586-95ba-8445774dcdd3@github.com>

On Tue, 24 Jan 2023 01:50:52 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

> This adds the OCSPNoContentLength test recently added as part of JDK-8296343.  The test exposes what looks to be an intermittent socket closure issue in SimpleOCSPServer.  In order to take the time to solve it properly, I'd like to add this test to the problem list.
> 
> - JBS: https://bugs.openjdk.org/browse/JDK-8300946
> - See also: https://bugs.openjdk.org/browse/JDK-8300939

This pull request has now been integrated.

Changeset: 2da2e5a0
Author:    Jamil Nimeh <jnimeh at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/2da2e5a0e80e6c54c848cf39bee534fa9b7086b1
Stats:     1 line in 1 file changed: 1 ins; 0 del; 0 mod

8300946: Add sun/security/provider/certpath/OCSP/OCSPNoContentLength to ProblemList

Reviewed-by: jpai

-------------

PR: https://git.openjdk.org/jdk/pull/12156

From dholmes at openjdk.org  Tue Jan 24 05:42:02 2023
From: dholmes at openjdk.org (David Holmes)
Date: Tue, 24 Jan 2023 05:42:02 GMT
Subject: RFR: 8290918: Initial nroff manpage generation for JDK 21
In-Reply-To: <GzoeZ25yXzQRU34W-uihZpovZkP20uGvqRaAFukzT1g=.9acb2ba3-5d00-4ae4-afdb-a3c23bed4e01@github.com>
References: <_l9LWouUV22whyL4PTf1esOed9cZw1jyKKVBozovayE=.f79dbc18-b48e-4e52-8a16-f9e1b732ce50@github.com>
 <GzoeZ25yXzQRU34W-uihZpovZkP20uGvqRaAFukzT1g=.9acb2ba3-5d00-4ae4-afdb-a3c23bed4e01@github.com>
Message-ID: <KlTh9wjTbC3k8tzpm2NrU1j0H_g2vTIVEhRGu4BMKL4=.4b169f0a-d1b4-4e8c-914b-96b07c3418c8@github.com>

On Tue, 24 Jan 2023 01:28:53 GMT, Iris Clark <iris at openjdk.org> wrote:

>> Please review this simple update to the manpage to set the version to 21-ea.
>> 
>> This change also corrects a typo in javac.1 that was manually introduced by JDK-8300591
>> 
>> Thanks.
>
> Marked as reviewed by iris (Reviewer).

Thanks for the review @irisclark !

-------------

PR: https://git.openjdk.org/jdk/pull/12154

From darcy at openjdk.org  Tue Jan 24 05:57:04 2023
From: darcy at openjdk.org (Joe Darcy)
Date: Tue, 24 Jan 2023 05:57:04 GMT
Subject: RFR: 8290918: Initial nroff manpage generation for JDK 21
In-Reply-To: <_l9LWouUV22whyL4PTf1esOed9cZw1jyKKVBozovayE=.f79dbc18-b48e-4e52-8a16-f9e1b732ce50@github.com>
References: <_l9LWouUV22whyL4PTf1esOed9cZw1jyKKVBozovayE=.f79dbc18-b48e-4e52-8a16-f9e1b732ce50@github.com>
Message-ID: <YZWmN-Gn-7lcp-GJ9EiaHjm14TEHDC2GhJddEjyj3PA=.7cf5e2e6-0fbf-4994-8d1a-8d51c1d2a746@github.com>

On Mon, 23 Jan 2023 22:59:22 GMT, David Holmes <dholmes at openjdk.org> wrote:

> Please review this simple update to the manpage to set the version to 21-ea.
> 
> This change also corrects a typo in javac.1 that was manually introduced by JDK-8300591
> 
> Thanks.

Marked as reviewed by darcy (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/12154

From dholmes at openjdk.org  Tue Jan 24 06:31:11 2023
From: dholmes at openjdk.org (David Holmes)
Date: Tue, 24 Jan 2023 06:31:11 GMT
Subject: RFR: 8290918: Initial nroff manpage generation for JDK 21
In-Reply-To: <YZWmN-Gn-7lcp-GJ9EiaHjm14TEHDC2GhJddEjyj3PA=.7cf5e2e6-0fbf-4994-8d1a-8d51c1d2a746@github.com>
References: <_l9LWouUV22whyL4PTf1esOed9cZw1jyKKVBozovayE=.f79dbc18-b48e-4e52-8a16-f9e1b732ce50@github.com>
 <YZWmN-Gn-7lcp-GJ9EiaHjm14TEHDC2GhJddEjyj3PA=.7cf5e2e6-0fbf-4994-8d1a-8d51c1d2a746@github.com>
Message-ID: <SUK02VMlj73d0HhBwEdTte0bHR33-fl8v4GnyICDhKU=.ffe72dfc-6e51-41ed-a3fd-cee71e3cc5dc@github.com>

On Tue, 24 Jan 2023 05:54:44 GMT, Joe Darcy <darcy at openjdk.org> wrote:

>> Please review this simple update to the manpage to set the version to 21-ea.
>> 
>> This change also corrects a typo in javac.1 that was manually introduced by JDK-8300591
>> 
>> Thanks.
>
> Marked as reviewed by darcy (Reviewer).

Thanks for the review @jddarcy !

I think that suffices for this trivial change.

-------------

PR: https://git.openjdk.org/jdk/pull/12154

From dholmes at openjdk.org  Tue Jan 24 06:31:13 2023
From: dholmes at openjdk.org (David Holmes)
Date: Tue, 24 Jan 2023 06:31:13 GMT
Subject: Integrated: 8290918: Initial nroff manpage generation for JDK 21
In-Reply-To: <_l9LWouUV22whyL4PTf1esOed9cZw1jyKKVBozovayE=.f79dbc18-b48e-4e52-8a16-f9e1b732ce50@github.com>
References: <_l9LWouUV22whyL4PTf1esOed9cZw1jyKKVBozovayE=.f79dbc18-b48e-4e52-8a16-f9e1b732ce50@github.com>
Message-ID: <yeIK2jww1KRzkXdap1HpcJ09H4UlC5ak6d0o3URrzQA=.747cd40f-8159-4809-82d7-b801be1be373@github.com>

On Mon, 23 Jan 2023 22:59:22 GMT, David Holmes <dholmes at openjdk.org> wrote:

> Please review this simple update to the manpage to set the version to 21-ea.
> 
> This change also corrects a typo in javac.1 that was manually introduced by JDK-8300591
> 
> Thanks.

This pull request has now been integrated.

Changeset: 6dd8723f
Author:    David Holmes <dholmes at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/6dd8723f66a22e626d98c74cff0b0b344a62626d
Stats:     28 lines in 27 files changed: 0 ins; 0 del; 28 mod

8290918: Initial nroff manpage generation for JDK 21

Reviewed-by: lancea, iris, darcy

-------------

PR: https://git.openjdk.org/jdk/pull/12154

From duke at openjdk.org  Tue Jan 24 09:16:15 2023
From: duke at openjdk.org (duke)
Date: Tue, 24 Jan 2023 09:16:15 GMT
Subject: Withdrawn: 8296408: Make the PCSCException public accessible
In-Reply-To: <4m2KP_3T6JqPbZgUV-YcX4yYXc7NqNK59Q_Jm-boAgs=.495df2e9-79c8-40df-a56b-110a26250b57@github.com>
References: <4m2KP_3T6JqPbZgUV-YcX4yYXc7NqNK59Q_Jm-boAgs=.495df2e9-79c8-40df-a56b-110a26250b57@github.com>
Message-ID: <JcnFYl4VK1179-W07Lu3vP_M7tOtvKLqHj4OYTmQDh8=.a888f9c2-bb47-4590-8df2-1c58089400cf@github.com>

On Mon, 7 Nov 2022 05:55:18 GMT, Johannes Waigel <duke at openjdk.org> wrote:

> The `PCSCException` is thrown, but the error type is not visible due to the "private-packe" access rule.
> By changing the visibility it is possible to handle / access this exception type explicitly in the catch.

This pull request has been closed without being integrated.

-------------

PR: https://git.openjdk.org/jdk/pull/11012

From duke at openjdk.org  Tue Jan 24 12:11:20 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Tue, 24 Jan 2023 12:11:20 GMT
Subject: RFR: 8300272: Improve readability of the test
 JarWithOneNonDisabledDigestAlg [v3]
In-Reply-To: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
References: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
Message-ID: <BJUDt_FLT4LKwVCu7kpIJNGBgtRF3WLHr2qWBXflrvo=.2b14fe4e-542d-47fb-827d-5fcefcdf4edc@github.com>

> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to read. 
> 
> Some changes are made in the choice of algorithms and naming. The intent here is to reduce confusion and make the purpose of the test clearer:
> 
> - Updated the **enabled** digestAlgorithm in use from SHA1 to SHA256. The use of SHA1 here seems just a bit confusing, since it has been considered weak for a while 
> - The two different signer aliases are now named SIGNER1, SIGNER2 instead of the somewhat confusing SHA1, SHA256
> - Both signing keys are now generated with -sigalg SHA256withRSA since the sigalg of the keys does not seem to matter for this test
> 
> There are also some general code cleanups:
> 
> - Moved loading of the key store into the new method loadKeyStore
> - Updated checkThatJarIsSigned to take a parameter Map<String, Integer> representing the expected signer counts for each path in the JAR. This provides a cleaner separation between expectiations and the enforcement of expectations.
> - Introduced Path constants for various file names used throughout the test, reducing a number of redundant Path.of calls which seemed to clutter the code a bit
> - Updated IO code to use new APIs, such as Files.newOutputStream, Files.newInputStream, InputStream.transferTo and OutputStream.nullOutputStream.
> - Added/updated some comments where appropriate

Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:

  Add whitespace between try and left parentesis
  
  Co-authored-by: Andrey Turbanov <turbanoff at gmail.com>

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11997/files
  - new: https://git.openjdk.org/jdk/pull/11997/files/36b1a831..11649bc9

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11997&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11997&range=01-02

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/11997.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11997/head:pull/11997

PR: https://git.openjdk.org/jdk/pull/11997

From duke at openjdk.org  Tue Jan 24 12:18:10 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Tue, 24 Jan 2023 12:18:10 GMT
Subject: RFR: 8300272: Improve readability of the test
 JarWithOneNonDisabledDigestAlg [v4]
In-Reply-To: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
References: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
Message-ID: <TkP7g7pzI-Ffl-gcgNkeQ9lAwduVWE62Bc--I-cE2wg=.6c53922e-fd16-4279-bcc9-ec85bcde5711@github.com>

> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to read. 
> 
> Some changes are made in the choice of algorithms and naming. The intent here is to reduce confusion and make the purpose of the test clearer:
> 
> - Updated the **enabled** digestAlgorithm in use from SHA1 to SHA256. The use of SHA1 here seems just a bit confusing, since it has been considered weak for a while 
> - The two different signer aliases are now named SIGNER1, SIGNER2 instead of the somewhat confusing SHA1, SHA256
> - Both signing keys are now generated with -sigalg SHA256withRSA since the sigalg of the keys does not seem to matter for this test
> 
> There are also some general code cleanups:
> 
> - Moved loading of the key store into the new method loadKeyStore
> - Updated checkThatJarIsSigned to take a parameter Map<String, Integer> representing the expected signer counts for each path in the JAR. This provides a cleaner separation between expectiations and the enforcement of expectations.
> - Introduced Path constants for various file names used throughout the test, reducing a number of redundant Path.of calls which seemed to clutter the code a bit
> - Updated IO code to use new APIs, such as Files.newOutputStream, Files.newInputStream, InputStream.transferTo and OutputStream.nullOutputStream.
> - Added/updated some comments where appropriate

Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:

  Add whitespace between if and left parenthesis

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11997/files
  - new: https://git.openjdk.org/jdk/pull/11997/files/11649bc9..8081b013

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11997&range=03
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11997&range=02-03

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/11997.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11997/head:pull/11997

PR: https://git.openjdk.org/jdk/pull/11997

From duke at openjdk.org  Tue Jan 24 12:31:30 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Tue, 24 Jan 2023 12:31:30 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v15]
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <EOmRiv7PORp4s9HdYYs5cp8hNIA51minXiwj_7zKcHw=.e42c89d0-8d3c-4a8f-a9b5-adbd8d94a987@github.com>

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test IgnoreUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:

  Add whitespace after keywords if and for

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11976/files
  - new: https://git.openjdk.org/jdk/pull/11976/files/cf93bfc1..408d2228

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=14
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11976&range=13-14

  Stats: 3 lines in 1 file changed: 0 ins; 0 del; 3 mod
  Patch: https://git.openjdk.org/jdk/pull/11976.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11976/head:pull/11976

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Tue Jan 24 15:58:11 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Tue, 24 Jan 2023 15:58:11 GMT
Subject: RFR: 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3
In-Reply-To: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
References: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
Message-ID: <vy9ENmOe-nqRCZ5cSLEuyaoB2akLmYOGE-d47gzavEU=.a1aac660-cf91-4a0f-a476-09b97de02c98@github.com>

On Fri, 23 Dec 2022 17:08:03 GMT, Matthew Donovan <duke at openjdk.org> wrote:

> * updated test for new TLS protocols and ciphersuites
> * code cleanup

Can someone take a look at this?  Thanks!

-------------

PR: https://git.openjdk.org/jdk/pull/11780

From weijun at openjdk.org  Tue Jan 24 18:17:06 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Tue, 24 Jan 2023 18:17:06 GMT
Subject: RFR: 8300272: Improve readability of the test
 JarWithOneNonDisabledDigestAlg [v4]
In-Reply-To: <TkP7g7pzI-Ffl-gcgNkeQ9lAwduVWE62Bc--I-cE2wg=.6c53922e-fd16-4279-bcc9-ec85bcde5711@github.com>
References: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
 <TkP7g7pzI-Ffl-gcgNkeQ9lAwduVWE62Bc--I-cE2wg=.6c53922e-fd16-4279-bcc9-ec85bcde5711@github.com>
Message-ID: <L4E_DodKATrw2xuxwAyLc64kgTnp7CtHBg9OG7jz9fQ=.24ba2f2f-04ba-4f3e-aefc-72bafbd8db61@github.com>

On Tue, 24 Jan 2023 12:18:10 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to read. 
>> 
>> Some changes are made in the choice of algorithms and naming. The intent here is to reduce confusion and make the purpose of the test clearer:
>> 
>> - Updated the **enabled** digestAlgorithm in use from SHA1 to SHA256. The use of SHA1 here seems just a bit confusing, since it has been considered weak for a while 
>> - The two different signer aliases are now named SIGNER1, SIGNER2 instead of the somewhat confusing SHA1, SHA256
>> - Both signing keys are now generated with -sigalg SHA256withRSA since the sigalg of the keys does not seem to matter for this test
>> 
>> There are also some general code cleanups:
>> 
>> - Moved loading of the key store into the new method loadKeyStore
>> - Updated checkThatJarIsSigned to take a parameter Map<String, Integer> representing the expected signer counts for each path in the JAR. This provides a cleaner separation between expectiations and the enforcement of expectations.
>> - Introduced Path constants for various file names used throughout the test, reducing a number of redundant Path.of calls which seemed to clutter the code a bit
>> - Updated IO code to use new APIs, such as Files.newOutputStream, Files.newInputStream, InputStream.transferTo and OutputStream.nullOutputStream.
>> - Added/updated some comments where appropriate
>
> Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Add whitespace between if and left parenthesis

Looks good. Thanks!

-------------

Marked as reviewed by weijun (Reviewer).

PR: https://git.openjdk.org/jdk/pull/11997

From weijun at openjdk.org  Tue Jan 24 18:58:08 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Tue, 24 Jan 2023 18:58:08 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v15]
In-Reply-To: <EOmRiv7PORp4s9HdYYs5cp8hNIA51minXiwj_7zKcHw=.e42c89d0-8d3c-4a8f-a9b5-adbd8d94a987@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <EOmRiv7PORp4s9HdYYs5cp8hNIA51minXiwj_7zKcHw=.e42c89d0-8d3c-4a8f-a9b5-adbd8d94a987@github.com>
Message-ID: <ITa36LJZiiJAJVLewbR9wQOopfNXg2QreiTBEEaV7fo=.f22f5aa9-0b25-45fb-94b4-e508236fdc16@github.com>

On Tue, 24 Jan 2023 12:31:30 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
>> 
>> The mentioned call sites needs updates to check and ignore such files.
>> 
>> A new test IgnoreUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.
>
> Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Add whitespace after keywords if and for

The change looks fine. I'll run some test.

Precisely `ZipFile::isSignatureRelated` should also contain those `SIG-` files. The feature is not used so I cannot say if it's wrong.

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Tue Jan 24 19:07:04 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Tue, 24 Jan 2023 19:07:04 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v15]
In-Reply-To: <ITa36LJZiiJAJVLewbR9wQOopfNXg2QreiTBEEaV7fo=.f22f5aa9-0b25-45fb-94b4-e508236fdc16@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <EOmRiv7PORp4s9HdYYs5cp8hNIA51minXiwj_7zKcHw=.e42c89d0-8d3c-4a8f-a9b5-adbd8d94a987@github.com>
 <ITa36LJZiiJAJVLewbR9wQOopfNXg2QreiTBEEaV7fo=.f22f5aa9-0b25-45fb-94b4-e508236fdc16@github.com>
Message-ID: <23Ag-QUbuN8Y5jR2CZ8q51LMTZ-Bs_qSE2Xl4CjaHD4=.2a91bdd1-2ff1-49b5-9979-3ca307cc0120@github.com>

On Tue, 24 Jan 2023 18:54:59 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Precisely `ZipFile::isSignatureRelated` should also contain those `SIG-` files. 

Should they though?  These files are ultimately read by JarFile.initializeVerifier, which I guess only cares about signature/block files it actually knows how to verify, currently EC, RSA, DSA?

> The feature is not used so I cannot say if it's wrong.

The JAR File Specification is a bit short on the purpose of these files. I assume they are expected to be verified by code external to the JDK?

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Tue Jan 24 22:19:14 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Tue, 24 Jan 2023 22:19:14 GMT
Subject: Integrated: 8300272: Improve readability of the test
 JarWithOneNonDisabledDigestAlg
In-Reply-To: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
References: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
Message-ID: <ifYhiOBPrchpDYUtmnAaWsk5WLg-WjtCRYyQI8PGK58=.ebc121fb-438a-4700-88fd-6f1715fffaf6@github.com>

On Fri, 13 Jan 2023 20:12:56 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to read. 
> 
> Some changes are made in the choice of algorithms and naming. The intent here is to reduce confusion and make the purpose of the test clearer:
> 
> - Updated the **enabled** digestAlgorithm in use from SHA1 to SHA256. The use of SHA1 here seems just a bit confusing, since it has been considered weak for a while 
> - The two different signer aliases are now named SIGNER1, SIGNER2 instead of the somewhat confusing SHA1, SHA256
> - Both signing keys are now generated with -sigalg SHA256withRSA since the sigalg of the keys does not seem to matter for this test
> 
> There are also some general code cleanups:
> 
> - Moved loading of the key store into the new method loadKeyStore
> - Updated checkThatJarIsSigned to take a parameter Map<String, Integer> representing the expected signer counts for each path in the JAR. This provides a cleaner separation between expectiations and the enforcement of expectations.
> - Introduced Path constants for various file names used throughout the test, reducing a number of redundant Path.of calls which seemed to clutter the code a bit
> - Updated IO code to use new APIs, such as Files.newOutputStream, Files.newInputStream, InputStream.transferTo and OutputStream.nullOutputStream.
> - Added/updated some comments where appropriate

This pull request has now been integrated.

Changeset: cf46004f
Author:    Eirik Bjorsnos <eirbjo at gmail.com>
Committer: Weijun Wang <weijun at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/cf46004f276293ce8b092fe17ae579cbe45914a2
Stats:     91 lines in 1 file changed: 41 ins; 8 del; 42 mod

8300272: Improve readability of the test JarWithOneNonDisabledDigestAlg

Reviewed-by: weijun

-------------

PR: https://git.openjdk.org/jdk/pull/11997

From mullan at openjdk.org  Wed Jan 25 13:59:07 2023
From: mullan at openjdk.org (Sean Mullan)
Date: Wed, 25 Jan 2023 13:59:07 GMT
Subject: RFR: 8286907: keytool should warn about weak PBE algorithms [v2]
In-Reply-To: <E8YD7T_tgsYHud7KZZSNFLbo71ZFtPHDtUmzbGMJPR8=.e5f0c397-2c70-4d62-990b-2ae2730347fb@github.com>
References: <rWP9qmG41dCr9TXex7yYUXQBZoWksArIHUqomJ88LRY=.98cc8849-5878-4c84-a126-b2ef0286aa41@github.com>
 <E8YD7T_tgsYHud7KZZSNFLbo71ZFtPHDtUmzbGMJPR8=.e5f0c397-2c70-4d62-990b-2ae2730347fb@github.com>
Message-ID: <-8PfqD8fAFIt4REv04SO6QVFRSaDFm1Cj4c7h8A02uo=.e39baeaa-4c32-43d5-a91c-e7d2dd059c50@github.com>

On Fri, 20 Jan 2023 22:03:29 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> Please review the fix to address the problem in keytool -genseckey and -importpass.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update with Max's comment

Marked as reviewed by mullan (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/12056

From weijun at openjdk.org  Wed Jan 25 14:36:12 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Wed, 25 Jan 2023 14:36:12 GMT
Subject: RFR: 8286907: keytool should warn about weak PBE algorithms [v2]
In-Reply-To: <E8YD7T_tgsYHud7KZZSNFLbo71ZFtPHDtUmzbGMJPR8=.e5f0c397-2c70-4d62-990b-2ae2730347fb@github.com>
References: <rWP9qmG41dCr9TXex7yYUXQBZoWksArIHUqomJ88LRY=.98cc8849-5878-4c84-a126-b2ef0286aa41@github.com>
 <E8YD7T_tgsYHud7KZZSNFLbo71ZFtPHDtUmzbGMJPR8=.e5f0c397-2c70-4d62-990b-2ae2730347fb@github.com>
Message-ID: <tmdu6vWjbzJHVswN7NdKZhlbPZc_Mh-pP_Gsc4Cch3k=.b833108c-bf48-4447-92f2-cbc9d02a8254@github.com>

On Fri, 20 Jan 2023 22:03:29 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> Please review the fix to address the problem in keytool -genseckey and -importpass.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update with Max's comment

I tried using `-keyalg PBEWithSHA1AndRC2_40` and removed `SHA-1` from `jdk.security.legacyAlgorithms` and see no warning. It looks like the disabled algorithm decomposer cannot extract "RC2" from the algorithm name.

Also, since this check only looks at `jdk.security.legacyAlgorithms`, shall we add other disabled algorithms here as well? Like MD2.

-------------

PR: https://git.openjdk.org/jdk/pull/12056

From duke at openjdk.org  Wed Jan 25 16:17:08 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Wed, 25 Jan 2023 16:17:08 GMT
Subject: RFR: 8300272: Improve readability of the test
 JarWithOneNonDisabledDigestAlg [v4]
In-Reply-To: <TkP7g7pzI-Ffl-gcgNkeQ9lAwduVWE62Bc--I-cE2wg=.6c53922e-fd16-4279-bcc9-ec85bcde5711@github.com>
References: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
 <TkP7g7pzI-Ffl-gcgNkeQ9lAwduVWE62Bc--I-cE2wg=.6c53922e-fd16-4279-bcc9-ec85bcde5711@github.com>
Message-ID: <Wybf-Sszd27580hG2-DkdqWTIun-7tRWORUe9xkv5TA=.e9f48e2f-6170-4734-8144-07f80c1e936b@github.com>

On Tue, 24 Jan 2023 12:18:10 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to read. 
>> 
>> Some changes are made in the choice of algorithms and naming. The intent here is to reduce confusion and make the purpose of the test clearer:
>> 
>> - Updated the **enabled** digestAlgorithm in use from SHA1 to SHA256. The use of SHA1 here seems just a bit confusing, since it has been considered weak for a while 
>> - The two different signer aliases are now named SIGNER1, SIGNER2 instead of the somewhat confusing SHA1, SHA256
>> - Both signing keys are now generated with -sigalg SHA256withRSA since the sigalg of the keys does not seem to matter for this test
>> 
>> There are also some general code cleanups:
>> 
>> - Moved loading of the key store into the new method loadKeyStore
>> - Updated checkThatJarIsSigned to take a parameter Map<String, Integer> representing the expected signer counts for each path in the JAR. This provides a cleaner separation between expectiations and the enforcement of expectations.
>> - Introduced Path constants for various file names used throughout the test, reducing a number of redundant Path.of calls which seemed to clutter the code a bit
>> - Updated IO code to use new APIs, such as Files.newOutputStream, Files.newInputStream, InputStream.transferTo and OutputStream.nullOutputStream.
>> - Added/updated some comments where appropriate
>
> Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Add whitespace between if and left parenthesis

test/jdk/jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java line 109:

> 107:         try {
> 108:             jarConstraints.permits("MD5", cp, false);
> 109:             throw new Exception("This test assumes that MD5 is disabled");

It might be clearer to say something like "This test requires MD5 to be disabled but it is enabled." 

Same for the SHA256 check below.

-------------

PR: https://git.openjdk.org/jdk/pull/11997

From duke at openjdk.org  Wed Jan 25 16:27:44 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Wed, 25 Jan 2023 16:27:44 GMT
Subject: RFR: 8300272: Improve readability of the test
 JarWithOneNonDisabledDigestAlg [v4]
In-Reply-To: <Wybf-Sszd27580hG2-DkdqWTIun-7tRWORUe9xkv5TA=.e9f48e2f-6170-4734-8144-07f80c1e936b@github.com>
References: <T02BenMtzPzEHP8gFkKJ_-Bhv7I5CJqE1wrvFqOZSiM=.1b490f76-c5fa-4a16-b924-bfb89e0af594@github.com>
 <TkP7g7pzI-Ffl-gcgNkeQ9lAwduVWE62Bc--I-cE2wg=.6c53922e-fd16-4279-bcc9-ec85bcde5711@github.com>
 <Wybf-Sszd27580hG2-DkdqWTIun-7tRWORUe9xkv5TA=.e9f48e2f-6170-4734-8144-07f80c1e936b@github.com>
Message-ID: <Cja5WlG8x28ZUCDx7MS3TAwh-d3ThKcrsW3eZsQedys=.a0ab5c34-e14c-4fe8-998f-e67ea49c60ff@github.com>

On Wed, 25 Jan 2023 16:12:12 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Add whitespace between if and left parenthesis
>
> test/jdk/jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java line 109:
> 
>> 107:         try {
>> 108:             jarConstraints.permits("MD5", cp, false);
>> 109:             throw new Exception("This test assumes that MD5 is disabled");
> 
> It might be clearer to say something like "This test requires MD5 to be disabled but it is enabled." 
> 
> Same for the SHA256 check below.

Thanks!. This PR was integrated yesterday, I'll keep this in mind if I do further work in this area.

-------------

PR: https://git.openjdk.org/jdk/pull/11997

From eirbjo at gmail.com  Wed Jan 25 17:49:01 2023
From: eirbjo at gmail.com (=?UTF-8?B?RWlyaWsgQmrDuHJzbsO4cw==?=)
Date: Wed, 25 Jan 2023 18:49:01 +0100
Subject: Resurrect VerifySignedJar test
Message-ID: <CA+pBWhtcBS2X9o_HEeFWkviLU6Aa-BDm=mmcvUi_PMbjVNcxMQ@mail.gmail.com>

Hi,

Can I get help filing a JBS issue for the following PR which
resurrects the VerifySignedJar test now that SHA-1 is disabled:

https://github.com/openjdk/jdk/pull/12206

Thanks,
Eirik.

From weijun.wang at oracle.com  Wed Jan 25 19:24:52 2023
From: weijun.wang at oracle.com (Wei-Jun Wang)
Date: Wed, 25 Jan 2023 19:24:52 +0000
Subject: JEP draft: Key Encapsulation Mechanism API
Message-ID: <6EA03210-3F06-495F-B540-0D4111992ECC@oracle.com>

Hi All,

We are working on providing a new API for KEM (Key Encapsulation Mechanism). There will be a KEM class for users along with a KEMSpi class for security providers, and several other parameter and exception classes.

You can read the draft JEP at https://openjdk.org/jeps/8301034.

Feel free to add any comment here.

Thanks,
Max


From xuelei.f at gmail.com  Wed Jan 25 20:03:00 2023
From: xuelei.f at gmail.com (Xuelei Fan)
Date: Wed, 25 Jan 2023 12:03:00 -0800
Subject: JEP draft: Key Encapsulation Mechanism API
In-Reply-To: <6EA03210-3F06-495F-B540-0D4111992ECC@oracle.com>
References: <6EA03210-3F06-495F-B540-0D4111992ECC@oracle.com>
Message-ID: <3923732D-45B8-4C2F-9C54-BA0AF1EB20EE@gmail.com>

For new set of service APIs, it may be worthy of considering to simplify the design and avoid duplicated SPIs by using java.util.ServiceLoade.

Xuelei

> On Jan 25, 2023, at 11:24 AM, Wei-Jun Wang <weijun.wang at oracle.com> wrote:
> 
> Hi All,
> 
> We are working on providing a new API for KEM (Key Encapsulation Mechanism). There will be a KEM class for users along with a KEMSpi class for security providers, and several other parameter and exception classes.
> 
> You can read the draft JEP at https://openjdk.org/jeps/8301034.
> 
> Feel free to add any comment here.
> 
> Thanks,
> Max
> 


From weijun.wang at oracle.com  Wed Jan 25 21:03:52 2023
From: weijun.wang at oracle.com (Wei-Jun Wang)
Date: Wed, 25 Jan 2023 21:03:52 +0000
Subject: JEP draft: Key Encapsulation Mechanism API
In-Reply-To: <3923732D-45B8-4C2F-9C54-BA0AF1EB20EE@gmail.com>
References: <6EA03210-3F06-495F-B540-0D4111992ECC@oracle.com>
 <3923732D-45B8-4C2F-9C54-BA0AF1EB20EE@gmail.com>
Message-ID: <E6F73B90-FF3D-4CF7-8392-197E027AF4F2@oracle.com>

Hi Xuelei,

That's a bold suggestion. However, we'd like to the tradition of JCA/JCE at the moment. 

Thanks,
Max


> On Jan 25, 2023, at 3:03 PM, Xuelei Fan <xuelei.f at gmail.com> wrote:
> 
> For new set of service APIs, it may be worthy of considering to simplify the design and avoid duplicated SPIs by using java.util.ServiceLoade.
> 
> Xuelei
> 
>> On Jan 25, 2023, at 11:24 AM, Wei-Jun Wang <weijun.wang at oracle.com> wrote:
>> 
>> Hi All,
>> 
>> We are working on providing a new API for KEM (Key Encapsulation Mechanism). There will be a KEM class for users along with a KEMSpi class for security providers, and several other parameter and exception classes.
>> 
>> You can read the draft JEP at https://openjdk.org/jeps/8301034.
>> 
>> Feel free to add any comment here.
>> 
>> Thanks,
>> Max
>> 
> 


From valeriep at openjdk.org  Wed Jan 25 22:33:59 2023
From: valeriep at openjdk.org (Valerie Peng)
Date: Wed, 25 Jan 2023 22:33:59 GMT
Subject: RFR: 8288050: Add support of SHA-512/224 and SHA-512/256 to the
 PBKDF2 and PBES2 impls in SunJCE provider [v5]
In-Reply-To: <BIqMpeHhMJczYmGl-hCv2aPigEb7Xop0BaVNMRSLiw8=.dbff3948-5ad5-4044-abaa-c573c4c0f276@github.com>
References: <BIqMpeHhMJczYmGl-hCv2aPigEb7Xop0BaVNMRSLiw8=.dbff3948-5ad5-4044-abaa-c573c4c0f276@github.com>
Message-ID: <LlN398Gqwj0Ps7Xi__rWONwbElGtH77H1zA3VIcaykI=.ff5e5eb6-7da0-4ae9-85ae-318796781d25@github.com>

> This RFE enhances existing PBE algorithms with the "SHA512/224" and "SHA512/256" support. 
> Current transformation parsing in javax.crypto.Cipher class is re-written to handle the additional "/" in the "SHA512/224" and "SHA512/256" algorithm names. Existing tests are updated with the additional new algorithms.

Valerie Peng has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision:

 - Merge branch 'master' of https://github.com/openjdk/jdk into JDK-8288050
   so bot can find the CSR for JDK21 and mark the PR complete.
 - address review feedbacks
 - handle the "SHA512/2" lookup of the cipher transformation in a case-insensitive way.
 - remove extra whitespace
 - remove trailing whitespace
 - 8288050: Add support of SHA-512/224 and SHA-512/256 to the PBKDF2 and PBES2 impls in SunJCE provider

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11339/files
  - new: https://git.openjdk.org/jdk/pull/11339/files/fa2b3dbc..e050123e

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11339&range=04
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11339&range=03-04

  Stats: 161222 lines in 4146 files changed: 82411 ins; 53020 del; 25791 mod
  Patch: https://git.openjdk.org/jdk/pull/11339.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11339/head:pull/11339

PR: https://git.openjdk.org/jdk/pull/11339

From xuelei.f at gmail.com  Thu Jan 26 04:13:05 2023
From: xuelei.f at gmail.com (Xuelei Fan)
Date: Wed, 25 Jan 2023 20:13:05 -0800
Subject: JEP draft: Key Encapsulation Mechanism API
In-Reply-To: <E6F73B90-FF3D-4CF7-8392-197E027AF4F2@oracle.com>
References: <6EA03210-3F06-495F-B540-0D4111992ECC@oracle.com>
 <3923732D-45B8-4C2F-9C54-BA0AF1EB20EE@gmail.com>
 <E6F73B90-FF3D-4CF7-8392-197E027AF4F2@oracle.com>
Message-ID: <F397E862-E807-4B5C-8D5C-1B868E8B2B03@gmail.com>

For delayed provider selection, what?s the selection behavior for KEM.getProvider()and KEM.getInstance(String alg, Provider p)? Could the provider be determined and reliable if the methods are used in an application?  Is the behavior the same if the calling sequences in an application are not exactly the same, like?

    kem = ?
    var provider = kem.getProvider();
    // use the provider information
    kem.encapsulate(?);

vs:

    kem = ?
    kem.encapsulate(?);
    var provider = kem.getProvider();
    // use the provider information

Xuelei



> On Jan 25, 2023, at 1:03 PM, Wei-Jun Wang <weijun.wang at oracle.com> wrote:
> 
> Hi Xuelei,
> 
> That's a bold suggestion. However, we'd like to the tradition of JCA/JCE at the moment. 
> 
> Thanks,
> Max
> 
> 
>> On Jan 25, 2023, at 3:03 PM, Xuelei Fan <xuelei.f at gmail.com> wrote:
>> 
>> For new set of service APIs, it may be worthy of considering to simplify the design and avoid duplicated SPIs by using java.util.ServiceLoade.
>> 
>> Xuelei
>> 
>>> On Jan 25, 2023, at 11:24 AM, Wei-Jun Wang <weijun.wang at oracle.com> wrote:
>>> 
>>> Hi All,
>>> 
>>> We are working on providing a new API for KEM (Key Encapsulation Mechanism). There will be a KEM class for users along with a KEMSpi class for security providers, and several other parameter and exception classes.
>>> 
>>> You can read the draft JEP at https://openjdk.org/jeps/8301034.
>>> 
>>> Feel free to add any comment here.
>>> 
>>> Thanks,
>>> Max
>>> 
>> 
> 


From weijun.wang at oracle.com  Thu Jan 26 04:43:50 2023
From: weijun.wang at oracle.com (Wei-Jun Wang)
Date: Thu, 26 Jan 2023 04:43:50 +0000
Subject: JEP draft: Key Encapsulation Mechanism API
In-Reply-To: <F397E862-E807-4B5C-8D5C-1B868E8B2B03@gmail.com>
References: <6EA03210-3F06-495F-B540-0D4111992ECC@oracle.com>
 <3923732D-45B8-4C2F-9C54-BA0AF1EB20EE@gmail.com>
 <E6F73B90-FF3D-4CF7-8392-197E027AF4F2@oracle.com>
 <F397E862-E807-4B5C-8D5C-1B868E8B2B03@gmail.com>
Message-ID: <5177068E-5199-448F-9EB3-C0947BDAA395@oracle.com>



> On Jan 25, 2023, at 11:13 PM, Xuelei Fan <xuelei.f at gmail.com> wrote:
> 
> For delayed provider selection, what?s the selection behavior for KEM.getProvider()and KEM.getInstance(String alg, Provider p)?

If getInstance(alg, p) is called, there won't be delayed provider selection.

> Could the provider be determined and reliable if the methods are used in an application?  Is the behavior the same if the calling sequences in an application are not exactly the same, like?
> 
>    kem = ?
>    var provider = kem.getProvider();
>    // use the provider information
>    kem.encapsulate(?);

If getProvider() is called before encapsulation. Most likely it will be the 1st provider that supports this algorithm. This is not specified but we know there is an order for the providers.

> 
> vs:
> 
>    kem = ?
>    kem.encapsulate(?);
>    var provider = kem.getProvider();
>    // use the provider information

This provider will be the implementation that actually performed the encapsulation function.

The delayed provider selection in existing crypto primitives like Signature and KeyAgreement only allows the selection once. If it's determined then it will not change. When designing KEM, we think this is unnecessary. Of course this makes the class more mutable. If someone really cares about the result of getProvider(), they should be careful no other thread calls encapsulation or decapsulation.

Thanks,
Max

> 
> Xuelei
> 
> 
> 
>> On Jan 25, 2023, at 1:03 PM, Wei-Jun Wang <weijun.wang at oracle.com> wrote:
>> 
>> Hi Xuelei,
>> 
>> That's a bold suggestion. However, we'd like to the tradition of JCA/JCE at the moment. 
>> 
>> Thanks,
>> Max
>> 
>> 
>>> On Jan 25, 2023, at 3:03 PM, Xuelei Fan <xuelei.f at gmail.com> wrote:
>>> 
>>> For new set of service APIs, it may be worthy of considering to simplify the design and avoid duplicated SPIs by using java.util.ServiceLoade.
>>> 
>>> Xuelei
>>> 
>>>> On Jan 25, 2023, at 11:24 AM, Wei-Jun Wang <weijun.wang at oracle.com> wrote:
>>>> 
>>>> Hi All,
>>>> 
>>>> We are working on providing a new API for KEM (Key Encapsulation Mechanism). There will be a KEM class for users along with a KEMSpi class for security providers, and several other parameter and exception classes.
>>>> 
>>>> You can read the draft JEP at https://openjdk.org/jeps/8301034.
>>>> 
>>>> Feel free to add any comment here.
>>>> 
>>>> Thanks,
>>>> Max
>>>> 
>>> 
>> 
> 


From hchao at openjdk.org  Thu Jan 26 04:57:18 2023
From: hchao at openjdk.org (Hai-May Chao)
Date: Thu, 26 Jan 2023 04:57:18 GMT
Subject: RFR: 8286907: keytool should warn about weak PBE algorithms [v2]
In-Reply-To: <E8YD7T_tgsYHud7KZZSNFLbo71ZFtPHDtUmzbGMJPR8=.e5f0c397-2c70-4d62-990b-2ae2730347fb@github.com>
References: <rWP9qmG41dCr9TXex7yYUXQBZoWksArIHUqomJ88LRY=.98cc8849-5878-4c84-a126-b2ef0286aa41@github.com>
 <E8YD7T_tgsYHud7KZZSNFLbo71ZFtPHDtUmzbGMJPR8=.e5f0c397-2c70-4d62-990b-2ae2730347fb@github.com>
Message-ID: <sVHe8eh8e5-81QlV9iwfrvXcORTw8e7qy0V1bBVlLzs=.d9901d98-b6d8-40ec-a0ad-23357174c2f3@github.com>

On Fri, 20 Jan 2023 22:03:29 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> Please review the fix to address the problem in keytool -genseckey and -importpass.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update with Max's comment

Yes, the issue for `PBEWithSHA1AndRC2_40` when `SHA-1` is removed from `jdk.security.legacyAlgorithms` is because Algorithm Decomposer decomposes it to RC2_40 **accordingly** and Constraints map contains RC2 which is built based on `jdk.security.legacyAlgorithms`. Filed JDK-8301127 for this.
Filed JDK-8301130 to track adding MD2 to j`dk.security.legacyAlgorithms`.

-------------

PR: https://git.openjdk.org/jdk/pull/12056

From xuelei.f at gmail.com  Thu Jan 26 05:48:47 2023
From: xuelei.f at gmail.com (Xuelei Fan)
Date: Wed, 25 Jan 2023 21:48:47 -0800
Subject: JEP draft: Key Encapsulation Mechanism API
In-Reply-To: <5177068E-5199-448F-9EB3-C0947BDAA395@oracle.com>
References: <6EA03210-3F06-495F-B540-0D4111992ECC@oracle.com>
 <3923732D-45B8-4C2F-9C54-BA0AF1EB20EE@gmail.com>
 <E6F73B90-FF3D-4CF7-8392-197E027AF4F2@oracle.com>
 <F397E862-E807-4B5C-8D5C-1B868E8B2B03@gmail.com>
 <5177068E-5199-448F-9EB3-C0947BDAA395@oracle.com>
Message-ID: <6B6F4C52-E8F5-457B-A440-3AFA32FFE9A7@gmail.com>


> On Jan 25, 2023, at 8:43 PM, Wei-Jun Wang <weijun.wang at oracle.com> wrote:


> If someone really cares about the result of getProvider(), they should be careful no other thread calls encapsulation or decapsulation.

If no-one care about the result of getProvider(), is it possible to remove this method from the design?

With this method, the API is not easy to use, and the code is not easy to review, unless a developer read the class and methods spec very carefully, considering that the behavior differences impacted by calling sequences.

Anyway, calling sequence problems are known issues for JCA/JCE, just my $0.02 in case it helps to make the specification more clear, if you?d like to the tradition of JCA/JCE.

Xuelei

From weijun at openjdk.org  Thu Jan 26 12:33:18 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Thu, 26 Jan 2023 12:33:18 GMT
Subject: RFR: 8286907: keytool should warn about weak PBE algorithms [v2]
In-Reply-To: <E8YD7T_tgsYHud7KZZSNFLbo71ZFtPHDtUmzbGMJPR8=.e5f0c397-2c70-4d62-990b-2ae2730347fb@github.com>
References: <rWP9qmG41dCr9TXex7yYUXQBZoWksArIHUqomJ88LRY=.98cc8849-5878-4c84-a126-b2ef0286aa41@github.com>
 <E8YD7T_tgsYHud7KZZSNFLbo71ZFtPHDtUmzbGMJPR8=.e5f0c397-2c70-4d62-990b-2ae2730347fb@github.com>
Message-ID: <EILw08HgnMqD-2QVId6eyoOXFHuk_dhdBfIhd5_1-Xs=.59833e33-383e-4939-b961-e41d82a4479a@github.com>

On Fri, 20 Jan 2023 22:03:29 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> Please review the fix to address the problem in keytool -genseckey and -importpass.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update with Max's comment

I said "one solution is to add RC2_40 and RC2_128" but I'm not sure if it's the right solution. If we resolve this issue in a separate issue, it means we believe the current decomposer implementation is correct and "RC2" SHOULD NOT cover "RC2_40". Thus. if one day we decide to disable AES, then we should disable all of AES_128, AES_192 and AES_256 since there are algorithm names like AES_192/OFB/NoPadding and PBEWithHmacSHA384AndAES_128. Let's find a agreement on this before closing out this issue.

-------------

PR: https://git.openjdk.org/jdk/pull/12056

From weijun.wang at oracle.com  Thu Jan 26 15:01:01 2023
From: weijun.wang at oracle.com (Wei-Jun Wang)
Date: Thu, 26 Jan 2023 15:01:01 +0000
Subject: JEP draft: Key Encapsulation Mechanism API
In-Reply-To: <6B6F4C52-E8F5-457B-A440-3AFA32FFE9A7@gmail.com>
References: <6EA03210-3F06-495F-B540-0D4111992ECC@oracle.com>
 <3923732D-45B8-4C2F-9C54-BA0AF1EB20EE@gmail.com>
 <E6F73B90-FF3D-4CF7-8392-197E027AF4F2@oracle.com>
 <F397E862-E807-4B5C-8D5C-1B868E8B2B03@gmail.com>
 <5177068E-5199-448F-9EB3-C0947BDAA395@oracle.com>
 <6B6F4C52-E8F5-457B-A440-3AFA32FFE9A7@gmail.com>
Message-ID: <F472A800-5F46-4D74-978E-C5B8F37DEB11@oracle.com>



> On Jan 26, 2023, at 12:48 AM, Xuelei Fan <xuelei.f at gmail.com> wrote:
> 
> 
>> On Jan 25, 2023, at 8:43 PM, Wei-Jun Wang <weijun.wang at oracle.com> wrote:
> 
> 
>> If someone really cares about the result of getProvider(), they should be careful no other thread calls encapsulation or decapsulation.
> 
> If no-one care about the result of getProvider(), is it possible to remove this method from the design?
> 
> With this method, the API is not easy to use, and the code is not easy to review, unless a developer read the class and methods spec very carefully, considering that the behavior differences impacted by calling sequences.
> 
> Anyway, calling sequence problems are known issues for JCA/JCE, just my $0.02 in case it helps to make the specification more clear, if you?d like to the tradition of JCA/JCE.

I see this method for every JCA class and would rather keep it.

--Max

> 
> Xuelei


From weijun.wang at oracle.com  Thu Jan 26 15:32:28 2023
From: weijun.wang at oracle.com (Wei-Jun Wang)
Date: Thu, 26 Jan 2023 15:32:28 +0000
Subject: Resurrect VerifySignedJar test
In-Reply-To: <CA+pBWhtcBS2X9o_HEeFWkviLU6Aa-BDm=mmcvUi_PMbjVNcxMQ@mail.gmail.com>
References: <CA+pBWhtcBS2X9o_HEeFWkviLU6Aa-BDm=mmcvUi_PMbjVNcxMQ@mail.gmail.com>
Message-ID: <2F4CBE7D-DD3D-41CD-9AEC-C493C6C46923@oracle.com>

https://bugs.openjdk.org/browse/JDK-8301167 filed. Thanks.


> On Jan 25, 2023, at 12:49 PM, Eirik Bj?rsn?s <eirbjo at gmail.com> wrote:
> 
> Hi,
> 
> Can I get help filing a JBS issue for the following PR which
> resurrects the VerifySignedJar test now that SHA-1 is disabled:
> 
> https://github.com/openjdk/jdk/pull/12206
> 
> Thanks,
> Eirik.


From duke at openjdk.org  Thu Jan 26 17:06:15 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Thu, 26 Jan 2023 17:06:15 GMT
Subject: RFR: 8301167: Update VerifySignedJar to actually exercise and test
 verification
Message-ID: <5UbuRQPAEB6bCoMVbyQGz49Ulfi9gpNtNn9DbN0l-_c=.c3797cbe-3814-45a4-a2a6-12e2e6c8c535@github.com>

This PR resurrects VerifySignedJar which currently tests nothing.

VerifySignedJar currently verifies a binary JAR which was signed with SHA-1 back in April 2000. Because SHA-1 signed JARs has been disabled for a while, the JAR is treated as unsigned so the test doesn't really test anything as of now. 

The test is updated in the following ways:

- The JAR used for verification is now created and signed with SHA-256 by the test itself
- The test is updated to check that the JAR is actually signed and with the expected certificate 
- JarEntry InputStreams are now read fully to ensure verification of all entries
- Objects.requireNonNull is used to check that entries returned by  getEntry, getJarEntry are non-null 
- The existing binary JAR is retired

-------------

Commit messages:
 - Simplify checkSignedBy by using JarEntry.getCertificates() instead of JarEntry.getCodeSigners()
 - o Update VerifySignedJar test to create and sign a JAR file instead of reading a binary JAR from version control.

Changes: https://git.openjdk.org/jdk/pull/12206/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12206&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8301167
  Stats: 91 lines in 2 files changed: 79 ins; 0 del; 12 mod
  Patch: https://git.openjdk.org/jdk/pull/12206.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12206/head:pull/12206

PR: https://git.openjdk.org/jdk/pull/12206

From weijun at openjdk.org  Thu Jan 26 17:06:16 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Thu, 26 Jan 2023 17:06:16 GMT
Subject: RFR: 8301167: Update VerifySignedJar to actually exercise and test
 verification
In-Reply-To: <5UbuRQPAEB6bCoMVbyQGz49Ulfi9gpNtNn9DbN0l-_c=.c3797cbe-3814-45a4-a2a6-12e2e6c8c535@github.com>
References: <5UbuRQPAEB6bCoMVbyQGz49Ulfi9gpNtNn9DbN0l-_c=.c3797cbe-3814-45a4-a2a6-12e2e6c8c535@github.com>
Message-ID: <Yb7UkFiFlJOjOg5vFc5KE3UvyaCC2DqKBkbCqOXfy1s=.d5b9a291-ce7c-4c8f-8e4d-f7f6b1dd4e23@github.com>

On Wed, 25 Jan 2023 17:38:13 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

> This PR resurrects VerifySignedJar which currently tests nothing.
> 
> VerifySignedJar currently verifies a binary JAR which was signed with SHA-1 back in April 2000. Because SHA-1 signed JARs has been disabled for a while, the JAR is treated as unsigned so the test doesn't really test anything as of now. 
> 
> The test is updated in the following ways:
> 
> - The JAR used for verification is now created and signed with SHA-256 by the test itself
> - The test is updated to check that the JAR is actually signed and with the expected certificate 
> - JarEntry InputStreams are now read fully to ensure verification of all entries
> - Objects.requireNonNull is used to check that entries returned by  getEntry, getJarEntry are non-null 
> - The existing binary JAR is retired

https://bugs.openjdk.org/browse/JDK-8301167 filed. Thanks.

-------------

PR: https://git.openjdk.org/jdk/pull/12206

From mullan at openjdk.org  Thu Jan 26 17:42:18 2023
From: mullan at openjdk.org (Sean Mullan)
Date: Thu, 26 Jan 2023 17:42:18 GMT
Subject: RFR: 8286907: keytool should warn about weak PBE algorithms [v2]
In-Reply-To: <E8YD7T_tgsYHud7KZZSNFLbo71ZFtPHDtUmzbGMJPR8=.e5f0c397-2c70-4d62-990b-2ae2730347fb@github.com>
References: <rWP9qmG41dCr9TXex7yYUXQBZoWksArIHUqomJ88LRY=.98cc8849-5878-4c84-a126-b2ef0286aa41@github.com>
 <E8YD7T_tgsYHud7KZZSNFLbo71ZFtPHDtUmzbGMJPR8=.e5f0c397-2c70-4d62-990b-2ae2730347fb@github.com>
Message-ID: <H3qs6QssmnwQraDUJC4p2tHZiksR-Ls_mDjmahvYou8=.6dff7ca6-d57d-41d0-8c1b-594bc3dc9510@github.com>

On Fri, 20 Jan 2023 22:03:29 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> Please review the fix to address the problem in keytool -genseckey and -importpass.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update with Max's comment

Yeah, this is a little tricky. My feeling is that if you disable an algorithm like "RC2", it should cover all uses of it no matter what the keysize. If you only want to disable certain keysizes, then you should add a keysize constraint. We would need to make the parsing smarter so that "RC keysize <= 40" covers RC_40 but not RC_128, etc.

Hmac is another good corner case. It would be nice if we could have exceptions, like "SHA512", "!HmacSHA512". But that's a little more involved, and requires some more thought as to whether that is a good idea.

-------------

PR: https://git.openjdk.org/jdk/pull/12056

From rhalade at openjdk.org  Thu Jan 26 18:21:20 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Thu, 26 Jan 2023 18:21:20 GMT
Subject: RFR: 8298873: Update IllegalRecordVersion.java for changes to TLS
 implementation [v4]
In-Reply-To: <Et0SrLplrrNLVxW7PPHVA_govd2f-jSd7AjOJfB0Z7w=.92c7eccb-b3cd-4d63-b881-d93506c66927@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
 <Et0SrLplrrNLVxW7PPHVA_govd2f-jSd7AjOJfB0Z7w=.92c7eccb-b3cd-4d63-b881-d93506c66927@github.com>
Message-ID: <63vngYiuT3dVS_rylRbas3Eu-GZqpV4q5ubAJQL6jo4=.f36ef031-a762-43f6-baf6-76595e5a6454@github.com>

On Tue, 17 Jan 2023 17:12:05 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version numbers.
>> - Removed IllegalRecordVersion.java from ProblemList.txt 
>> 
>> Tested with jdk_security and jdk_security3 test groups.
>
> Matthew Donovan has updated the pull request incrementally with one additional commit since the last revision:
> 
>   removed extra whitespace

Marked as reviewed by rhalade (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/11929

From rhalade at openjdk.org  Thu Jan 26 18:37:21 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Thu, 26 Jan 2023 18:37:21 GMT
Subject: RFR: 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3
In-Reply-To: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
References: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
Message-ID: <gM7aGZUUGDUYwGe9ZQ9w7nodvJ3UNsnJzTEbVfRe9dU=.bb17001a-47f3-4af6-ac44-6126162f3397@github.com>

On Fri, 23 Dec 2022 17:08:03 GMT, Matthew Donovan <duke at openjdk.org> wrote:

> * updated test for new TLS protocols and ciphersuites
> * code cleanup

test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java line 2:

> 1: /*
> 2:  * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.

update to 2023

test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java line 333:

> 331: 
> 332:     enum SupportedCipherSuites {
> 333:         TLSv11("TLSv1.1", new String []{

Instead of this can we not continue with old approach of using `SSLEngine.getSupportedCipherSuites` and ignore not applicable suites?

-------------

PR: https://git.openjdk.org/jdk/pull/11780

From duke at openjdk.org  Thu Jan 26 18:39:28 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Thu, 26 Jan 2023 18:39:28 GMT
Subject: Integrated: 8298873: Update IllegalRecordVersion.java for changes to
 TLS implementation
In-Reply-To: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
Message-ID: <1_1xPeeCD1pxpPqbysu_QaqMuXjcVMPUNwA9L4rvO5g=.2d2186b6-efe8-4cce-b78e-68694ef4f0dd@github.com>

On Tue, 10 Jan 2023 18:59:30 GMT, Matthew Donovan <duke at openjdk.org> wrote:

> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version numbers.
> - Removed IllegalRecordVersion.java from ProblemList.txt 
> 
> Tested with jdk_security and jdk_security3 test groups.

This pull request has now been integrated.

Changeset: fc26d3e5
Author:    Matthew Donovan <matthew.p.donovan at oracle.com>
Committer: Rajan Halade <rhalade at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/fc26d3e5770ca3440105d3904a6e4af9af4860fa
Stats:     314 lines in 3 files changed: 236 ins; 78 del; 0 mod

8298873: Update IllegalRecordVersion.java for changes to TLS implementation

Reviewed-by: rhalade

-------------

PR: https://git.openjdk.org/jdk/pull/11929

From rhalade at openjdk.org  Thu Jan 26 18:45:18 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Thu, 26 Jan 2023 18:45:18 GMT
Subject: RFR: 8298872: Update CheckStatus.java for changes to TLS
 implementation [v2]
In-Reply-To: <vvJ_0vvp36Wz68pFWTCpp56ksXsvt4fKlhki-1zve34=.22c89056-fae7-4634-adbe-22afcad80492@github.com>
References: <BxcoZLbQBeD88JiHK44NQBQahNsH-j3RhnbMYBvE_sU=.2f671e20-2cb5-4f79-8196-92520bcee655@github.com>
 <vvJ_0vvp36Wz68pFWTCpp56ksXsvt4fKlhki-1zve34=.22c89056-fae7-4634-adbe-22afcad80492@github.com>
Message-ID: <JQOqtleeUpaVRFDnhUF-aEDjkvjG7CDvLn1AVBbIomA=.ea51c26f-db8a-4aa2-b608-925a22dc0e83@github.com>

On Thu, 5 Jan 2023 20:17:20 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> Updated the test for TLS 1.2 and removed from ProblemList.txt
>
> Matthew Donovan has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - updated copyright to correct year
>  - updated copyright year

test/jdk/javax/net/ssl/SSLEngine/ConnectionTest.java line 82:

> 80: 
> 81:         ssle1.setEnabledCipherSuites(new String [] {
> 82:             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"});

I think this is unrelated change to this fix, please revert.

-------------

PR: https://git.openjdk.org/jdk/pull/11857

From rhalade at openjdk.org  Thu Jan 26 18:54:20 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Thu, 26 Jan 2023 18:54:20 GMT
Subject: RFR: 8298869: Update ConnectionTest.java for changes to TLS
 implementation
In-Reply-To: <g4Fj2Tc---U2ZQuqVCDNUDujto2caFMXGDmjl-7i5Eo=.0be004b3-245e-4816-8bb1-25dc411d9081@github.com>
References: <g4Fj2Tc---U2ZQuqVCDNUDujto2caFMXGDmjl-7i5Eo=.0be004b3-245e-4816-8bb1-25dc411d9081@github.com>
Message-ID: <jmZUYSSjShqy2nsomdAB3bTdQA6rvPdfcldogF5p7kE=.1bbb7eab-c70a-4cf1-9b28-51133c9c3176@github.com>

On Thu, 5 Jan 2023 21:55:42 GMT, Matthew Donovan <duke at openjdk.org> wrote:

> * Updated the test for changes to the TLS implementation
> * Test supports TLS 1.2 and 1.3
> * Removed from ProblemList.txt
> * Refactored code a bit

Marked as reviewed by rhalade (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/11871

From rriggs at openjdk.org  Thu Jan 26 18:54:31 2023
From: rriggs at openjdk.org (Roger Riggs)
Date: Thu, 26 Jan 2023 18:54:31 GMT
Subject: RFR: 8298873: Update IllegalRecordVersion.java for changes to TLS
 implementation [v4]
In-Reply-To: <Et0SrLplrrNLVxW7PPHVA_govd2f-jSd7AjOJfB0Z7w=.92c7eccb-b3cd-4d63-b881-d93506c66927@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
 <Et0SrLplrrNLVxW7PPHVA_govd2f-jSd7AjOJfB0Z7w=.92c7eccb-b3cd-4d63-b881-d93506c66927@github.com>
Message-ID: <Fx54b5WfTLH3iHRQPP1neT_JSwB4-NQ3DNBFxDwgjC8=.9f0877d1-3905-4dcf-ba7a-41048172f67d@github.com>

On Tue, 17 Jan 2023 17:12:05 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version numbers.
>> - Removed IllegalRecordVersion.java from ProblemList.txt 
>> 
>> Tested with jdk_security and jdk_security3 test groups.
>
> Matthew Donovan has updated the pull request incrementally with one additional commit since the last revision:
> 
>   removed extra whitespace

The copyright line has the incorrect syntax. Please followup with a fix.
Missing comma, after 2023.

-------------

PR: https://git.openjdk.org/jdk/pull/11929

From rhalade at openjdk.org  Thu Jan 26 18:54:35 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Thu, 26 Jan 2023 18:54:35 GMT
Subject: RFR: 8298873: Update IllegalRecordVersion.java for changes to TLS
 implementation [v2]
In-Reply-To: <O8VJ-Mef3vMZbvCxfpbHEoWbs7ZKrxWM9DfoDqYrXm0=.1f7af21b-a3ce-466a-a928-2329a9398d74@github.com>
References: <Rdf2XagiUXchXCnZhL6e36OSTfAldtsKJb6kqillV34=.19da21de-8934-4cb3-b8d9-a650f13f1eff@github.com>
 <lNgg89yYkKkqSz3SSEADX3b8baKjdGl4CsoRxjXXvIg=.cf92a563-cecc-47fa-ac83-804e224babd6@github.com>
 <O8VJ-Mef3vMZbvCxfpbHEoWbs7ZKrxWM9DfoDqYrXm0=.1f7af21b-a3ce-466a-a928-2329a9398d74@github.com>
Message-ID: <O7xSYf_ciZmYmrhtrnheGsEzMowvzHRDVLmnzWzOLu8=.0cc44b4a-3391-46f7-8c88-97bc53e71511@github.com>

On Thu, 12 Jan 2023 16:03:34 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Matthew Donovan has updated the pull request incrementally with three additional commits since the last revision:
>> 
>>  - renamed IllegalRecordVersion to HandshakeWithInvalidRecordVersion
>>  - Updated IllegalRecordVersion
>>  - reverted change in ProtocolVersion, updated IllegalRecordVersion
>
> test/jdk/javax/net/ssl/SSLEngine/HandshakeWithInvalidRecordVersion.java line 51:
> 
>> 49:     private static final String TRUSTSTORE_PATH =
>> 50:             System.getProperty("test.src", "./") + "/" + PATH_TO_STORES +
>> 51:                     "/" + TRUSTSTORE_FILE;
> 
> It would be nice to avoid to use binary files.  Would you mind to check if test/jdk/javax/net/ssl/templates/SSLContextTemplate.java could be used for the generation of SSLContext (for example test/jdk/javax/net/ssl/templates/SSLEngineTemplate.java)?

There are few other tests that need update as well. We should create backlog item to update all these tests to use the SSLEngineTemplate to generate SSLContext.

-------------

PR: https://git.openjdk.org/jdk/pull/11929

From rhalade at openjdk.org  Thu Jan 26 18:56:17 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Thu, 26 Jan 2023 18:56:17 GMT
Subject: RFR: 8298868: Update EngineCloseOnAlert.java for changes to TLS
 implementation
In-Reply-To: <o2geplAugwgBwhlWtpQfkkmNyTPX-Wah6txhD5JqliY=.545458fa-8aaf-4024-8b8d-a41375349dcd@github.com>
References: <o2geplAugwgBwhlWtpQfkkmNyTPX-Wah6txhD5JqliY=.545458fa-8aaf-4024-8b8d-a41375349dcd@github.com>
Message-ID: <hwXh3QBNGRdN6pCHi-XzpB18LAZwAvsm0rY9zb0sl3Y=.b1e37571-b820-4f7d-b036-74a8ec304659@github.com>

On Mon, 9 Jan 2023 12:19:27 GMT, Matthew Donovan <duke at openjdk.org> wrote:

> Refactored the code a little bit and updated the test for changes to the TLS state machine.

test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java line 67:

> 65: 
> 66:     public static void main(String[] args) throws Exception {
> 67:         SecurityUtils.removeFromDisabledTlsAlgs("TLSv1");

Is this still needed? Test is using TLSv1.2 only.

-------------

PR: https://git.openjdk.org/jdk/pull/11903

From duke at openjdk.org  Thu Jan 26 19:18:06 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Thu, 26 Jan 2023 19:18:06 GMT
Subject: RFR: 8301189: validate-source fails after JDK-8298873
Message-ID: <QZ-eeu7X2ErpJkb8oeU3joL2-BerFUOMLww8KSemJzI=.aeafa741-301f-4578-9002-de1280dfb34b@github.com>

fixed copyright header

-------------

Commit messages:
 - added newline at end of file
 - 8301189: validate-source fails after JDK-8298873

Changes: https://git.openjdk.org/jdk/pull/12232/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12232&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8301189
  Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/12232.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12232/head:pull/12232

PR: https://git.openjdk.org/jdk/pull/12232

From dcubed at openjdk.org  Thu Jan 26 19:18:08 2023
From: dcubed at openjdk.org (Daniel D. Daugherty)
Date: Thu, 26 Jan 2023 19:18:08 GMT
Subject: RFR: 8301189: validate-source fails after JDK-8298873
In-Reply-To: <QZ-eeu7X2ErpJkb8oeU3joL2-BerFUOMLww8KSemJzI=.aeafa741-301f-4578-9002-de1280dfb34b@github.com>
References: <QZ-eeu7X2ErpJkb8oeU3joL2-BerFUOMLww8KSemJzI=.aeafa741-301f-4578-9002-de1280dfb34b@github.com>
Message-ID: <BQHoXksJt71IyXxqvBNKW_M94mJHu7kzwoa-bnUDCE8=.3125dafe-b64c-4b10-89bc-eeaee7813de7@github.com>

On Thu, 26 Jan 2023 19:06:40 GMT, Matthew Donovan <duke at openjdk.org> wrote:

> fixed copyright header

Thumbs up. This is a trivial fix.

The file is also missing an EOL on the last line.

-------------

Marked as reviewed by dcubed (Reviewer).

PR: https://git.openjdk.org/jdk/pull/12232

From rhalade at openjdk.org  Thu Jan 26 19:39:26 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Thu, 26 Jan 2023 19:39:26 GMT
Subject: RFR: 8301189: validate-source fails after JDK-8298873
In-Reply-To: <QZ-eeu7X2ErpJkb8oeU3joL2-BerFUOMLww8KSemJzI=.aeafa741-301f-4578-9002-de1280dfb34b@github.com>
References: <QZ-eeu7X2ErpJkb8oeU3joL2-BerFUOMLww8KSemJzI=.aeafa741-301f-4578-9002-de1280dfb34b@github.com>
Message-ID: <zWQfQoHrIlAndM45HYSuPK3eebtcV8ZvAxkh5_QOA1I=.a5d65510-4b1d-4e4f-a4a8-576a4e463720@github.com>

On Thu, 26 Jan 2023 19:06:40 GMT, Matthew Donovan <duke at openjdk.org> wrote:

> fixed copyright header

Marked as reviewed by rhalade (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/12232

From duke at openjdk.org  Thu Jan 26 19:39:27 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Thu, 26 Jan 2023 19:39:27 GMT
Subject: Integrated: 8301189: validate-source fails after JDK-8298873
In-Reply-To: <QZ-eeu7X2ErpJkb8oeU3joL2-BerFUOMLww8KSemJzI=.aeafa741-301f-4578-9002-de1280dfb34b@github.com>
References: <QZ-eeu7X2ErpJkb8oeU3joL2-BerFUOMLww8KSemJzI=.aeafa741-301f-4578-9002-de1280dfb34b@github.com>
Message-ID: <zikEOoWzVfQiJuLMbxO3pu3SWy3nS6YMMXGkkM-RHMQ=.0b1df3f4-6a10-4d50-a727-80b1a8cbe551@github.com>

On Thu, 26 Jan 2023 19:06:40 GMT, Matthew Donovan <duke at openjdk.org> wrote:

> fixed copyright header

This pull request has now been integrated.

Changeset: 7ddafd75
Author:    Matthew Donovan <matthew.p.donovan at oracle.com>
Committer: Rajan Halade <rhalade at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/7ddafd75b02c3083264239404b1c33d219e2cd2b
Stats:     2 lines in 1 file changed: 0 ins; 0 del; 2 mod

8301189: validate-source fails after JDK-8298873

Reviewed-by: dcubed, rhalade

-------------

PR: https://git.openjdk.org/jdk/pull/12232

From duke at openjdk.org  Thu Jan 26 21:39:26 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Thu, 26 Jan 2023 21:39:26 GMT
Subject: Integrated: 8298869: Update ConnectionTest.java for changes to TLS
 implementation
In-Reply-To: <g4Fj2Tc---U2ZQuqVCDNUDujto2caFMXGDmjl-7i5Eo=.0be004b3-245e-4816-8bb1-25dc411d9081@github.com>
References: <g4Fj2Tc---U2ZQuqVCDNUDujto2caFMXGDmjl-7i5Eo=.0be004b3-245e-4816-8bb1-25dc411d9081@github.com>
Message-ID: <LFolGS2y-KDS7IGJglRQrg4wGEAioaCt4ZsdawErsmU=.94199dbc-91da-4481-9bdf-a76490445214@github.com>

On Thu, 5 Jan 2023 21:55:42 GMT, Matthew Donovan <duke at openjdk.org> wrote:

> * Updated the test for changes to the TLS implementation
> * Test supports TLS 1.2 and 1.3
> * Removed from ProblemList.txt
> * Refactored code a bit

This pull request has now been integrated.

Changeset: d6007a35
Author:    Matthew Donovan <matthew.p.donovan at oracle.com>
Committer: Rajan Halade <rhalade at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/d6007a356f8081290cc745481af160a4cad8a9bb
Stats:     512 lines in 2 files changed: 93 ins; 172 del; 247 mod

8298869: Update ConnectionTest.java for changes to TLS implementation

Reviewed-by: rhalade

-------------

PR: https://git.openjdk.org/jdk/pull/11871

From valeriep at openjdk.org  Thu Jan 26 22:10:24 2023
From: valeriep at openjdk.org (Valerie Peng)
Date: Thu, 26 Jan 2023 22:10:24 GMT
Subject: Integrated: 8288050: Add support of SHA-512/224 and SHA-512/256 to the
 PBKDF2 and PBES2 impls in SunJCE provider
In-Reply-To: <BIqMpeHhMJczYmGl-hCv2aPigEb7Xop0BaVNMRSLiw8=.dbff3948-5ad5-4044-abaa-c573c4c0f276@github.com>
References: <BIqMpeHhMJczYmGl-hCv2aPigEb7Xop0BaVNMRSLiw8=.dbff3948-5ad5-4044-abaa-c573c4c0f276@github.com>
Message-ID: <eAydelgSW3qZq5SiUotzBlhNyxa8amLkbgM838Pt6h8=.8e0b9765-c31b-4433-9dee-98eaf8e66f9e@github.com>

On Wed, 23 Nov 2022 23:39:03 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

> This RFE enhances existing PBE algorithms with the "SHA512/224" and "SHA512/256" support. 
> Current transformation parsing in javax.crypto.Cipher class is re-written to handle the additional "/" in the "SHA512/224" and "SHA512/256" algorithm names. Existing tests are updated with the additional new algorithms.

This pull request has now been integrated.

Changeset: 7eff5787
Author:    Valerie Peng <valeriep at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/7eff578768454445a937c1569abab3d9b06c1313
Stats:     418 lines in 26 files changed: 259 ins; 28 del; 131 mod

8288050: Add support of SHA-512/224 and SHA-512/256 to the PBKDF2 and PBES2 impls in SunJCE provider

Reviewed-by: weijun

-------------

PR: https://git.openjdk.org/jdk/pull/11339

From hchao at openjdk.org  Thu Jan 26 23:02:19 2023
From: hchao at openjdk.org (Hai-May Chao)
Date: Thu, 26 Jan 2023 23:02:19 GMT
Subject: RFR: 8286907: keytool should warn about weak PBE algorithms [v2]
In-Reply-To: <EILw08HgnMqD-2QVId6eyoOXFHuk_dhdBfIhd5_1-Xs=.59833e33-383e-4939-b961-e41d82a4479a@github.com>
References: <rWP9qmG41dCr9TXex7yYUXQBZoWksArIHUqomJ88LRY=.98cc8849-5878-4c84-a126-b2ef0286aa41@github.com>
 <E8YD7T_tgsYHud7KZZSNFLbo71ZFtPHDtUmzbGMJPR8=.e5f0c397-2c70-4d62-990b-2ae2730347fb@github.com>
 <EILw08HgnMqD-2QVId6eyoOXFHuk_dhdBfIhd5_1-Xs=.59833e33-383e-4939-b961-e41d82a4479a@github.com>
Message-ID: <AXT89Xa_JthKG5MgouZw3LIliSrj1Vr1WPnFBOb22OA=.e4a771d9-72e7-4ee1-a296-43eb4dd2ea09@github.com>

On Thu, 26 Jan 2023 12:30:25 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Update with Max's comment
>
> I said "one solution is to add RC2_40 and RC2_128" but now I'm not sure if it's the right solution. We can always resolve this in a separate issue, but I think we'd better have an agreement on whether the current decomposer implementation is correct about "RC2" not covering "RC2_40". If yes and one day we decide to disable AES, then we should disable all of AES_128, AES_192 and AES_256 since there are algorithm names like AES_192/OFB/NoPadding and PBEWithHmacSHA384AndAES_128. This does not sound very right to me.
> 
> Valerie is adding PBES2Core$HmacSHA512_224AndAES_256 in another PR now. In that case, SHA512 should not cover HmacSHA512_224 (although we are not likely to disable HmacSHA512 before disabling HmacSHA512_224 first). So this is a little complicated.

@wangweij @seanjmullan For the scenario, i.e. PBEWithSHA1AndRC2_40 after SHA1 removal, we probably could
treat RC2_40 as RC2 after decomposing. For another scenario, adding RC2 KeySize < 40, we currently have a similar test case (i.e. AES keySize < 256) in WeakSecretKeyTest.java, and keytool will emit warning as a result of keysize constraint checking. The question arises is does it apply to PBEWithSHA1AndRC2_40 as well? I?d think it should if we treat RC2_40 as RC2 after decomposing. However, the PBEKey generated for PBEWithSHA1AndRC2_40 will have PBEwithMD5andDES algorithm. Algorithm constraint checking on MD5 would take place earlier than keysize constraint checking. As a result, warnings for keysize constraint will not be emitted. These are my current thoughts and more thoughts surely are needed to address JDK-8301127.
I suggest we look at the possible issues with various corner cases in algorithm decomposing and keysize constraints, etc, for PBExxx and Hmacxxx in JDK-8301127. Do you agree JDK-8301127 would serve the need?

-------------

PR: https://git.openjdk.org/jdk/pull/12056

From duke at openjdk.org  Fri Jan 27 01:34:18 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Fri, 27 Jan 2023 01:34:18 GMT
Subject: RFR: 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3
In-Reply-To: <gM7aGZUUGDUYwGe9ZQ9w7nodvJ3UNsnJzTEbVfRe9dU=.bb17001a-47f3-4af6-ac44-6126162f3397@github.com>
References: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
 <gM7aGZUUGDUYwGe9ZQ9w7nodvJ3UNsnJzTEbVfRe9dU=.bb17001a-47f3-4af6-ac44-6126162f3397@github.com>
Message-ID: <2umvQOU9BmCbTAgTnhunwESEHUnoRDLMBdop3L_5TzY=.5890957a-a084-4c59-812c-863d1f35ceb9@github.com>

On Thu, 26 Jan 2023 18:33:38 GMT, Rajan Halade <rhalade at openjdk.org> wrote:

>> * updated test for new TLS protocols and ciphersuites
>> * code cleanup
>
> test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java line 333:
> 
>> 331: 
>> 332:     enum SupportedCipherSuites {
>> 333:         TLSv11("TLSv1.1", new String []{
> 
> Instead of this can we not continue with old approach of using `SSLEngine.getSupportedCipherSuites` and ignore not applicable suites?

The test verifies the handshake negotiation for each ciphersuite/protocol combination. The `getSupportedCipherSuites()` and `getEnabledCipherSuites()` are independent of the enabled protocols. In other words, if you called `engine.setEnabledProtocols(new String[]{"TLSv1.2"})`, the output of `engine.getEnabledCipherSuites()` would still include TLSv1.3 ciphers.

So trying to run the tests by looping over the output of those methods isn't going to work. Instead of having this hard-coded set of things, I could run the test with each protocol and one or two cipher suites.  How does that sound?

-------------

PR: https://git.openjdk.org/jdk/pull/11780

From duke at openjdk.org  Fri Jan 27 12:47:39 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Fri, 27 Jan 2023 12:47:39 GMT
Subject: RFR: 8298872: Update CheckStatus.java for changes to TLS
 implementation [v3]
In-Reply-To: <BxcoZLbQBeD88JiHK44NQBQahNsH-j3RhnbMYBvE_sU=.2f671e20-2cb5-4f79-8196-92520bcee655@github.com>
References: <BxcoZLbQBeD88JiHK44NQBQahNsH-j3RhnbMYBvE_sU=.2f671e20-2cb5-4f79-8196-92520bcee655@github.com>
Message-ID: <J3LNv-nz_ju5q3jmDse3LbeK2Xz-B2ajUkMXRC6_yJ0=.39547208-82b1-4298-b888-a583d5f11a95@github.com>

> Updated the test for TLS 1.2 and removed from ProblemList.txt

Matthew Donovan has updated the pull request incrementally with one additional commit since the last revision:

  reverted ConnectionTest.java; added newline at end of CheckStatus.java

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11857/files
  - new: https://git.openjdk.org/jdk/pull/11857/files/6b2596ee..d7528385

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11857&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11857&range=01-02

  Stats: 3 lines in 2 files changed: 0 ins; 0 del; 3 mod
  Patch: https://git.openjdk.org/jdk/pull/11857.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11857/head:pull/11857

PR: https://git.openjdk.org/jdk/pull/11857

From duke at openjdk.org  Fri Jan 27 13:03:57 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Fri, 27 Jan 2023 13:03:57 GMT
Subject: RFR: 8298868: Update EngineCloseOnAlert.java for changes to TLS
 implementation [v2]
In-Reply-To: <o2geplAugwgBwhlWtpQfkkmNyTPX-Wah6txhD5JqliY=.545458fa-8aaf-4024-8b8d-a41375349dcd@github.com>
References: <o2geplAugwgBwhlWtpQfkkmNyTPX-Wah6txhD5JqliY=.545458fa-8aaf-4024-8b8d-a41375349dcd@github.com>
Message-ID: <AqbMoGPjPEz1IgfbqKJ7WeZusY8Y5dGCvFcb-Ifl49c=.837dfd07-7c5d-4f86-b2a6-e94e6a89d77f@github.com>

> Refactored the code a little bit and updated the test for changes to the TLS state machine.

Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits:

 - Merge branch 'master' into engine-close
 - removed unnecessary line
 - 8298868: Update EngineCloseOnAlert.java for changes to TLS implementation

-------------

Changes: https://git.openjdk.org/jdk/pull/11903/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11903&range=01
  Stats: 56 lines in 2 files changed: 15 ins; 9 del; 32 mod
  Patch: https://git.openjdk.org/jdk/pull/11903.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11903/head:pull/11903

PR: https://git.openjdk.org/jdk/pull/11903

From duke at openjdk.org  Fri Jan 27 13:03:58 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Fri, 27 Jan 2023 13:03:58 GMT
Subject: RFR: 8298868: Update EngineCloseOnAlert.java for changes to TLS
 implementation [v2]
In-Reply-To: <hwXh3QBNGRdN6pCHi-XzpB18LAZwAvsm0rY9zb0sl3Y=.b1e37571-b820-4f7d-b036-74a8ec304659@github.com>
References: <o2geplAugwgBwhlWtpQfkkmNyTPX-Wah6txhD5JqliY=.545458fa-8aaf-4024-8b8d-a41375349dcd@github.com>
 <hwXh3QBNGRdN6pCHi-XzpB18LAZwAvsm0rY9zb0sl3Y=.b1e37571-b820-4f7d-b036-74a8ec304659@github.com>
Message-ID: <lReQ5pxGwQzqigTQrB7COa_kfZ9AiHV7kdU-JCXnwlE=.def2b77e-1e73-4cd1-af5c-92c1e9589aac@github.com>

On Thu, 26 Jan 2023 18:53:34 GMT, Rajan Halade <rhalade at openjdk.org> wrote:

>> Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits:
>> 
>>  - Merge branch 'master' into engine-close
>>  - removed unnecessary line
>>  - 8298868: Update EngineCloseOnAlert.java for changes to TLS implementation
>
> test/jdk/javax/net/ssl/SSLEngine/EngineCloseOnAlert.java line 67:
> 
>> 65: 
>> 66:     public static void main(String[] args) throws Exception {
>> 67:         SecurityUtils.removeFromDisabledTlsAlgs("TLSv1");
> 
> Is this still needed? Test is using TLSv1.2 only.

removed

-------------

PR: https://git.openjdk.org/jdk/pull/11903

From duke at openjdk.org  Fri Jan 27 13:13:04 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Fri, 27 Jan 2023 13:13:04 GMT
Subject: RFR: 8298872: Update CheckStatus.java for changes to TLS
 implementation [v4]
In-Reply-To: <BxcoZLbQBeD88JiHK44NQBQahNsH-j3RhnbMYBvE_sU=.2f671e20-2cb5-4f79-8196-92520bcee655@github.com>
References: <BxcoZLbQBeD88JiHK44NQBQahNsH-j3RhnbMYBvE_sU=.2f671e20-2cb5-4f79-8196-92520bcee655@github.com>
Message-ID: <tgxkIetkGwM1or7V_l2yMsEEUDVjHAZhkIWZS8gA4ek=.69ff8e22-50d9-4bcf-a3da-44cf5a0ffdc9@github.com>

> Updated the test for TLS 1.2 and removed from ProblemList.txt

Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains six commits:

 - Merge branch 'master' into check-status
 - reverted ConnectionTest.java; added newline at end of CheckStatus.java
 - updated copyright to correct year
 - updated copyright year
 - removed extra whitespace
 - 8298872: Update CheckStatus.java for changes to TLS implementation

-------------

Changes: https://git.openjdk.org/jdk/pull/11857/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11857&range=03
  Stats: 318 lines in 2 files changed: 35 ins; 15 del; 268 mod
  Patch: https://git.openjdk.org/jdk/pull/11857.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11857/head:pull/11857

PR: https://git.openjdk.org/jdk/pull/11857

From ssahoo at openjdk.org  Fri Jan 27 15:28:05 2023
From: ssahoo at openjdk.org (Sibabrata Sahoo)
Date: Fri, 27 Jan 2023 15:28:05 GMT
Subject: RFR: 8180266: Convert sun/security/provider/KeyStore/DKSTest.sh to
 Java Jtreg Test
Message-ID: <-fzHD4qcvDTKuvG4pjLFsKjS06mw_eCYxNU0txrQx5M=.de561d23-44bb-4378-b423-8ee81c7bb0bd@github.com>

Convert sun/security/provider/KeyStore/DKSTest.sh to Java Jtreg Test.

-------------

Commit messages:
 - 8180266: Convert sun/security/provider/KeyStore/DKSTest.sh to Java Jtreg Test

Changes: https://git.openjdk.org/jdk/pull/12257/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12257&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8180266
  Stats: 103 lines in 3 files changed: 20 ins; 78 del; 5 mod
  Patch: https://git.openjdk.org/jdk/pull/12257.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12257/head:pull/12257

PR: https://git.openjdk.org/jdk/pull/12257

From duke at openjdk.org  Fri Jan 27 18:43:34 2023
From: duke at openjdk.org (duke)
Date: Fri, 27 Jan 2023 18:43:34 GMT
Subject: Withdrawn: 8296546: Add @spec tags to API
In-Reply-To: <5uS_XWg0xRt6Rp20wY65rAmNRcDrp5XN_74k1aQ_4jk=.9f458354-9bca-473e-b60e-e520fa90724b@github.com>
References: <5uS_XWg0xRt6Rp20wY65rAmNRcDrp5XN_74k1aQ_4jk=.9f458354-9bca-473e-b60e-e520fa90724b@github.com>
Message-ID: <Bmh8EC1Xp-UN0iY-YE8mDhTuf06aJtr4orDONeB7J8U=.6380dac7-c81f-45be-aee5-4a5a3e6e2a5e@github.com>

On Thu, 10 Nov 2022 01:10:13 GMT, Jonathan Gibbons <jjg at openjdk.org> wrote:

> Please review a "somewhat automated" change to insert `@spec` tags into doc comments, as appropriate, to leverage the recent new javadoc feature to generate a new page listing the references to all external specifications listed in the `@spec` tags.
> 
> "Somewhat automated" means that I wrote and used a temporary utility to scan doc comments looking for HTML links to selected sites, such as `ietf.org`, `unicode.org`, `w3.org`. These links may be in the main description of a doc comment, or in `@see` tags. For each link, the URL is examined, and "normalized", and inserted into the doc comment with a new `@spec` tag, giving the link and tile for the spec.
> 
> "Normalized" means...
> * Use `https:` where possible (includes pretty much all cases)
> * Use a single consistent host name for all URLs coming from the same spec site (i.e. don't use different aliases for the same site)
> * Point to the root page of a multi-page spec
> * Use a consistent form of the spec, preferring HTML over plain text where both are available (this mostly applies to IETF specs)
> 
> In addition, a "standard" title is determined for all specs,  determined either from the content of the (main) spec page or from site index pages.
> 
> The net effect is (or should be) that **all** the changes are to just **add** new `@spec` tags, based on the links found in each doc comment. There should be no other changes to the doc comments, or to the implementation of any classes and interfaces.
> 
> That being said, the utility I wrote does have additional abilities, to update the links that it finds (e.g. changing to use `https:` etc,) but those features are _not_ being used here, but could be used in followup PRs if component teams so desired. I did notice while working on this overall feature that many of our links do point to "outdated" pages, some with eye-catching notices declaring that the spec has been superseded. Determining how, when and where to update such links is beyond the scope of this PR.
> 
> Going forward, it is to be hoped that component teams will maintain the underlying links, and the URLs in `@spec` tags, such that if references to external specifications are updated, this will include updating the `@spec` tags.
> 
> To see the effect of all these new `@spec` tags, see http://cr.openjdk.java.net/~jjg/8296546/api.00/
> 
> In particular, see the new [External Specifications](http://cr.openjdk.java.net/~jjg/8296546/api.00/external-specs.html) page, which you can also find via the new link near the top of the [Index](http://cr.openjdk.java.net/~jjg/8296546/api.00/index-files/index-1.html) pages.

This pull request has been closed without being integrated.

-------------

PR: https://git.openjdk.org/jdk/pull/11073

From xuelei at openjdk.org  Fri Jan 27 20:46:59 2023
From: xuelei at openjdk.org (Xue-Lei Andrew Fan)
Date: Fri, 27 Jan 2023 20:46:59 GMT
Subject: RFR: 8301274: update for deprecated sprintf for security components
Message-ID: <WLBv946onPcZHfKQXUuXmhx2W6nEzx4ONMjGVbThuZs=.39a8463a-e826-4302-b1a0-be3bf322299a@github.com>

The sprintf is deprecated in Xcode 14 because of security concerns. The issue was addressed in [JDK-8296812](https://bugs.openjdk.org/browse/JDK-8296812) for building failure, and [JDK-8299378](https://bugs.openjdk.org/browse/JDK-8299378)/[JDK-8299635](https://bugs.openjdk.org/browse/JDK-8299635)/[JDK-8301132](https://bugs.openjdk.org/browse/JDK-8301132) for testing issues . This is a break-down update for sprintf uses in security components.

-------------

Commit messages:
 - 8301274: update for deprecated sprintf for security components

Changes: https://git.openjdk.org/jdk/pull/12265/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12265&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8301274
  Stats: 5 lines in 1 file changed: 0 ins; 0 del; 5 mod
  Patch: https://git.openjdk.org/jdk/pull/12265.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12265/head:pull/12265

PR: https://git.openjdk.org/jdk/pull/12265

From rhalade at openjdk.org  Fri Jan 27 21:36:18 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Fri, 27 Jan 2023 21:36:18 GMT
Subject: RFR: 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3
In-Reply-To: <2umvQOU9BmCbTAgTnhunwESEHUnoRDLMBdop3L_5TzY=.5890957a-a084-4c59-812c-863d1f35ceb9@github.com>
References: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
 <gM7aGZUUGDUYwGe9ZQ9w7nodvJ3UNsnJzTEbVfRe9dU=.bb17001a-47f3-4af6-ac44-6126162f3397@github.com>
 <2umvQOU9BmCbTAgTnhunwESEHUnoRDLMBdop3L_5TzY=.5890957a-a084-4c59-812c-863d1f35ceb9@github.com>
Message-ID: <XWB1x3tk7_ZSfF5L-en5pw1SmcqGzcmuzBGLPWwUbUY=.4ee18d94-686e-47d4-907d-f9d7d107847d@github.com>

On Fri, 27 Jan 2023 01:30:59 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java line 333:
>> 
>>> 331: 
>>> 332:     enum SupportedCipherSuites {
>>> 333:         TLSv11("TLSv1.1", new String []{
>> 
>> Instead of this can we not continue with old approach of using `SSLEngine.getSupportedCipherSuites` and ignore not applicable suites?
>
> The test verifies the handshake negotiation for each ciphersuite/protocol combination. The `getSupportedCipherSuites()` and `getEnabledCipherSuites()` are independent of the enabled protocols. In other words, if you called `engine.setEnabledProtocols(new String[]{"TLSv1.2"})`, the output of `engine.getEnabledCipherSuites()` would still include TLSv1.3 ciphers.
> 
> So trying to run the tests by looping over the output of those methods isn't going to work. Instead of having this hard-coded set of things, I could run the test with each protocol and one or two cipher suites.  How does that sound?

You will need to create SSLContext with the protocol to test in order to get usable enabled protocols. Try the patch below:


`index dfd74fa95df..2ce7e431783 100644
--- a/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java
+++ b/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,13 +26,14 @@
  * @bug 4495742
  * @library /test/lib
  *
- * @run main/othervm/timeout=180 TestAllSuites
+ * @run main/othervm/timeout=180 TestAllSuites TLSv1.1
+ * @run main/othervm/timeout=180 TestAllSuites TLSv1.2
+ * @run main/othervm/timeout=180 TestAllSuites TLSv1.3
  *
  * @summary Add non-blocking SSL/TLS functionality, usable with any
  *      I/O abstraction
  *
- * Iterate through all the suites using both TLS and SSLv3, and turn
- * SSLv2Hello off and on.  Exchange some bytes and shutdown.
+ * Iterate through all the suites and exchange some bytes then shutdown.
  *
  * @author Brad Wetmore
  */
@@ -73,97 +74,94 @@ public class TestAllSuites {
 
     private ByteBuffer clientToServer;
     private ByteBuffer serverToClient;
+    private final String PROTOCOL;
 
 
-    private void createSSLEngines() throws Exception {
+    private void createSSLEngines() {
+
         clientEngine = SSL_CONTEXT.createSSLEngine("client", 1);
         clientEngine.setUseClientMode(true);
 
         serverEngine = SSL_CONTEXT.createSSLEngine("server", 2);
         serverEngine.setUseClientMode(false);
+
+        clientEngine.setEnabledProtocols(new String[]{PROTOCOL});
+        serverEngine.setEnabledProtocols(new String[]{PROTOCOL});
     }
 
     private void test() throws Exception {
-
-        createSSLEngines();
-        List<String> supportedSuites = List.of(clientEngine.getSupportedCipherSuites());
-
-        for (SupportedCipherSuites tls : SupportedCipherSuites.values()) {
-            for (String cipherSuite : tls.cipherSuites) {
-                if (supportedSuites.contains(cipherSuite)) {
-                    createSSLEngines();
-                    runTest(cipherSuite, tls.protocol);
-                } else {
-                    System.out.printf("Skipping unsupported cipher suite %s with %s%n",
-                            tls.protocol,
-                            cipherSuite);
-                }
-            }
+        String [] suites = clientEngine.getEnabledCipherSuites();
+        System.out.println(Arrays.toString(suites));
+        for (String suite: suites){
+            // Need to recreate engines to override enabled ciphers
+            createSSLEngines();
+            runTest(suite);
         }
     }
 
-    private void runTest(String suite, String protocol) throws Exception {
+    private void runTest(String suite) throws Exception {
 
         boolean dataDone = false;
 
         System.out.println("======================================");
-        System.out.printf("Testing: %s with %s%n", protocol, suite);
+        System.out.printf("Testing: %s with %s%n", PROTOCOL, suite);
 
         String [] suites = new String [] { suite };
 
+        if (suite.equals("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) {
+            System.out.println("Ignoring SCSV suite");
+            return;
+        }
+
         clientEngine.setEnabledCipherSuites(suites);
         serverEngine.setEnabledCipherSuites(suites);
 
-        clientEngine.setEnabledProtocols(new String[]{protocol});
-        serverEngine.setEnabledProtocols(new String[]{protocol});
-
         createBuffers();
 
-        SSLEngineResult result1;        // ssle1's results from last operation
-        SSLEngineResult result2;        // ssle2's results from last operation
+        SSLEngineResult clientResult;
+        SSLEngineResult serverResult;
 
         Date start = new Date();
-        int counter = 0;
         while (!isEngineClosed(clientEngine) || !isEngineClosed(serverEngine)) {
 
             log("----------------");
 
-            result1 = clientEngine.wrap(clientOut, clientToServer);
-            result2 = serverEngine.wrap(serverOut, serverToClient);
+            clientResult = clientEngine.wrap(clientOut, clientToServer);
+            serverResult = serverEngine.wrap(serverOut, serverToClient);
 
-            log("wrap1:  " + result1);
+            log("Client Engine wrap result:  " + clientResult);
             log("clientToServer  = " + clientToServer);
             log("");
 
-            log("wrap2:  " + result2);
+            log("Server Engine wrap result:  " + serverResult);
             log("serverToClient  = " + serverToClient);
 
-            runDelegatedTasks(result1, clientEngine);
-            runDelegatedTasks(result2, serverEngine);
+            runDelegatedTasks(clientResult, clientEngine);
+            runDelegatedTasks(serverResult, serverEngine);
 
             clientToServer.flip();
             serverToClient.flip();
 
             log("----");
 
-            result1 = clientEngine.unwrap(serverToClient, clientIn);
-            result2 = serverEngine.unwrap(clientToServer, serverIn);
+            clientResult = clientEngine.unwrap(serverToClient, clientIn);
+            serverResult = serverEngine.unwrap(clientToServer, serverIn);
 
-            log("unwrap1: " + result1);
+            log("Client Engine unwrap result: " + clientResult);
             log("serverToClient  = " + serverToClient);
             log("");
 
-            log("unwrap2: " + result2);
+            log("Server Engine unwrap result: " + serverResult);
             log("clientToServer  = " + clientToServer);
 
-            runDelegatedTasks(result1, clientEngine);
-            runDelegatedTasks(result2, serverEngine);
+            runDelegatedTasks(clientResult, clientEngine);
+            runDelegatedTasks(serverResult, serverEngine);
 
             clientToServer.compact();
             serverToClient.compact();
 
             /*
-             * If we've transfered all the data between app1 and app2,
+             * If we've transferred all the data between client and server,
              * we try to close and see what that gets us.
              */
             if (!dataDone && (clientOut.limit() == serverIn.position()) &&
@@ -178,6 +176,9 @@ public class TestAllSuites {
             }
         }
 
+        System.out.println("Negotiated protocol: " + clientEngine.getSession().getProtocol());
+        System.out.println("Negotiated cipher: " + clientEngine.getSession().getCipherSuite());
+
         /*
          * Just for grins, try closing again, make sure nothing
          * strange is happening after we're closed.
@@ -192,18 +193,17 @@ public class TestAllSuites {
         clientIn.clear();
         clientToServer.clear();
 
-        result1 = clientEngine.wrap(clientOut, clientToServer);
-        checkResult(result1);
+        clientResult = clientEngine.wrap(clientOut, clientToServer);
+        checkResult(clientResult);
 
-        result1 = clientEngine.unwrap(clientToServer, clientIn);
-        checkResult(result1);
+        clientResult = clientEngine.unwrap(clientToServer, clientIn);
+        checkResult(clientResult);
 
         System.out.println("Test Passed.");
         System.out.println("\n======================================");
 
         Date end = new Date();
         elapsed += end.getTime() - start.getTime();
-
     }
 
     static long elapsed = 0;
@@ -219,14 +219,25 @@ public class TestAllSuites {
     }
 
     public static void main(String args[]) throws Exception {
-        SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
-        TestAllSuites tas;
-
-        tas = new TestAllSuites();
+        if (args.length < 1){
+            throw new RuntimeException("Missing TLS protocol parameter");
+        }
 
-        tas.createSSLEngines();
+        switch(args[0]){
+            case "TLSv1.1":
+                SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
+                break;
+            case "TLSv1.2":
+                break;
+            case "TLSv1.3":
+                SecurityUtils.addToDisabledTlsAlgs("TLSv1.2");
+                break;
+        }
 
-        tas.test();
+        TestAllSuites testAllSuites;
+        testAllSuites = new TestAllSuites(args[0]);
+        testAllSuites.createSSLEngines();
+        testAllSuites.test();
 
         System.out.println("All Tests Passed.");
         System.out.println("Elapsed time: " + elapsed / 1000.0);
@@ -238,7 +249,8 @@ public class TestAllSuites {
      * **********************************************************
      */
 
-    public TestAllSuites() throws Exception {
+    public TestAllSuites(String protocol) throws Exception {
+        PROTOCOL = protocol;
         SSL_CONTEXT = getSSLContext(KEYSTORE_PATH, TRUSTSTORE_PATH);
     }
 
@@ -262,7 +274,7 @@ public class TestAllSuites {
         TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
         tmf.init(ts);
 
-        SSLContext sslCtx = SSLContext.getInstance("TLS");
+        SSLContext sslCtx = SSLContext.getInstance(PROTOCOL);
 
         sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
 
@@ -282,8 +294,8 @@ public class TestAllSuites {
         clientToServer = ByteBuffer.allocateDirect(netBufferMax);
         serverToClient = ByteBuffer.allocateDirect(netBufferMax);
 
-        clientOut = ByteBuffer.wrap("Hi Engine2, I'm SSLEngine1".getBytes());
-        serverOut = ByteBuffer.wrap("Hello Engine1, I'm SSLEngine2".getBytes());
+        clientOut = ByteBuffer.wrap("Hi Server, I'm Client".getBytes());
+        serverOut = ByteBuffer.wrap("Hello Client, I'm Server".getBytes());
 
         log("ClientOut = " + clientOut);
         log("ServerOut = " + serverOut);
@@ -328,57 +340,4 @@ public class TestAllSuites {
             System.out.println(str);
         }
     }
-
-    enum SupportedCipherSuites {
-        TLSv11("TLSv1.1", new String []{
-                "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
-                "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
-                "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
-                "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
-                "TLS_RSA_WITH_AES_256_CBC_SHA",
-                "TLS_RSA_WITH_AES_128_CBC_SHA",
-                "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
-                "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
-                "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
-                "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
-                "TLS_RSA_WITH_AES_256_CBC_SHA",
-                "TLS_RSA_WITH_AES_128_CBC_SHA",
-        }),
-
-        TLSv12("TLSv1.2", new String []{
-                "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-                "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
-                "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
-                "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
-                "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-                "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-                "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
-                "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
-                "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
-                "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
-                "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
-                "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
-                "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
-                "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
-                "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
-                "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
-                "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
-                "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
-        }),
-
-        TLSv13("TLSv1.3", new String[] {
-                "TLS_AES_128_GCM_SHA256",
-                "TLS_AES_256_GCM_SHA384",
-                "TLS_CHACHA20_POLY1305_SHA256"
-        });
-
-        final String protocol;
-        final String[] cipherSuites;
-
-        SupportedCipherSuites(String protocol, String [] supportedCipherSuites) {
-            this.protocol = protocol;
-            this.cipherSuites = Arrays.copyOf(supportedCipherSuites,
-                    supportedCipherSuites.length);
-        }
-    }
 }
`

-------------

PR: https://git.openjdk.org/jdk/pull/11780

From weijun at openjdk.org  Fri Jan 27 22:04:19 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Fri, 27 Jan 2023 22:04:19 GMT
Subject: RFR: 8286907: keytool should warn about weak PBE algorithms [v2]
In-Reply-To: <E8YD7T_tgsYHud7KZZSNFLbo71ZFtPHDtUmzbGMJPR8=.e5f0c397-2c70-4d62-990b-2ae2730347fb@github.com>
References: <rWP9qmG41dCr9TXex7yYUXQBZoWksArIHUqomJ88LRY=.98cc8849-5878-4c84-a126-b2ef0286aa41@github.com>
 <E8YD7T_tgsYHud7KZZSNFLbo71ZFtPHDtUmzbGMJPR8=.e5f0c397-2c70-4d62-990b-2ae2730347fb@github.com>
Message-ID: <NscavYN-OX7HtzUV80MIkXvkVFcO0RUSTmyJKXY16wk=.04c8f181-cf0f-4246-b26a-ec93b4c61e5c@github.com>

On Fri, 20 Jan 2023 22:03:29 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> Please review the fix to address the problem in keytool -genseckey and -importpass.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update with Max's comment

Marked as reviewed by weijun (Reviewer).

`SecretKeyFactory.getInstance("PBE")` also generates PBEwithMD5andDES keys. I believe that's because `PBE` is an alias of `PBEwithMD5andDES`. Therefore it you use this factory to generate keys for other algorithms, do not rely on the algorithm.

Anyway, we can resolve the RC2_40 and AES_128 issues in another fix. The current code change looks fine for this bug.

-------------

PR: https://git.openjdk.org/jdk/pull/12056

From weijun at openjdk.org  Fri Jan 27 22:19:20 2023
From: weijun at openjdk.org (Weijun Wang)
Date: Fri, 27 Jan 2023 22:19:20 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v15]
In-Reply-To: <EOmRiv7PORp4s9HdYYs5cp8hNIA51minXiwj_7zKcHw=.e42c89d0-8d3c-4a8f-a9b5-adbd8d94a987@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <EOmRiv7PORp4s9HdYYs5cp8hNIA51minXiwj_7zKcHw=.e42c89d0-8d3c-4a8f-a9b5-adbd8d94a987@github.com>
Message-ID: <ZwmdMuuevgFXvFNkDDqIwLiz2AGyzLWaFVgnJSRE4Yw=.62291bc3-26a0-4329-bf38-0429b74b4c21@github.com>

On Tue, 24 Jan 2023 12:31:30 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
>> 
>> The mentioned call sites needs updates to check and ignore such files.
>> 
>> A new test IgnoreUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.
>
> Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Add whitespace after keywords if and for

Marked as reviewed by weijun (Reviewer).

Yes, you're right. `ZipFile:: isSignatureRelated ` collects them for verification but `SignatureFileVerifier:: isSigningRelated` is about do not re-sign them while signing.

Maybe we can rename `ZipFile::isSignatureRelated` to `ZipFile::isBlockOrSF` as well?

I'll approved this PR. Thanks.

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Fri Jan 27 22:45:17 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Fri, 27 Jan 2023 22:45:17 GMT
Subject: RFR: 8300140: ZipFile.isSignatureRelated returns true for files in
 META-INF subdirectories [v15]
In-Reply-To: <ZwmdMuuevgFXvFNkDDqIwLiz2AGyzLWaFVgnJSRE4Yw=.62291bc3-26a0-4329-bf38-0429b74b4c21@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
 <EOmRiv7PORp4s9HdYYs5cp8hNIA51minXiwj_7zKcHw=.e42c89d0-8d3c-4a8f-a9b5-adbd8d94a987@github.com>
 <ZwmdMuuevgFXvFNkDDqIwLiz2AGyzLWaFVgnJSRE4Yw=.62291bc3-26a0-4329-bf38-0429b74b4c21@github.com>
Message-ID: <nMJ_iKy0nq28YrwDteblcuSjPv4wPbIwR-4D5EHF0VU=.24024237-b230-442f-92a0-c7f31747996a@github.com>

On Fri, 27 Jan 2023 22:16:18 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Maybe we can rename `ZipFile::isSignatureRelated` to `ZipFile::isBlockOrSF` as well?

The term "signature related" seems to be used quite extensively around ZipFile and also in JavaUtilZipFileAccess. Semantics are very similar, but not exactly equal. Because of this, I'm a bit reluctant to rename it.

> I'll approved this PR. Thanks.

Thank for your help and guidance in reviewing this PR!

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From duke at openjdk.org  Fri Jan 27 22:51:28 2023
From: duke at openjdk.org (Eirik Bjorsnos)
Date: Fri, 27 Jan 2023 22:51:28 GMT
Subject: Integrated: 8300140: ZipFile.isSignatureRelated returns true for files
 in META-INF subdirectories
In-Reply-To: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
References: <-kpEPG5OnZ-DK5Iso8Uyf3hg8jF1ugiWkeVzyHLTLTY=.e11d2991-30b5-46e2-bd8e-9eb744c1915c@github.com>
Message-ID: <xwxug3OHsdwdJmnLco67FQMX0yHGB9nE_sNjnGBLvzw=.1b798d44-3ec3-4247-a474-a537a08e9222@github.com>

On Thu, 12 Jan 2023 18:44:26 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

> Some call sites of SignatureFileVerifier.isBlockOrSF fails to check that files reside in META-INF directly, and not in a subdirectory of META-INF.
> 
> The mentioned call sites needs updates to check and ignore such files.
> 
> A new test IgnoreUnrelatedSignatureFiles is added which verifies that [*.SF, *.RSA] files in META-INF/ subdirectories are indeed ignored.

This pull request has now been integrated.

Changeset: 5dfc4ec7
Author:    Eirik Bjorsnos <eirbjo at gmail.com>
Committer: Weijun Wang <weijun at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/5dfc4ec7d94af9fe39fdee9d83b06101b827a3c6
Stats:     429 lines in 6 files changed: 405 ins; 8 del; 16 mod

8300140: ZipFile.isSignatureRelated returns true for files in META-INF subdirectories

Reviewed-by: weijun

-------------

PR: https://git.openjdk.org/jdk/pull/11976

From ecki at zusammenkunft.net  Sat Jan 28 07:05:00 2023
From: ecki at zusammenkunft.net (Bernd Eckenfels)
Date: Sat, 28 Jan 2023 07:05:00 +0000
Subject: Pem util javadoc has copy and paste problem
Message-ID: <AS8P195MB243980DE5FE8BA723C103911BACD9@AS8P195MB2439.EURP195.PROD.OUTLOOK.COM>

Hello,

I think this Javadoc comment for the class does not belong there?

https://github.com/openjdk/jdk/blob/391c2bb03a375dc22e416e6d1c015b86bbb958f7/src/java.base/share/classes/sun/security/util/Pem.java#L33

/**
 * The Length interface defines the length of an object
 */
public class Pem {

Would be nice if somebody could open a bug for it. I think it's not worth sponsoring a change from me for that.

Greetings
Bernd
--
http://bernd.eckenfels.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230128/7bcd55ab/attachment-0001.htm>

From duke at openjdk.org  Sat Jan 28 07:44:25 2023
From: duke at openjdk.org (Bernd)
Date: Sat, 28 Jan 2023 07:44:25 GMT
Subject: RFR: 8288050: Add support of SHA-512/224 and SHA-512/256 to the
 PBKDF2 and PBES2 impls in SunJCE provider [v5]
In-Reply-To: <LlN398Gqwj0Ps7Xi__rWONwbElGtH77H1zA3VIcaykI=.ff5e5eb6-7da0-4ae9-85ae-318796781d25@github.com>
References: <BIqMpeHhMJczYmGl-hCv2aPigEb7Xop0BaVNMRSLiw8=.dbff3948-5ad5-4044-abaa-c573c4c0f276@github.com>
 <LlN398Gqwj0Ps7Xi__rWONwbElGtH77H1zA3VIcaykI=.ff5e5eb6-7da0-4ae9-85ae-318796781d25@github.com>
Message-ID: <hKLB-9rjl8hKuQiflKTHHenvx2PFGEiX4_Rrao3JACk=.2a4f7555-87eb-4d4c-9656-2c46979e1afb@github.com>

On Wed, 25 Jan 2023 22:33:59 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> This RFE enhances existing PBE algorithms with the "SHA512/224" and "SHA512/256" support. 
>> Current transformation parsing in javax.crypto.Cipher class is re-written to handle the additional "/" in the "SHA512/224" and "SHA512/256" algorithm names. Existing tests are updated with the additional new algorithms.
>
> Valerie Peng has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision:
> 
>  - Merge branch 'master' of https://github.com/openjdk/jdk into JDK-8288050
>    so bot can find the CSR for JDK21 and mark the PR complete.
>  - address review feedbacks
>  - handle the "SHA512/2" lookup of the cipher transformation in a case-insensitive way.
>  - remove extra whitespace
>  - remove trailing whitespace
>  - 8288050: Add support of SHA-512/224 and SHA-512/256 to the PBKDF2 and PBES2 impls in SunJCE provider

Another question, the cipher/keyfactlry PBEWithHmacSHA512/224AndAES_256 algorithm looks a bit strange, that would require two rounds of the iterations - I mean it might not be much work to implement it anyway, but I wonder if it is a good combination?

On the other hand PBEWithHmacSHA512/224AndAES_192 might be a good combo. (Or generally the AES192 variants are missing?)

-------------

PR: https://git.openjdk.org/jdk/pull/11339

From weijun.wang at oracle.com  Sat Jan 28 15:27:05 2023
From: weijun.wang at oracle.com (Wei-Jun Wang)
Date: Sat, 28 Jan 2023 15:27:05 +0000
Subject: Pem util javadoc has copy and paste problem
In-Reply-To: <AS8P195MB243980DE5FE8BA723C103911BACD9@AS8P195MB2439.EURP195.PROD.OUTLOOK.COM>
References: <AS8P195MB243980DE5FE8BA723C103911BACD9@AS8P195MB2439.EURP195.PROD.OUTLOOK.COM>
Message-ID: <061DAE47-79C2-41ED-9500-48F554C440FE@oracle.com>

https://bugs.openjdk.org/browse/JDK-8301299 filed. Thanks.

> On Jan 28, 2023, at 2:05 AM, Bernd Eckenfels <ecki at zusammenkunft.net> wrote:
> 
> Hello,
> 
> I think this Javadoc comment for the class does not belong there?
> 
> https://github.com/openjdk/jdk/blob/391c2bb03a375dc22e416e6d1c015b86bbb958f7/src/java.base/share/classes/sun/security/util/Pem.java#L33
> 
> /**  * The Length interface defines the length of an object  */ public class Pem { 
> Would be nice if somebody could open a bug for it. I think it's not worth sponsoring a change from me for that.
> 
> Greetings 
> Bernd
> -- 
> http://bernd.eckenfels.net


From ihse at openjdk.org  Sat Jan 28 21:11:19 2023
From: ihse at openjdk.org (Magnus Ihse Bursie)
Date: Sat, 28 Jan 2023 21:11:19 GMT
Subject: RFR: 8298045: Fix hidden but significant trailing whitespace in
 properties files for core-libs code
In-Reply-To: <bvHD0iJkn94rriRQVMhAlIqipXi3zVF7tEFj_ThOhLI=.04303df2-d9a0-45cf-926c-b47be322eb94@github.com>
References: <bvHD0iJkn94rriRQVMhAlIqipXi3zVF7tEFj_ThOhLI=.04303df2-d9a0-45cf-926c-b47be322eb94@github.com>
Message-ID: <w7KccocVX-Hjgp7XUeeMx_MdQOyPQM_PoX6M9avXCas=.ecef766b-8db5-460b-92a6-79a8ae8a3512@github.com>

On Fri, 2 Dec 2022 16:40:51 GMT, Magnus Ihse Bursie <ihse at openjdk.org> wrote:

> According to [the specification](https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/util/Properties.html#load(java.io.Reader)) trailing whitespaces in the values of properties files are (somewhat surprisingly) actually significant.
> 
> We have multiple files in the JDK with trailing whitespaces in the values. For most of this files, this is likely incorrect and due to oversight, but in a few cases it might actually be intended (like "The value is: ").
> 
> After a discussion in the PR for [JDK-8295729](https://bugs.openjdk.org/browse/JDK-8295729), the consensus was to replace valid trailing spaces with the corresponding unicode sequence, `\u0020`. (And of course remove non-wanted trailing spaces.)
> 
> Doing so has a dual benefit:
> 
> 1) It makes it clear to everyone reading the code that there is a trailing space and it is intended
> 
> 2) It will allow us to remove all actual trailing space characters, and turn on the corresponding check in jcheck to keep the properties files, just like all other source code files, free of trailing spaces.
> 
> Ultimately, the call of whether a trailing space is supposed to be there, or is a bug, lies with the respective component teams owning these files. Thus I have split up the set of properties files with trailing spaces in several groups, to match the JDK teams, and open a JBS issue for each of them. This issue is for code I believe belong with the core-libs team.

Bot-Keep-Alive-Ping

-------------

PR: https://git.openjdk.org/jdk/pull/11489

From duke at openjdk.org  Mon Jan 30 10:32:00 2023
From: duke at openjdk.org (Ryan Wallace)
Date: Mon, 30 Jan 2023 10:32:00 GMT
Subject: RFR: 8294527: Some java.security.debug options missing from security
 docs
Message-ID: <XrMUy2qT1TB39fWqNPLdJK--FJtGebwsDgBRTdXOQQM=.51314761-04b9-4d3b-9467-2f6f346d746e@github.com>

Hi, small change to the java.security.debug to enhance help() with missing options.

-------------

Commit messages:
 - 8294527: Some java.security.debug options missing from security docs

Changes: https://git.openjdk.org/jdk/pull/12289/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12289&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8294527
  Stats: 7 lines in 1 file changed: 6 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/12289.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12289/head:pull/12289

PR: https://git.openjdk.org/jdk/pull/12289

From duke at openjdk.org  Mon Jan 30 12:17:10 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Mon, 30 Jan 2023 12:17:10 GMT
Subject: RFR: 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3 [v2]
In-Reply-To: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
References: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
Message-ID: <jiZSP5QooV8o1GrqfTbCuTQ11d-KXn-Q4jWzBBoOdNQ=.a5b9e508-2221-4c06-b76a-15b956e6515f@github.com>

> * updated test for new TLS protocols and ciphersuites
> * code cleanup

Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits:

 - incorporated Rajan's patch
 - Merge branch 'master' into test-all-suites
 - 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3

-------------

Changes: https://git.openjdk.org/jdk/pull/11780/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11780&range=01
  Stats: 176 lines in 3 files changed: 35 ins; 37 del; 104 mod
  Patch: https://git.openjdk.org/jdk/pull/11780.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11780/head:pull/11780

PR: https://git.openjdk.org/jdk/pull/11780

From duke at openjdk.org  Mon Jan 30 12:17:13 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Mon, 30 Jan 2023 12:17:13 GMT
Subject: RFR: 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3 [v2]
In-Reply-To: <XWB1x3tk7_ZSfF5L-en5pw1SmcqGzcmuzBGLPWwUbUY=.4ee18d94-686e-47d4-907d-f9d7d107847d@github.com>
References: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
 <gM7aGZUUGDUYwGe9ZQ9w7nodvJ3UNsnJzTEbVfRe9dU=.bb17001a-47f3-4af6-ac44-6126162f3397@github.com>
 <2umvQOU9BmCbTAgTnhunwESEHUnoRDLMBdop3L_5TzY=.5890957a-a084-4c59-812c-863d1f35ceb9@github.com>
 <XWB1x3tk7_ZSfF5L-en5pw1SmcqGzcmuzBGLPWwUbUY=.4ee18d94-686e-47d4-907d-f9d7d107847d@github.com>
Message-ID: <MwoVggLfndjSU5IQax-m-1J5ERA5F4eo1tsRZ1dGjPk=.43ff1e2b-5a97-4d03-af7a-869282b3edc3@github.com>

On Fri, 27 Jan 2023 21:33:13 GMT, Rajan Halade <rhalade at openjdk.org> wrote:

>> The test verifies the handshake negotiation for each ciphersuite/protocol combination. The `getSupportedCipherSuites()` and `getEnabledCipherSuites()` are independent of the enabled protocols. In other words, if you called `engine.setEnabledProtocols(new String[]{"TLSv1.2"})`, the output of `engine.getEnabledCipherSuites()` would still include TLSv1.3 ciphers.
>> 
>> So trying to run the tests by looping over the output of those methods isn't going to work. Instead of having this hard-coded set of things, I could run the test with each protocol and one or two cipher suites.  How does that sound?
>
> You will need to create SSLContext with the protocol to test in order to get usable enabled protocols. Try the patch below:
> 
> 
> `index dfd74fa95df..2ce7e431783 100644
> --- a/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java
> +++ b/test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java
> @@ -1,5 +1,5 @@
>  /*
> - * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
> + * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
>   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>   *
>   * This code is free software; you can redistribute it and/or modify it
> @@ -26,13 +26,14 @@
>   * @bug 4495742
>   * @library /test/lib
>   *
> - * @run main/othervm/timeout=180 TestAllSuites
> + * @run main/othervm/timeout=180 TestAllSuites TLSv1.1
> + * @run main/othervm/timeout=180 TestAllSuites TLSv1.2
> + * @run main/othervm/timeout=180 TestAllSuites TLSv1.3
>   *
>   * @summary Add non-blocking SSL/TLS functionality, usable with any
>   *      I/O abstraction
>   *
> - * Iterate through all the suites using both TLS and SSLv3, and turn
> - * SSLv2Hello off and on.  Exchange some bytes and shutdown.
> + * Iterate through all the suites and exchange some bytes then shutdown.
>   *
>   * @author Brad Wetmore
>   */
> @@ -73,97 +74,94 @@ public class TestAllSuites {
>  
>      private ByteBuffer clientToServer;
>      private ByteBuffer serverToClient;
> +    private final String PROTOCOL;
>  
>  
> -    private void createSSLEngines() throws Exception {
> +    private void createSSLEngines() {
> +
>          clientEngine = SSL_CONTEXT.createSSLEngine("client", 1);
>          clientEngine.setUseClientMode(true);
>  
>          serverEngine = SSL_CONTEXT.createSSLEngine("server", 2);
>          serverEngine.setUseClientMode(false);
> +
> +        clientEngine.setEnabledProtocols(new String[]{PROTOCOL});
> +        serverEngine.setEnabledProtocols(new String[]{PROTOCOL});
>      }
>  
>      private void test() throws Exception {
> -
> -        createSSLEngines();
> -        List<String> supportedSuites = List.of(clientEngine.getSupportedCipherSuites());
> -
> -        for (SupportedCipherSuites tls : SupportedCipherSuites.values()) {
> -            for (String cipherSuite : tls.cipherSuites) {
> -                if (supportedSuites.contains(cipherSuite)) {
> -                    createSSLEngines();
> -                    runTest(cipherSuite, tls.protocol);
> -                } else {
> -                    System.out.printf("Skipping unsupported cipher suite %s with %s%n",
> -                            tls.protocol,
> -                            cipherSuite);
> -                }
> -            }
> +        String [] suites = clientEngine.getEnabledCipherSuites();
> +        System.out.println(Arrays.toString(suites));
> +        for (String suite: suites){
> +            // Need to recreate engines to override enabled ciphers
> +            createSSLEngines();
> +            runTest(suite);
>          }
>      }
>  
> -    private void runTest(String suite, String protocol) throws Exception {
> +    private void runTest(String suite) throws Exception {
>  
>          boolean dataDone = false;
>  
>          System.out.println("======================================");
> -        System.out.printf("Testing: %s with %s%n", protocol, suite);
> +        System.out.printf("Testing: %s with %s%n", PROTOCOL, suite);
>  
>          String [] suites = new String [] { suite };
>  
> +        if (suite.equals("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) {
> +            System.out.println("Ignoring SCSV suite");
> +            return;
> +        }
> +
>          clientEngine.setEnabledCipherSuites(suites);
>          serverEngine.setEnabledCipherSuites(suites);
>  
> -        clientEngine.setEnabledProtocols(new String[]{protocol});
> -        serverEngine.setEnabledProtocols(new String[]{protocol});
> -
>          createBuffers();
>  
> -        SSLEngineResult result1;        // ssle1's results from last operation
> -        SSLEngineResult result2;        // ssle2's results from last operation
> +        SSLEngineResult clientResult;
> +        SSLEngineResult serverResult;
>  
>          Date start = new Date();
> -        int counter = 0;
>          while (!isEngineClosed(clientEngine) || !isEngineClosed(serverEngine)) {
>  
>              log("----------------");
>  
> -            result1 = clientEngine.wrap(clientOut, clientToServer);
> -            result2 = serverEngine.wrap(serverOut, serverToClient);
> +            clientResult = clientEngine.wrap(clientOut, clientToServer);
> +            serverResult = serverEngine.wrap(serverOut, serverToClient);
>  
> -            log("wrap1:  " + result1);
> +            log("Client Engine wrap result:  " + clientResult);
>              log("clientToServer  = " + clientToServer);
>              log("");
>  
> -            log("wrap2:  " + result2);
> +            log("Server Engine wrap result:  " + serverResult);
>              log("serverToClient  = " + serverToClient);
>  
> -            runDelegatedTasks(result1, clientEngine);
> -            runDelegatedTasks(result2, serverEngine);
> +            runDelegatedTasks(clientResult, clientEngine);
> +            runDelegatedTasks(serverResult, serverEngine);
>  
>              clientToServer.flip();
>              serverToClient.flip();
>  
>              log("----");
>  
> -            result1 = clientEngine.unwrap(serverToClient, clientIn);
> -            result2 = serverEngine.unwrap(clientToServer, serverIn);
> +            clientResult = clientEngine.unwrap(serverToClient, clientIn);
> +            serverResult = serverEngine.unwrap(clientToServer, serverIn);
>  
> -            log("unwrap1: " + result1);
> +            log("Client Engine unwrap result: " + clientResult);
>              log("serverToClient  = " + serverToClient);
>              log("");
>  
> -            log("unwrap2: " + result2);
> +            log("Server Engine unwrap result: " + serverResult);
>              log("clientToServer  = " + clientToServer);
>  
> -            runDelegatedTasks(result1, clientEngine);
> -            runDelegatedTasks(result2, serverEngine);
> +            runDelegatedTasks(clientResult, clientEngine);
> +            runDelegatedTasks(serverResult, serverEngine);
>  
>              clientToServer.compact();
>              serverToClient.compact();
>  
>              /*
> -             * If we've transfered all the data between app1 and app2,
> +             * If we've transferred all the data between client and server,
>               * we try to close and see what that gets us.
>               */
>              if (!dataDone && (clientOut.limit() == serverIn.position()) &&
> @@ -178,6 +176,9 @@ public class TestAllSuites {
>              }
>          }
>  
> +        System.out.println("Negotiated protocol: " + clientEngine.getSession().getProtocol());
> +        System.out.println("Negotiated cipher: " + clientEngine.getSession().getCipherSuite());
> +
>          /*
>           * Just for grins, try closing again, make sure nothing
>           * strange is happening after we're closed.
> @@ -192,18 +193,17 @@ public class TestAllSuites {
>          clientIn.clear();
>          clientToServer.clear();
>  
> -        result1 = clientEngine.wrap(clientOut, clientToServer);
> -        checkResult(result1);
> +        clientResult = clientEngine.wrap(clientOut, clientToServer);
> +        checkResult(clientResult);
>  
> -        result1 = clientEngine.unwrap(clientToServer, clientIn);
> -        checkResult(result1);
> +        clientResult = clientEngine.unwrap(clientToServer, clientIn);
> +        checkResult(clientResult);
>  
>          System.out.println("Test Passed.");
>          System.out.println("\n======================================");
>  
>          Date end = new Date();
>          elapsed += end.getTime() - start.getTime();
> -
>      }
>  
>      static long elapsed = 0;
> @@ -219,14 +219,25 @@ public class TestAllSuites {
>      }
>  
>      public static void main(String args[]) throws Exception {
> -        SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
> -        TestAllSuites tas;
> -
> -        tas = new TestAllSuites();
> +        if (args.length < 1){
> +            throw new RuntimeException("Missing TLS protocol parameter");
> +        }
>  
> -        tas.createSSLEngines();
> +        switch(args[0]){
> +            case "TLSv1.1":
> +                SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1");
> +                break;
> +            case "TLSv1.2":
> +                break;
> +            case "TLSv1.3":
> +                SecurityUtils.addToDisabledTlsAlgs("TLSv1.2");
> +                break;
> +        }
>  
> -        tas.test();
> +        TestAllSuites testAllSuites;
> +        testAllSuites = new TestAllSuites(args[0]);
> +        testAllSuites.createSSLEngines();
> +        testAllSuites.test();
>  
>          System.out.println("All Tests Passed.");
>          System.out.println("Elapsed time: " + elapsed / 1000.0);
> @@ -238,7 +249,8 @@ public class TestAllSuites {
>       * **********************************************************
>       */
>  
> -    public TestAllSuites() throws Exception {
> +    public TestAllSuites(String protocol) throws Exception {
> +        PROTOCOL = protocol;
>          SSL_CONTEXT = getSSLContext(KEYSTORE_PATH, TRUSTSTORE_PATH);
>      }
>  
> @@ -262,7 +274,7 @@ public class TestAllSuites {
>          TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
>          tmf.init(ts);
>  
> -        SSLContext sslCtx = SSLContext.getInstance("TLS");
> +        SSLContext sslCtx = SSLContext.getInstance(PROTOCOL);
>  
>          sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
>  
> @@ -282,8 +294,8 @@ public class TestAllSuites {
>          clientToServer = ByteBuffer.allocateDirect(netBufferMax);
>          serverToClient = ByteBuffer.allocateDirect(netBufferMax);
>  
> -        clientOut = ByteBuffer.wrap("Hi Engine2, I'm SSLEngine1".getBytes());
> -        serverOut = ByteBuffer.wrap("Hello Engine1, I'm SSLEngine2".getBytes());
> +        clientOut = ByteBuffer.wrap("Hi Server, I'm Client".getBytes());
> +        serverOut = ByteBuffer.wrap("Hello Client, I'm Server".getBytes());
>  
>          log("ClientOut = " + clientOut);
>          log("ServerOut = " + serverOut);
> @@ -328,57 +340,4 @@ public class TestAllSuites {
>              System.out.println(str);
>          }
>      }
> -
> -    enum SupportedCipherSuites {
> -        TLSv11("TLSv1.1", new String []{
> -                "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
> -                "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
> -                "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
> -                "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
> -                "TLS_RSA_WITH_AES_256_CBC_SHA",
> -                "TLS_RSA_WITH_AES_128_CBC_SHA",
> -                "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
> -                "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
> -                "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
> -                "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
> -                "TLS_RSA_WITH_AES_256_CBC_SHA",
> -                "TLS_RSA_WITH_AES_128_CBC_SHA",
> -        }),
> -
> -        TLSv12("TLSv1.2", new String []{
> -                "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
> -                "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
> -                "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
> -                "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
> -                "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
> -                "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
> -                "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
> -                "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
> -                "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
> -                "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
> -                "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
> -                "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
> -                "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
> -                "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
> -                "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
> -                "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
> -                "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
> -                "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
> -        }),
> -
> -        TLSv13("TLSv1.3", new String[] {
> -                "TLS_AES_128_GCM_SHA256",
> -                "TLS_AES_256_GCM_SHA384",
> -                "TLS_CHACHA20_POLY1305_SHA256"
> -        });
> -
> -        final String protocol;
> -        final String[] cipherSuites;
> -
> -        SupportedCipherSuites(String protocol, String [] supportedCipherSuites) {
> -            this.protocol = protocol;
> -            this.cipherSuites = Arrays.copyOf(supportedCipherSuites,
> -                    supportedCipherSuites.length);
> -        }
> -    }
>  }
> `

That works great, thanks!

-------------

PR: https://git.openjdk.org/jdk/pull/11780

From lucy at openjdk.org  Mon Jan 30 12:26:57 2023
From: lucy at openjdk.org (Lutz Schmidt)
Date: Mon, 30 Jan 2023 12:26:57 GMT
Subject: RFR: 8299817: [s390] AES-CTR mode intrinsic fails with multiple
 short update() calls [v2]
In-Reply-To: <T74rRuRd-JMM5a32uAJm5sQudG8l_pVjIs_vkzqK-fg=.76580ae6-dad7-4572-9b14-c839b342854f@github.com>
References: <T74rRuRd-JMM5a32uAJm5sQudG8l_pVjIs_vkzqK-fg=.76580ae6-dad7-4572-9b14-c839b342854f@github.com>
Message-ID: <sNUc88AeQVDSFN6TsgXDWtmVpv5otYGt6CwaxZURPww=.e3134c2e-03d8-4b14-b631-89e807d99972@github.com>

> This PR addresses an issue in the AES-CTR mode intrinsic on s390. When a message is ciphered in multiple, small (< 16 bytes) segments, the result is incorrect.
> 
> This is not just a band-aid fix. The issue was taken as a chance to restructure the code. though still complicated, It is now easier to read and (hopefully) understand.
> 
> Except for the new jetreg test, the changes are purely s390. There are no side effects on other platforms. Issue-specific tests pass. Other tests are in progress. I will update this PR once they are complete. 
> 
> **Reviews and comments are very much appreciated.**
> 
> @backwaterred could you please run some "official" s390 tests? Thanks.

Lutz Schmidt has updated the pull request incrementally with one additional commit since the last revision:

  8299817: Update copyright

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11967/files
  - new: https://git.openjdk.org/jdk/pull/11967/files/7af2c3db..33722f27

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11967&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11967&range=00-01

  Stats: 29 lines in 5 files changed: 1 ins; 0 del; 28 mod
  Patch: https://git.openjdk.org/jdk/pull/11967.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11967/head:pull/11967

PR: https://git.openjdk.org/jdk/pull/11967

From lucy at openjdk.org  Mon Jan 30 12:26:57 2023
From: lucy at openjdk.org (Lutz Schmidt)
Date: Mon, 30 Jan 2023 12:26:57 GMT
Subject: RFR: 8299817: [s390] AES-CTR mode intrinsic fails with multiple
 short update() calls [v2]
In-Reply-To: <fAsaF6fyT1YZ9OZavWdgxSjPcUpAfodGLRd-gu9Tit4=.a4084b67-d8d8-4672-a540-73f3ec000c7a@github.com>
References: <T74rRuRd-JMM5a32uAJm5sQudG8l_pVjIs_vkzqK-fg=.76580ae6-dad7-4572-9b14-c839b342854f@github.com>
 <fAsaF6fyT1YZ9OZavWdgxSjPcUpAfodGLRd-gu9Tit4=.a4084b67-d8d8-4672-a540-73f3ec000c7a@github.com>
Message-ID: <OIsXUnow66neE8UDpxsS3CQKBlpFTU-kDe21F4t_QiM=.4a3f2bf9-a04e-4c93-97d5-bdf8eebb0ace@github.com>

On Mon, 23 Jan 2023 09:23:54 GMT, Martin Doerr <mdoerr at openjdk.org> wrote:

>> Lutz Schmidt has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   8299817: Update copyright
>
> test/hotspot/jtreg/compiler/codegen/aes/Test8299817.java line 4:
> 
>> 2:  * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
>> 3:  * Copyright (c) 2022 SAP SE. All rights reserved.
>> 4:  * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
> 
> Wrong Copyright header! Please also update the Copyright years.

Sorry for the delay. Copyright is fixed.

-------------

PR: https://git.openjdk.org/jdk/pull/11967

From mullan at openjdk.org  Mon Jan 30 16:40:19 2023
From: mullan at openjdk.org (Sean Mullan)
Date: Mon, 30 Jan 2023 16:40:19 GMT
Subject: RFR: 8294527: Some java.security.debug options missing from
 security docs
In-Reply-To: <XrMUy2qT1TB39fWqNPLdJK--FJtGebwsDgBRTdXOQQM=.51314761-04b9-4d3b-9467-2f6f346d746e@github.com>
References: <XrMUy2qT1TB39fWqNPLdJK--FJtGebwsDgBRTdXOQQM=.51314761-04b9-4d3b-9467-2f6f346d746e@github.com>
Message-ID: <ZPKqxu7ODK1s1z0bG6DZxNP_FhvG9gT9T34RTUAnERM=.5eb3d49d-ebed-4ed7-82a7-f36b808e07a7@github.com>

On Mon, 30 Jan 2023 10:23:59 GMT, Ryan Wallace <duke at openjdk.org> wrote:

> Hi, small change to the java.security.debug to enhance help() with missing options.

src/java.base/share/classes/sun/security/util/Debug.java line 90:

> 88:         System.err.println("              PKCS11 KeyStore debugging");
> 89:         System.err.println("pkcs12        PKCS12 KeyStore debugging");
> 90:         System.err.println("properties    Prints which java.security Security Properties file that the JDK uses");

This prints the initial values of all security properties (whether overridden or not) and other miscellaneous useful info when parsing the java.security file. I think we can just generalize this to "Security property and configuration file debugging". The other help options are fairly general.

-------------

PR: https://git.openjdk.org/jdk/pull/12289

From rhalade at openjdk.org  Mon Jan 30 20:55:03 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Mon, 30 Jan 2023 20:55:03 GMT
Subject: RFR: 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3 [v2]
In-Reply-To: <jiZSP5QooV8o1GrqfTbCuTQ11d-KXn-Q4jWzBBoOdNQ=.a5b9e508-2221-4c06-b76a-15b956e6515f@github.com>
References: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
 <jiZSP5QooV8o1GrqfTbCuTQ11d-KXn-Q4jWzBBoOdNQ=.a5b9e508-2221-4c06-b76a-15b956e6515f@github.com>
Message-ID: <iNEstFw1Xj_9uHumpJ4wOwN40NxS8bUOyIRr08HwyxY=.47738cd4-8235-4081-9649-f389371e10dc@github.com>

On Mon, 30 Jan 2023 12:17:10 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> * updated test for new TLS protocols and ciphersuites
>> * code cleanup
>
> Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits:
> 
>  - incorporated Rajan's patch
>  - Merge branch 'master' into test-all-suites
>  - 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3

test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java line 236:

> 234:         testAllSuites.createSSLEngines();
> 235:         testAllSuites.test();
> 236:         

There are several `trailing whitespace` errors, please fix.

test/lib/jdk/test/lib/security/SecurityUtils.java line 65:

> 63:     }
> 64:     
> 65:     public static void addToDisabledTlsAlgs(String... protocols) {

Move these to line 55 (before removeFromDisabledTlsAlgs method) so remove and add methods stay together.

test/lib/jdk/test/lib/security/SecurityUtils.java line 69:

> 67:     }
> 68:     
> 69:     public static void addToDisabledArgs(String prop, List<String> constraints) {

Add the comment for method like "remove..." methods.

-------------

PR: https://git.openjdk.org/jdk/pull/11780

From jwaters at openjdk.org  Tue Jan 31 06:36:42 2023
From: jwaters at openjdk.org (Julian Waters)
Date: Tue, 31 Jan 2023 06:36:42 GMT
Subject: RFR: 8301443: Clean broken comments from Windows code
Message-ID: <Nz5EArhUgwMue3kk1X5OYrsuguzH6LPsbRRjLtvmp6s=.9dbdbc2f-e099-4e86-b3ec-4fecf93b3472@github.com>

Several comments are technically broken in Windows code, this change cleans up the broken comments that managed to slip past reviewers during Integration

-------------

Commit messages:
 - Partial Revert
 - sspi.cpp
 - Comments

Changes: https://git.openjdk.org/jdk/pull/12305/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12305&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8301443
  Stats: 13 lines in 11 files changed: 0 ins; 1 del; 12 mod
  Patch: https://git.openjdk.org/jdk/pull/12305.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12305/head:pull/12305

PR: https://git.openjdk.org/jdk/pull/12305

From jwaters at openjdk.org  Tue Jan 31 07:01:57 2023
From: jwaters at openjdk.org (Julian Waters)
Date: Tue, 31 Jan 2023 07:01:57 GMT
Subject: RFR: 8301443: Clean broken comments from Windows code
In-Reply-To: <Nz5EArhUgwMue3kk1X5OYrsuguzH6LPsbRRjLtvmp6s=.9dbdbc2f-e099-4e86-b3ec-4fecf93b3472@github.com>
References: <Nz5EArhUgwMue3kk1X5OYrsuguzH6LPsbRRjLtvmp6s=.9dbdbc2f-e099-4e86-b3ec-4fecf93b3472@github.com>
Message-ID: <L7MKQlWUBi4ab22ZD56GLRhdPeEUGVcSTFRkz3cRKZc=.ed8edde6-1e26-47fe-a4e3-084ba5806445@github.com>

On Tue, 31 Jan 2023 06:28:21 GMT, Julian Waters <jwaters at openjdk.org> wrote:

> Several comments are technically broken in Windows code, this change cleans up the broken comments that managed to slip past reviewers during Integration

@wangweij Sorry for the abrupt tag, but would the sspi.cpp change be fine with you? It seems like the comment is intended to signal a newline so the compile command's second half on the next line is read properly, but Visual C++ will simply interpret it as the object file \.o, which isn't correct, but I don't quite know the context behind that comment so I thought I'd ask first (On top of the fact that cmd doesn't allow newline formatted commands at all)

-------------

PR: https://git.openjdk.org/jdk/pull/12305

From duke at openjdk.org  Tue Jan 31 09:11:30 2023
From: duke at openjdk.org (Ryan Wallace)
Date: Tue, 31 Jan 2023 09:11:30 GMT
Subject: RFR: 8294527: Some java.security.debug options missing from
 security docs [v2]
In-Reply-To: <XrMUy2qT1TB39fWqNPLdJK--FJtGebwsDgBRTdXOQQM=.51314761-04b9-4d3b-9467-2f6f346d746e@github.com>
References: <XrMUy2qT1TB39fWqNPLdJK--FJtGebwsDgBRTdXOQQM=.51314761-04b9-4d3b-9467-2f6f346d746e@github.com>
Message-ID: <6brFqupYxlRHlYjNRxycBGYHXAhuFk87SGGEGTm3h4Y=.c2c5c5ae-1e3e-4f0a-b469-8f4021f15186@github.com>

> Hi, small change to the java.security.debug to enhance help() with missing options.

Ryan Wallace has updated the pull request incrementally with one additional commit since the last revision:

  8294527: Some java.security.debug options missing from security docs

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/12289/files
  - new: https://git.openjdk.org/jdk/pull/12289/files/ce946cfe..23194305

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=12289&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=12289&range=00-01

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/12289.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12289/head:pull/12289

PR: https://git.openjdk.org/jdk/pull/12289

From duke at openjdk.org  Tue Jan 31 11:21:24 2023
From: duke at openjdk.org (Ryan Wallace)
Date: Tue, 31 Jan 2023 11:21:24 GMT
Subject: RFR: 8294527: Some java.security.debug options missing from
 security docs [v3]
In-Reply-To: <XrMUy2qT1TB39fWqNPLdJK--FJtGebwsDgBRTdXOQQM=.51314761-04b9-4d3b-9467-2f6f346d746e@github.com>
References: <XrMUy2qT1TB39fWqNPLdJK--FJtGebwsDgBRTdXOQQM=.51314761-04b9-4d3b-9467-2f6f346d746e@github.com>
Message-ID: <v2XazdxF2qCSa_3vM6DemX7ULzDCk_n0KmnhHO0vlnk=.7ae5f288-73b3-4e7a-8882-7023bc1f79b2@github.com>

> Hi, small change to the java.security.debug to enhance help() with missing options.

Ryan Wallace has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:

 - Merge branch 'master' into jdk-8294527
 - 8294527: Some java.security.debug options missing from security docs
 - 8294527: Some java.security.debug options missing from security docs

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/12289/files
  - new: https://git.openjdk.org/jdk/pull/12289/files/23194305..080b76d9

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=12289&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=12289&range=01-02

  Stats: 23356 lines in 1087 files changed: 6624 ins; 4721 del; 12011 mod
  Patch: https://git.openjdk.org/jdk/pull/12289.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12289/head:pull/12289

PR: https://git.openjdk.org/jdk/pull/12289

From duke at openjdk.org  Tue Jan 31 12:42:26 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Tue, 31 Jan 2023 12:42:26 GMT
Subject: RFR: 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3 [v3]
In-Reply-To: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
References: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
Message-ID: <qcAN0RlWx_lbRKtRS7KPqwvW9IvxGRX_jELtdqUaPGQ=.8239715b-d026-4e4d-9aeb-a6a5ce29a7f0@github.com>

> * updated test for new TLS protocols and ciphersuites
> * code cleanup

Matthew Donovan has updated the pull request incrementally with one additional commit since the last revision:

  addressed comments

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/11780/files
  - new: https://git.openjdk.org/jdk/pull/11780/files/18b6d03e..7a623ba0

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=11780&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=11780&range=01-02

  Stats: 26 lines in 2 files changed: 12 ins; 5 del; 9 mod
  Patch: https://git.openjdk.org/jdk/pull/11780.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11780/head:pull/11780

PR: https://git.openjdk.org/jdk/pull/11780

From duke at openjdk.org  Tue Jan 31 15:05:52 2023
From: duke at openjdk.org (Ryan Wallace)
Date: Tue, 31 Jan 2023 15:05:52 GMT
Subject: RFR: 8294527: Some java.security.debug options missing from
 security docs [v3]
In-Reply-To: <ZPKqxu7ODK1s1z0bG6DZxNP_FhvG9gT9T34RTUAnERM=.5eb3d49d-ebed-4ed7-82a7-f36b808e07a7@github.com>
References: <XrMUy2qT1TB39fWqNPLdJK--FJtGebwsDgBRTdXOQQM=.51314761-04b9-4d3b-9467-2f6f346d746e@github.com>
 <ZPKqxu7ODK1s1z0bG6DZxNP_FhvG9gT9T34RTUAnERM=.5eb3d49d-ebed-4ed7-82a7-f36b808e07a7@github.com>
Message-ID: <F6ozg2JCCp55U8ickrMYRf0W82y4NsOaoWUr_DfRBdM=.61e81b8f-36de-478b-a035-796a37f4f232@github.com>

On Mon, 30 Jan 2023 16:37:37 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Ryan Wallace has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
>> 
>>  - Merge branch 'master' into jdk-8294527
>>  - 8294527: Some java.security.debug options missing from security docs
>>  - 8294527: Some java.security.debug options missing from security docs
>
> src/java.base/share/classes/sun/security/util/Debug.java line 90:
> 
>> 88:         System.err.println("              PKCS11 KeyStore debugging");
>> 89:         System.err.println("pkcs12        PKCS12 KeyStore debugging");
>> 90:         System.err.println("properties    Prints which java.security Security Properties file that the JDK uses");
> 
> This prints the initial values of all security properties (whether overridden or not) and other miscellaneous useful info when parsing the java.security file. I think we can just generalize this to "Security property and configuration file debugging". The other help options are fairly general.

Done, thanks Sean

-------------

PR: https://git.openjdk.org/jdk/pull/12289

From mullan at openjdk.org  Tue Jan 31 16:58:34 2023
From: mullan at openjdk.org (Sean Mullan)
Date: Tue, 31 Jan 2023 16:58:34 GMT
Subject: RFR: 8294527: Some java.security.debug options missing from
 security docs [v3]
In-Reply-To: <v2XazdxF2qCSa_3vM6DemX7ULzDCk_n0KmnhHO0vlnk=.7ae5f288-73b3-4e7a-8882-7023bc1f79b2@github.com>
References: <XrMUy2qT1TB39fWqNPLdJK--FJtGebwsDgBRTdXOQQM=.51314761-04b9-4d3b-9467-2f6f346d746e@github.com>
 <v2XazdxF2qCSa_3vM6DemX7ULzDCk_n0KmnhHO0vlnk=.7ae5f288-73b3-4e7a-8882-7023bc1f79b2@github.com>
Message-ID: <UUtc9IJhlE-CASUyzzK8YaY2TAw_eFRDFklA5GaOAA0=.811833c0-bfac-40eb-aae0-2f9bd39bb283@github.com>

On Tue, 31 Jan 2023 11:21:24 GMT, Ryan Wallace <duke at openjdk.org> wrote:

>> Hi, small change to the java.security.debug to enhance help() with missing options.
>
> Ryan Wallace has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
> 
>  - Merge branch 'master' into jdk-8294527
>  - 8294527: Some java.security.debug options missing from security docs
>  - 8294527: Some java.security.debug options missing from security docs

Marked as reviewed by mullan (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/12289

From mpowers at openjdk.org  Tue Jan 31 17:01:03 2023
From: mpowers at openjdk.org (Mark Powers)
Date: Tue, 31 Jan 2023 17:01:03 GMT
Subject: RFR: JDK-8300416 java.security.MessageDigestSpi clone can result in
 thread-unsafe clones
Message-ID: <txPSKFV5QWYWr4swYZvCrPAzmo9MNtlFyqJ5U_Xufg0=.0a9be842-12fa-4992-962e-cb6e99227190@github.com>

https://bugs.openjdk.org/browse/JDK-8300416

-------------

Commit messages:
 - first iteration

Changes: https://git.openjdk.org/jdk/pull/12348/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12348&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8300416
  Stats: 57 lines in 2 files changed: 52 ins; 0 del; 5 mod
  Patch: https://git.openjdk.org/jdk/pull/12348.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12348/head:pull/12348

PR: https://git.openjdk.org/jdk/pull/12348

From rhalade at openjdk.org  Tue Jan 31 18:18:42 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Tue, 31 Jan 2023 18:18:42 GMT
Subject: RFR: 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3 [v3]
In-Reply-To: <qcAN0RlWx_lbRKtRS7KPqwvW9IvxGRX_jELtdqUaPGQ=.8239715b-d026-4e4d-9aeb-a6a5ce29a7f0@github.com>
References: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
 <qcAN0RlWx_lbRKtRS7KPqwvW9IvxGRX_jELtdqUaPGQ=.8239715b-d026-4e4d-9aeb-a6a5ce29a7f0@github.com>
Message-ID: <86_YtF6TQFGowr5ePjEhg-inWBlo7D8_aSBuN3skpcY=.c9a615b9-964a-4d57-879f-5bfb7e1b9295@github.com>

On Tue, 31 Jan 2023 12:42:26 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> * updated test for new TLS protocols and ciphersuites
>> * code cleanup
>
> Matthew Donovan has updated the pull request incrementally with one additional commit since the last revision:
> 
>   addressed comments

test/jdk/ProblemList.txt line 588:

> 586: sun/security/tools/keytool/ListKeychainStore.sh                 8156889 macosx-all
> 587: 
> 588: javax/net/ssl/SSLEngine/IllegalRecordVersion.java               8298873 generic-all

you will need to update to latest source, this test was removed from ProblemList.

test/lib/jdk/test/lib/security/SecurityUtils.java line 58:

> 56:     /**
> 57:      * Adds the specified protocols to the jdk.tls.disabledAlgorithms
> 58:      * security property 

There is `trailing whitespace` error on line 58.

-------------

PR: https://git.openjdk.org/jdk/pull/11780

From duke at openjdk.org  Tue Jan 31 18:35:47 2023
From: duke at openjdk.org (Matthew Donovan)
Date: Tue, 31 Jan 2023 18:35:47 GMT
Subject: RFR: 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3 [v4]
In-Reply-To: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
References: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
Message-ID: <KVw1hkkd4mwOhkI1xS3U2Wf9iF0nMr8eOs2AQWYg_OA=.eb4733c4-73b1-4ad5-b065-815311d44548@github.com>

> * updated test for new TLS protocols and ciphersuites
> * code cleanup

Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains seven commits:

 - fixed ProblemList
 - Merge branch 'master' into test-all-suites
 - removed trailing whitespace
 - addressed comments
 - incorporated Rajan's patch
 - Merge branch 'master' into test-all-suites
 - 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3

-------------

Changes: https://git.openjdk.org/jdk/pull/11780/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11780&range=03
  Stats: 175 lines in 3 files changed: 39 ins; 35 del; 101 mod
  Patch: https://git.openjdk.org/jdk/pull/11780.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/11780/head:pull/11780

PR: https://git.openjdk.org/jdk/pull/11780

From rhalade at openjdk.org  Tue Jan 31 19:21:51 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Tue, 31 Jan 2023 19:21:51 GMT
Subject: RFR: 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3 [v4]
In-Reply-To: <KVw1hkkd4mwOhkI1xS3U2Wf9iF0nMr8eOs2AQWYg_OA=.eb4733c4-73b1-4ad5-b065-815311d44548@github.com>
References: <vNwQ6EUHIarE-ckuoWktruvCu8BU83nbZQgxdi0YIsE=.7cd7e412-d870-4a91-a6f8-f7131cd827d5@github.com>
 <KVw1hkkd4mwOhkI1xS3U2Wf9iF0nMr8eOs2AQWYg_OA=.eb4733c4-73b1-4ad5-b065-815311d44548@github.com>
Message-ID: <j75SyxY47A00CCGdm43qo4YOHJDnybnneKGel7ivLsk=.cb840219-f26d-4ee9-83d5-dac42ff5734b@github.com>

On Tue, 31 Jan 2023 18:35:47 GMT, Matthew Donovan <duke at openjdk.org> wrote:

>> * updated test for new TLS protocols and ciphersuites
>> * code cleanup
>
> Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains seven commits:
> 
>  - fixed ProblemList
>  - Merge branch 'master' into test-all-suites
>  - removed trailing whitespace
>  - addressed comments
>  - incorporated Rajan's patch
>  - Merge branch 'master' into test-all-suites
>  - 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3

Marked as reviewed by rhalade (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/11780

From bhuang at openjdk.org  Tue Jan 31 22:41:40 2023
From: bhuang at openjdk.org (Bill Huang)
Date: Tue, 31 Jan 2023 22:41:40 GMT
Subject: RFR: JDK-8299994: java/security/Policy/Root/Root.java fails when home
 directory is read-only
Message-ID: <qIGOmJu4rLPxuoDW-zteCD-5kapxMWxc2k6ra3kgXpA=.64cb7150-e0d1-4f6e-82ae-3641c0f1d772@github.com>

Root.java is changed to a manual test because it requires test to be run with the root user privilege, and it requires to modify the user policy file in the home director.

-------------

Commit messages:
 - JDK-8299994 java/security/Policy/Root/Root.java fails when home directory is read-only

Changes: https://git.openjdk.org/jdk/pull/12354/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12354&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8299994
  Stats: 18 lines in 3 files changed: 15 ins; 1 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/12354.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12354/head:pull/12354

PR: https://git.openjdk.org/jdk/pull/12354

From rhalade at openjdk.org  Tue Jan 31 22:50:51 2023
From: rhalade at openjdk.org (Rajan Halade)
Date: Tue, 31 Jan 2023 22:50:51 GMT
Subject: RFR: JDK-8299994: java/security/Policy/Root/Root.java fails when
 home directory is read-only
In-Reply-To: <qIGOmJu4rLPxuoDW-zteCD-5kapxMWxc2k6ra3kgXpA=.64cb7150-e0d1-4f6e-82ae-3641c0f1d772@github.com>
References: <qIGOmJu4rLPxuoDW-zteCD-5kapxMWxc2k6ra3kgXpA=.64cb7150-e0d1-4f6e-82ae-3641c0f1d772@github.com>
Message-ID: <qcD10oysBJ_UU3vouX2poE6s5O9OkNOwg0R9qW043Rc=.a896cdc1-03e8-4a41-bb6b-33bfab8f83e3@github.com>

On Tue, 31 Jan 2023 22:35:21 GMT, Bill Huang <bhuang at openjdk.org> wrote:

> Root.java is changed to a manual test because it requires test to be run with the root user privilege, and it requires to modify the user policy file in the home director.

test/jdk/java/security/Policy/Root/Root.java line 34:

> 32: 
> 33: /*
> 34: * Run test as root user.

Can you print set of instructions to run test as root? Also it will help if test fails when not run as root to begin with.

-------------

PR: https://git.openjdk.org/jdk/pull/12354

From bhuang at openjdk.org  Tue Jan 31 23:14:11 2023
From: bhuang at openjdk.org (Bill Huang)
Date: Tue, 31 Jan 2023 23:14:11 GMT
Subject: RFR: JDK-8299994: java/security/Policy/Root/Root.java fails when
 home directory is read-only [v2]
In-Reply-To: <qIGOmJu4rLPxuoDW-zteCD-5kapxMWxc2k6ra3kgXpA=.64cb7150-e0d1-4f6e-82ae-3641c0f1d772@github.com>
References: <qIGOmJu4rLPxuoDW-zteCD-5kapxMWxc2k6ra3kgXpA=.64cb7150-e0d1-4f6e-82ae-3641c0f1d772@github.com>
Message-ID: <CnOrGIC3fKTifkgEx2dT9Hk8Z9AXzXHwufNoj04eYmQ=.d37e58be-65cf-4284-8a30-589f6b08f135@github.com>

> Root.java is changed to a manual test because it requires test to be run with the root user privilege, and it requires to modify the user policy file in the home director.

Bill Huang has updated the pull request incrementally with one additional commit since the last revision:

  Implemented review comments.

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/12354/files
  - new: https://git.openjdk.org/jdk/pull/12354/files/69a7a490..60096f09

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=12354&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=12354&range=00-01

  Stats: 7 lines in 1 file changed: 7 ins; 0 del; 0 mod
  Patch: https://git.openjdk.org/jdk/pull/12354.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/12354/head:pull/12354

PR: https://git.openjdk.org/jdk/pull/12354

From xueleifan at global.tencent.com  Thu Jan 26 05:45:54 2023
From: xueleifan at global.tencent.com (Xuelei Fan)
Date: Thu, 26 Jan 2023 05:45:54 +0000
Subject: JEP draft: Key Encapsulation Mechanism API
In-Reply-To: <5177068E-5199-448F-9EB3-C0947BDAA395@oracle.com>
References: <6EA03210-3F06-495F-B540-0D4111992ECC@oracle.com>
 <3923732D-45B8-4C2F-9C54-BA0AF1EB20EE@gmail.com>
 <E6F73B90-FF3D-4CF7-8392-197E027AF4F2@oracle.com>
 <F397E862-E807-4B5C-8D5C-1B868E8B2B03@gmail.com>
 <5177068E-5199-448F-9EB3-C0947BDAA395@oracle.com>
Message-ID: <2C2C4EC0-D26C-432D-8ED9-B739877E05A5@global.tencent.com>


> On Jan 25, 2023, at 8:43 PM, Wei-Jun Wang <weijun.wang at oracle.com> wrote:


>  If someone really cares about the result of getProvider(), they should be careful no other thread calls encapsulation or decapsulation.

If no-one care about the result of getProvider(), is it possible to remove this method from the design?

With this method, the API is not easy to use, and the code is not easy to review, unless a developer read the class and methods spec very carefully, considering that the behavior differences impacted by calling sequences.

Anyway, calling sequence problems are known issues for JCA/JCE, just my $0.02 in case it helps to make the specification more clear, if you?d like to the tradition of JCA/JCE.

Xuelei