From anthony.scarpino at oracle.com Mon Jul 3 15:28:29 2023 From: anthony.scarpino at oracle.com (Anthony Scarpino) Date: Mon, 3 Jul 2023 08:28:29 -0700 Subject: RFR: JDK-8308398 Move SunEC crypto provider into java.base In-Reply-To: <2c1ddf91-4c0c-537d-90f9-160988ce2d27@zeus.net.au> References: <6lzoh0vmMyKVEF9wFGW-axNSgbgKmMKTclBro12Pa40=.001e679b-3108-46d9-8922-29d8e551abbc@github.com> <2c1ddf91-4c0c-537d-90f9-160988ce2d27@zeus.net.au> Message-ID: On 6/30/23 4:26 AM, Peter Firmstone wrote: > > On 17/06/2023 11:13 pm, Alan Bateman wrote: >> On Tue, 13 Jun 2023 20:36:28 GMT, Anthony Scarpino >> wrote: >> >>> This moves the SunEC JCE Provider (Elliptic Curve) into java.base. EC >>> has always been separate from the base module/pkg because of its >>> dependence on a native library. That library was removed in JDK 16. >> The proposed changes look okay, meaning it should be okay to have the >> SunEC provider in java.base. However, the motivation isn't clear as >> there isn't an issue with JCE providers in java.base using native >> code. I know there were non-technical issues with libsunec in the past >> but that would haven't prevent the SunEC code form being compiled into >> java.base. >> >> I assume the main implications of the change is that 3rd party JCE >> providers signed with an EC certificate can now be deployed on the >> module path.? Another way to solve that issue is that delay >> verification of signed JARs until the boot layer is created - if we >> did that, would you still want to move the SunEC provider into java.base? > > > Curious, the provider mechanism provides a level of indirection, aka > service, a boundary or separation.? How are module boundaries defined? > > Regards, > > Peter. With JCE, there is not specific boundary definition to modules. I was a case-by-case basis at the time the provider was integrated. Tony From mullan at openjdk.org Mon Jul 3 16:06:58 2023 From: mullan at openjdk.org (Sean Mullan) Date: Mon, 3 Jul 2023 16:06:58 GMT Subject: RFR: 8311122: Fix typos in java.base In-Reply-To: References: Message-ID: On Thu, 29 Jun 2023 21:17:49 GMT, Pavel Rappo wrote: > Please review this IDE-assisted typo hunt, which I plan to backport to jdk21. The changes in the security classes look fine to me. ------------- Marked as reviewed by mullan (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14718#pullrequestreview-1511468933 From mullan at openjdk.org Mon Jul 3 16:11:02 2023 From: mullan at openjdk.org (Sean Mullan) Date: Mon, 3 Jul 2023 16:11:02 GMT Subject: [jdk21] RFR: 8301379: Verify TLS_ECDH_* cipher suites cannot be negotiated In-Reply-To: References: Message-ID: On Tue, 27 Jun 2023 18:37:57 GMT, Rajan Halade wrote: > This test update should be included in JDK 21 LTS release. Marked as reviewed by mullan (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk21/pull/71#pullrequestreview-1511474824 From ascarpino at openjdk.org Mon Jul 3 17:51:10 2023 From: ascarpino at openjdk.org (Anthony Scarpino) Date: Mon, 3 Jul 2023 17:51:10 GMT Subject: RFR: JDK-8308398 Move SunEC crypto provider into java.base [v3] In-Reply-To: <6lzoh0vmMyKVEF9wFGW-axNSgbgKmMKTclBro12Pa40=.001e679b-3108-46d9-8922-29d8e551abbc@github.com> References: <6lzoh0vmMyKVEF9wFGW-axNSgbgKmMKTclBro12Pa40=.001e679b-3108-46d9-8922-29d8e551abbc@github.com> Message-ID: > Hi, > > I need a code review for moving the contents of the jdk.crypto.ec module into java.base. This moves the SunEC JCE Provider (Elliptic Curve) into java.base. EC has always been separate from the base module/pkg because of its dependence on a native library. That library was removed in JDK 16. An empty jdk.crypto.ec module will remain for compatibility, but marked as deprecated with the intent to be removed in a future release. > > There should be no compatibility risk for application using EC through JCE. There are no public API changes to EC, XEC, and EdDSA classes . Applications that unwisely accessing internal EC classes will need to use the java.base module. > > Thanks > > Tony Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision: return non volatile variable ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14457/files - new: https://git.openjdk.org/jdk/pull/14457/files/32b4cee1..cf8e954d Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14457&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14457&range=01-02 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/14457.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14457/head:pull/14457 PR: https://git.openjdk.org/jdk/pull/14457 From duke at openjdk.org Mon Jul 3 19:44:12 2023 From: duke at openjdk.org (Glavo) Date: Mon, 3 Jul 2023 19:44:12 GMT Subject: RFR: 8310901: Convert String::newStringNoRepl with Latin-1 to String::newStringLatin1NoRepl [v5] In-Reply-To: References: Message-ID: > Added a new method `newStringLatin1NoRepl` to the `JavaLangAccess`. > > Reasons: > > * Most use cases of `newStringNoRepl` use `ISO_8859_1` as the charset, creating a new shortcut can make writing shorter; > * Since all possible values of `byte` are legal Latin-1 characters, `newStringLatin1NoRepl` **will not throw `CharacterCodingException`**, so users can make the compiler happy without using useless try-catch statements. Glavo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains eight additional commits since the last revision: - Merge branch 'openjdk:master' into latin1-no-repl - Merge branch 'openjdk:master' into latin1-no-repl - Merge branch 'openjdk:master' into latin1-no-repl - update javadoc - clean newStringNoRepl1 - clean newStringNoRepl1 - Rename jla to JLA - Create new method JavaLangAccess::newStringLatin1NoRepl ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14655/files - new: https://git.openjdk.org/jdk/pull/14655/files/512029d7..76498a5b Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14655&range=04 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14655&range=03-04 Stats: 7482 lines in 474 files changed: 4398 ins; 1064 del; 2020 mod Patch: https://git.openjdk.org/jdk/pull/14655.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14655/head:pull/14655 PR: https://git.openjdk.org/jdk/pull/14655 From duke at openjdk.org Mon Jul 3 19:46:38 2023 From: duke at openjdk.org (Glavo) Date: Mon, 3 Jul 2023 19:46:38 GMT Subject: RFR: 8310901: Convert String::newStringNoRepl with Latin-1 to String::newStringLatin1NoRepl [v6] In-Reply-To: References: Message-ID: <7mAWi6eB57x0f0zs0fkVQ02POF5H05Dj3Jvw1QPa1IY=.1fa0133d-2a24-437e-b2a6-66cdf1ca0985@github.com> > Added a new method `newStringLatin1NoRepl` to the `JavaLangAccess`. > > Reasons: > > * Most use cases of `newStringNoRepl` use `ISO_8859_1` as the charset, creating a new shortcut can make writing shorter; > * Since all possible values of `byte` are legal Latin-1 characters, `newStringLatin1NoRepl` **will not throw `CharacterCodingException`**, so users can make the compiler happy without using useless try-catch statements. Glavo has updated the pull request incrementally with one additional commit since the last revision: Use newStringLatin1NoRepl in UUID ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14655/files - new: https://git.openjdk.org/jdk/pull/14655/files/76498a5b..96788ddd Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14655&range=05 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14655&range=04-05 Stats: 8 lines in 1 file changed: 0 ins; 6 del; 2 mod Patch: https://git.openjdk.org/jdk/pull/14655.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14655/head:pull/14655 PR: https://git.openjdk.org/jdk/pull/14655 From valeriep at openjdk.org Tue Jul 4 00:51:10 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Tue, 4 Jul 2023 00:51:10 GMT Subject: RFR: JDK-8308398 Move SunEC crypto provider into java.base [v3] In-Reply-To: References: <6lzoh0vmMyKVEF9wFGW-axNSgbgKmMKTclBro12Pa40=.001e679b-3108-46d9-8922-29d8e551abbc@github.com> Message-ID: On Mon, 3 Jul 2023 17:51:10 GMT, Anthony Scarpino wrote: >> Hi, >> >> I need a code review for moving the contents of the jdk.crypto.ec module into java.base. This moves the SunEC JCE Provider (Elliptic Curve) into java.base. EC has always been separate from the base module/pkg because of its dependence on a native library. That library was removed in JDK 16. An empty jdk.crypto.ec module will remain for compatibility, but marked as deprecated with the intent to be removed in a future release. >> >> There should be no compatibility risk for application using EC through JCE. There are no public API changes to EC, XEC, and EdDSA classes . Applications that unwisely accessing internal EC classes will need to use the java.base module. >> >> Thanks >> >> Tony > > Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision: > > return non volatile variable Marked as reviewed by valeriep (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14457#pullrequestreview-1511888440 From clanger at openjdk.org Tue Jul 4 07:34:03 2023 From: clanger at openjdk.org (Christoph Langer) Date: Tue, 4 Jul 2023 07:34:03 GMT Subject: [jdk21] RFR: 8310549: avoid potential leaks in KeystoreImpl.m related to JNU_CHECK_EXCEPTION early returns In-Reply-To: <5ji-LHKwHTkaSJkjD3ps6IBW2JqUvfmsmK4nWOfN1-U=.7dbfdd42-9e24-4260-b34f-ff631859a8b7@github.com> References: <5ji-LHKwHTkaSJkjD3ps6IBW2JqUvfmsmK4nWOfN1-U=.7dbfdd42-9e24-4260-b34f-ff631859a8b7@github.com> Message-ID: <5VvP5W0mLP27cSO_NN_Gd0WMUKYQ7K79NKP6UpVlJWs=.5b49b5dc-55d9-47e1-9f4f-7d0740b62226@github.com> On Fri, 30 Jun 2023 12:28:43 GMT, Matthias Baesken wrote: > 8310549: avoid potential leaks in KeystoreImpl.m related to JNU_CHECK_EXCEPTION early returns Marked as reviewed by clanger (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk21/pull/86#pullrequestreview-1512250194 From mbaesken at openjdk.org Tue Jul 4 07:46:06 2023 From: mbaesken at openjdk.org (Matthias Baesken) Date: Tue, 4 Jul 2023 07:46:06 GMT Subject: [jdk21] Integrated: 8310549: avoid potential leaks in KeystoreImpl.m related to JNU_CHECK_EXCEPTION early returns In-Reply-To: <5ji-LHKwHTkaSJkjD3ps6IBW2JqUvfmsmK4nWOfN1-U=.7dbfdd42-9e24-4260-b34f-ff631859a8b7@github.com> References: <5ji-LHKwHTkaSJkjD3ps6IBW2JqUvfmsmK4nWOfN1-U=.7dbfdd42-9e24-4260-b34f-ff631859a8b7@github.com> Message-ID: On Fri, 30 Jun 2023 12:28:43 GMT, Matthias Baesken wrote: > 8310549: avoid potential leaks in KeystoreImpl.m related to JNU_CHECK_EXCEPTION early returns This pull request has now been integrated. Changeset: 8d6ef6fd Author: Matthias Baesken URL: https://git.openjdk.org/jdk21/commit/8d6ef6fd5bedadee4afac66f3bd3b9213e72d5f5 Stats: 6 lines in 1 file changed: 4 ins; 0 del; 2 mod 8310549: avoid potential leaks in KeystoreImpl.m related to JNU_CHECK_EXCEPTION early returns Reviewed-by: clanger Backport-of: 7da3f1999fc5d1b9162443d97dfae7fe7b04dfc5 ------------- PR: https://git.openjdk.org/jdk21/pull/86 From peter.firmstone at zeus.net.au Tue Jul 4 10:23:40 2023 From: peter.firmstone at zeus.net.au (Peter Firmstone) Date: Tue, 4 Jul 2023 20:23:40 +1000 Subject: RFR: JDK-8308398 Move SunEC crypto provider into java.base In-Reply-To: References: <6lzoh0vmMyKVEF9wFGW-axNSgbgKmMKTclBro12Pa40=.001e679b-3108-46d9-8922-29d8e551abbc@github.com> <2c1ddf91-4c0c-537d-90f9-160988ce2d27@zeus.net.au> Message-ID: Thanks Anthony, Always interesting to see how others are managing modularity. Some time ago now (circa 2007), Sun released Jini as open source, set up a project at Apache called River, we struggled to get developers though, we had a big monolithic codebase and developers couldn't get their heads around it.?? When I was modularising it, I decided to use SPI's as module boundaries, it turned out to be a good decision, we ended up making all our SPI's OSGi services as well.?? Probably doesn't matter in this instance, OpenJDK is already modular, and it's implementation detail.?? Some of our crypto providers are in the same module, but I'm thinking of separating them into different modules now, as some are no longer secure, but some people may still need them for compatibility, by moving old code into different modules, we can allow to die a peaceful death, without requiring people who don't use it to be burdened by it. -- Regards, Peter On 4/07/2023 1:28 am, Anthony Scarpino wrote: > > > On 6/30/23 4:26 AM, Peter Firmstone wrote: >> >> On 17/06/2023 11:13 pm, Alan Bateman wrote: >>> On Tue, 13 Jun 2023 20:36:28 GMT, Anthony Scarpino >>> wrote: >>> >>>> This moves the SunEC JCE Provider (Elliptic Curve) into java.base. >>>> EC has always been separate from the base module/pkg because of its >>>> dependence on a native library. That library was removed in JDK 16. >>> The proposed changes look okay, meaning it should be okay to have >>> the SunEC provider in java.base. However, the motivation isn't clear >>> as there isn't an issue with JCE providers in java.base using native >>> code. I know there were non-technical issues with libsunec in the >>> past but that would haven't prevent the SunEC code form being >>> compiled into java.base. >>> >>> I assume the main implications of the change is that 3rd party JCE >>> providers signed with an EC certificate can now be deployed on the >>> module path.? Another way to solve that issue is that delay >>> verification of signed JARs until the boot layer is created - if we >>> did that, would you still want to move the SunEC provider into >>> java.base? >> >> >> Curious, the provider mechanism provides a level of indirection, aka >> service, a boundary or separation.? How are module boundaries defined? >> >> Regards, >> >> Peter. > > With JCE, there is not specific boundary definition to modules.? I was > a case-by-case basis at the time the provider was integrated. > > Tony > > From prappo at openjdk.org Tue Jul 4 16:27:05 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Tue, 4 Jul 2023 16:27:05 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v3] In-Reply-To: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: <_mvkx_d0KLo2ph6c32l7l9sy5umxAvQ9uv-1MkXR5aM=.8481c89d-3405-499d-9308-3d725664db09@github.com> > Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. > > I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. > > * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. > > * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. > > * BitArray could be a topic of its own, but I'll do my best to be concise. > > * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. > * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). > > * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: > > // check certs > if (this.certs == null && that.certs != null || > this.certs != null && that.certs == null || > this.certs != null && > this.certs.length != that.certs.length) { > return false; > } > > int i,j; > boolean match; > > for (i = 0; this.certs != nu... Pavel Rappo has updated the pull request incrementally with one additional commit since the last revision: Add even more cases and tidy up ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14738/files - new: https://git.openjdk.org/jdk/pull/14738/files/0727c264..c0c75c87 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=01-02 Stats: 116 lines in 16 files changed: 17 ins; 43 del; 56 mod Patch: https://git.openjdk.org/jdk/pull/14738.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14738/head:pull/14738 PR: https://git.openjdk.org/jdk/pull/14738 From prappo at openjdk.org Tue Jul 4 19:07:13 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Tue, 4 Jul 2023 19:07:13 GMT Subject: Integrated: 8311122: Fix typos in java.base In-Reply-To: References: Message-ID: On Thu, 29 Jun 2023 21:17:49 GMT, Pavel Rappo wrote: > Please review this IDE-assisted typo hunt, which I plan to backport to jdk21. This pull request has now been integrated. Changeset: 7b3c2dc5 Author: Pavel Rappo URL: https://git.openjdk.org/jdk/commit/7b3c2dc5f45afc3646ff5cdc0f6efd68e0b70ea5 Stats: 23 lines in 13 files changed: 0 ins; 0 del; 23 mod 8311122: Fix typos in java.base Reviewed-by: darcy, naoto, mchung, iris, mli, mullan ------------- PR: https://git.openjdk.org/jdk/pull/14718 From prappo at openjdk.org Tue Jul 4 19:07:11 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Tue, 4 Jul 2023 19:07:11 GMT Subject: RFR: 8311122: Fix typos in java.base In-Reply-To: References: Message-ID: On Thu, 29 Jun 2023 21:17:49 GMT, Pavel Rappo wrote: > Please review this IDE-assisted typo hunt, which I plan to backport to jdk21. Alright, I think all the areas that this PR touches have been reviewed by area experts. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14718#issuecomment-1620628939 From prappo at openjdk.org Tue Jul 4 19:13:20 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Tue, 4 Jul 2023 19:13:20 GMT Subject: [jdk21] RFR: 8311122: Fix typos in java.base Message-ID: Hi all, This pull request contains a backport of commit [7b3c2dc5](https://github.com/openjdk/jdk/commit/7b3c2dc5f45afc3646ff5cdc0f6efd68e0b70ea5) from the [openjdk/jdk](https://git.openjdk.org/jdk) repository. The commit being backported was authored by Pavel Rappo on 4 Jul 2023 and was reviewed by Joe Darcy, Naoto Sato, Mandy Chung, Iris Clark, Hamlin Li and Sean Mullan. Thanks! ------------- Commit messages: - Backport 7b3c2dc5f45afc3646ff5cdc0f6efd68e0b70ea5 Changes: https://git.openjdk.org/jdk21/pull/94/files Webrev: https://webrevs.openjdk.org/?repo=jdk21&pr=94&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8311122 Stats: 23 lines in 13 files changed: 0 ins; 0 del; 23 mod Patch: https://git.openjdk.org/jdk21/pull/94.diff Fetch: git fetch https://git.openjdk.org/jdk21.git pull/94/head:pull/94 PR: https://git.openjdk.org/jdk21/pull/94 From prappo at openjdk.org Tue Jul 4 19:16:03 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Tue, 4 Jul 2023 19:16:03 GMT Subject: [jdk21] RFR: 8311122: Fix typos in java.base In-Reply-To: References: Message-ID: <62_fhK8uOuKoer-B-6-CA5tbSGNiMJaEJwIUXP-VGrU=.f064e582-d6f3-4596-a367-8a4a85923ba4@github.com> On Tue, 4 Jul 2023 19:05:58 GMT, Pavel Rappo wrote: > Hi all, > > This pull request contains a backport of commit [7b3c2dc5](https://github.com/openjdk/jdk/commit/7b3c2dc5f45afc3646ff5cdc0f6efd68e0b70ea5) from the [openjdk/jdk](https://git.openjdk.org/jdk) repository. > > The commit being backported was authored by Pavel Rappo on 4 Jul 2023 and was reviewed by Joe Darcy, Naoto Sato, Mandy Chung, Iris Clark, Hamlin Li and Sean Mullan. > > Thanks! This PR is as close to noreg-doc as one can get. The only reason it should be backported to jdk21 is a typo in an error message here: https://github.com/openjdk/jdk21/blob/c9111d57ce132d70d4360535254658ef6b8d134d/src/java.base/share/classes/java/lang/reflect/ClassFileFormatVersion.java#L373 ------------- PR Comment: https://git.openjdk.org/jdk21/pull/94#issuecomment-1620635386 From iris at openjdk.org Tue Jul 4 23:32:59 2023 From: iris at openjdk.org (Iris Clark) Date: Tue, 4 Jul 2023 23:32:59 GMT Subject: [jdk21] RFR: 8311122: Fix typos in java.base In-Reply-To: References: Message-ID: On Tue, 4 Jul 2023 19:05:58 GMT, Pavel Rappo wrote: > Hi all, > > This pull request contains a backport of commit [7b3c2dc5](https://github.com/openjdk/jdk/commit/7b3c2dc5f45afc3646ff5cdc0f6efd68e0b70ea5) from the [openjdk/jdk](https://git.openjdk.org/jdk) repository. > > The commit being backported was authored by Pavel Rappo on 4 Jul 2023 and was reviewed by Joe Darcy, Naoto Sato, Mandy Chung, Iris Clark, Hamlin Li and Sean Mullan. > > Thanks! Appears identical to change in 22, as expected. ------------- Marked as reviewed by iris (Reviewer). PR Review: https://git.openjdk.org/jdk21/pull/94#pullrequestreview-1513478430 From djelinski at openjdk.org Wed Jul 5 12:14:55 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Wed, 5 Jul 2023 12:14:55 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v3] In-Reply-To: <_mvkx_d0KLo2ph6c32l7l9sy5umxAvQ9uv-1MkXR5aM=.8481c89d-3405-499d-9308-3d725664db09@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <_mvkx_d0KLo2ph6c32l7l9sy5umxAvQ9uv-1MkXR5aM=.8481c89d-3405-499d-9308-3d725664db09@github.com> Message-ID: <9zjRCaz5vT3_u34XeNA5pOA4yZB8qsvKDy8cWq3fad4=.cbfc2738-87b9-4cc9-ab5a-09ff8cf55713@github.com> On Tue, 4 Jul 2023 16:27:05 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request incrementally with one additional commit since the last revision: > > Add even more cases and tidy up src/java.base/share/classes/javax/crypto/CryptoPolicyParser.java line 639: > 637: return false; > 638: > 639: if (Objects.equals(this.cryptoPermission, that.cryptoPermission)) { Suggestion: if (!Objects.equals(this.cryptoPermission, that.cryptoPermission)) { ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1253015972 From djelinski at openjdk.org Wed Jul 5 12:18:56 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Wed, 5 Jul 2023 12:18:56 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v3] In-Reply-To: <_mvkx_d0KLo2ph6c32l7l9sy5umxAvQ9uv-1MkXR5aM=.8481c89d-3405-499d-9308-3d725664db09@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <_mvkx_d0KLo2ph6c32l7l9sy5umxAvQ9uv-1MkXR5aM=.8481c89d-3405-499d-9308-3d725664db09@github.com> Message-ID: On Tue, 4 Jul 2023 16:27:05 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request incrementally with one additional commit since the last revision: > > Add even more cases and tidy up src/java.base/share/classes/sun/security/provider/PolicyParser.java line 1133: > 1131: && Objects.equals(this.permission, that.permission) > 1132: && Objects.equals(this.name, that.name) > 1133: && Objects.equals(this.signedBy, that.signedBy); The original code also compared `action` ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1253020587 From djelinski at openjdk.org Wed Jul 5 12:33:56 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Wed, 5 Jul 2023 12:33:56 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v3] In-Reply-To: <_mvkx_d0KLo2ph6c32l7l9sy5umxAvQ9uv-1MkXR5aM=.8481c89d-3405-499d-9308-3d725664db09@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <_mvkx_d0KLo2ph6c32l7l9sy5umxAvQ9uv-1MkXR5aM=.8481c89d-3405-499d-9308-3d725664db09@github.com> Message-ID: <4Z6QENlIxOzMthECRf_UcqZHRmXbEwMZ7LFK-Sf_m9Y=.d0c24427-62c1-45e4-b412-96f163455a4c@github.com> On Tue, 4 Jul 2023 16:27:05 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request incrementally with one additional commit since the last revision: > > Add even more cases and tidy up src/java.base/share/classes/java/security/spec/ECFieldF2m.java line 235: > 233: public int hashCode() { > 234: int value = m << 5; > 235: // consider simplifying using Objects.hashCode(rp) after JDK-8015417 Could you explain this comment? Why does it apply here, and not to other methods like CodeSigner.hashCode? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1253038416 From prappo at openjdk.org Wed Jul 5 14:43:57 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Wed, 5 Jul 2023 14:43:57 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v3] In-Reply-To: <4Z6QENlIxOzMthECRf_UcqZHRmXbEwMZ7LFK-Sf_m9Y=.d0c24427-62c1-45e4-b412-96f163455a4c@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <_mvkx_d0KLo2ph6c32l7l9sy5umxAvQ9uv-1MkXR5aM=.8481c89d-3405-499d-9308-3d725664db09@github.com> <4Z6QENlIxOzMthECRf_UcqZHRmXbEwMZ7LFK-Sf_m9Y=.d0c24427-62c1-45e4-b412-96f163455a4c@github.com> Message-ID: On Wed, 5 Jul 2023 12:31:09 GMT, Daniel Jeli?ski wrote: >> Pavel Rappo has updated the pull request incrementally with one additional commit since the last revision: >> >> Add even more cases and tidy up > > src/java.base/share/classes/java/security/spec/ECFieldF2m.java line 235: > >> 233: public int hashCode() { >> 234: int value = m << 5; >> 235: // consider simplifying using Objects.hashCode(rp) after JDK-8015417 > > Could you explain this comment? Why does it apply here, and not to other methods like CodeSigner.hashCode? You are absolutely right: adding that comment, while actively disregarding concerns described in it elsewhere, warrants some explanation. While working on this and the related PRs, I discovered JDK-8015417. hashCode and, to a lesser extent, equals in ECFieldF2m seemed lean and performance-sensitive so as to apply the smarts of JDK-8015417. Frankly, performance sensitivity was my guess; anyway, I kept the original behaviour for that site. Since then, I learned that JDK-8015417 is quite complicated and well beyond my level of understanding of how JVM works. Until I have clearer understanding of the effects of that issue on this and similar refactoring efforts, I won't integrate this or any other PRs where using the java.util.Objects static methods is a primary goal. That said, I'll remove the comment and refactor that `?:` conditional to use `Objects.equals(Object, Object)`, to be consistent with the rest of this PR. FWIW, we've accidentally started discussion on those effects in another PR: https://github.com/openjdk/jdk/pull/14752#pullrequestreview-1511190453. It might as well have been this PR, but that PR was first. While either PR is good, let's keep it confined and organized. So, please follow that discussion, if you're interested. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1253214761 From prappo at openjdk.org Wed Jul 5 14:52:25 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Wed, 5 Jul 2023 14:52:25 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v3] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <_mvkx_d0KLo2ph6c32l7l9sy5umxAvQ9uv-1MkXR5aM=.8481c89d-3405-499d-9308-3d725664db09@github.com> <4Z6QENlIxOzMthECRf_UcqZHRmXbEwMZ7LFK-Sf_m9Y=.d0c24427-62c1-45e4-b412-96f163455a4c@github.com> Message-ID: On Wed, 5 Jul 2023 14:39:44 GMT, Pavel Rappo wrote: >> src/java.base/share/classes/java/security/spec/ECFieldF2m.java line 235: >> >>> 233: public int hashCode() { >>> 234: int value = m << 5; >>> 235: // consider simplifying using Objects.hashCode(rp) after JDK-8015417 >> >> Could you explain this comment? Why does it apply here, and not to other methods like CodeSigner.hashCode? > > You are absolutely right: adding that comment, while actively disregarding concerns described in it elsewhere, warrants some explanation. > > While working on this and the related PRs, I discovered JDK-8015417. hashCode and, to a lesser extent, equals in ECFieldF2m seemed lean and performance-sensitive so as to apply the smarts of JDK-8015417. Frankly, performance sensitivity was my guess; anyway, I kept the original behaviour for that site. > > Since then, I learned that JDK-8015417 is quite complicated and well beyond my level of understanding of how JVM works. Until I have clearer understanding of the effects of that issue on this and similar refactoring efforts, I won't integrate this or any other PRs where using the java.util.Objects static methods is a primary goal. > > That said, I'll remove the comment and refactor that `?:` conditional to use `Objects.hashCode(Object)`, to be consistent with the rest of this PR. > > FWIW, we've accidentally started discussion on those effects in another PR: https://github.com/openjdk/jdk/pull/14752#pullrequestreview-1511190453. It might as well have been this PR, but that PR was first. While either PR is good, let's keep it confined and organized. So, please follow that discussion, if you're interested. Refactored in 3f316b49f26. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1253222537 From prappo at openjdk.org Wed Jul 5 14:52:22 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Wed, 5 Jul 2023 14:52:22 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: > Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. > > I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. > > * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. > > * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. > > * BitArray could be a topic of its own, but I'll do my best to be concise. > > * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. > * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). > > * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: > > // check certs > if (this.certs == null && that.certs != null || > this.certs != null && that.certs == null || > this.certs != null && > this.certs.length != that.certs.length) { > return false; > } > > int i,j; > boolean match; > > for (i = 0; this.certs != nu... Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision: - Merge branch 'master' into 8311170 - Be consistent with the rest of the change - Fix reported bugs - Add even more cases and tidy up - More cases - Initial commit ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14738/files - new: https://git.openjdk.org/jdk/pull/14738/files/c0c75c87..cb6e1776 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=03 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=02-03 Stats: 2254 lines in 210 files changed: 1031 ins; 456 del; 767 mod Patch: https://git.openjdk.org/jdk/pull/14738.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14738/head:pull/14738 PR: https://git.openjdk.org/jdk/pull/14738 From prappo at openjdk.org Wed Jul 5 14:52:26 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Wed, 5 Jul 2023 14:52:26 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v3] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <_mvkx_d0KLo2ph6c32l7l9sy5umxAvQ9uv-1MkXR5aM=.8481c89d-3405-499d-9308-3d725664db09@github.com> Message-ID: <77hM1YWfeLEtFRax0Fn-k1RRk3rnfNLL_wL4a5ECa4E=.f1904891-f2d5-4da2-9cae-ee951cce3f9c@github.com> On Wed, 5 Jul 2023 12:16:32 GMT, Daniel Jeli?ski wrote: >> Pavel Rappo has updated the pull request incrementally with one additional commit since the last revision: >> >> Add even more cases and tidy up > > src/java.base/share/classes/sun/security/provider/PolicyParser.java line 1133: > >> 1131: && Objects.equals(this.permission, that.permission) >> 1132: && Objects.equals(this.name, that.name) >> 1133: && Objects.equals(this.signedBy, that.signedBy); > > The original code also compared `action` Good catch; thanks! I have fixed this and the other bug you commented on in ca0d43a34ad. What's unpleasant is that tiers 1 and 2 didn't catch those bugs. One useful but separate from this PR exercise would be to gather code coverage for those tiers to see where we can improve our testing. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1253221129 From djelinski at openjdk.org Wed Jul 5 15:20:55 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Wed, 5 Jul 2023 15:20:55 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: On Wed, 5 Jul 2023 14:52:22 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision: > > - Merge branch 'master' into 8311170 > - Be consistent with the rest of the change > - Fix reported bugs > - Add even more cases and tidy up > - More cases > - Initial commit Marked as reviewed by djelinski (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14738#pullrequestreview-1514778691 From rhalade at openjdk.org Wed Jul 5 17:50:21 2023 From: rhalade at openjdk.org (Rajan Halade) Date: Wed, 5 Jul 2023 17:50:21 GMT Subject: [jdk21] Integrated: 8301379: Verify TLS_ECDH_* cipher suites cannot be negotiated In-Reply-To: References: Message-ID: On Tue, 27 Jun 2023 18:37:57 GMT, Rajan Halade wrote: > This test update should be included in JDK 21 LTS release. This pull request has now been integrated. Changeset: 604e03de Author: Rajan Halade URL: https://git.openjdk.org/jdk21/commit/604e03de78a0ed4f687ee2cd95b0d409b4c3736a Stats: 311 lines in 2 files changed: 179 ins; 51 del; 81 mod 8301379: Verify TLS_ECDH_* cipher suites cannot be negotiated Reviewed-by: mullan Backport-of: 9f64a64376c677dbe1358807329b42737ac78ad9 ------------- PR: https://git.openjdk.org/jdk21/pull/71 From rriggs at openjdk.org Wed Jul 5 18:21:03 2023 From: rriggs at openjdk.org (Roger Riggs) Date: Wed, 5 Jul 2023 18:21:03 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: <_0_sGy1nun0IvmqOEU-JJi8EX7vpWjlyE5QbCVegLf0=.bf0f9c04-0167-467d-8235-eecf8cb66914@github.com> On Wed, 5 Jul 2023 14:52:22 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision: > > - Merge branch 'master' into 8311170 > - Be consistent with the rest of the change > - Fix reported bugs > - Add even more cases and tidy up > - More cases > - Initial commit src/java.base/share/classes/java/security/cert/X509CRLEntry.java line 110: > 108: public int hashCode() { > 109: try { > 110: return Arrays.hashCode(this.getEncoded()); What data is at `entryData[0]` that will now be included in the hashCode when it was skipped before? src/java.base/share/classes/javax/security/cert/Certificate.java line 107: > 105: try { > 106: return Arrays.hashCode(this.getEncoded()); > 107: } catch (CertificateException e) { Ditto, what value at `certData[0]` is now included in the hash? src/java.base/share/classes/sun/security/util/BitArray.java line 72: > 70: * specified byte array. The most significant bit of {@code a[0]} gets > 71: * index zero in the BitArray. The array must be large enough to specify > 72: * a value for every bit of the BitArray, i.e. {@code 8*a.length >= length}. The original `<=` was correct, the number of bits in the input array must be less than the requested length of the BitArray. The constructors also describe the length using `<=`; they all should be consistent. src/java.base/share/classes/sun/security/x509/X500Name.java line 422: > 420: // quick check that number of RDNs and AVAs match before canonicalizing > 421: if (!Arrays.equals(this.names, other.names, > 422: Comparator.comparingInt(n -> n.assertion.length))) I'd keep the original comparison of the lengths; its a lot less magical than `Comparator.comparingInt(n -> n.assertion.length))` ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1253446806 PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1253456172 PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1253462853 PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1253469604 From djelinski at openjdk.org Wed Jul 5 19:37:54 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Wed, 5 Jul 2023 19:37:54 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: <_0_sGy1nun0IvmqOEU-JJi8EX7vpWjlyE5QbCVegLf0=.bf0f9c04-0167-467d-8235-eecf8cb66914@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <_0_sGy1nun0IvmqOEU-JJi8EX7vpWjlyE5QbCVegLf0=.bf0f9c04-0167-467d-8235-eecf8cb66914@github.com> Message-ID: On Wed, 5 Jul 2023 18:11:41 GMT, Roger Riggs wrote: >> Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision: >> >> - Merge branch 'master' into 8311170 >> - Be consistent with the rest of the change >> - Fix reported bugs >> - Add even more cases and tidy up >> - More cases >> - Initial commit > > src/java.base/share/classes/sun/security/util/BitArray.java line 72: > >> 70: * specified byte array. The most significant bit of {@code a[0]} gets >> 71: * index zero in the BitArray. The array must be large enough to specify >> 72: * a value for every bit of the BitArray, i.e. {@code 8*a.length >= length}. > > The original `<=` was correct, the number of bits in the input array must be less than the requested length of the BitArray. The constructors also describe the length using `<=`; they all should be consistent. Are you sure? I just checked lines 91-92 and I'd say the change looks correct. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1253548582 From rhalade at openjdk.org Wed Jul 5 19:57:51 2023 From: rhalade at openjdk.org (Rajan Halade) Date: Wed, 5 Jul 2023 19:57:51 GMT Subject: RFR: 8156889: ListKeychainStore.sh fails in some virtualized environments In-Reply-To: References: Message-ID: On Mon, 12 Jun 2023 18:15:48 GMT, Rajan Halade wrote: > This fix converted shell test to java code. Following are the updates done to the original shell test logic: > > - Test is updated to be a manual test as it is rather difficult/impossible to have it run in virtualized environment where we can't update the security keychain search list to include created keychain. > - Test is updated to save earlier keychain search order and restore when test ends. > - Test is now using legacy encryption and MAC algorithms, refer macOS open radar FB8988319, as macOS security framework doesn't work with the latest algorithms. Algorithms were updated with JDK-8153005. Can someone please review this test update? ------------- PR Comment: https://git.openjdk.org/jdk/pull/14424#issuecomment-1622404154 From prappo at openjdk.org Wed Jul 5 20:43:56 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Wed, 5 Jul 2023 20:43:56 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: <_0_sGy1nun0IvmqOEU-JJi8EX7vpWjlyE5QbCVegLf0=.bf0f9c04-0167-467d-8235-eecf8cb66914@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <_0_sGy1nun0IvmqOEU-JJi8EX7vpWjlyE5QbCVegLf0=.bf0f9c04-0167-467d-8235-eecf8cb66914@github.com> Message-ID: On Wed, 5 Jul 2023 18:04:01 GMT, Roger Riggs wrote: >> Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision: >> >> - Merge branch 'master' into 8311170 >> - Be consistent with the rest of the change >> - Fix reported bugs >> - Add even more cases and tidy up >> - More cases >> - Initial commit > > src/java.base/share/classes/javax/security/cert/Certificate.java line 107: > >> 105: try { >> 106: return Arrays.hashCode(this.getEncoded()); >> 107: } catch (CertificateException e) { > > Ditto, what value at `certData[0]` is now included in the hash? Those are correct observations. Unspecified hashCode methods changed in this proposal might return different values than the ones they currently return in the mainline; hence my disclaimer in this PR description: > This PR sacrifices compatibility for pragmatism: it changes some hashCode implementations to produce different values than before to allow more utilization of methods from Objects and Arrays. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. I'm waiting from someone from security-dev to tell me if that's okay to skip zeroth elements in both hashCode. It might've been an accidental skip in the first place. FWIW, their `equals` counterparts do not skip zeroth elements. On the other hand, javax.security.cert.Certificate is deprecated for removal, so I might as well exclude it. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1253622642 From prappo at openjdk.org Wed Jul 5 20:55:54 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Wed, 5 Jul 2023 20:55:54 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <_0_sGy1nun0IvmqOEU-JJi8EX7vpWjlyE5QbCVegLf0=.bf0f9c04-0167-467d-8235-eecf8cb66914@github.com> Message-ID: On Wed, 5 Jul 2023 19:35:23 GMT, Daniel Jeli?ski wrote: >> src/java.base/share/classes/sun/security/util/BitArray.java line 72: >> >>> 70: * specified byte array. The most significant bit of {@code a[0]} gets >>> 71: * index zero in the BitArray. The array must be large enough to specify >>> 72: * a value for every bit of the BitArray, i.e. {@code 8*a.length >= length}. >> >> The original `<=` was correct, the number of bits in the input array must be less than the requested length of the BitArray. The constructors also describe the length using `<=`; they all should be consistent. > > Are you sure? I just checked lines 91-92 and I'd say the change looks correct. > The original `<=` was correct, the number of bits in the input array must be less than the requested length of the BitArray. The constructors also describe the length using `<=`; they all should be consistent. Hm... My reading is that those "i.e." parts state preconditions for the constructors to return successfully, not preconditions for them to throw an exception. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1253635237 From rriggs at openjdk.org Wed Jul 5 21:14:55 2023 From: rriggs at openjdk.org (Roger Riggs) Date: Wed, 5 Jul 2023 21:14:55 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <_0_sGy1nun0IvmqOEU-JJi8EX7vpWjlyE5QbCVegLf0=.bf0f9c04-0167-467d-8235-eecf8cb66914@github.com> Message-ID: On Wed, 5 Jul 2023 20:52:56 GMT, Pavel Rappo wrote: >> Are you sure? I just checked lines 91-92 and I'd say the change looks correct. > >> The original `<=` was correct, the number of bits in the input array must be less than the requested length of the BitArray. The constructors also describe the length using `<=`; they all should be consistent. > > Hm... My reading is that those "i.e." parts state preconditions for the constructors to return successfully, not preconditions for them to throw an exception. I stand corrected. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1253655028 From aturbanov at openjdk.org Thu Jul 6 06:26:54 2023 From: aturbanov at openjdk.org (Andrey Turbanov) Date: Thu, 6 Jul 2023 06:26:54 GMT Subject: RFR: 8295068: SSLEngine throws NPE parsing CertificateRequests In-Reply-To: References: Message-ID: On Wed, 5 Jul 2023 20:25:26 GMT, Kevin Driver wrote: > JDK-8295068: an NPE is thrown when an invalid `id` is found to match up a `ClientCertificateType`; rather than throwing the `NPE`, we now throw an `IllegalArgumentException`. This does not seem to be a scenario where recovery is possible or desired, so the `IAE` should be the proper behavior. src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line 131: > 129: for (byte id : ids) { > 130: ClientCertificateType cct = ClientCertificateType.valueOf(id); > 131: if(cct == null) { Suggestion: if (cct == null) { ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14778#discussion_r1253989234 From xuelei at openjdk.org Thu Jul 6 07:08:54 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Thu, 6 Jul 2023 07:08:54 GMT Subject: RFR: 8295068: SSLEngine throws NPE parsing CertificateRequests In-Reply-To: References: Message-ID: On Wed, 5 Jul 2023 20:25:26 GMT, Kevin Driver wrote: > JDK-8295068: an NPE is thrown when an invalid `id` is found to match up a `ClientCertificateType`; rather than throwing the `NPE`, we now throw an `IllegalArgumentException`. This does not seem to be a scenario where recovery is possible or desired, so the `IAE` should be the proper behavior. Changes requested by xuelei (Reviewer). src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line 134: > 132: throw new IllegalArgumentException(id + " was " + > 133: "not a valid ClientCertificateType id"); > 134: } It may not comply to TLS specification if throwing exception here. Unknown types should be ignored for compatibility. - if (cct.isAvailable) { + if (cct != null && cct.isAvailable) { ------------- PR Review: https://git.openjdk.org/jdk/pull/14778#pullrequestreview-1515892219 PR Review Comment: https://git.openjdk.org/jdk/pull/14778#discussion_r1254023615 From prappo at openjdk.org Thu Jul 6 10:46:56 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Thu, 6 Jul 2023 10:46:56 GMT Subject: [jdk21] Integrated: 8311122: Fix typos in java.base In-Reply-To: References: Message-ID: <4upquGoBx6qmILTd-DmE9YQ3ZCqMQYTV-LKZBOMBL80=.901bb792-f564-4f30-80b6-a8591ceecead@github.com> On Tue, 4 Jul 2023 19:05:58 GMT, Pavel Rappo wrote: > Hi all, > > This pull request contains a backport of commit [7b3c2dc5](https://github.com/openjdk/jdk/commit/7b3c2dc5f45afc3646ff5cdc0f6efd68e0b70ea5) from the [openjdk/jdk](https://git.openjdk.org/jdk) repository. > > The commit being backported was authored by Pavel Rappo on 4 Jul 2023 and was reviewed by Joe Darcy, Naoto Sato, Mandy Chung, Iris Clark, Hamlin Li and Sean Mullan. > > Thanks! This pull request has now been integrated. Changeset: bfed32bd Author: Pavel Rappo URL: https://git.openjdk.org/jdk21/commit/bfed32bd092751f2dca1d1b546ed078f0e45574b Stats: 23 lines in 13 files changed: 0 ins; 0 del; 23 mod 8311122: Fix typos in java.base Reviewed-by: iris Backport-of: 7b3c2dc5f45afc3646ff5cdc0f6efd68e0b70ea5 ------------- PR: https://git.openjdk.org/jdk21/pull/94 From cslucas at openjdk.org Thu Jul 6 13:06:30 2023 From: cslucas at openjdk.org (Cesar Soares Lucas) Date: Thu, 6 Jul 2023 13:06:30 GMT Subject: RFR: JDK-8287061: Support for rematerializing scalar replaced objects participating in allocation merges [v21] In-Reply-To: <7nqFW-lgT1FzuMHPMUQiCj1ATcV_bQtroolf4V_kCc4=.ccd12605-aad0-433e-ba44-5772d972f05d@github.com> References: <7nqFW-lgT1FzuMHPMUQiCj1ATcV_bQtroolf4V_kCc4=.ccd12605-aad0-433e-ba44-5772d972f05d@github.com> Message-ID: > Can I please get reviews for this PR? > > The most common and frequent use of NonEscaping Phis merging object allocations is for debugging information. The two graphs below show numbers for Renaissance and DaCapo benchmarks - similar results are obtained for all other applications that I tested. > > With what frequency does each IR node type occurs as an allocation merge user? I.e., if the same node type uses a Phi N times the counter is incremented by N: > > ![image](https://user-images.githubusercontent.com/2249648/222280517-4dcf5871-2564-4207-b49e-22aee47fa49d.png) > > What are the most common users of allocation merges? I.e., if the same node type uses a Phi N times the counter is incremented by 1: > > ![image](https://user-images.githubusercontent.com/2249648/222280608-ca742a4e-1622-4e69-a778-e4db6805ea02.png) > > This PR adds support scalar replacing allocations participating in merges used as debug information OR as a base for field loads. I plan to create subsequent PRs to enable scalar replacement of merges used by other node types (CmpP is next on the list) subsequently. > > The approach I used for _rematerialization_ is pretty straightforward. It consists basically of the following. 1) New IR node (suggested by V. Kozlov), named SafePointScalarMergeNode, to represent a set of SafePointScalarObjectNode; 2) Each scalar replaceable input participating in a merge will get a SafePointScalarObjectNode like if it weren't part of a merge. 3) Add a new Class to support the rematerialization of SR objects that are part of a merge; 4) Patch HotSpot to be able to serialize and deserialize debug information related to allocation merges; 5) Patch C2 to generate unique types for SR objects participating in some allocation merges. > > The approach I used for _enabling the scalar replacement of some of the inputs of the allocation merge_ is also pretty straightforward: call `MemNode::split_through_phi` to, well, split AddP->Load* through the merge which will render the Phi useless. > > I tested this with JTREG tests tier 1-4 (Windows, Linux, and Mac) and didn't see regression. I also experimented with several applications and didn't see any failure. I also ran tests with "-ea -esa -Xbatch -Xcomp -XX:+UnlockExperimentalVMOptions -XX:-TieredCompilation -server -XX:+IgnoreUnrecognizedVMOptions -XX:+UnlockDiagnosticVMOptions -XX:+StressLCM -XX:+StressGCM -XX:+StressCCP" and didn't observe any related failures. Cesar Soares Lucas has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 22 commits: - Merge branch 'openjdk:master' into rematerialization-of-merges - Addressing PR feedback. - Merge remote-tracking branch 'origin/master' into rematerialization-of-merges - Merge branch 'openjdk:master' into rematerialization-of-merges - Rome minor refactorings. - Merge remote-tracking branch 'origin/master' into rematerialization-of-merges Catching up with master. - Address PR review 6: debug format output & some refactoring. - Catching up with master branch. Merge remote-tracking branch 'origin/master' into rematerialization-of-merges - Address PR review 6: refactoring around rematerialization & improve test cases. - Address PR review 5: refactor on rematerialization & add tests. - ... and 12 more: https://git.openjdk.org/jdk/compare/97e99f01...25b683d6 ------------- Changes: https://git.openjdk.org/jdk/pull/12897/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12897&range=20 Stats: 2733 lines in 26 files changed: 2485 ins; 108 del; 140 mod Patch: https://git.openjdk.org/jdk/pull/12897.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/12897/head:pull/12897 PR: https://git.openjdk.org/jdk/pull/12897 From cslucas at openjdk.org Thu Jul 6 13:06:30 2023 From: cslucas at openjdk.org (Cesar Soares Lucas) Date: Thu, 6 Jul 2023 13:06:30 GMT Subject: RFR: JDK-8287061: Support for rematerializing scalar replaced objects participating in allocation merges [v18] In-Reply-To: <72OcyhmFKGyTwDy8LQ0blp5HG5dg5l9OsU5dh9osVxo=.73b3a79e-ff24-4f41-b39b-650a9036ee76@github.com> References: <7nqFW-lgT1FzuMHPMUQiCj1ATcV_bQtroolf4V_kCc4=.ccd12605-aad0-433e-ba44-5772d972f05d@github.com> <-A7bd8C0q5o1WuRSeSkYYnUoApV4s9uijPmiNB2Wteo=.c5bc944c-88a3-4228-bd41-091ac6c8fb1d@github.com> <72OcyhmFKGyTwDy8LQ0blp5HG5dg5l9OsU5dh9osVxo=.73b3a79e-ff24-4f41-b39b-650a9036ee76@github.com> Message-ID: <1gB4pzC79wZ9fs7t5eWE4yTlyYkz4oK1K36wc7MWgBo=.cc02b3a7-3b4d-4909-8013-746008f50058@github.com> On Tue, 20 Jun 2023 16:44:28 GMT, Vladimir Ivanov wrote: >> Thank you once more for the comments @iwanowww . I?ll address them asap. >> >> Can I ask what requirements are there for a product flag? > >> Can I ask what requirements are there for a product flag? > > Product flags are treated as part of public API of the JVM. So, changes in behavior have to go through CSR process. Also, a product flag has to be deprecated/obsoleted first before it can be removed which takes multiple releases to happen. Better to avoid introducing new product flags unless it is well-justified or necessary. @iwanowww - I believe I've addressed all your comments so far. Is everything still looking good? ------------- PR Comment: https://git.openjdk.org/jdk/pull/12897#issuecomment-1623641674 From mullan at openjdk.org Thu Jul 6 14:06:02 2023 From: mullan at openjdk.org (Sean Mullan) Date: Thu, 6 Jul 2023 14:06:02 GMT Subject: RFR: 8281658: Add a security category to the java -XshowSettings option [v8] In-Reply-To: References: Message-ID: On Tue, 27 Jun 2023 15:06:45 GMT, Sean Coffey wrote: >> New functionality in the -XshowSettings menu to display relevant information about JDK security configuration > > Sean Coffey has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 15 additional commits since the last revision: > > - Avoid sharing INDENT variables > - Merge branch 'master' into 8281658-showsettings-security > - Don't allow bad subcommand values for security component > - restore more informative help message > - Split long properties for ; also > - Pass PrintStream to security helper > - Refactor out security code to helper class > - Print aliases. Order Provider type/service output. > - Incorporate review comments from Roger and tweak some code > - Merge branch 'master' into 8281658-showsettings-security > - ... and 5 more: https://git.openjdk.org/jdk/compare/5cbc0d11...7e6f5090 src/java.base/share/classes/sun/launcher/SecuritySettings.java line 123: > 121: } > 122: > 123: ostream.println(INDENT + "Security TLS configuration:"); What about also noting the name of the TLS/JSSE provider in this line, for example: "Security TLS configuration (SunJSSE provider):" This would be useful information if a customer is using a 3rd party JSSE provider, and it is selected before SunJSSE, as the defaults in that case may be different. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14394#discussion_r1254491773 From kdriver at openjdk.org Thu Jul 6 15:45:57 2023 From: kdriver at openjdk.org (Kevin Driver) Date: Thu, 6 Jul 2023 15:45:57 GMT Subject: RFR: 8295068: SSLEngine throws NPE parsing CertificateRequests In-Reply-To: References: Message-ID: On Thu, 6 Jul 2023 07:05:46 GMT, Xue-Lei Andrew Fan wrote: >> JDK-8295068: an NPE is thrown when an invalid `id` is found to match up a `ClientCertificateType`; rather than throwing the `NPE`, we now throw an `IllegalArgumentException`. This does not seem to be a scenario where recovery is possible or desired, so the `IAE` should be the proper behavior. > > src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line 134: > >> 132: throw new IllegalArgumentException(id + " was " + >> 133: "not a valid ClientCertificateType id"); >> 134: } > > It may not comply to TLS specification if throwing exception here. Unknown types should be ignored for compatibility. > > - if (cct.isAvailable) { > + if (cct != null && cct.isAvailable) { @XueleiFan It looks like the relevant bit of the RFC (as you point out) is this: For historical reasons, the names of some client certificate types include the algorithm used to sign the certificate. For example, in earlier versions of TLS, rsa_fixed_dh meant a certificate signed with RSA and containing a static DH key. In TLS 1.2, this functionality has been obsoleted by the supported_signature_algorithms, and the certificate type no longer restricts the algorithm used to sign the certificate. For example, if the server sends dss_fixed_dh certificate type and {{sha1, dsa}, {sha1, rsa}} signature types, the client MAY reply with a certificate containing a static DH key, signed with RSA- SHA1. I had noticed the comments beginning on line 757 in CertificateRequest: // For TLS 1.2, we no longer use the certificate_types field // from the CertificateRequest message to directly determine // the SSLPossession. Instead, the choosePossession method // will use the accepted signature schemes in the message to // determine the set of acceptable certificate types to select from. I noted that the id byte generated by the test case was 0x72, and this is definitely not a recognized/supported type in JSSE ["Values in the range 64-223 (decimal) inclusive are assigned via Specification Required"]. I chose `IllegalArgumentException` because it seemed values so far "out of range" would be undesirable, and perhaps I misinterpreted the commented paragraph above as implying that the `id` value needed to be one of the set of "acceptable certificate types". After referring back to the RFC, I agree that your proposed fix seems more in line with the intent of the RFC. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14778#discussion_r1254616765 From kdriver at openjdk.org Thu Jul 6 15:52:00 2023 From: kdriver at openjdk.org (Kevin Driver) Date: Thu, 6 Jul 2023 15:52:00 GMT Subject: RFR: 8295068: SSLEngine throws NPE parsing CertificateRequests [v2] In-Reply-To: References: Message-ID: > JDK-8295068: an NPE is thrown when an invalid `id` is found to match up a `ClientCertificateType`; rather than throwing the `NPE`, we now throw an `IllegalArgumentException`. This does not seem to be a scenario where recovery is possible or desired, so the `IAE` should be the proper behavior. Kevin Driver has updated the pull request incrementally with two additional commits since the last revision: - remove extra line break - fail to look up the id silently to not throw an unexpected error ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14778/files - new: https://git.openjdk.org/jdk/pull/14778/files/d36df7ba..ce669848 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14778&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14778&range=00-01 Stats: 5 lines in 1 file changed: 0 ins; 4 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/14778.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14778/head:pull/14778 PR: https://git.openjdk.org/jdk/pull/14778 From xuelei at openjdk.org Thu Jul 6 16:25:59 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Thu, 6 Jul 2023 16:25:59 GMT Subject: RFR: 8295068: SSLEngine throws NPE parsing CertificateRequests [v2] In-Reply-To: References: Message-ID: <8rQcBMO1AsJYpqiRJu5mwb_iXAOb8eOZcB7v67YYngo=.5d7945a0-18a4-4365-a4ce-e1837ea7e61d@github.com> On Thu, 6 Jul 2023 15:52:00 GMT, Kevin Driver wrote: >> JDK-8295068: an NPE is thrown when an invalid `id` is found to match up a `ClientCertificateType`; rather than throwing the `NPE`, we now ignore an `id` which does match a `ClientCertificateType`. > > Kevin Driver has updated the pull request incrementally with two additional commits since the last revision: > > - remove extra line break > - fail to look up the id silently to not throw an unexpected error It looks good to me. Thank you for the update. ------------- Marked as reviewed by xuelei (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14778#pullrequestreview-1516909264 From mullan at openjdk.org Thu Jul 6 16:31:56 2023 From: mullan at openjdk.org (Sean Mullan) Date: Thu, 6 Jul 2023 16:31:56 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: <7yuqL0DLUyWhGC6wSWSW1-N1DaBS8BhckH497vDRjc0=.88229507-e548-48eb-ac9d-0de0322e3997@github.com> On Wed, 5 Jul 2023 14:52:22 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision: > > - Merge branch 'master' into 8311170 > - Be consistent with the rest of the change > - Fix reported bugs > - Add even more cases and tidy up > - More cases > - Initial commit src/java.base/share/classes/java/security/BasicPermission.java line 220: > 218: > 219: /** > 220: * {@return the hash code value for this object} Where is this new javadoc syntax documented/specified? I recall seeing something about it, but not sure where and now I would like to read up on it. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1254668174 From prappo at openjdk.org Thu Jul 6 16:31:56 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Thu, 6 Jul 2023 16:31:56 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: <7yuqL0DLUyWhGC6wSWSW1-N1DaBS8BhckH497vDRjc0=.88229507-e548-48eb-ac9d-0de0322e3997@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <7yuqL0DLUyWhGC6wSWSW1-N1DaBS8BhckH497vDRjc0=.88229507-e548-48eb-ac9d-0de0322e3997@github.com> Message-ID: On Thu, 6 Jul 2023 16:25:05 GMT, Sean Mullan wrote: >> Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision: >> >> - Merge branch 'master' into 8311170 >> - Be consistent with the rest of the change >> - Fix reported bugs >> - Add even more cases and tidy up >> - More cases >> - Initial commit > > src/java.base/share/classes/java/security/BasicPermission.java line 220: > >> 218: >> 219: /** >> 220: * {@return the hash code value for this object} > > Where is this new javadoc syntax documented/specified? I recall seeing something about it, but not sure where and now I would like to read up on it. It's relatively new: since JDK 16. You can read about `@return`: here https://docs.oracle.com/en/java/javase/20/docs/specs/javadoc/doc-comment-spec.html#return ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1254670015 From mullan at openjdk.org Thu Jul 6 16:44:57 2023 From: mullan at openjdk.org (Sean Mullan) Date: Thu, 6 Jul 2023 16:44:57 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: On Wed, 5 Jul 2023 14:52:22 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision: > > - Merge branch 'master' into 8311170 > - Be consistent with the rest of the change > - Fix reported bugs > - Add even more cases and tidy up > - More cases > - Initial commit src/java.base/share/classes/java/security/cert/CertPath.java line 191: > 189: > 190: /** > 191: * {@return the hashcode value for this certification path} The hash code This looks a bit odd w/o a period at the end of the `}`. Is it optional? [The javadoc spec](https://docs.oracle.com/en/java/javase/20/docs/specs/javadoc/doc-comment-spec.html#return) isn't very clear on that - perhaps you could clarify that in the spec. If it is optional, my general preference would be to include the period, as it makes the code more readable. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1254683886 From jjg at openjdk.org Thu Jul 6 16:57:58 2023 From: jjg at openjdk.org (Jonathan Gibbons) Date: Thu, 6 Jul 2023 16:57:58 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: On Thu, 6 Jul 2023 16:41:37 GMT, Sean Mullan wrote: >> Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision: >> >> - Merge branch 'master' into 8311170 >> - Be consistent with the rest of the change >> - Fix reported bugs >> - Add even more cases and tidy up >> - More cases >> - Initial commit > > src/java.base/share/classes/java/security/cert/CertPath.java line 191: > >> 189: >> 190: /** >> 191: * {@return the hashcode value for this certification path} The hash code > > This looks a bit odd w/o a period at the end of the `}`. Is it optional? [The javadoc spec](https://docs.oracle.com/en/java/javase/20/docs/specs/javadoc/doc-comment-spec.html#return) isn't very clear on that - perhaps you could clarify that in the spec. > > If it is optional, my general preference would be to include the period, as it makes the code more readable. > > Or maybe if you started "The hash code ..." on a new line it would look more reasonable. While I agree it looks "a bit odd", the problem is having to address the two ways in which the tag is rendered: 1. As the first sentence. In this case, the text in the braces is preceded by `Returns` and followed by a period. 2. As the equivalent for an `@return` tag, where `Returns:` is a bold heading, and the content is a phrase, and (generally) not followed by a period. The current guideline is that the period should not be present. Elsewhere, the "oddness" is reduced by putting a newline after the tag, so that the `{@return}` tag stands on a line by itself. To forestall any possible suggestion, I would not be in favor of looking outside the tag to see if there is a period following the tag. We can clarify the spec. If you are uncomfortable with the usage here, it is always possible to avoid using the short inline form, and to "duplicate" the text and use an old-fashioned plain first sentence, and an old-fashioned `@return` "block" tag ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1254696669 From mullan at openjdk.org Thu Jul 6 17:08:57 2023 From: mullan at openjdk.org (Sean Mullan) Date: Thu, 6 Jul 2023 17:08:57 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: <_0_sGy1nun0IvmqOEU-JJi8EX7vpWjlyE5QbCVegLf0=.bf0f9c04-0167-467d-8235-eecf8cb66914@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <_0_sGy1nun0IvmqOEU-JJi8EX7vpWjlyE5QbCVegLf0=.bf0f9c04-0167-467d-8235-eecf8cb66914@github.com> Message-ID: On Wed, 5 Jul 2023 18:18:02 GMT, Roger Riggs wrote: >> Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision: >> >> - Merge branch 'master' into 8311170 >> - Be consistent with the rest of the change >> - Fix reported bugs >> - Add even more cases and tidy up >> - More cases >> - Initial commit > > src/java.base/share/classes/sun/security/x509/X500Name.java line 422: > >> 420: // quick check that number of RDNs and AVAs match before canonicalizing >> 421: if (!Arrays.equals(this.names, other.names, >> 422: Comparator.comparingInt(n -> n.assertion.length))) > > I'd keep the original comparison of the lengths; its a lot less magical than `Comparator.comparingInt(n -> n.assertion.length))` I tend to agree with Roger. I have to think more about what is being compared with the new code. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1254706673 From mchung at openjdk.org Thu Jul 6 17:17:57 2023 From: mchung at openjdk.org (Mandy Chung) Date: Thu, 6 Jul 2023 17:17:57 GMT Subject: RFR: 8281658: Add a security category to the java -XshowSettings option [v8] In-Reply-To: References: Message-ID: On Thu, 29 Jun 2023 08:27:43 GMT, Alan Bateman wrote: > The changes make me wonder if `-XshowSetting:aardvark` should be an error rather than default to print all settings. Something we should look at again. Same thing for `-XshowSettings:system` on non-Linux, probably should have been a bit more discussion when that was added as its more about the container environment. I think throwing an error for an invalid suboption makes sense. `-XshowSetting` without the suboption is default to print all settings, i.e. equivalent to `-XshowSetting:all`. But the switch statment is missing the `all` case. I think we should fix this and error for any invalid option. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14394#issuecomment-1624030798 From mullan at openjdk.org Thu Jul 6 17:35:57 2023 From: mullan at openjdk.org (Sean Mullan) Date: Thu, 6 Jul 2023 17:35:57 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: <_0_sGy1nun0IvmqOEU-JJi8EX7vpWjlyE5QbCVegLf0=.bf0f9c04-0167-467d-8235-eecf8cb66914@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <_0_sGy1nun0IvmqOEU-JJi8EX7vpWjlyE5QbCVegLf0=.bf0f9c04-0167-467d-8235-eecf8cb66914@github.com> Message-ID: On Wed, 5 Jul 2023 17:53:55 GMT, Roger Riggs wrote: >> Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision: >> >> - Merge branch 'master' into 8311170 >> - Be consistent with the rest of the change >> - Fix reported bugs >> - Add even more cases and tidy up >> - More cases >> - Initial commit > > src/java.base/share/classes/java/security/cert/X509CRLEntry.java line 110: > >> 108: public int hashCode() { >> 109: try { >> 110: return Arrays.hashCode(this.getEncoded()); > > What data is at `entryData[0]` that will now be included in the hashCode when it was skipped before? I would have to dump out an encoded CRL to check, but I think it should be ok to include it. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1254732666 From mullan at openjdk.org Thu Jul 6 17:42:54 2023 From: mullan at openjdk.org (Sean Mullan) Date: Thu, 6 Jul 2023 17:42:54 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: On Thu, 6 Jul 2023 16:55:12 GMT, Jonathan Gibbons wrote: >> src/java.base/share/classes/java/security/cert/CertPath.java line 191: >> >>> 189: >>> 190: /** >>> 191: * {@return the hashcode value for this certification path} The hash code >> >> This looks a bit odd w/o a period at the end of the `}`. Is it optional? [The javadoc spec](https://docs.oracle.com/en/java/javase/20/docs/specs/javadoc/doc-comment-spec.html#return) isn't very clear on that - perhaps you could clarify that in the spec. >> >> If it is optional, my general preference would be to include the period, as it makes the code more readable. >> >> Or maybe if you started "The hash code ..." on a new line it would look more reasonable. > > While I agree it looks "a bit odd", the problem is having to address the two ways in which the tag is rendered: > > 1. As the first sentence. In this case, the text in the braces is preceded by `Returns` and followed by a period. > 2. As the equivalent for an `@return` tag, where `Returns:` is a bold heading, and the content is a phrase, and (generally) not followed by a period. > > The current guideline is that the period should not be present. Elsewhere, the "oddness" is reduced by putting > a newline after the tag, so that the `{@return}` tag stands on a line by itself. To forestall any possible suggestion, > I would not be in favor of looking outside the tag to see if there is a period following the tag. > > We can clarify the spec. > > If you are uncomfortable with the usage here, it is always possible to avoid using the short inline form, and to "duplicate" the text and use an old-fashioned plain first sentence, and an old-fashioned `@return` "block" tag I think it may be one of those things that people won't realize the period should not be included and might miss as there are no errors and the rendered javadoc will include 2 periods, which is easy to miss. But now that I know about it, I will remember to check for it :) I think I would be more in favor of starting the next sentence on a new line. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1254740661 From rriggs at openjdk.org Thu Jul 6 19:01:06 2023 From: rriggs at openjdk.org (Roger Riggs) Date: Thu, 6 Jul 2023 19:01:06 GMT Subject: RFR: 8281658: Add a security category to the java -XshowSettings option [v8] In-Reply-To: References: Message-ID: On Tue, 27 Jun 2023 15:06:45 GMT, Sean Coffey wrote: >> New functionality in the -XshowSettings menu to display relevant information about JDK security configuration > > Sean Coffey has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 15 additional commits since the last revision: > > - Avoid sharing INDENT variables > - Merge branch 'master' into 8281658-showsettings-security > - Don't allow bad subcommand values for security component > - restore more informative help message > - Split long properties for ; also > - Pass PrintStream to security helper > - Refactor out security code to helper class > - Print aliases. Order Provider type/service output. > - Incorporate review comments from Roger and tweak some code > - Merge branch 'master' into 8281658-showsettings-security > - ... and 5 more: https://git.openjdk.org/jdk/compare/da750e20...7e6f5090 Marked as reviewed by rriggs (Reviewer). src/java.base/share/classes/sun/launcher/LauncherHelper.java line 115: > 113: private static StringBuilder outBuf = new StringBuilder(); > 114: > 115: private static final String INDENT = " ".repeat(4); Revert this, its just making a simple constant into a runtime expression. ------------- PR Review: https://git.openjdk.org/jdk/pull/14394#pullrequestreview-1517119059 PR Review Comment: https://git.openjdk.org/jdk/pull/14394#discussion_r1254799500 From prappo at openjdk.org Thu Jul 6 19:04:23 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Thu, 6 Jul 2023 19:04:23 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v5] In-Reply-To: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: > Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. > > I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. > > * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. > > * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. > > * BitArray could be a topic of its own, but I'll do my best to be concise. > > * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. > * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). > > * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: > > // check certs > if (this.certs == null && that.certs != null || > this.certs != null && that.certs == null || > this.certs != null && > this.certs.length != that.certs.length) { > return false; > } > > int i,j; > boolean match; > > for (i = 0; this.certs != nu... Pavel Rappo has updated the pull request incrementally with one additional commit since the last revision: Revert for readability ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14738/files - new: https://git.openjdk.org/jdk/pull/14738/files/cb6e1776..42d9543b Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=04 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=03-04 Stats: 10 lines in 1 file changed: 8 ins; 0 del; 2 mod Patch: https://git.openjdk.org/jdk/pull/14738.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14738/head:pull/14738 PR: https://git.openjdk.org/jdk/pull/14738 From prappo at openjdk.org Thu Jul 6 19:04:24 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Thu, 6 Jul 2023 19:04:24 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v4] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <_0_sGy1nun0IvmqOEU-JJi8EX7vpWjlyE5QbCVegLf0=.bf0f9c04-0167-467d-8235-eecf8cb66914@github.com> Message-ID: On Thu, 6 Jul 2023 17:06:31 GMT, Sean Mullan wrote: >> src/java.base/share/classes/sun/security/x509/X500Name.java line 422: >> >>> 420: // quick check that number of RDNs and AVAs match before canonicalizing >>> 421: if (!Arrays.equals(this.names, other.names, >>> 422: Comparator.comparingInt(n -> n.assertion.length))) >> >> I'd keep the original comparison of the lengths; its a lot less magical than `Comparator.comparingInt(n -> n.assertion.length))` > > I tend to agree with Roger. I have to think more about what is being compared with the new code. Yeah, I assume no matter how one shapes it, it doesn't seem a readability win: if (!Arrays.equals(this.names, other.names, (n1, n2) -> Integer.compare(n1.assertion.length, n2.assertion.length))) { return false; } Reverted in 42d9543b769. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1254811720 From prappo at openjdk.org Thu Jul 6 19:10:14 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Thu, 6 Jul 2023 19:10:14 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v6] In-Reply-To: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: > Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. > > I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. > > * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. > > * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. > > * BitArray could be a topic of its own, but I'll do my best to be concise. > > * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. > * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). > > * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: > > // check certs > if (this.certs == null && that.certs != null || > this.certs != null && that.certs == null || > this.certs != null && > this.certs.length != that.certs.length) { > return false; > } > > int i,j; > boolean match; > > for (i = 0; this.certs != nu... Pavel Rappo has updated the pull request incrementally with one additional commit since the last revision: Reflow doc comment as suggested ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14738/files - new: https://git.openjdk.org/jdk/pull/14738/files/42d9543b..054ae4b9 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=05 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=04-05 Stats: 3 lines in 1 file changed: 0 ins; 0 del; 3 mod Patch: https://git.openjdk.org/jdk/pull/14738.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14738/head:pull/14738 PR: https://git.openjdk.org/jdk/pull/14738 From duke at openjdk.org Thu Jul 6 23:35:09 2023 From: duke at openjdk.org (duke) Date: Thu, 6 Jul 2023 23:35:09 GMT Subject: Withdrawn: 8301991: Convert l10n properties resource bundles to UTF-8 native In-Reply-To: <0MB7FLFNfaGEWssr9X54UJ_iZNFWBJkxQ1yusP7fsuY=.3f9f3de5-fe84-48e6-9449-626cac42da0b@github.com> References: <0MB7FLFNfaGEWssr9X54UJ_iZNFWBJkxQ1yusP7fsuY=.3f9f3de5-fe84-48e6-9449-626cac42da0b@github.com> Message-ID: On Thu, 23 Feb 2023 09:04:23 GMT, Justin Lu wrote: > This PR converts Unicode sequences to UTF-8 native in .properties file. (Excluding the Unicode space and tab sequence). The conversion was done using native2ascii. > > In addition, the build logic is adjusted to support reading in the .properties files as UTF-8 during the conversion from .properties file to .java ListResourceBundle file. This pull request has been closed without being integrated. ------------- PR: https://git.openjdk.org/jdk/pull/12726 From coffeys at openjdk.org Fri Jul 7 13:47:31 2023 From: coffeys at openjdk.org (Sean Coffey) Date: Fri, 7 Jul 2023 13:47:31 GMT Subject: RFR: 8281658: Add a security category to the java -XshowSettings option [v9] In-Reply-To: References: Message-ID: > New functionality in the -XshowSettings menu to display relevant information about JDK security configuration Sean Coffey has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 17 additional commits since the last revision: - tweaks based on latest reviews - Merge branch 'master' into 8281658-showsettings-security - Avoid sharing INDENT variables - Merge branch 'master' into 8281658-showsettings-security - Don't allow bad subcommand values for security component - restore more informative help message - Split long properties for ; also - Pass PrintStream to security helper - Refactor out security code to helper class - Print aliases. Order Provider type/service output. - ... and 7 more: https://git.openjdk.org/jdk/compare/f233ca46...c563e18e ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14394/files - new: https://git.openjdk.org/jdk/pull/14394/files/7e6f5090..c563e18e Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14394&range=08 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14394&range=07-08 Stats: 50304 lines in 563 files changed: 5893 ins; 41788 del; 2623 mod Patch: https://git.openjdk.org/jdk/pull/14394.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14394/head:pull/14394 PR: https://git.openjdk.org/jdk/pull/14394 From coffeys at openjdk.org Fri Jul 7 13:47:31 2023 From: coffeys at openjdk.org (Sean Coffey) Date: Fri, 7 Jul 2023 13:47:31 GMT Subject: RFR: 8281658: Add a security category to the java -XshowSettings option [v8] In-Reply-To: References: Message-ID: On Thu, 6 Jul 2023 17:15:20 GMT, Mandy Chung wrote: > > The changes make me wonder if `-XshowSetting:aardvark` should be an error rather than default to print all settings. Something we should look at again. Same thing for `-XshowSettings:system` on non-Linux, probably should have been a bit more discussion when that was added as its more about the container environment. > > I think throwing an error for an invalid suboption makes sense. `-XshowSetting` without the suboption is default to print all settings, i.e. equivalent to `-XshowSetting:all`. But the switch statment is missing the `all` case. I think we should fix this and error for any invalid option. fair point Mandy - I hope to change such behavior in a new follow on patch that I'll deliver shortly: JDK-8311653 ------------- PR Comment: https://git.openjdk.org/jdk/pull/14394#issuecomment-1625434995 From coffeys at openjdk.org Fri Jul 7 13:47:34 2023 From: coffeys at openjdk.org (Sean Coffey) Date: Fri, 7 Jul 2023 13:47:34 GMT Subject: RFR: 8281658: Add a security category to the java -XshowSettings option [v8] In-Reply-To: References: Message-ID: On Thu, 6 Jul 2023 18:43:41 GMT, Roger Riggs wrote: >> Sean Coffey has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 15 additional commits since the last revision: >> >> - Avoid sharing INDENT variables >> - Merge branch 'master' into 8281658-showsettings-security >> - Don't allow bad subcommand values for security component >> - restore more informative help message >> - Split long properties for ; also >> - Pass PrintStream to security helper >> - Refactor out security code to helper class >> - Print aliases. Order Provider type/service output. >> - Incorporate review comments from Roger and tweak some code >> - Merge branch 'master' into 8281658-showsettings-security >> - ... and 5 more: https://git.openjdk.org/jdk/compare/774eb316...7e6f5090 > > src/java.base/share/classes/sun/launcher/LauncherHelper.java line 115: > >> 113: private static StringBuilder outBuf = new StringBuilder(); >> 114: >> 115: private static final String INDENT = " ".repeat(4); > > Revert this, its just making a simple constant into a runtime expression. Thanks Roger. Fair point. Done. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14394#discussion_r1255844148 From coffeys at openjdk.org Fri Jul 7 13:47:35 2023 From: coffeys at openjdk.org (Sean Coffey) Date: Fri, 7 Jul 2023 13:47:35 GMT Subject: RFR: 8281658: Add a security category to the java -XshowSettings option [v8] In-Reply-To: References: Message-ID: <9G_72rcKvOLsqveLtQOM5yxUBIeuKEZQGGrMjRSLk5o=.efe5f084-bc39-4ba3-84d9-ae52e7eb46eb@github.com> On Thu, 6 Jul 2023 14:03:12 GMT, Sean Mullan wrote: >> Sean Coffey has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 15 additional commits since the last revision: >> >> - Avoid sharing INDENT variables >> - Merge branch 'master' into 8281658-showsettings-security >> - Don't allow bad subcommand values for security component >> - restore more informative help message >> - Split long properties for ; also >> - Pass PrintStream to security helper >> - Refactor out security code to helper class >> - Print aliases. Order Provider type/service output. >> - Incorporate review comments from Roger and tweak some code >> - Merge branch 'master' into 8281658-showsettings-security >> - ... and 5 more: https://git.openjdk.org/jdk/compare/774eb316...7e6f5090 > > src/java.base/share/classes/sun/launcher/SecuritySettings.java line 123: > >> 121: } >> 122: >> 123: ostream.println(INDENT + "Security TLS configuration:"); > > What about also noting the name of the TLS/JSSE provider in this line, for example: > > "Security TLS configuration (SunJSSE provider):" > > This would be useful information if a customer is using a 3rd party JSSE provider, and it is selected before SunJSSE, as the defaults in that case may be different. good suggestion Sean. Patch updated. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14394#discussion_r1255842787 From coffeys at openjdk.org Fri Jul 7 14:53:00 2023 From: coffeys at openjdk.org (Sean Coffey) Date: Fri, 7 Jul 2023 14:53:00 GMT Subject: RFR: 8281658: Add a security category to the java -XshowSettings option [v8] In-Reply-To: <9G_72rcKvOLsqveLtQOM5yxUBIeuKEZQGGrMjRSLk5o=.efe5f084-bc39-4ba3-84d9-ae52e7eb46eb@github.com> References: <9G_72rcKvOLsqveLtQOM5yxUBIeuKEZQGGrMjRSLk5o=.efe5f084-bc39-4ba3-84d9-ae52e7eb46eb@github.com> Message-ID: On Fri, 7 Jul 2023 13:40:53 GMT, Sean Coffey wrote: >> src/java.base/share/classes/sun/launcher/SecuritySettings.java line 123: >> >>> 121: } >>> 122: >>> 123: ostream.println(INDENT + "Security TLS configuration:"); >> >> What about also noting the name of the TLS/JSSE provider in this line, for example: >> >> "Security TLS configuration (SunJSSE provider):" >> >> This would be useful information if a customer is using a 3rd party JSSE provider, and it is selected before SunJSSE, as the defaults in that case may be different. > > good suggestion Sean. Patch updated. I think we need to harden this area of code actually. Some JDK configurations may not have an SSL provider. e.g. (removing JSSE from config) See "java -X" for verbose security settings options Security provider static configuration: (in order of preference) Provider name: SUN Provider name: SunRsaSign Exception in thread "main" java.lang.InternalError: Failed to create SSL socket at java.base/sun.launcher.SecuritySettings.printSecurityTLSConfig(SecuritySettings.java:121) at java.base/sun.launcher.SecuritySettings.printSecuritySummarySettings(SecuritySettings.java:75) at java.base/sun.launcher.LauncherHelper.showSettings(LauncherHelper.java:188) ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14394#discussion_r1255945485 From kdriver at openjdk.org Fri Jul 7 16:58:02 2023 From: kdriver at openjdk.org (Kevin Driver) Date: Fri, 7 Jul 2023 16:58:02 GMT Subject: Integrated: 8295068: SSLEngine throws NPE parsing CertificateRequests In-Reply-To: References: Message-ID: On Wed, 5 Jul 2023 20:25:26 GMT, Kevin Driver wrote: > JDK-8295068: an NPE is thrown when an invalid `id` is found to match up a `ClientCertificateType`; rather than throwing the `NPE`, we now ignore an `id` which does match a `ClientCertificateType`. This pull request has now been integrated. Changeset: 5667afc3 Author: Kevin Driver Committer: Xue-Lei Andrew Fan URL: https://git.openjdk.org/jdk/commit/5667afc36275b064c7700518f453fe8657e13636 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod 8295068: SSLEngine throws NPE parsing CertificateRequests Reviewed-by: xuelei ------------- PR: https://git.openjdk.org/jdk/pull/14778 From jlu at openjdk.org Fri Jul 7 19:05:02 2023 From: jlu at openjdk.org (Justin Lu) Date: Fri, 7 Jul 2023 19:05:02 GMT Subject: RFR: 8311081: KeytoolReaderP12Test.java fail on localized Windows platform Message-ID: Please review this PR which addresses `KeytoolReaderP12Test.java` failing for non-English locale users. This test checks output from keytool, but fails on finding the value 'alias name' for non-English locale users. This is because 'alias name' is a localized value. (For example, in `ja` this is '??'). To fix the failing issue, the keytool process should be ran with `-J-Duser.language=en -J-Duser.country=US`. ------------- Commit messages: - Launch processes in English/US locale Changes: https://git.openjdk.org/jdk/pull/14806/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14806&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8311081 Stats: 12 lines in 1 file changed: 4 ins; 0 del; 8 mod Patch: https://git.openjdk.org/jdk/pull/14806.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14806/head:pull/14806 PR: https://git.openjdk.org/jdk/pull/14806 From rriggs at openjdk.org Fri Jul 7 19:07:56 2023 From: rriggs at openjdk.org (Roger Riggs) Date: Fri, 7 Jul 2023 19:07:56 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v6] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: On Thu, 6 Jul 2023 19:10:14 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request incrementally with one additional commit since the last revision: > > Reflow doc comment as suggested Marked as reviewed by rriggs (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14738#pullrequestreview-1519605132 From lancea at openjdk.org Fri Jul 7 19:21:58 2023 From: lancea at openjdk.org (Lance Andersen) Date: Fri, 7 Jul 2023 19:21:58 GMT Subject: RFR: 8311081: KeytoolReaderP12Test.java fail on localized Windows platform In-Reply-To: References: Message-ID: On Fri, 7 Jul 2023 18:58:02 GMT, Justin Lu wrote: > Please review this PR which addresses `KeytoolReaderP12Test.java` failing for non-English locale users. > > This test checks output from keytool, but fails on finding the value 'alias name' for non-English locale users. This is because 'alias name' is a localized value. (For example, in `ja` this is '??'). > > To fix the failing issue, the keytool process should be ran with `-J-Duser.language=en -J-Duser.country=US`. Looks ok, you are probably going to need to add the noreg-self label to the bug ------------- Marked as reviewed by lancea (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14806#pullrequestreview-1519633108 From mullan at openjdk.org Fri Jul 7 19:23:59 2023 From: mullan at openjdk.org (Sean Mullan) Date: Fri, 7 Jul 2023 19:23:59 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v6] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: On Thu, 6 Jul 2023 19:10:14 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request incrementally with one additional commit since the last revision: > > Reflow doc comment as suggested Took another pass at this, looks good, but I would like to take another last look and make sure that changing the hash code for some of the classes like X509CRL is a benign change. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14738#issuecomment-1625940764 From prappo at openjdk.org Fri Jul 7 19:24:00 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Fri, 7 Jul 2023 19:24:00 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v6] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: On Fri, 7 Jul 2023 19:19:03 GMT, Sean Mullan wrote: > Took another pass at this, looks good, but I would like to take another last look and make sure that changing the hash code for some of the classes like X509CRL is a benign change. Thanks, Sean. Take your time, you're an expert in this area. Meanwhile, I'll reflow other similar `{@return ... }` constructs that I missed before, for readability. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14738#issuecomment-1625945671 From coffeys at openjdk.org Fri Jul 7 19:42:18 2023 From: coffeys at openjdk.org (Sean Coffey) Date: Fri, 7 Jul 2023 19:42:18 GMT Subject: RFR: 8281658: Add a security category to the java -XshowSettings option [v10] In-Reply-To: References: Message-ID: > New functionality in the -XshowSettings menu to display relevant information about JDK security configuration Sean Coffey has updated the pull request incrementally with two additional commits since the last revision: - Harden code to report lack of SSL support - Testcase correction ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14394/files - new: https://git.openjdk.org/jdk/pull/14394/files/c563e18e..559f698e Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14394&range=09 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14394&range=08-09 Stats: 4 lines in 2 files changed: 2 ins; 0 del; 2 mod Patch: https://git.openjdk.org/jdk/pull/14394.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14394/head:pull/14394 PR: https://git.openjdk.org/jdk/pull/14394 From prappo at openjdk.org Fri Jul 7 23:19:27 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Fri, 7 Jul 2023 23:19:27 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v7] In-Reply-To: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: > Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. > > I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. > > * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. > > * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. > > * BitArray could be a topic of its own, but I'll do my best to be concise. > > * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. > * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). > > * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: > > // check certs > if (this.certs == null && that.certs != null || > this.certs != null && that.certs == null || > this.certs != null && > this.certs.length != that.certs.length) { > return false; > } > > int i,j; > boolean match; > > for (i = 0; this.certs != nu... Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 10 additional commits since the last revision: - Merge branch 'master' into 8311170 - Reflow previously missed doc comment - Reflow doc comment as suggested - Revert for readability - Merge branch 'master' into 8311170 - Be consistent with the rest of the change - Fix reported bugs - Add even more cases and tidy up - More cases - Initial commit ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14738/files - new: https://git.openjdk.org/jdk/pull/14738/files/054ae4b9..bb504a7a Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=06 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=05-06 Stats: 42868 lines in 93 files changed: 1587 ins; 40719 del; 562 mod Patch: https://git.openjdk.org/jdk/pull/14738.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14738/head:pull/14738 PR: https://git.openjdk.org/jdk/pull/14738 From jpai at openjdk.org Sat Jul 8 05:47:53 2023 From: jpai at openjdk.org (Jaikiran Pai) Date: Sat, 8 Jul 2023 05:47:53 GMT Subject: RFR: 8311081: KeytoolReaderP12Test.java fail on localized Windows platform In-Reply-To: References: Message-ID: On Fri, 7 Jul 2023 18:58:02 GMT, Justin Lu wrote: > Please review this PR which addresses `KeytoolReaderP12Test.java` failing for non-English locale users. > > This test checks output from keytool, but fails on finding the value 'alias name' for non-English locale users. This is because 'alias name' is a localized value. (For example, in `ja` this is '??'). > > To fix the failing issue, the keytool process should be ran with `-J-Duser.language=en -J-Duser.country=US`. Marked as reviewed by jpai (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14806#pullrequestreview-1520649382 From Alan.Bateman at oracle.com Mon Jul 10 10:41:33 2023 From: Alan.Bateman at oracle.com (Alan Bateman) Date: Mon, 10 Jul 2023 11:41:33 +0100 Subject: RFR: JDK-8308398 Move SunEC crypto provider into java.base In-Reply-To: References: <6lzoh0vmMyKVEF9wFGW-axNSgbgKmMKTclBro12Pa40=.001e679b-3108-46d9-8922-29d8e551abbc@github.com> <2c1ddf91-4c0c-537d-90f9-160988ce2d27@zeus.net.au> Message-ID: <1ae3a1dc-7bea-0622-5829-5088ce21dc37@oracle.com> On 04/07/2023 11:23, Peter Firmstone wrote: > Thanks Anthony, > > Always interesting to see how others are managing modularity. Some > time ago now (circa 2007), Sun released Jini as open source, set up a > project at Apache called River, we struggled to get developers though, > we had a big monolithic codebase and developers couldn't get their > heads around it.?? When I was modularising it, I decided to use SPI's > as module boundaries, it turned out to be a good decision, we ended up > making all our SPI's OSGi services as well.?? Probably doesn't matter > in this instance, OpenJDK is already modular, and it's implementation > detail.?? Some of our crypto providers are in the same module, but I'm > thinking of separating them into different modules now, as some are no > longer secure, but some people may still need them for compatibility, > by moving old code into different modules, we can allow to die a > peaceful death, without requiring people who don't use it to be > burdened by it. > The concept to learn here is "services" and the uses/provides clauses that are used to say if a module makes use of a service or provides an implementation of. When using services you get a lot more flexibility to refactor without breaking anyone. -Alan From mullan at openjdk.org Mon Jul 10 14:44:24 2023 From: mullan at openjdk.org (Sean Mullan) Date: Mon, 10 Jul 2023 14:44:24 GMT Subject: RFR: 8281658: Add a security category to the java -XshowSettings option [v10] In-Reply-To: References: Message-ID: On Fri, 7 Jul 2023 19:42:18 GMT, Sean Coffey wrote: >> New functionality in the -XshowSettings menu to display relevant information about JDK security configuration > > Sean Coffey has updated the pull request incrementally with two additional commits since the last revision: > > - Harden code to report lack of SSL support > - Testcase correction Marked as reviewed by mullan (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14394#pullrequestreview-1522251783 From vlivanov at openjdk.org Mon Jul 10 17:04:30 2023 From: vlivanov at openjdk.org (Vladimir Ivanov) Date: Mon, 10 Jul 2023 17:04:30 GMT Subject: RFR: JDK-8287061: Support for rematerializing scalar replaced objects participating in allocation merges [v21] In-Reply-To: References: <7nqFW-lgT1FzuMHPMUQiCj1ATcV_bQtroolf4V_kCc4=.ccd12605-aad0-433e-ba44-5772d972f05d@github.com> Message-ID: <1s2gGfT_bsyz2mtAr3UFbXKlXniyiK2Hk4lZmBm_Crk=.89639816-872b-436f-9863-d5044e4a9ea5@github.com> On Thu, 6 Jul 2023 13:06:30 GMT, Cesar Soares Lucas wrote: >> Can I please get reviews for this PR? >> >> The most common and frequent use of NonEscaping Phis merging object allocations is for debugging information. The two graphs below show numbers for Renaissance and DaCapo benchmarks - similar results are obtained for all other applications that I tested. >> >> With what frequency does each IR node type occurs as an allocation merge user? I.e., if the same node type uses a Phi N times the counter is incremented by N: >> >> ![image](https://user-images.githubusercontent.com/2249648/222280517-4dcf5871-2564-4207-b49e-22aee47fa49d.png) >> >> What are the most common users of allocation merges? I.e., if the same node type uses a Phi N times the counter is incremented by 1: >> >> ![image](https://user-images.githubusercontent.com/2249648/222280608-ca742a4e-1622-4e69-a778-e4db6805ea02.png) >> >> This PR adds support scalar replacing allocations participating in merges used as debug information OR as a base for field loads. I plan to create subsequent PRs to enable scalar replacement of merges used by other node types (CmpP is next on the list) subsequently. >> >> The approach I used for _rematerialization_ is pretty straightforward. It consists basically of the following. 1) New IR node (suggested by V. Kozlov), named SafePointScalarMergeNode, to represent a set of SafePointScalarObjectNode; 2) Each scalar replaceable input participating in a merge will get a SafePointScalarObjectNode like if it weren't part of a merge. 3) Add a new Class to support the rematerialization of SR objects that are part of a merge; 4) Patch HotSpot to be able to serialize and deserialize debug information related to allocation merges; 5) Patch C2 to generate unique types for SR objects participating in some allocation merges. >> >> The approach I used for _enabling the scalar replacement of some of the inputs of the allocation merge_ is also pretty straightforward: call `MemNode::split_through_phi` to, well, split AddP->Load* through the merge which will render the Phi useless. >> >> I tested this with JTREG tests tier 1-4 (Windows, Linux, and Mac) and didn't see regression. I also experimented with several applications and didn't see any failure. I also ran tests with "-ea -esa -Xbatch -Xcomp -XX:+UnlockExperimentalVMOptions -XX:-TieredCompilation -server -XX:+IgnoreUnrecognizedVMOptions -XX:+UnlockDiagnosticVMOptions -XX:+StressLCM -XX:+StressGCM -XX:+StressCCP" and didn't observe any related failures. > > Cesar Soares Lucas has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 22 commits: > > - Merge branch 'openjdk:master' into rematerialization-of-merges > - Addressing PR feedback. > - Merge remote-tracking branch 'origin/master' into rematerialization-of-merges > - Merge branch 'openjdk:master' into rematerialization-of-merges > - Rome minor refactorings. > - Merge remote-tracking branch 'origin/master' into rematerialization-of-merges > Catching up with master. > - Address PR review 6: debug format output & some refactoring. > - Catching up with master branch. > > Merge remote-tracking branch 'origin/master' into rematerialization-of-merges > - Address PR review 6: refactoring around rematerialization & improve test cases. > - Address PR review 5: refactor on rematerialization & add tests. > - ... and 12 more: https://git.openjdk.org/jdk/compare/97e99f01...25b683d6 The patch looks good. I resubmitted testing with the latest version and the results are clean. ------------- Marked as reviewed by vlivanov (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/12897#pullrequestreview-1522564439 From kvn at openjdk.org Mon Jul 10 19:55:07 2023 From: kvn at openjdk.org (Vladimir Kozlov) Date: Mon, 10 Jul 2023 19:55:07 GMT Subject: RFR: JDK-8287061: Support for rematerializing scalar replaced objects participating in allocation merges [v21] In-Reply-To: References: <7nqFW-lgT1FzuMHPMUQiCj1ATcV_bQtroolf4V_kCc4=.ccd12605-aad0-433e-ba44-5772d972f05d@github.com> Message-ID: On Thu, 6 Jul 2023 13:06:30 GMT, Cesar Soares Lucas wrote: >> Can I please get reviews for this PR? >> >> The most common and frequent use of NonEscaping Phis merging object allocations is for debugging information. The two graphs below show numbers for Renaissance and DaCapo benchmarks - similar results are obtained for all other applications that I tested. >> >> With what frequency does each IR node type occurs as an allocation merge user? I.e., if the same node type uses a Phi N times the counter is incremented by N: >> >> ![image](https://user-images.githubusercontent.com/2249648/222280517-4dcf5871-2564-4207-b49e-22aee47fa49d.png) >> >> What are the most common users of allocation merges? I.e., if the same node type uses a Phi N times the counter is incremented by 1: >> >> ![image](https://user-images.githubusercontent.com/2249648/222280608-ca742a4e-1622-4e69-a778-e4db6805ea02.png) >> >> This PR adds support scalar replacing allocations participating in merges used as debug information OR as a base for field loads. I plan to create subsequent PRs to enable scalar replacement of merges used by other node types (CmpP is next on the list) subsequently. >> >> The approach I used for _rematerialization_ is pretty straightforward. It consists basically of the following. 1) New IR node (suggested by V. Kozlov), named SafePointScalarMergeNode, to represent a set of SafePointScalarObjectNode; 2) Each scalar replaceable input participating in a merge will get a SafePointScalarObjectNode like if it weren't part of a merge. 3) Add a new Class to support the rematerialization of SR objects that are part of a merge; 4) Patch HotSpot to be able to serialize and deserialize debug information related to allocation merges; 5) Patch C2 to generate unique types for SR objects participating in some allocation merges. >> >> The approach I used for _enabling the scalar replacement of some of the inputs of the allocation merge_ is also pretty straightforward: call `MemNode::split_through_phi` to, well, split AddP->Load* through the merge which will render the Phi useless. >> >> I tested this with JTREG tests tier 1-4 (Windows, Linux, and Mac) and didn't see regression. I also experimented with several applications and didn't see any failure. I also ran tests with "-ea -esa -Xbatch -Xcomp -XX:+UnlockExperimentalVMOptions -XX:-TieredCompilation -server -XX:+IgnoreUnrecognizedVMOptions -XX:+UnlockDiagnosticVMOptions -XX:+StressLCM -XX:+StressGCM -XX:+StressCCP" and didn't observe any related failures. > > Cesar Soares Lucas has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 22 commits: > > - Merge branch 'openjdk:master' into rematerialization-of-merges > - Addressing PR feedback. > - Merge remote-tracking branch 'origin/master' into rematerialization-of-merges > - Merge branch 'openjdk:master' into rematerialization-of-merges > - Rome minor refactorings. > - Merge remote-tracking branch 'origin/master' into rematerialization-of-merges > Catching up with master. > - Address PR review 6: debug format output & some refactoring. > - Catching up with master branch. > > Merge remote-tracking branch 'origin/master' into rematerialization-of-merges > - Address PR review 6: refactoring around rematerialization & improve test cases. > - Address PR review 5: refactor on rematerialization & add tests. > - ... and 12 more: https://git.openjdk.org/jdk/compare/97e99f01...25b683d6 The final version looks good to me too. ------------- Marked as reviewed by kvn (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/12897#pullrequestreview-1522912018 From andrew at openjdk.org Tue Jul 11 08:51:13 2023 From: andrew at openjdk.org (Andrew John Hughes) Date: Tue, 11 Jul 2023 08:51:13 GMT Subject: RFR: 8309330: Allow java.security to be extended via a properties directory [v2] In-Reply-To: References: Message-ID: <_Qg2VMk-lf7D-Qe8lt0W6ncUlLxdW8BykJp6JOfe62A=.e12e42ec-549c-45f3-ab95-52b6eb725721@github.com> On Fri, 2 Jun 2023 12:58:36 GMT, Andrew John Hughes wrote: >> Currently, security properties are held within the `java.security` file in the JDK tree for each installed JDK. The system property `java.security.properties` can be used to point to a file containing additional properties. These can be appended to the existing set or override all existing properties. >> >> There is currently no way to specify additional properties permanently or to reference multiple files. Making permanent changes to the `java.security` properties requires editing the `java.security` file in each JDK where the changes are required. >> >> This patch allows a directory tree to be specified either permanently in the java.security file by the `security.propertiesDir` property or on the command line using `java.security.propertiesDir`. Any property files found in this directory tree can be appended to those specified in `java.security`, as with the single file used by `java.security.properties`. >> >> As an example, the `security.propertiesDir` in the `java.security` file of each JDK can be set to a common shared directory, allowing all JDKs to share a common set of security properties. This eases setting up properties on each new JDK installation and also allows the shared properties to be maintained under different access permissions to those of the JDK. >> >> The command-line variant, `java.security.propertiesDir`, is intended primarily for testing and to disable a permanent properties directory by setting the value to empty. As with `java.security.properties`, the system property will be ignored if `security.overridePropertiesFile` in the `java.security` file is not set to true. >> >> A less flexible version of this patch (a permanent hardcoded single file) has been [used in our JDK installations since 2016](https://bugzilla.redhat.com/show_bug.cgi?id=1249083) to provide a system-wide crypto policy. Having support for this in the upstream JDK would allow us to remove a local patch from our builds and reduce divergence from upstream. > > Andrew John Hughes has updated the pull request incrementally with one additional commit since the last revision: > > Sort the returned list of property files and exclude hidden files. Still waiting on CSR resolution. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14277#issuecomment-1630411780 From ecki at zusammenkunft.net Tue Jul 11 10:12:09 2023 From: ecki at zusammenkunft.net (Bernd) Date: Tue, 11 Jul 2023 12:12:09 +0200 Subject: RFR: 8309330: Allow java.security to be extended via a properties directory [v2] In-Reply-To: <_Qg2VMk-lf7D-Qe8lt0W6ncUlLxdW8BykJp6JOfe62A=.e12e42ec-549c-45f3-ab95-52b6eb725721@github.com> References: , <_Qg2VMk-lf7D-Qe8lt0W6ncUlLxdW8BykJp6JOfe62A=.e12e42ec-549c-45f3-ab95-52b6eb725721@github.com> Message-ID: <7E6B7F63-AE08-6B47-ABC3-E2AEA6419408@hxcore.ol> An HTML attachment was scrubbed... URL: From prappo at openjdk.org Tue Jul 11 19:38:02 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Tue, 11 Jul 2023 19:38:02 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v6] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: On Fri, 7 Jul 2023 19:21:29 GMT, Pavel Rappo wrote: > > Took another pass at this, looks good, but I would like to take another last look and make sure that changing the hash code for some of the classes like X509CRL is a benign change. > > Thanks, Sean. Take your time, you're an expert in this area. Meanwhile, I'll reflow other similar `{@return ... }` constructs that I missed before, for readability. This comment is NOT to rush the review. I once again note, that those classes in this PR that skip the first array element in `hashCode`, do not seem to skip that same element in `equals`. Although that does not breach equals-hashCode contract, it puzzles the reader and theoretically makes `hashCode` more blunt (i.e. more instances may share a hash code value). This observation is an investigation opportunity. But equally, I'm okay with skipping the investigation and reverting those particular changes, if security-dev wants to be on the safe side. We might soon have a more flexible way to compute hashCode [^*]. If we have it, we could then both refactor those hashCode implementations and preserve their behaviour. [^*]: https://github.com/openjdk/jdk/pull/14831 ------------- PR Comment: https://git.openjdk.org/jdk/pull/14738#issuecomment-1631404126 From duke at openjdk.org Tue Jul 11 19:40:27 2023 From: duke at openjdk.org (Craig Andrews) Date: Tue, 11 Jul 2023 19:40:27 GMT Subject: RFR: JDK-8311892: TrustManagerFactory loading an invalid keystore yield vague exception Message-ID: When loading the default JVM trust store, if the JVM trust store contains an invalid certificate, the exception contains insufficient information to determine which certificate is invalid, making it very difficult to fix the problem. To reproduce the issue: 1. Modify the default JVM trust store to contain invalid information. A very easy way to do this on openjdk / red hat systems is to edit /etc/pki/ca-trust/extracted/java/cacerts and add garbage text to the file. 2. Run this code: TrustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); // initializing the trust store with a null KeyStore will load the default JVM trust store tmf.init((KeyStore) null); This stack trace results: Caused by: java.security.KeyStoreException: problem accessing trust store at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73) at java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:282) ... 81 common frames omitted Caused by: java.io.IOException: toDerInputStream rejects tag type 97 at java.base/sun.security.util.DerValue.toDerInputStream(DerValue.java:1155) at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2013) at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221) at java.base/java.security.KeyStore.load(KeyStore.java:1473) at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:390) at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:336) at java.base/sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:57) at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49) ... 83 common frames omitted Throwing an exception with a more detailed error message facilitates debugging and ultimately fixing such problems. ------------- Commit messages: - JDK-8311892: TrustManagerFactory loading an invalid keystore yield vague exception Changes: https://git.openjdk.org/jdk/pull/14834/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14834&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8311892 Stats: 5 lines in 1 file changed: 4 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/14834.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14834/head:pull/14834 PR: https://git.openjdk.org/jdk/pull/14834 From rhalade at openjdk.org Tue Jul 11 20:50:35 2023 From: rhalade at openjdk.org (Rajan Halade) Date: Tue, 11 Jul 2023 20:50:35 GMT Subject: RFR: 8295894: Remove SECOM certificate that is expiring in September 2023 Message-ID: The fix is to remove the expiring SECOM root certificate after approval from root CA to remove it. Release note is at - https://bugs.openjdk.org/browse/JDK-8311884 ------------- Commit messages: - 8295894: Remove SECOM certificate that is expiring in September 2023 Changes: https://git.openjdk.org/jdk/pull/14838/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14838&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8295894 Stats: 32 lines in 2 files changed: 0 ins; 29 del; 3 mod Patch: https://git.openjdk.org/jdk/pull/14838.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14838/head:pull/14838 PR: https://git.openjdk.org/jdk/pull/14838 From xuelei at openjdk.org Tue Jul 11 21:08:02 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Tue, 11 Jul 2023 21:08:02 GMT Subject: RFR: 8295894: Remove SECOM certificate that is expiring in September 2023 In-Reply-To: References: Message-ID: On Tue, 11 Jul 2023 20:42:14 GMT, Rajan Halade wrote: > The fix is to remove the expiring SECOM root certificate after approval from root CA to remove it. > > Release note is at - https://bugs.openjdk.org/browse/JDK-8311884 Marked as reviewed by xuelei (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14838#pullrequestreview-1525157343 From prappo at openjdk.org Tue Jul 11 22:01:15 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Tue, 11 Jul 2023 22:01:15 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v7] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: <67vihBZ2HHeUAjXXIVpF_h7Q1P-nIE6q__hlzS8OyaE=.d2d49fe1-1c48-4785-98c5-cea25ff8d1c0@github.com> On Fri, 7 Jul 2023 23:19:27 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 10 additional commits since the last revision: > > - Merge branch 'master' into 8311170 > - Reflow previously missed doc comment > - Reflow doc comment as suggested > - Revert for readability > - Merge branch 'master' into 8311170 > - Be consistent with the rest of the change > - Fix reported bugs > - Add even more cases and tidy up > - More cases > - Initial commit > > > Took another pass at this, looks good, but I would like to take another last look and make sure that changing the hash code for some of the classes like X509CRL is a benign change. > > > > > > Thanks, Sean. Take your time, you're an expert in this area. Meanwhile, I'll reflow other similar `{@return ... }` constructs that I missed before, for readability. > > This comment is NOT to rush the review. > > I once again note, that those classes in this PR that skip the first array element in `hashCode`, do not seem to skip that same element in `equals`. Although that does not breach equals-hashCode contract, it puzzles the reader and theoretically makes `hashCode` more blunt (i.e. more instances may share a hash code value). > > This observation is an investigation opportunity. But equally, I'm okay with skipping the investigation and reverting those particular changes, if security-dev wants to be on the safe side. We might soon have a more flexible way to compute hashCode [1](#user-content-fn-*-d08640fefec8cc5b91d743888afc0a5d). If we have it, we could then both refactor those hashCode implementations and preserve their behaviour. > > ## Footnotes > 1. https://github.com/openjdk/jdk/pull/14831 [?](#user-content-fnref-*-d08640fefec8cc5b91d743888afc0a5d) To add to my previous comment. Don't know if it helps, but I found this bug, that applies similar (to my non-expert eye) refactoring to java.security.cert.Certificate.hashCode: 8011402: Move blacklisting certificate logic from hard code to data ------------- PR Comment: https://git.openjdk.org/jdk/pull/14738#issuecomment-1631563886 From mullan at openjdk.org Tue Jul 11 22:36:10 2023 From: mullan at openjdk.org (Sean Mullan) Date: Tue, 11 Jul 2023 22:36:10 GMT Subject: RFR: 8295894: Remove SECOM certificate that is expiring in September 2023 In-Reply-To: References: Message-ID: On Tue, 11 Jul 2023 20:42:14 GMT, Rajan Halade wrote: > The fix is to remove the expiring SECOM root certificate after approval from root CA to remove it. > > Release note is at - https://bugs.openjdk.org/browse/JDK-8311884 Marked as reviewed by mullan (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14838#pullrequestreview-1525242154 From valeriep at openjdk.org Tue Jul 11 23:27:20 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Tue, 11 Jul 2023 23:27:20 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown Message-ID: This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. Thanks in advance for review~ Valerie ------------- Commit messages: - 8302017: Allocate BadPaddingException only if it will be thrown Changes: https://git.openjdk.org/jdk/pull/14839/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14839&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8302017 Stats: 179 lines in 5 files changed: 107 ins; 23 del; 49 mod Patch: https://git.openjdk.org/jdk/pull/14839.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14839/head:pull/14839 PR: https://git.openjdk.org/jdk/pull/14839 From rhalade at openjdk.org Tue Jul 11 23:57:19 2023 From: rhalade at openjdk.org (Rajan Halade) Date: Tue, 11 Jul 2023 23:57:19 GMT Subject: Integrated: 8295894: Remove SECOM certificate that is expiring in September 2023 In-Reply-To: References: Message-ID: On Tue, 11 Jul 2023 20:42:14 GMT, Rajan Halade wrote: > The fix is to remove the expiring SECOM root certificate after approval from root CA to remove it. > > Release note is at - https://bugs.openjdk.org/browse/JDK-8311884 This pull request has now been integrated. Changeset: fd7fddb6 Author: Rajan Halade URL: https://git.openjdk.org/jdk/commit/fd7fddb6ed24e0ae4b5e18fb27fd80230941dc0b Stats: 32 lines in 2 files changed: 0 ins; 29 del; 3 mod 8295894: Remove SECOM certificate that is expiring in September 2023 Reviewed-by: xuelei, mullan ------------- PR: https://git.openjdk.org/jdk/pull/14838 From duke at openjdk.org Wed Jul 12 12:55:34 2023 From: duke at openjdk.org (Glavo) Date: Wed, 12 Jul 2023 12:55:34 GMT Subject: RFR: 8311943: Cleanup usages of toLowerCase() and toUpperCase() in java.base Message-ID: Clean up misuses of `toLowerCase()`/`toUpperCase()` in java.base. ------------- Commit messages: - Update DateTimeFormatterBuilder - Avoid locale-sensitive case conversions in java.base Changes: https://git.openjdk.org/jdk/pull/14763/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14763&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8311943 Stats: 51 lines in 13 files changed: 9 ins; 0 del; 42 mod Patch: https://git.openjdk.org/jdk/pull/14763.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14763/head:pull/14763 PR: https://git.openjdk.org/jdk/pull/14763 From jpai at openjdk.org Wed Jul 12 12:55:34 2023 From: jpai at openjdk.org (Jaikiran Pai) Date: Wed, 12 Jul 2023 12:55:34 GMT Subject: RFR: 8311943: Cleanup usages of toLowerCase() and toUpperCase() in java.base In-Reply-To: References: Message-ID: On Mon, 3 Jul 2023 20:53:34 GMT, Glavo wrote: > Clean up misuses of `toLowerCase()`/`toUpperCase()` in java.base. Hello Glavo, I've created https://bugs.openjdk.org/browse/JDK-8311943 to track this change. Please update the title to this PR to `8311943: Cleanup usages of toLowerCase() and toUpperCase() in java.base` so that it triggers the official RFR. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14763#issuecomment-1632426553 From alanb at openjdk.org Wed Jul 12 13:29:11 2023 From: alanb at openjdk.org (Alan Bateman) Date: Wed, 12 Jul 2023 13:29:11 GMT Subject: RFR: 8311943: Cleanup usages of toLowerCase() and toUpperCase() in java.base In-Reply-To: References: Message-ID: On Mon, 3 Jul 2023 20:53:34 GMT, Glavo wrote: > Clean up misuses of `toLowerCase()`/`toUpperCase()` in java.base. src/java.base/share/classes/java/io/StreamTokenizer.java line 632: > 630: sval = String.copyValueOf(buf, 0, i); > 631: if (forceLower) > 632: sval = sval.toLowerCase(Locale.ROOT); I suspect this change to StreamTokenizer needs eyes. I think long standing behavior of the lowerCaseMode(true) has been to use the rules for the default locale so we need to be careful. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14763#discussion_r1261178834 From duke at openjdk.org Wed Jul 12 14:35:16 2023 From: duke at openjdk.org (Glavo) Date: Wed, 12 Jul 2023 14:35:16 GMT Subject: RFR: 8311943: Cleanup usages of toLowerCase() and toUpperCase() in java.base In-Reply-To: References: Message-ID: On Wed, 12 Jul 2023 13:26:03 GMT, Alan Bateman wrote: > I suspect this change to StreamTokenizer needs eyes. I think long standing behavior of the lowerCaseMode(true) has been to use the rules for the default locale so we need to be careful. I investigated some usage of this method on GitHub: https://github.com/search?q=%22lowerCaseMode%28true%29%22+language%3AJava&type=code In the use cases I see, it seems that no one wants to rely on the default locale. However, while I think this corrects the behavior, this caused a change in the behavior of the API, so a CSR may be required. I don't want to debate this in this PR, so I'll revert this change and open a new PR in the future. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14763#discussion_r1261271535 From duke at openjdk.org Wed Jul 12 15:06:36 2023 From: duke at openjdk.org (Glavo) Date: Wed, 12 Jul 2023 15:06:36 GMT Subject: RFR: 8311943: Cleanup usages of toLowerCase() and toUpperCase() in java.base [v2] In-Reply-To: References: Message-ID: <8j9x5j5Gw_A5Oz1yKloOUaYOIOCUqGxIT_7U9UsnQDE=.7591e55d-c111-4c43-b82a-5f0252019b62@github.com> > Clean up misuses of `toLowerCase()`/`toUpperCase()` in java.base. Glavo has updated the pull request incrementally with one additional commit since the last revision: Revert StreamTokenizer.java ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14763/files - new: https://git.openjdk.org/jdk/pull/14763/files/944acdc4..8b8957f5 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14763&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14763&range=00-01 Stats: 2 lines in 1 file changed: 0 ins; 1 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/14763.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14763/head:pull/14763 PR: https://git.openjdk.org/jdk/pull/14763 From cslucas at openjdk.org Wed Jul 12 15:12:23 2023 From: cslucas at openjdk.org (Cesar Soares Lucas) Date: Wed, 12 Jul 2023 15:12:23 GMT Subject: RFR: JDK-8287061: Support for rematerializing scalar replaced objects participating in allocation merges [v21] In-Reply-To: References: <7nqFW-lgT1FzuMHPMUQiCj1ATcV_bQtroolf4V_kCc4=.ccd12605-aad0-433e-ba44-5772d972f05d@github.com> Message-ID: On Thu, 6 Jul 2023 13:06:30 GMT, Cesar Soares Lucas wrote: >> Can I please get reviews for this PR? >> >> The most common and frequent use of NonEscaping Phis merging object allocations is for debugging information. The two graphs below show numbers for Renaissance and DaCapo benchmarks - similar results are obtained for all other applications that I tested. >> >> With what frequency does each IR node type occurs as an allocation merge user? I.e., if the same node type uses a Phi N times the counter is incremented by N: >> >> ![image](https://user-images.githubusercontent.com/2249648/222280517-4dcf5871-2564-4207-b49e-22aee47fa49d.png) >> >> What are the most common users of allocation merges? I.e., if the same node type uses a Phi N times the counter is incremented by 1: >> >> ![image](https://user-images.githubusercontent.com/2249648/222280608-ca742a4e-1622-4e69-a778-e4db6805ea02.png) >> >> This PR adds support scalar replacing allocations participating in merges used as debug information OR as a base for field loads. I plan to create subsequent PRs to enable scalar replacement of merges used by other node types (CmpP is next on the list) subsequently. >> >> The approach I used for _rematerialization_ is pretty straightforward. It consists basically of the following. 1) New IR node (suggested by V. Kozlov), named SafePointScalarMergeNode, to represent a set of SafePointScalarObjectNode; 2) Each scalar replaceable input participating in a merge will get a SafePointScalarObjectNode like if it weren't part of a merge. 3) Add a new Class to support the rematerialization of SR objects that are part of a merge; 4) Patch HotSpot to be able to serialize and deserialize debug information related to allocation merges; 5) Patch C2 to generate unique types for SR objects participating in some allocation merges. >> >> The approach I used for _enabling the scalar replacement of some of the inputs of the allocation merge_ is also pretty straightforward: call `MemNode::split_through_phi` to, well, split AddP->Load* through the merge which will render the Phi useless. >> >> I tested this with JTREG tests tier 1-4 (Windows, Linux, and Mac) and didn't see regression. I also experimented with several applications and didn't see any failure. I also ran tests with "-ea -esa -Xbatch -Xcomp -XX:+UnlockExperimentalVMOptions -XX:-TieredCompilation -server -XX:+IgnoreUnrecognizedVMOptions -XX:+UnlockDiagnosticVMOptions -XX:+StressLCM -XX:+StressGCM -XX:+StressCCP" and didn't observe any related failures. > > Cesar Soares Lucas has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 22 commits: > > - Merge branch 'openjdk:master' into rematerialization-of-merges > - Addressing PR feedback. > - Merge remote-tracking branch 'origin/master' into rematerialization-of-merges > - Merge branch 'openjdk:master' into rematerialization-of-merges > - Rome minor refactorings. > - Merge remote-tracking branch 'origin/master' into rematerialization-of-merges > Catching up with master. > - Address PR review 6: debug format output & some refactoring. > - Catching up with master branch. > > Merge remote-tracking branch 'origin/master' into rematerialization-of-merges > - Address PR review 6: refactoring around rematerialization & improve test cases. > - Address PR review 5: refactor on rematerialization & add tests. > - ... and 12 more: https://git.openjdk.org/jdk/compare/97e99f01...25b683d6 Thank you all for reviewing this PR! Your feedback made it much better! ------------- PR Comment: https://git.openjdk.org/jdk/pull/12897#issuecomment-1632721475 From mullan at openjdk.org Wed Jul 12 15:40:24 2023 From: mullan at openjdk.org (Sean Mullan) Date: Wed, 12 Jul 2023 15:40:24 GMT Subject: RFR: 8156889: ListKeychainStore.sh fails in some virtualized environments In-Reply-To: References: Message-ID: On Mon, 12 Jun 2023 18:15:48 GMT, Rajan Halade wrote: > This fix converted shell test to java code. Following are the updates done to the original shell test logic: > > - Test is updated to be a manual test as it is rather difficult/impossible to have it run in virtualized environment where we can't update the security keychain search list to include created keychain. > - Test is updated to save earlier keychain search order and restore when test ends. > - Test is now using legacy encryption and MAC algorithms, refer macOS open radar FB8988319, as macOS security framework doesn't work with the latest algorithms. Algorithms were updated with JDK-8153005. Marked as reviewed by mullan (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14424#pullrequestreview-1526662501 From mdonovan at openjdk.org Wed Jul 12 15:43:50 2023 From: mdonovan at openjdk.org (Matthew Donovan) Date: Wed, 12 Jul 2023 15:43:50 GMT Subject: RFR: 8309305: sun/security/ssl/SSLSocketImpl/BlockedAsyncClose.java fails with jtreg test timeout [v2] In-Reply-To: References: Message-ID: On Tue, 13 Jun 2023 14:24:20 GMT, Matthew Donovan wrote: >> This PR improves the reliability of the BlockedAsyncClose test by addressing an edge case/race condition between the two test threads. The purpose of the test is to verify that an SSLSocket can be closed if a thread is blocked in a write operation. >> >> The test starts a "write" thread that writes data to a socket until the output buffer was filled, causing the write operation to block. The main thread then calls `SSLSocket.close()`. The original code used `Thread.sleep(1000)` to wait for the write-thread to block. However, 1 second isn't always long enough and if the write-thread isn't blocked and the output buffer is full (or almost full), the `socket.close()` call may block when it tries to send the close_notify alert. This is the condition that caused this bug. >> >> My change uses a Lock to determine if the write thread is blocked. In the write thread, the lock creates a critical section around the `write()` call. The main thread uses `tryLock()` with a timeout to determine that the write() call is taking too long and thus likely blocked. >> >> While there, I also updated the test to use the SSLContextTemplate class. > > Matthew Donovan has updated the pull request incrementally with one additional commit since the last revision: > > Fixed whitespace. > > Co-authored-by: Andrey Turbanov Can someone please review this? Thanks! ------------- PR Comment: https://git.openjdk.org/jdk/pull/14378#issuecomment-1632777482 From uschindler at openjdk.org Wed Jul 12 16:08:17 2023 From: uschindler at openjdk.org (Uwe Schindler) Date: Wed, 12 Jul 2023 16:08:17 GMT Subject: RFR: 8311943: Cleanup usages of toLowerCase() and toUpperCase() in java.base [v2] In-Reply-To: References: Message-ID: On Wed, 12 Jul 2023 14:31:53 GMT, Glavo wrote: >> src/java.base/share/classes/java/io/StreamTokenizer.java line 632: >> >>> 630: sval = String.copyValueOf(buf, 0, i); >>> 631: if (forceLower) >>> 632: sval = sval.toLowerCase(Locale.ROOT); >> >> I suspect this change to StreamTokenizer needs eyes. I think long standing behavior of the lowerCaseMode(true) has been to use the rules for the default locale so we need to be careful. > >> I suspect this change to StreamTokenizer needs eyes. I think long standing behavior of the lowerCaseMode(true) has been to use the rules for the default locale so we need to be careful. > > I investigated usage of this method on GitHub: > > https://github.com/search?q=%22lowerCaseMode%28true%29%22+language%3AJava&type=code > > In some of the use cases I investigated, it seems that no one wants to rely on the default locale. > > However, while I think this corrects the behavior, this caused a change in the behavior of the API, so a CSR may be required. I don't want to debate this in this PR, so I'll revert this change and open a new PR in the future. Maybe a small suggestion to make it clear whats wanted here. In other projects I am involved in (Apache Lucene/Solr, Apache TIKA, PostgresSQL JDBC, Checkstyle itsself, Elasticserach/Opensearch), which use the [forbiddenapis Maven/Gradle/Ant plugin](https://github.com/policeman-tools/forbidden-apis/), we forbid all calls to several Java APIs (including toLowerCase/toUpperCase case). All bytecode using this will build failure (FYI, we also disallow other stuff like relying of default timezone or characterset). To make it clear what is really intended, those projects agreed on having `toLowerCase(Locale.getDefault())`, so it is explicit what's wanted. Without that it could be that somebody else starts the discussion again. This is just a suggestion to be explicit as it makes maintaining the code easier. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14763#discussion_r1261404900 From duke at openjdk.org Wed Jul 12 16:22:15 2023 From: duke at openjdk.org (Glavo) Date: Wed, 12 Jul 2023 16:22:15 GMT Subject: RFR: 8311943: Cleanup usages of toLowerCase() and toUpperCase() in java.base [v2] In-Reply-To: References: Message-ID: On Wed, 12 Jul 2023 16:05:03 GMT, Uwe Schindler wrote: > Maybe a small suggestion to make it clear whats wanted here. In other projects I am involved in (Apache Lucene/Solr, Apache TIKA, PostgresSQL JDBC, Checkstyle itsself, Elasticserach/Opensearch), which use the [forbiddenapis Maven/Gradle/Ant plugin](https://github.com/policeman-tools/forbidden-apis/), we forbid all calls to several Java APIs (including toLowerCase/toUpperCase case). All bytecode using this will build failure (FYI, we also disallow other stuff like relying of default timezone or characterset). To make it clear what is really intended, those projects agreed on having `toLowerCase(Locale.getDefault())`, so it is explicit what's wanted. Without that it could be that somebody else starts the discussion again. > > This is just a suggestion to be explicit as it makes maintaining the code easier. I agree with this. I'm working on deprecating `toLowerCase()` and `toUpperCase()`, this PR is part of that effort. I wish to convert all use cases of them to `toLowerCase(Locale)` and `toUpperCase(Locale)`. More backstory is detailed in https://github.com/openjdk/jdk/pull/13434#issuecomment-1503989660. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14763#discussion_r1261421937 From xuelei at openjdk.org Wed Jul 12 17:02:04 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Wed, 12 Jul 2023 17:02:04 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown In-Reply-To: References: Message-ID: On Tue, 11 Jul 2023 23:19:40 GMT, Valerie Peng wrote: > This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. > > Thanks in advance for review~ > Valerie Changes requested by xuelei (Reviewer). src/java.base/share/classes/sun/security/rsa/RSAPadding.java line 372: > 370: return Output.FAIL; > 371: } else { > 372: return Output.pass(data); The Output.pass(byte[]) will create a new instance and thus make the behavior detectable. Maybe, the Output class is not necessary, 'null' value return could be used instead. - if (bp) { - return Output.FAIL; - } else { - return Output.pass(data); + return bp ? null : data; src/java.base/share/classes/sun/security/rsa/RSASignature.java line 217: > 215: byte[] digest = getDigestValue(); > 216: byte[] decrypted = RSACore.rsa(sigBytes, publicKey); > 217: RSAPadding.Output po = padding.unpad(decrypted); In case you are already here, what if comparing the padded/encoded result, without use unpad() any longer? I meant to follow the spec as described in RFC8017#section-8.2.2: encode the `decryped` bytes and then compare the result with the `digest` bytes. ------------- PR Review: https://git.openjdk.org/jdk/pull/14839#pullrequestreview-1526794400 PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1261451456 PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1261463911 From rhalade at openjdk.org Wed Jul 12 17:59:35 2023 From: rhalade at openjdk.org (Rajan Halade) Date: Wed, 12 Jul 2023 17:59:35 GMT Subject: [jdk21] RFR: 8295894: Remove SECOM certificate that is expiring in September 2023 Message-ID: JDK 21 will be released in Sept 2023 so this certificate should be removed from it as there would only be a week or so left once the release is shipped before the certificate expired. ------------- Commit messages: - Backport fd7fddb6ed24e0ae4b5e18fb27fd80230941dc0b Changes: https://git.openjdk.org/jdk21/pull/114/files Webrev: https://webrevs.openjdk.org/?repo=jdk21&pr=114&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8295894 Stats: 32 lines in 2 files changed: 0 ins; 29 del; 3 mod Patch: https://git.openjdk.org/jdk21/pull/114.diff Fetch: git fetch https://git.openjdk.org/jdk21.git pull/114/head:pull/114 PR: https://git.openjdk.org/jdk21/pull/114 From mullan at openjdk.org Wed Jul 12 18:15:15 2023 From: mullan at openjdk.org (Sean Mullan) Date: Wed, 12 Jul 2023 18:15:15 GMT Subject: [jdk21] RFR: 8295894: Remove SECOM certificate that is expiring in September 2023 In-Reply-To: References: Message-ID: On Wed, 12 Jul 2023 17:52:47 GMT, Rajan Halade wrote: > JDK 21 will be released in Sept 2023 so this certificate should be removed from it as there would only be a week or so left once the release is shipped before the certificate expired. Looks good. I think the RN should have a fixVersion of 21. ------------- Marked as reviewed by mullan (Reviewer). PR Review: https://git.openjdk.org/jdk21/pull/114#pullrequestreview-1526963303 From rhalade at openjdk.org Wed Jul 12 18:18:26 2023 From: rhalade at openjdk.org (Rajan Halade) Date: Wed, 12 Jul 2023 18:18:26 GMT Subject: Integrated: 8156889: ListKeychainStore.sh fails in some virtualized environments In-Reply-To: References: Message-ID: <62dI3azIOf6r_t0R7x47gPoWaG4Y_RgErjloSjhY6lQ=.fdaa72b4-2470-43a7-9237-2ea7186648f1@github.com> On Mon, 12 Jun 2023 18:15:48 GMT, Rajan Halade wrote: > This fix converted shell test to java code. Following are the updates done to the original shell test logic: > > - Test is updated to be a manual test as it is rather difficult/impossible to have it run in virtualized environment where we can't update the security keychain search list to include created keychain. > - Test is updated to save earlier keychain search order and restore when test ends. > - Test is now using legacy encryption and MAC algorithms, refer macOS open radar FB8988319, as macOS security framework doesn't work with the latest algorithms. Algorithms were updated with JDK-8153005. This pull request has now been integrated. Changeset: 119cc495 Author: Rajan Halade URL: https://git.openjdk.org/jdk/commit/119cc495fc6c18a29b7484d294c31ad1d478791c Stats: 449 lines in 4 files changed: 202 ins; 247 del; 0 mod 8156889: ListKeychainStore.sh fails in some virtualized environments Reviewed-by: mullan ------------- PR: https://git.openjdk.org/jdk/pull/14424 From rhalade at openjdk.org Wed Jul 12 18:21:24 2023 From: rhalade at openjdk.org (Rajan Halade) Date: Wed, 12 Jul 2023 18:21:24 GMT Subject: [jdk21] Integrated: 8295894: Remove SECOM certificate that is expiring in September 2023 In-Reply-To: References: Message-ID: On Wed, 12 Jul 2023 17:52:47 GMT, Rajan Halade wrote: > JDK 21 will be released in Sept 2023 so this certificate should be removed from it as there would only be a week or so left once the release is shipped before the certificate expired. This pull request has now been integrated. Changeset: 72cf3c95 Author: Rajan Halade URL: https://git.openjdk.org/jdk21/commit/72cf3c958f764a255e59b8267aec6ed1847de225 Stats: 32 lines in 2 files changed: 0 ins; 29 del; 3 mod 8295894: Remove SECOM certificate that is expiring in September 2023 Reviewed-by: mullan Backport-of: fd7fddb6ed24e0ae4b5e18fb27fd80230941dc0b ------------- PR: https://git.openjdk.org/jdk21/pull/114 From rhalade at openjdk.org Wed Jul 12 18:29:21 2023 From: rhalade at openjdk.org (Rajan Halade) Date: Wed, 12 Jul 2023 18:29:21 GMT Subject: [jdk21] RFR: 8156889: ListKeychainStore.sh fails in some virtualized environments Message-ID: Critical test update to be included in JDK 21 LTS release. ------------- Commit messages: - Backport 119cc495fc6c18a29b7484d294c31ad1d478791c Changes: https://git.openjdk.org/jdk21/pull/116/files Webrev: https://webrevs.openjdk.org/?repo=jdk21&pr=116&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8156889 Stats: 449 lines in 4 files changed: 202 ins; 247 del; 0 mod Patch: https://git.openjdk.org/jdk21/pull/116.diff Fetch: git fetch https://git.openjdk.org/jdk21.git pull/116/head:pull/116 PR: https://git.openjdk.org/jdk21/pull/116 From mullan at openjdk.org Wed Jul 12 18:46:20 2023 From: mullan at openjdk.org (Sean Mullan) Date: Wed, 12 Jul 2023 18:46:20 GMT Subject: [jdk21] RFR: 8156889: ListKeychainStore.sh fails in some virtualized environments In-Reply-To: References: Message-ID: On Wed, 12 Jul 2023 18:21:53 GMT, Rajan Halade wrote: > Critical test update to be included in JDK 21 LTS release. Marked as reviewed by mullan (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk21/pull/116#pullrequestreview-1527035043 From rhalade at openjdk.org Wed Jul 12 18:52:27 2023 From: rhalade at openjdk.org (Rajan Halade) Date: Wed, 12 Jul 2023 18:52:27 GMT Subject: [jdk21] Integrated: 8156889: ListKeychainStore.sh fails in some virtualized environments In-Reply-To: References: Message-ID: On Wed, 12 Jul 2023 18:21:53 GMT, Rajan Halade wrote: > Critical test update to be included in JDK 21 LTS release. This pull request has now been integrated. Changeset: 82c8b28f Author: Rajan Halade URL: https://git.openjdk.org/jdk21/commit/82c8b28f4005c3c335d4fd60c2e3b55adfd200c6 Stats: 449 lines in 4 files changed: 202 ins; 247 del; 0 mod 8156889: ListKeychainStore.sh fails in some virtualized environments Reviewed-by: mullan Backport-of: 119cc495fc6c18a29b7484d294c31ad1d478791c ------------- PR: https://git.openjdk.org/jdk21/pull/116 From valeriep at openjdk.org Wed Jul 12 18:55:25 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Wed, 12 Jul 2023 18:55:25 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown In-Reply-To: References: Message-ID: On Wed, 12 Jul 2023 16:46:08 GMT, Xue-Lei Andrew Fan wrote: >> This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. >> >> Thanks in advance for review~ >> Valerie > > src/java.base/share/classes/sun/security/rsa/RSAPadding.java line 372: > >> 370: return Output.FAIL; >> 371: } else { >> 372: return Output.pass(data); > > The Output.pass(byte[]) will create a new instance and thus make the behavior detectable. Maybe, the Output class is not necessary, 'null' value return could be used instead. > > > - if (bp) { > - return Output.FAIL; > - } else { > - return Output.pass(data); > + return bp ? null : data; Ok, I can change it back to byte[] ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1261602015 From valeriep at openjdk.org Wed Jul 12 19:07:16 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Wed, 12 Jul 2023 19:07:16 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown In-Reply-To: References: Message-ID: <96lhIZwGkNPn4U2o-DAxONb8_6Xhwz1cgvU7czXc6M8=.ecf6ced1-5e0f-460b-968f-d470d51d0a47@github.com> On Wed, 12 Jul 2023 16:58:20 GMT, Xue-Lei Andrew Fan wrote: >> This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. >> >> Thanks in advance for review~ >> Valerie > > src/java.base/share/classes/sun/security/rsa/RSASignature.java line 217: > >> 215: byte[] digest = getDigestValue(); >> 216: byte[] decrypted = RSACore.rsa(sigBytes, publicKey); >> 217: RSAPadding.Output po = padding.unpad(decrypted); > > In case you are already here, what if comparing the padded/encoded result, without use unpad() any longer? I meant to follow the spec as described in RFC8017#section-8.2.2: encode the `decryped` bytes and then compare the result with the `digest` bytes. Ok, I can switch to this approach. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1261612766 From mullan at openjdk.org Wed Jul 12 19:15:00 2023 From: mullan at openjdk.org (Sean Mullan) Date: Wed, 12 Jul 2023 19:15:00 GMT Subject: RFR: JDK-8311892: TrustManagerFactory loading an invalid keystore yield vague exception In-Reply-To: References: Message-ID: On Tue, 11 Jul 2023 18:09:26 GMT, Craig Andrews wrote: > When loading the default JVM trust store, if the JVM trust store contains an invalid certificate, the exception contains insufficient information to determine which certificate is invalid, making it very difficult to fix the problem. > > To reproduce the issue: > 1. Modify the default JVM trust store to contain invalid information. A very easy way to do this on openjdk / red hat systems is to edit /etc/pki/ca-trust/extracted/java/cacerts and add garbage text to the file. > 2. Run this code: > > TrustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); > // initializing the trust store with a null KeyStore will load the default JVM trust store > tmf.init((KeyStore) null); > > > This stack trace results: > > Caused by: java.security.KeyStoreException: problem accessing trust store > at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73) > at java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:282) > ... 81 common frames omitted > Caused by: java.io.IOException: toDerInputStream rejects tag type 97 > at java.base/sun.security.util.DerValue.toDerInputStream(DerValue.java:1155) > at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2013) > at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221) > at java.base/java.security.KeyStore.load(KeyStore.java:1473) > at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:390) > at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:336) > at java.base/sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:57) > at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49) > ... 83 common frames omitted > > > Throwing an exception with a more detailed error message facilitates debugging and ultimately fixing such problems. Can you provide an example of the stack trace you now get with your proposed fix? ------------- PR Comment: https://git.openjdk.org/jdk/pull/14834#issuecomment-1633068231 From valeriep at openjdk.org Wed Jul 12 23:12:18 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Wed, 12 Jul 2023 23:12:18 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: References: Message-ID: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> > This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. > > Thanks in advance for review~ > Valerie Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as before. ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14839/files - new: https://git.openjdk.org/jdk/pull/14839/files/52e8e28f..cbb958d9 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14839&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14839&range=00-01 Stats: 83 lines in 5 files changed: 17 ins; 24 del; 42 mod Patch: https://git.openjdk.org/jdk/pull/14839.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14839/head:pull/14839 PR: https://git.openjdk.org/jdk/pull/14839 From valeriep at openjdk.org Thu Jul 13 02:53:29 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Thu, 13 Jul 2023 02:53:29 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider Message-ID: This change adds back the Reference.ReachabilityFence(Object) call removed by [JDK-8301553](https://bugs.openjdk.org/browse/JDK-8301553). Please help review. Thanks! Valerie ------------- Commit messages: - 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider Changes: https://git.openjdk.org/jdk/pull/14859/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14859&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8311902 Stats: 6 lines in 1 file changed: 5 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/14859.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14859/head:pull/14859 PR: https://git.openjdk.org/jdk/pull/14859 From ascarpino at openjdk.org Thu Jul 13 03:55:52 2023 From: ascarpino at openjdk.org (Anthony Scarpino) Date: Thu, 13 Jul 2023 03:55:52 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: Message-ID: On Thu, 13 Jul 2023 02:46:10 GMT, Valerie Peng wrote: > This change adds back the Reference.ReachabilityFence(Object) call removed by [JDK-8301553](https://bugs.openjdk.org/browse/JDK-8301553). > > Please help review. > Thanks! > Valerie Looks good to me ------------- Marked as reviewed by ascarpino (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14859#pullrequestreview-1527528956 From xuelei at openjdk.org Thu Jul 13 04:18:52 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Thu, 13 Jul 2023 04:18:52 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: Message-ID: <1HJGC1CrE5aqAaogrzoW1ZhxdnzGLeR-z1857YENk_8=.3c292fba-897a-4fd4-82ce-a38d0ff85be5@github.com> On Thu, 13 Jul 2023 02:46:10 GMT, Valerie Peng wrote: > This change adds back the Reference.ReachabilityFence(Object) call removed by [JDK-8301553](https://bugs.openjdk.org/browse/JDK-8301553). > > Please help review. > Thanks! > Valerie It looks good to me to rollback to previous behaviors. I was just wondering, if the use of key in other methods, like hashCode()/equals(), has the similar issue? Thanks! ------------- Marked as reviewed by xuelei (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14859#pullrequestreview-1527542265 From xuelei at openjdk.org Thu Jul 13 04:41:14 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Thu, 13 Jul 2023 04:41:14 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Wed, 12 Jul 2023 23:12:18 GMT, Valerie Peng wrote: >> This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. >> >> Thanks in advance for review~ >> Valerie > > Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: > > Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as before. Thank you for the update. src/java.base/share/classes/sun/security/rsa/RSASignature.java line 196: > 194: return RSACore.rsa(padded, privateKey, true); > 195: } > 196: throw new SignatureException("Could not sign data"); It may be clearer if the throw line is moved to the end of the method. Otherwise, I have to check if SignatureException is a sub-class of GeneralSecurityException. src/java.base/share/classes/sun/security/rsa/RSASignature.java line 231: > 229: RSAUtil.decodeSignature(digestOID, unpadded)); > 230: } > 231: } I understand where the fallback code came from. As the padding code is exactly the same as engineSign(), the risk may be minimal. With the fallback code, the security concern (time-constant) we cared about will come back. Did you run into testing failure without the fallback doe? ------------- PR Review: https://git.openjdk.org/jdk/pull/14839#pullrequestreview-1527547950 PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1261964861 PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1261970478 From prappo at openjdk.org Thu Jul 13 08:51:23 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Thu, 13 Jul 2023 08:51:23 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v8] In-Reply-To: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: <-trukyY0g7D4huUrA8u9GBY13F_8Pyza8rPOlRMgUSM=.9fac7a62-4c79-4a42-b9f3-d4c1b60f6662@github.com> > Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. > > I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. > > * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. > > * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. > > * BitArray could be a topic of its own, but I'll do my best to be concise. > > * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. > * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). > > * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: > > // check certs > if (this.certs == null && that.certs != null || > this.certs != null && that.certs == null || > this.certs != null && > this.certs.length != that.certs.length) { > return false; > } > > int i,j; > boolean match; > > for (i = 0; this.certs != nu... Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 12 additional commits since the last revision: - Much more cases: apologies for extra review work - Merge branch 'master' into 8311170 - Merge branch 'master' into 8311170 - Reflow previously missed doc comment - Reflow doc comment as suggested - Revert for readability - Merge branch 'master' into 8311170 - Be consistent with the rest of the change - Fix reported bugs - Add even more cases and tidy up - ... and 2 more: https://git.openjdk.org/jdk/compare/0c4516a6...457b9c56 ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14738/files - new: https://git.openjdk.org/jdk/pull/14738/files/bb504a7a..457b9c56 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=07 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=06-07 Stats: 15590 lines in 352 files changed: 7610 ins; 7165 del; 815 mod Patch: https://git.openjdk.org/jdk/pull/14738.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14738/head:pull/14738 PR: https://git.openjdk.org/jdk/pull/14738 From prappo at openjdk.org Thu Jul 13 08:54:16 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Thu, 13 Jul 2023 08:54:16 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v7] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: <_Uj3GSbiRrgky3FbCJ-Z61Qri6S62ZzRPd02haCaars=.e08e0d71-b093-458b-af85-cd43ff9c643a@github.com> On Fri, 7 Jul 2023 23:19:27 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 10 additional commits since the last revision: > > - Merge branch 'master' into 8311170 > - Reflow previously missed doc comment > - Reflow doc comment as suggested > - Revert for readability > - Merge branch 'master' into 8311170 > - Be consistent with the rest of the change > - Fix reported bugs > - Add even more cases and tidy up > - More cases > - Initial commit I pushed a new commit, 457b9c5, that changes almost 90 files; I realise its huge review cost. Perhaps at this stage, reviewers could glance at that commit, and we could then collectively cherry-pick the most useful changes. FWIW, the tests are green. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14738#issuecomment-1633831460 From duke at openjdk.org Thu Jul 13 10:01:04 2023 From: duke at openjdk.org (Ferenc Rakoczi) Date: Thu, 13 Jul 2023 10:01:04 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Thu, 13 Jul 2023 04:35:31 GMT, Xue-Lei Andrew Fan wrote: >> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: >> >> Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as before. > > src/java.base/share/classes/sun/security/rsa/RSASignature.java line 231: > >> 229: RSAUtil.decodeSignature(digestOID, unpadded)); >> 230: } >> 231: } > > I understand where the fallback code came from. As the padding code is exactly the same as engineSign(), the risk may be minimal. With the fallback code, the security concern (time-constant) we cared about will come back. Did you run into testing failure without the fallback doe? Instead of falling back to unpad()/decodeSignature() I suggest to try a new version of encodeSignature() in which you omit putting the null for params into the DER encoding and compare the decrypted message with that, too. Accept if any of the two encodings matches the decrypted one, reject otherwise. This can be done in constant time, although it is not necessary to be constant time as the time of doing it does not depend on any secret. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1262326648 From duke at openjdk.org Thu Jul 13 11:35:16 2023 From: duke at openjdk.org (Ferenc Rakoczi) Date: Thu, 13 Jul 2023 11:35:16 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Wed, 12 Jul 2023 23:12:18 GMT, Valerie Peng wrote: >> This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. >> >> Thanks in advance for review~ >> Valerie > > Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: > > Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as before. src/java.base/share/classes/sun/security/rsa/RSASignature.java line 223: > 221: byte[] decrypted = RSACore.rsa(sigBytes, publicKey); > 222: > 223: boolean status = MessageDigest.isEqual(padded, decrypted); You should compare only the relevant parts (mask out the random padding bytes). ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1262427325 From mdonovan at openjdk.org Thu Jul 13 12:14:20 2023 From: mdonovan at openjdk.org (Matthew Donovan) Date: Thu, 13 Jul 2023 12:14:20 GMT Subject: RFR: 8290005: com/sun/jndi/ldap/LdapCBPropertiesTest.java failling with NullPointerException [v2] In-Reply-To: References: <_Q0R_ffxNgj8akEl9DzdoO7Cl17ULr9vKiY-NXNx5g8=.f1eacd05-32c8-4976-9c80-bb8c59c53ea0@github.com> <0gMLhW0oFZMkxjclDGbIJLyh0vhqr8e2cP6Cimb2w9w=.408d9450-09fd-4276-868e-b28a175a60b9@github.com> <2XuGMZnGZ8-4EACWi1YLy8rXEmWHwulFOK6QJkcPNrk=.80ab389c-ecf1-4597-83c1-1ff02b884124@github.com> Message-ID: On Wed, 21 Jun 2023 12:04:34 GMT, Matthew Donovan wrote: >> There's a bit of a history with SSLSocket closures since the new handshaker was brought into JDK11. Some of it dealt with synchronization, others with properly handling full vs. half-duplex closes. You may want to look up some of the bug history on changes surrounding the SSLSocket closures just to make sure we don't undo any fixes that were previously integrated. As Xuelei's comment indicates, this is a delicate part of the handshaker. > > I reverted the changes to SSLEngineImpl and looked at the history of SSLSocketImpl and TransportContext but didn't see anything that I would be undoing with this change. Sorry for the delay on any updates here. I updated this branch and verified the tests still pass. I ran jdk_security3 tests from test/jdk/TEST.groups. Is there anything else I should do to test this change? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13742#discussion_r1262468647 From mdonovan at openjdk.org Thu Jul 13 12:34:02 2023 From: mdonovan at openjdk.org (Matthew Donovan) Date: Thu, 13 Jul 2023 12:34:02 GMT Subject: RFR: 8310070: Test: javax/net/ssl/DTLS/DTLSWontNegotiateV10.java timed out In-Reply-To: References: Message-ID: On Mon, 26 Jun 2023 17:38:04 GMT, Matthew Donovan wrote: > In this PR, I updated the test to use read time-outs. The test is restarted if the read operations time-out within (default) 30 seconds. The test makes 5 attempts before giving up. I'm looking for a reviewer on this, thanks! ------------- PR Comment: https://git.openjdk.org/jdk/pull/14658#issuecomment-1634161723 From rriggs at openjdk.org Thu Jul 13 15:21:11 2023 From: rriggs at openjdk.org (Roger Riggs) Date: Thu, 13 Jul 2023 15:21:11 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v8] In-Reply-To: <-trukyY0g7D4huUrA8u9GBY13F_8Pyza8rPOlRMgUSM=.9fac7a62-4c79-4a42-b9f3-d4c1b60f6662@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <-trukyY0g7D4huUrA8u9GBY13F_8Pyza8rPOlRMgUSM=.9fac7a62-4c79-4a42-b9f3-d4c1b60f6662@github.com> Message-ID: <1KtH8SCHJ6tmjP7A0KCL0EjNoD-Djn-2tS8KL7MTXAM=.abc5531f-08e5-48d3-9410-a75bfde5b9f0@github.com> On Thu, 13 Jul 2023 08:51:23 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 12 additional commits since the last revision: > > - Much more cases: apologies for extra review work > - Merge branch 'master' into 8311170 > - Merge branch 'master' into 8311170 > - Reflow previously missed doc comment > - Reflow doc comment as suggested > - Revert for readability > - Merge branch 'master' into 8311170 > - Be consistent with the rest of the change > - Fix reported bugs > - Add even more cases and tidy up > - ... and 2 more: https://git.openjdk.org/jdk/compare/bb8f1401...457b9c56 Look good, lots of nice cleanup. src/java.base/share/classes/javax/crypto/CryptoPolicyParser.java line 627: > 625: retval ^= maxKeySize; > 626: retval ^= (checkParam ? 100 : 0); > 627: retval ^= Objects.hashCode(algParamSpec); After this change, someone will wonder why the code does all the intermediate assignments. return Objects.hashCode(alg) ^ Objects.hashCode(exemptionMechanism) ^ (checkParam ? 100 : 0) ^ Objects.hashCode(algParamSpec); } Here and elsewhere... src/java.base/share/classes/sun/security/x509/DistributionPoint.java line 351: > 349: hash += Objects.hashCode(relativeName); > 350: hash += Objects.hash(crlIssuer); > 351: hash += Arrays.hashCode(reasonFlags); Another case where the intermediate assignments look unnecessary. ------------- Marked as reviewed by rriggs (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14738#pullrequestreview-1528668165 PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1262696059 PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1262705536 From mbalao at redhat.com Thu Jul 13 15:44:22 2023 From: mbalao at redhat.com (Martin Balao) Date: Thu, 13 Jul 2023 11:44:22 -0400 Subject: RFD: Services lockdown for security providers In-Reply-To: <4b159d35-ee2e-952d-8e22-c035e5ed17ea@oracle.com> References: <42a97a54-4301-e0f2-c746-b45d63d1b63d@redhat.com> <800238c6-56ff-a3b0-7af8-c01c3aa402a0@oracle.com> <4b159d35-ee2e-952d-8e22-c035e5ed17ea@oracle.com> Message-ID: <1a0ad927-2da8-c881-a80f-b4928341375f@redhat.com> Hi Sean, Thanks for your feedback. Just to give some visibility, we have implemented most of the functionality and are now working on final adjustments, more tests coverage, documentation and internal reviews. The implementation is pretty much aligned to what we previously discussed, with the exception of algorithm's alias that turned up to have more complexity than anticipated ?particularly in the legacy mode of registering Services?. We will send a PR for public discussion in the coming weeks. Martin.- On 6/14/23 12:40, Sean Mullan wrote: > This proposal looks pretty good, although I think I would like to see > more examples and a prototype if you have it. > > I think this would work well in conjunction with Sean Coffey's > enhancement to add a security category to the java -XshowSettings option > [1]. This would help debug issues with the syntax. The provider > suboption could be enhanced (perhaps by default, perhaps with an > additional suboption) to show the services that are disabled, ex, with > the property set to > > jdk.security.providers.filter=!*.MessageDigest.MD5; > !*.MessageDigest.MD2; *: > > it would show something like: > > ??????? Provider name: SUN > ??????? Provider information: ... > ??????? Provider services: (type : algorithm) > ??????????? ... > ??????????? MessageDigest : MD2 (disabled) > ??????????? MessageDigest : MD5 (disabled) > ??????????? ... > > I would even add that as a debugging tip in the documenting of the syntax. > > --Sean > > [1] https://github.com/openjdk/jdk/pull/14394 > > On 5/24/23 5:03 PM, Martin Balao wrote: >> Hi, >> >> Thanks Anthony for your feedback. >> >> We've been exploring the syntax and semantics for this new property >> further, with the goal of making it more consistent and simple while >> retaining expressiveness power. We understand the importance of clarity >> to minimize the risk of security providers, service types or algorithms >> being unexpectedly enabled. >> >> In this new iteration of the proposal, we explore a filter that has >> similarities to the serialization filter (jdk.serialFilter). We think >> that it could be beneficial to leverage on a specification to which the >> user is familiar already. >> >> >> General structure >> ==================== >> >> jdk.security.providers.filter=pattern-1; pattern-2; ...; pattern-n >> >> The property jdk.security.providers.filter is an overrideable Security >> property. Thus, a System property with the same name exists and, when >> specified, overrides any value in its Security counterpart. When not >> specified (value is null), filtering capabilities are completely >> disabled: all installed security providers, service types and algorithms >> are allowed. If any of these properties are set during run time, the >> filter could be initialized already and the new value may not take >> effect. >> >> When filtering capabilities are enabled, each service is checked against >> the filter before registration. Notice that this affects both the >> initial list of security providers as well as those dynamically >> installed during run time. Once a service is registered, instances of it >> can be obtained and used without any other checks that could affect >> performance. >> >> The registration of a service involves a combination of a security >> provider, service type and algorithm. Each combination is evaluated >> against the filter patterns, from left to right. When a pattern matches >> ?or, in other words, the rule concerns the service to be registered?, a >> decision is made: the service will be allowed or denied. When a decision >> is made, remaining patterns are not checked for the service under >> consideration. When all patterns are checked and a decision is not made, >> the default behavior is to deny the service registration. >> >> Contrary to the serialization filter, white spaces between patterns do >> not have any significance. >> >> >> Pattern matching >> ===================================================== >> >> pattern := ! security-provider.service-type.algorithm >> >> pattern := security-provider.service-type.algorithm >> >> A canonical pattern consists of 3 hierarchical levels separated by ".". >> ? From left to right in lexicographic order, these levels denote a >> security provider, a service type and an algorithm. If a pattern starts >> with "!", the decision made upon matching is to deny the service >> registration. Otherwise, the service registration is allowed. White >> spaces between "!" and the rest of the pattern do not have any >> significance. >> >> For a match to be successful, the security provider name, the service >> type and the algorithm have to match the pattern exactly (case >> insensitive). If the service type of a security provider interprets the >> algorithm as a transformation composed of different parts, the full >> transformation has to be specified in the pattern: the filter takes a >> conservative approach and does not make any assumptions of what an >> algorithm name means. For example, "AES" as the algorithm of a canonical >> filter pattern will not match an "AES/ECB/PKCS5Padding" transformation. >> >> If an algorithm alias is specified in the filter pattern, a service >> registering the alias will be matched. >> >> For convenience, it's possible to specify patterns in non-canonical >> forms: >> >> 1) At any level, the security provider, the service type or the >> algorithm name can contain wildcards ("*") to represent zero or more >> repetitions of any character; >> >> 2) The .algorithm part can be omitted to imply all algorithms under the >> security provider and service type; >> >> 3) The .service-type.algorithm part can be omitted to imply all service >> types and algorithms under the security provider; and, >> >> 4) The non-canonical form #1 can be combined with either #2 or #3. >> >> >> Security provider, service type and algorithm names escaping >> ================================================================= >> >> If the security provider, service type or algorithm name contains any of >> the characters "\", ".", ";" or "*", they have to be escaped by >> prepending the character "\". If the character "\" is found not escaping >> a character, it's silently discarded. >> >> White spaces are discarded at the beginning and end of names. >> >> It's worth mentioning that the described escaping rules apply to the >> jdk.security.providers.filter property value as read in >> java.lang.System::getProperty or java.security.Security::getProperty. >> Additional escaping might be needed depending on how the property is >> passed. For example, Security properties require "\" characters to be >> escaped. Thus, to match a provider name whose name is "\.", a filter >> would require the "jdk.security.providers.filter=\\\\\\." entry in the >> java.security file. See more about this in java.util.Properties::load >> [1]. >> >> >> Examples (correct) >> ==================== >> >> -- >> >> Enable all security providers, service types and algorithms: >> >> jdk.security.providers.filter= >> >> or >> >> jdk.security.providers.filter=* >> >> or >> >> jdk.security.providers.filter=*.* >> >> or >> >> jdk.security.providers.filter=*.*.* >> >> -- >> >> Enable everything except for the MD5 algorithm in MessageDigest services >> when implemented by the SUN security provider: >> >> jdk.security.providers.filter=!SUN.MessageDigest.MD5; * >> >> -- >> >> Enable everything except for the MD5 algorithm in MessageDigest >> services, irrespective of the security provider: >> >> jdk.security.providers.filter=!*.MessageDigest.MD5; * >> >> -- >> >> Enable everything except for algorithms using MD5, irrespective of the >> security provider and the service type: >> >> jdk.security.providers.filter=!*.*.*MD5*; * >> >> Notice that in this case there are wildcards at the beginning and end of >> the algorithm name. The reason is to match MD5 uses in algorithms such >> as HmacMD5, MD5withRSA, PBEWithMD5AndDES, etc. >> >> -- >> >> Enable everything except for the RC4 algorithm in Cipher services when >> implemented by the SunJCE security provider: >> >> jdk.security.providers.filter=!SunJCE.Cipher.ARCFOUR; * >> >> or >> >> jdk.security.providers.filter=!SunJCE.Cipher.RC4; * >> >> or >> >> jdk.security.providers.filter=!SunJCE.Cipher.1\.2\.840\.113549\.3\.4; * >> >> -- >> >> Enable the SUN security provider only, with all its service types and >> algorithms. Other security providers must be disabled. >> >> jdk.security.providers.filter=SUN >> >> -- >> >> Enable the SUN security provider only, with all its service types and >> algorithms except for MessageDigest. Other security providers must be >> disabled. >> >> jdk.security.providers.filter=!SUN.MessageDigest; SUN >> >> -- >> >> >> Examples (mistakes) >> ==================== >> >> -- >> >> Enable everything except for the MD5 algorithm, irrespective of the >> security provider and the service type: >> >> jdk.security.providers.filter=*; !*.*.MD5 >> >> This is wrong because the pattern "*" is matched first and a decision >> allowing MD5 will be made immediately after. The pattern "!*.*.MD5" will >> never be checked. >> >> -- >> >> Enable all SUN service types except for MessageDigest. Disable other >> security providers. >> >> jdk.security.providers.filter=!SUN.MessageDigest >> >> While non-SUN security providers are effectively disabled, this is wrong >> because SUN services other than MessageDigest will not match any pattern >> and, by default, the decision is to deny registration. >> >> -- >> >> Enable the SunPKCS11 security provider only. >> >> jdk.security.providers.filter=SunPKCS11 >> >> This is wrong because the SunPKCS11 provider has to be identified by its >> name instead of its class. A possible name would have the form of >> SunPKCS11-NAME. In a filter, this can be matched either by >> "SunPKCS11-NAME" or "SunPKCS11-*". >> >> -- >> >> >> Look forward to your thoughts. >> >> Thanks.- >> >> >> -- >> [1] - >> https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/util/Properties.html#load%28java.io.Reader%29 >> >> (?) - Thanks to Francisco Ferrari (@fferrari) for his contributions to >> this proposal. >> >> >> >> >> On 2/24/23 14:49, Anthony Scarpino wrote: >>> Hi Martin, >>> >>> Interesting proposal.? I think Alternative 1 is a better direction to >>> explore from a code structure standpoint.? If I remember correctly, >>> Preferred Provider is accessed when getting a service or instance of the >>> algorithm.? That happens on a per-operation basis.? What you describe is >>> something that would reshape contents of the ProviderList where >>> algorithms or services would not be in the list at all.? That is were I >>> think #2 gets too complex in trying to handle both in the same property. >>> ? ?#2 may end up putting all checks in a per-operation check, hindering >>> performance every time as the list grows. >>> >>> I agree this is mostly used in the FIPS situation or where someone wants >>> to disable an algorithm completely, say MD5.? In those cases it's best >>> to just prevent the algorithm from ever being available. >>> >>> On the smaller details side that you list.? I think the name ".enabled" >>> doesn't fit, particularly as the first thing in the example disables all >>> Ciphers :).? I don't have any suggestions at this time. >>> >>> As far as the syntax.? I think it maybe a bit difficult to parse in code >>> and mental to disable all Ciphers, then enable just for SunJCE and SUN. >>> The SUN '*" confused me until I realized you were enabling Ciphers. >>> Seems too easy to get wrong.? I know you weren't making a formal spec, >>> but we have to start somewhere. >>> >>> thanks >>> >>> Tony >>> >>> >>> On 2/17/23 10:52 AM, Martin Balao wrote: >>>> Hi, >>>> >>>> We would like to discuss a limitation in the current configuration >>>> capabilities for security providers and possible solutions that we are >>>> exploring (?). >>>> >>>> As you know, current configuration capabilities in java.security allow >>>> users to install security providers, decide their priority in a list >>>> (security.provider. properties) and even circumvent this priority >>>> for specific algorithms (jdk.security.provider.preferred property). >>>> However, there is no granularity in terms of what service types and >>>> algorithms are enabled once a security provider is installed: it's an >>>> all or nothing scheme. It is worth noting that security providers can >>>> bring with them a diverse range of service types. As an example, the >>>> SUN security provider comes with the following service types: >>>> SecureRandom, Signature, KeyPairGenerator, >>>> AlgorithmParameterGenerator, AlgorithmParameters, KeyFactory, >>>> MessageDigest, CertificateFactory, KeyStore, CertStore, Policy, >>>> Configuration, CertPathBuilder and CertPathValidator [1]. >>>> >>>> In some cases, the user may need to enforce that all cryptographic >>>> primitives come from a specific security provider. This could happen, >>>> for example, when operating in a FIPS-compliant environment or under >>>> strict security policies. To better illustrate, let's say that the >>>> user requires that all cryptographic operations are performed in a >>>> Hardware Security Module (HSM). On the OpenJDK side, this means that >>>> the implementation for Cipher, Signature, Mac and other cryptographic >>>> services must be the one in the SunPKCS11 security provider. Let's >>>> also suppose that other non-cryptographic services such as those for >>>> certificates validation and TLS are required, and their implementation >>>> is in the SUN and SunJSSE security providers respectively. Setting >>>> SunPKCS11 at the highest priority of the list is not a strong >>>> guarantee to ensure that all cryptographic operations come from it: >>>> it's possible that an algorithm for Signature is not implemented in >>>> SunPKCS11 or in its underlying token but in the SUN security provider. >>>> Disabling the SUN security provider wouldn't be an option in this case >>>> because we need its certificates validation service. >>>> >>>> This problem goes beyond OpenJDK default security providers. Even if >>>> we come up with a new layout for service types, algorithms and >>>> providers ?putting backward compatibility issues aside?, there is >>>> always the possibility that a 3rd party security provider does not >>>> follow any services grouping convention. It might also be the case >>>> that we need to disable a specific algorithm only ?i.e. for >>>> cryptographic policy reasons? and TLS or JAR signing properties fall >>>> short. >>>> >>>> In our view, it would be beneficial to add more configuration >>>> flexibility and control to the existing API in which any security >>>> provider can be plugged in, in the form of deciding which service >>>> types and algorithms are enabled for each installed provider. >>>> >>>> There are 2 alternatives that we are exploring to tackle this problem. >>>> >>>> Alternative #1 >>>> =========================== >>>> >>>> Introduce a new security property to decide which service types and >>>> algorithms are enabled for each security provider. The default value >>>> for this property would be empty, which keeps this feature disabled >>>> and all services from installed security providers available. >>>> >>>> As for the new property's syntax and semantics, we've been considering >>>> an allow-list along the lines of: >>>> >>>> jdk.security.provider.enabled = security-provider-1 { service-type-1 : >>>> alg-1, ... ; ... } , ... >>>> >>>> Note: we need a formal syntax specification, this is for illustration >>>> only. >>>> >>>> As part of the syntax we are considering the use of wildcards (*) to >>>> match multiple security providers, service types and algorithms, and >>>> minus signs (-) to remove service types. When a service type is >>>> removed, the action applies to all algorithms and any attempt to >>>> specify them explicitly would be an error. The minus sign cannot be >>>> used at the algorithm level. We are also thinking that in case of a >>>> partial or total contradiction between conditions, the right-most >>>> value applies on top of the others. If a security provider, service >>>> type or algorithm does not exist, we can simply write a debug warning >>>> and ignore it. As for the name of the algorithms, we can also include >>>> Ciphers transformations. >>>> >>>> Example: >>>> >>>> jdk.security.provider.enabled = * { -Cipher }, SunJCE { Cipher : >>>> AES/GCM/NoPadding, DES ; Signature }, SUN { * ; -Signature } >>>> >>>> This would be interpreted as: >>>> >>>> ???* Irrespective of the provider (*), Cipher services should be >>>> removed (-). This rule would be superfluous in this case because the >>>> property itself is an allow-list and there is nothing to the left that >>>> enables Cipher service types for any provider. >>>> ???* From the SunJCE security provider, Cipher services with >>>> AES/GCM/NoPadding and DES transformations are allowed, and Signature >>>> services with any algorithm are allowed. Notice that there is a >>>> shortcut here: the algorithm list that follows the service name, "': >>>> alg-1, ..." is optional. When omitted all the service's algorithms are >>>> enabled. >>>> ???* From the SUN security provider, every service type is allowed >>>> except Signature (recall that a minus sign can only apply to a >>>> service, removing all associated algorithms). >>>> >>>> It's not the goal of this proposal to invalidate property values that >>>> lead to inconsistent internal states, such as "the Cipher service of >>>> SunJCE depends on AlgorithmParameters from SUN". This is because the >>>> combinations for a check are virtually infinite: there can be 3rd >>>> party security providers with their own semantics and dependencies. In >>>> the same way, we cannot determine at start time any application >>>> dependencies. It's up to the user to analyze all types of dependencies >>>> before setting a value. >>>> >>>> >>>> Alternative #2 >>>> =========================== >>>> >>>> Introduce a boolean security property to turn the value of the >>>> existing jdk.security.provider.preferred property into the only >>>> combinations of algorithm, service and provider that are allowed: >>>> >>>> jdk.security.provider.preferredOnly = true >>>> >>>> The default value for the new property would be "false", keeping the >>>> current "preferred" behavior in which all algorithms and services from >>>> installed security providers are available. >>>> >>>> Contrary to Alternative #1, the user has to explicitly list the >>>> algorithms and cannot rely on wildcards to express wide categories >>>> such as "all Cipher algorithms from SunJCE" or "all algorithms from >>>> SunJCE". The use of minus signs to remove service types or algorithms >>>> wouldn't be available either. >>>> >>>> In order to mitigate the burden on users we can consider extending >>>> jdk.security.provider.preferred syntax as long as we keep >>>> backward-compatibility and stay within the boundaries of a "preferred" >>>> semantics. For example, we can accept a value of >>>> "jdk.security.provider.preferred=SunJCE" to mean that any service and >>>> any algorithm from SunJCE is either preferred or allowed, depending on >>>> the value of jdk.security.provider.preferredOnly. This case would be a >>>> service type and algorithm wildcard. We can also define an >>>> algorithms-only wildcard, such as Cipher.*:SunJCE. >>>> >>>> Alternative #2 has the advantage of reusing most or all of the >>>> existing syntax. However, it's worth noticing that it implies an >>>> overloaded semantic that can turn confusing or inconvenient in some >>>> cases. As an example, a user that relies on the prioritized security >>>> providers list for most of the algorithms and has only a few preferred >>>> exceptions, would need to express preferences by extension upon >>>> turning on this feature. Alternative #1 keeps preferences and >>>> availability as two separate concepts, in a more clear way. >>>> >>>> >>>> Thanks, >>>> Martin.- >>>> >>>> -- >>>> [1] - >>>> https://docs.oracle.com/en/java/javase/17/security/oracle-providers.html#GUID-3A80CC46-91E1-4E47-AC51-CB7B782CEA7D >>>> (?) - Thanks to @fferrari for his contributions to this proposal. >>>> >>> >> > From sean.mullan at oracle.com Thu Jul 13 16:06:20 2023 From: sean.mullan at oracle.com (Sean Mullan) Date: Thu, 13 Jul 2023 12:06:20 -0400 Subject: RFD: Services lockdown for security providers In-Reply-To: <1a0ad927-2da8-c881-a80f-b4928341375f@redhat.com> References: <42a97a54-4301-e0f2-c746-b45d63d1b63d@redhat.com> <800238c6-56ff-a3b0-7af8-c01c3aa402a0@oracle.com> <4b159d35-ee2e-952d-8e22-c035e5ed17ea@oracle.com> <1a0ad927-2da8-c881-a80f-b4928341375f@redhat.com> Message-ID: One other comment that I thought of - is that from a practical standpoint, I think it will be hard to unilaterally disable an algorithm at the JCE layer unless it is so broken that almost no code ever uses it, say MD2 or RC2. There may be cases where a weak algorithm is acceptable, for example using MD5 for a checksum. (For a real example, UUID.nameUUIDFromBytes uses MD5 to generate a UUID). If you have a single case in your application where a weak algorithm is ok to use, you won't be able to disable it across the board. At the risk of complicating your syntax and implementation, it may be worth exploring adding the name of a class to the syntax for cases like this. But my comment is more about thinking about this a bit more first. Or perhaps adding some extensibility into the format would be a good idea in case we want to add something like this down the line. --Sean On 7/13/23 11:44 AM, Martin Balao wrote: > Hi Sean, > > Thanks for your feedback. > > Just to give some visibility, we have implemented most of the > functionality and are now working on final adjustments, more tests > coverage, documentation and internal reviews. The implementation is > pretty much aligned to what we previously discussed, with the exception > of algorithm's alias that turned up to have more complexity than > anticipated ?particularly in the legacy mode of registering Services?. > > We will send a PR for public discussion in the coming weeks. > > Martin.- > > > On 6/14/23 12:40, Sean Mullan wrote: >> This proposal looks pretty good, although I think I would like to see >> more examples and a prototype if you have it. >> >> I think this would work well in conjunction with Sean Coffey's >> enhancement to add a security category to the java -XshowSettings option >> [1]. This would help debug issues with the syntax. The provider >> suboption could be enhanced (perhaps by default, perhaps with an >> additional suboption) to show the services that are disabled, ex, with >> the property set to >> >> jdk.security.providers.filter=!*.MessageDigest.MD5; >> !*.MessageDigest.MD2; *: >> >> it would show something like: >> >> ??????? Provider name: SUN >> ??????? Provider information: ... >> ??????? Provider services: (type : algorithm) >> ??????????? ... >> ??????????? MessageDigest : MD2 (disabled) >> ??????????? MessageDigest : MD5 (disabled) >> ??????????? ... >> >> I would even add that as a debugging tip in the documenting of the syntax. >> >> --Sean >> >> [1] https://github.com/openjdk/jdk/pull/14394 >> >> On 5/24/23 5:03 PM, Martin Balao wrote: >>> Hi, >>> >>> Thanks Anthony for your feedback. >>> >>> We've been exploring the syntax and semantics for this new property >>> further, with the goal of making it more consistent and simple while >>> retaining expressiveness power. We understand the importance of clarity >>> to minimize the risk of security providers, service types or algorithms >>> being unexpectedly enabled. >>> >>> In this new iteration of the proposal, we explore a filter that has >>> similarities to the serialization filter (jdk.serialFilter). We think >>> that it could be beneficial to leverage on a specification to which the >>> user is familiar already. >>> >>> >>> General structure >>> ==================== >>> >>> jdk.security.providers.filter=pattern-1; pattern-2; ...; pattern-n >>> >>> The property jdk.security.providers.filter is an overrideable Security >>> property. Thus, a System property with the same name exists and, when >>> specified, overrides any value in its Security counterpart. When not >>> specified (value is null), filtering capabilities are completely >>> disabled: all installed security providers, service types and algorithms >>> are allowed. If any of these properties are set during run time, the >>> filter could be initialized already and the new value may not take >>> effect. >>> >>> When filtering capabilities are enabled, each service is checked against >>> the filter before registration. Notice that this affects both the >>> initial list of security providers as well as those dynamically >>> installed during run time. Once a service is registered, instances of it >>> can be obtained and used without any other checks that could affect >>> performance. >>> >>> The registration of a service involves a combination of a security >>> provider, service type and algorithm. Each combination is evaluated >>> against the filter patterns, from left to right. When a pattern matches >>> ?or, in other words, the rule concerns the service to be registered?, a >>> decision is made: the service will be allowed or denied. When a decision >>> is made, remaining patterns are not checked for the service under >>> consideration. When all patterns are checked and a decision is not made, >>> the default behavior is to deny the service registration. >>> >>> Contrary to the serialization filter, white spaces between patterns do >>> not have any significance. >>> >>> >>> Pattern matching >>> ===================================================== >>> >>> pattern := ! security-provider.service-type.algorithm >>> >>> pattern := security-provider.service-type.algorithm >>> >>> A canonical pattern consists of 3 hierarchical levels separated by ".". >>> ? From left to right in lexicographic order, these levels denote a >>> security provider, a service type and an algorithm. If a pattern starts >>> with "!", the decision made upon matching is to deny the service >>> registration. Otherwise, the service registration is allowed. White >>> spaces between "!" and the rest of the pattern do not have any >>> significance. >>> >>> For a match to be successful, the security provider name, the service >>> type and the algorithm have to match the pattern exactly (case >>> insensitive). If the service type of a security provider interprets the >>> algorithm as a transformation composed of different parts, the full >>> transformation has to be specified in the pattern: the filter takes a >>> conservative approach and does not make any assumptions of what an >>> algorithm name means. For example, "AES" as the algorithm of a canonical >>> filter pattern will not match an "AES/ECB/PKCS5Padding" transformation. >>> >>> If an algorithm alias is specified in the filter pattern, a service >>> registering the alias will be matched. >>> >>> For convenience, it's possible to specify patterns in non-canonical >>> forms: >>> >>> 1) At any level, the security provider, the service type or the >>> algorithm name can contain wildcards ("*") to represent zero or more >>> repetitions of any character; >>> >>> 2) The .algorithm part can be omitted to imply all algorithms under the >>> security provider and service type; >>> >>> 3) The .service-type.algorithm part can be omitted to imply all service >>> types and algorithms under the security provider; and, >>> >>> 4) The non-canonical form #1 can be combined with either #2 or #3. >>> >>> >>> Security provider, service type and algorithm names escaping >>> ================================================================= >>> >>> If the security provider, service type or algorithm name contains any of >>> the characters "\", ".", ";" or "*", they have to be escaped by >>> prepending the character "\". If the character "\" is found not escaping >>> a character, it's silently discarded. >>> >>> White spaces are discarded at the beginning and end of names. >>> >>> It's worth mentioning that the described escaping rules apply to the >>> jdk.security.providers.filter property value as read in >>> java.lang.System::getProperty or java.security.Security::getProperty. >>> Additional escaping might be needed depending on how the property is >>> passed. For example, Security properties require "\" characters to be >>> escaped. Thus, to match a provider name whose name is "\.", a filter >>> would require the "jdk.security.providers.filter=\\\\\\." entry in the >>> java.security file. See more about this in java.util.Properties::load >>> [1]. >>> >>> >>> Examples (correct) >>> ==================== >>> >>> -- >>> >>> Enable all security providers, service types and algorithms: >>> >>> jdk.security.providers.filter= >>> >>> or >>> >>> jdk.security.providers.filter=* >>> >>> or >>> >>> jdk.security.providers.filter=*.* >>> >>> or >>> >>> jdk.security.providers.filter=*.*.* >>> >>> -- >>> >>> Enable everything except for the MD5 algorithm in MessageDigest services >>> when implemented by the SUN security provider: >>> >>> jdk.security.providers.filter=!SUN.MessageDigest.MD5; * >>> >>> -- >>> >>> Enable everything except for the MD5 algorithm in MessageDigest >>> services, irrespective of the security provider: >>> >>> jdk.security.providers.filter=!*.MessageDigest.MD5; * >>> >>> -- >>> >>> Enable everything except for algorithms using MD5, irrespective of the >>> security provider and the service type: >>> >>> jdk.security.providers.filter=!*.*.*MD5*; * >>> >>> Notice that in this case there are wildcards at the beginning and end of >>> the algorithm name. The reason is to match MD5 uses in algorithms such >>> as HmacMD5, MD5withRSA, PBEWithMD5AndDES, etc. >>> >>> -- >>> >>> Enable everything except for the RC4 algorithm in Cipher services when >>> implemented by the SunJCE security provider: >>> >>> jdk.security.providers.filter=!SunJCE.Cipher.ARCFOUR; * >>> >>> or >>> >>> jdk.security.providers.filter=!SunJCE.Cipher.RC4; * >>> >>> or >>> >>> jdk.security.providers.filter=!SunJCE.Cipher.1\.2\.840\.113549\.3\.4; * >>> >>> -- >>> >>> Enable the SUN security provider only, with all its service types and >>> algorithms. Other security providers must be disabled. >>> >>> jdk.security.providers.filter=SUN >>> >>> -- >>> >>> Enable the SUN security provider only, with all its service types and >>> algorithms except for MessageDigest. Other security providers must be >>> disabled. >>> >>> jdk.security.providers.filter=!SUN.MessageDigest; SUN >>> >>> -- >>> >>> >>> Examples (mistakes) >>> ==================== >>> >>> -- >>> >>> Enable everything except for the MD5 algorithm, irrespective of the >>> security provider and the service type: >>> >>> jdk.security.providers.filter=*; !*.*.MD5 >>> >>> This is wrong because the pattern "*" is matched first and a decision >>> allowing MD5 will be made immediately after. The pattern "!*.*.MD5" will >>> never be checked. >>> >>> -- >>> >>> Enable all SUN service types except for MessageDigest. Disable other >>> security providers. >>> >>> jdk.security.providers.filter=!SUN.MessageDigest >>> >>> While non-SUN security providers are effectively disabled, this is wrong >>> because SUN services other than MessageDigest will not match any pattern >>> and, by default, the decision is to deny registration. >>> >>> -- >>> >>> Enable the SunPKCS11 security provider only. >>> >>> jdk.security.providers.filter=SunPKCS11 >>> >>> This is wrong because the SunPKCS11 provider has to be identified by its >>> name instead of its class. A possible name would have the form of >>> SunPKCS11-NAME. In a filter, this can be matched either by >>> "SunPKCS11-NAME" or "SunPKCS11-*". >>> >>> -- >>> >>> >>> Look forward to your thoughts. >>> >>> Thanks.- >>> >>> >>> -- >>> [1] - >>> https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/util/Properties.html#load%28java.io.Reader%29 >>> >>> (?) - Thanks to Francisco Ferrari (@fferrari) for his contributions to >>> this proposal. >>> >>> >>> >>> >>> On 2/24/23 14:49, Anthony Scarpino wrote: >>>> Hi Martin, >>>> >>>> Interesting proposal.? I think Alternative 1 is a better direction to >>>> explore from a code structure standpoint.? If I remember correctly, >>>> Preferred Provider is accessed when getting a service or instance of the >>>> algorithm.? That happens on a per-operation basis.? What you describe is >>>> something that would reshape contents of the ProviderList where >>>> algorithms or services would not be in the list at all.? That is were I >>>> think #2 gets too complex in trying to handle both in the same property. >>>> ? ?#2 may end up putting all checks in a per-operation check, hindering >>>> performance every time as the list grows. >>>> >>>> I agree this is mostly used in the FIPS situation or where someone wants >>>> to disable an algorithm completely, say MD5.? In those cases it's best >>>> to just prevent the algorithm from ever being available. >>>> >>>> On the smaller details side that you list.? I think the name ".enabled" >>>> doesn't fit, particularly as the first thing in the example disables all >>>> Ciphers :).? I don't have any suggestions at this time. >>>> >>>> As far as the syntax.? I think it maybe a bit difficult to parse in code >>>> and mental to disable all Ciphers, then enable just for SunJCE and SUN. >>>> The SUN '*" confused me until I realized you were enabling Ciphers. >>>> Seems too easy to get wrong.? I know you weren't making a formal spec, >>>> but we have to start somewhere. >>>> >>>> thanks >>>> >>>> Tony >>>> >>>> >>>> On 2/17/23 10:52 AM, Martin Balao wrote: >>>>> Hi, >>>>> >>>>> We would like to discuss a limitation in the current configuration >>>>> capabilities for security providers and possible solutions that we are >>>>> exploring (?). >>>>> >>>>> As you know, current configuration capabilities in java.security allow >>>>> users to install security providers, decide their priority in a list >>>>> (security.provider. properties) and even circumvent this priority >>>>> for specific algorithms (jdk.security.provider.preferred property). >>>>> However, there is no granularity in terms of what service types and >>>>> algorithms are enabled once a security provider is installed: it's an >>>>> all or nothing scheme. It is worth noting that security providers can >>>>> bring with them a diverse range of service types. As an example, the >>>>> SUN security provider comes with the following service types: >>>>> SecureRandom, Signature, KeyPairGenerator, >>>>> AlgorithmParameterGenerator, AlgorithmParameters, KeyFactory, >>>>> MessageDigest, CertificateFactory, KeyStore, CertStore, Policy, >>>>> Configuration, CertPathBuilder and CertPathValidator [1]. >>>>> >>>>> In some cases, the user may need to enforce that all cryptographic >>>>> primitives come from a specific security provider. This could happen, >>>>> for example, when operating in a FIPS-compliant environment or under >>>>> strict security policies. To better illustrate, let's say that the >>>>> user requires that all cryptographic operations are performed in a >>>>> Hardware Security Module (HSM). On the OpenJDK side, this means that >>>>> the implementation for Cipher, Signature, Mac and other cryptographic >>>>> services must be the one in the SunPKCS11 security provider. Let's >>>>> also suppose that other non-cryptographic services such as those for >>>>> certificates validation and TLS are required, and their implementation >>>>> is in the SUN and SunJSSE security providers respectively. Setting >>>>> SunPKCS11 at the highest priority of the list is not a strong >>>>> guarantee to ensure that all cryptographic operations come from it: >>>>> it's possible that an algorithm for Signature is not implemented in >>>>> SunPKCS11 or in its underlying token but in the SUN security provider. >>>>> Disabling the SUN security provider wouldn't be an option in this case >>>>> because we need its certificates validation service. >>>>> >>>>> This problem goes beyond OpenJDK default security providers. Even if >>>>> we come up with a new layout for service types, algorithms and >>>>> providers ?putting backward compatibility issues aside?, there is >>>>> always the possibility that a 3rd party security provider does not >>>>> follow any services grouping convention. It might also be the case >>>>> that we need to disable a specific algorithm only ?i.e. for >>>>> cryptographic policy reasons? and TLS or JAR signing properties fall >>>>> short. >>>>> >>>>> In our view, it would be beneficial to add more configuration >>>>> flexibility and control to the existing API in which any security >>>>> provider can be plugged in, in the form of deciding which service >>>>> types and algorithms are enabled for each installed provider. >>>>> >>>>> There are 2 alternatives that we are exploring to tackle this problem. >>>>> >>>>> Alternative #1 >>>>> =========================== >>>>> >>>>> Introduce a new security property to decide which service types and >>>>> algorithms are enabled for each security provider. The default value >>>>> for this property would be empty, which keeps this feature disabled >>>>> and all services from installed security providers available. >>>>> >>>>> As for the new property's syntax and semantics, we've been considering >>>>> an allow-list along the lines of: >>>>> >>>>> jdk.security.provider.enabled = security-provider-1 { service-type-1 : >>>>> alg-1, ... ; ... } , ... >>>>> >>>>> Note: we need a formal syntax specification, this is for illustration >>>>> only. >>>>> >>>>> As part of the syntax we are considering the use of wildcards (*) to >>>>> match multiple security providers, service types and algorithms, and >>>>> minus signs (-) to remove service types. When a service type is >>>>> removed, the action applies to all algorithms and any attempt to >>>>> specify them explicitly would be an error. The minus sign cannot be >>>>> used at the algorithm level. We are also thinking that in case of a >>>>> partial or total contradiction between conditions, the right-most >>>>> value applies on top of the others. If a security provider, service >>>>> type or algorithm does not exist, we can simply write a debug warning >>>>> and ignore it. As for the name of the algorithms, we can also include >>>>> Ciphers transformations. >>>>> >>>>> Example: >>>>> >>>>> jdk.security.provider.enabled = * { -Cipher }, SunJCE { Cipher : >>>>> AES/GCM/NoPadding, DES ; Signature }, SUN { * ; -Signature } >>>>> >>>>> This would be interpreted as: >>>>> >>>>> ???* Irrespective of the provider (*), Cipher services should be >>>>> removed (-). This rule would be superfluous in this case because the >>>>> property itself is an allow-list and there is nothing to the left that >>>>> enables Cipher service types for any provider. >>>>> ???* From the SunJCE security provider, Cipher services with >>>>> AES/GCM/NoPadding and DES transformations are allowed, and Signature >>>>> services with any algorithm are allowed. Notice that there is a >>>>> shortcut here: the algorithm list that follows the service name, "': >>>>> alg-1, ..." is optional. When omitted all the service's algorithms are >>>>> enabled. >>>>> ???* From the SUN security provider, every service type is allowed >>>>> except Signature (recall that a minus sign can only apply to a >>>>> service, removing all associated algorithms). >>>>> >>>>> It's not the goal of this proposal to invalidate property values that >>>>> lead to inconsistent internal states, such as "the Cipher service of >>>>> SunJCE depends on AlgorithmParameters from SUN". This is because the >>>>> combinations for a check are virtually infinite: there can be 3rd >>>>> party security providers with their own semantics and dependencies. In >>>>> the same way, we cannot determine at start time any application >>>>> dependencies. It's up to the user to analyze all types of dependencies >>>>> before setting a value. >>>>> >>>>> >>>>> Alternative #2 >>>>> =========================== >>>>> >>>>> Introduce a boolean security property to turn the value of the >>>>> existing jdk.security.provider.preferred property into the only >>>>> combinations of algorithm, service and provider that are allowed: >>>>> >>>>> jdk.security.provider.preferredOnly = true >>>>> >>>>> The default value for the new property would be "false", keeping the >>>>> current "preferred" behavior in which all algorithms and services from >>>>> installed security providers are available. >>>>> >>>>> Contrary to Alternative #1, the user has to explicitly list the >>>>> algorithms and cannot rely on wildcards to express wide categories >>>>> such as "all Cipher algorithms from SunJCE" or "all algorithms from >>>>> SunJCE". The use of minus signs to remove service types or algorithms >>>>> wouldn't be available either. >>>>> >>>>> In order to mitigate the burden on users we can consider extending >>>>> jdk.security.provider.preferred syntax as long as we keep >>>>> backward-compatibility and stay within the boundaries of a "preferred" >>>>> semantics. For example, we can accept a value of >>>>> "jdk.security.provider.preferred=SunJCE" to mean that any service and >>>>> any algorithm from SunJCE is either preferred or allowed, depending on >>>>> the value of jdk.security.provider.preferredOnly. This case would be a >>>>> service type and algorithm wildcard. We can also define an >>>>> algorithms-only wildcard, such as Cipher.*:SunJCE. >>>>> >>>>> Alternative #2 has the advantage of reusing most or all of the >>>>> existing syntax. However, it's worth noticing that it implies an >>>>> overloaded semantic that can turn confusing or inconvenient in some >>>>> cases. As an example, a user that relies on the prioritized security >>>>> providers list for most of the algorithms and has only a few preferred >>>>> exceptions, would need to express preferences by extension upon >>>>> turning on this feature. Alternative #1 keeps preferences and >>>>> availability as two separate concepts, in a more clear way. >>>>> >>>>> >>>>> Thanks, >>>>> Martin.- >>>>> >>>>> -- >>>>> [1] - >>>>> https://docs.oracle.com/en/java/javase/17/security/oracle-providers.html#GUID-3A80CC46-91E1-4E47-AC51-CB7B782CEA7D >>>>> (?) - Thanks to @fferrari for his contributions to this proposal. >>>>> >>>> >>> >> > From mbalao at redhat.com Thu Jul 13 16:27:32 2023 From: mbalao at redhat.com (Martin Balao) Date: Thu, 13 Jul 2023 12:27:32 -0400 Subject: RFD: Services lockdown for security providers In-Reply-To: References: <42a97a54-4301-e0f2-c746-b45d63d1b63d@redhat.com> <800238c6-56ff-a3b0-7af8-c01c3aa402a0@oracle.com> <4b159d35-ee2e-952d-8e22-c035e5ed17ea@oracle.com> <1a0ad927-2da8-c881-a80f-b4928341375f@redhat.com> Message-ID: <7c07a7b1-6c68-9534-59e1-1813439d7f47@redhat.com> On 7/13/23 12:06, Sean Mullan wrote: > One other comment that I thought of - is that from a practical > standpoint, I think it will be hard to unilaterally disable an algorithm > at the JCE layer unless it is so broken that almost no code ever uses > it, say MD2 or RC2. There may be cases where a weak algorithm is > acceptable, for example using MD5 for a checksum. (For a real example, > UUID.nameUUIDFromBytes uses MD5 to generate a UUID). > > If you have a single case in your application where a weak algorithm is > ok to use, you won't be able to disable it across the board. Yes, I agree with this observation. In fact, our original motivation was not to disable an algorithm across the board but a specific implementation of it ?i.e. blocking the implementation from provider X, because we want the one from provider Y or prefer the algorithm not to be available. What we also have in mind is using this enhancement in combination with security profiles that can enforce policies of allowed algorithms, at the risk of requiring changes in an application to be compliant. > > At the risk of complicating your syntax and implementation, it may be > worth exploring adding the name of a class to the syntax for cases like > this. But my comment is more about thinking about this a bit more first. > > Or perhaps adding some extensibility into the format would be a good > idea in case we want to add something like this down the line. > I have a couple of questions regarding this idea: 1) Isn't the class name an implementation detail? My concern is not much on how to extend the syntax but on binding the filter value to internal names. 2) Why wouldn't a combination of Security Provider + Service Type + Algorithm be enough to identify a specific implementation? Thanks, Martin.- > --Sean > > > On 7/13/23 11:44 AM, Martin Balao wrote: >> Hi Sean, >> >> Thanks for your feedback. >> >> Just to give some visibility, we have implemented most of the >> functionality and are now working on final adjustments, more tests >> coverage, documentation and internal reviews. The implementation is >> pretty much aligned to what we previously discussed, with the exception >> of algorithm's alias that turned up to have more complexity than >> anticipated ?particularly in the legacy mode of registering Services?. >> >> We will send a PR for public discussion in the coming weeks. >> >> Martin.- >> >> >> On 6/14/23 12:40, Sean Mullan wrote: >>> This proposal looks pretty good, although I think I would like to see >>> more examples and a prototype if you have it. >>> >>> I think this would work well in conjunction with Sean Coffey's >>> enhancement to add a security category to the java -XshowSettings option >>> [1]. This would help debug issues with the syntax. The provider >>> suboption could be enhanced (perhaps by default, perhaps with an >>> additional suboption) to show the services that are disabled, ex, with >>> the property set to >>> >>> jdk.security.providers.filter=!*.MessageDigest.MD5; >>> !*.MessageDigest.MD2; *: >>> >>> it would show something like: >>> >>> ? ??????? Provider name: SUN >>> ? ??????? Provider information: ... >>> ? ??????? Provider services: (type : algorithm) >>> ? ??????????? ... >>> ? ??????????? MessageDigest : MD2 (disabled) >>> ? ??????????? MessageDigest : MD5 (disabled) >>> ? ??????????? ... >>> >>> I would even add that as a debugging tip in the documenting of the >>> syntax. >>> >>> --Sean >>> >>> [1] https://github.com/openjdk/jdk/pull/14394 >>> >>> On 5/24/23 5:03 PM, Martin Balao wrote: >>>> Hi, >>>> >>>> Thanks Anthony for your feedback. >>>> >>>> We've been exploring the syntax and semantics for this new property >>>> further, with the goal of making it more consistent and simple while >>>> retaining expressiveness power. We understand the importance of clarity >>>> to minimize the risk of security providers, service types or algorithms >>>> being unexpectedly enabled. >>>> >>>> In this new iteration of the proposal, we explore a filter that has >>>> similarities to the serialization filter (jdk.serialFilter). We think >>>> that it could be beneficial to leverage on a specification to which the >>>> user is familiar already. >>>> >>>> >>>> General structure >>>> ==================== >>>> >>>> jdk.security.providers.filter=pattern-1; pattern-2; ...; pattern-n >>>> >>>> The property jdk.security.providers.filter is an overrideable Security >>>> property. Thus, a System property with the same name exists and, when >>>> specified, overrides any value in its Security counterpart. When not >>>> specified (value is null), filtering capabilities are completely >>>> disabled: all installed security providers, service types and >>>> algorithms >>>> are allowed. If any of these properties are set during run time, the >>>> filter could be initialized already and the new value may not take >>>> effect. >>>> >>>> When filtering capabilities are enabled, each service is checked >>>> against >>>> the filter before registration. Notice that this affects both the >>>> initial list of security providers as well as those dynamically >>>> installed during run time. Once a service is registered, instances >>>> of it >>>> can be obtained and used without any other checks that could affect >>>> performance. >>>> >>>> The registration of a service involves a combination of a security >>>> provider, service type and algorithm. Each combination is evaluated >>>> against the filter patterns, from left to right. When a pattern matches >>>> ?or, in other words, the rule concerns the service to be registered?, a >>>> decision is made: the service will be allowed or denied. When a >>>> decision >>>> is made, remaining patterns are not checked for the service under >>>> consideration. When all patterns are checked and a decision is not >>>> made, >>>> the default behavior is to deny the service registration. >>>> >>>> Contrary to the serialization filter, white spaces between patterns do >>>> not have any significance. >>>> >>>> >>>> Pattern matching >>>> ===================================================== >>>> >>>> pattern := ! security-provider.service-type.algorithm >>>> >>>> pattern := security-provider.service-type.algorithm >>>> >>>> A canonical pattern consists of 3 hierarchical levels separated by ".". >>>> ?? From left to right in lexicographic order, these levels denote a >>>> security provider, a service type and an algorithm. If a pattern starts >>>> with "!", the decision made upon matching is to deny the service >>>> registration. Otherwise, the service registration is allowed. White >>>> spaces between "!" and the rest of the pattern do not have any >>>> significance. >>>> >>>> For a match to be successful, the security provider name, the service >>>> type and the algorithm have to match the pattern exactly (case >>>> insensitive). If the service type of a security provider interprets the >>>> algorithm as a transformation composed of different parts, the full >>>> transformation has to be specified in the pattern: the filter takes a >>>> conservative approach and does not make any assumptions of what an >>>> algorithm name means. For example, "AES" as the algorithm of a >>>> canonical >>>> filter pattern will not match an "AES/ECB/PKCS5Padding" transformation. >>>> >>>> If an algorithm alias is specified in the filter pattern, a service >>>> registering the alias will be matched. >>>> >>>> For convenience, it's possible to specify patterns in non-canonical >>>> forms: >>>> >>>> 1) At any level, the security provider, the service type or the >>>> algorithm name can contain wildcards ("*") to represent zero or more >>>> repetitions of any character; >>>> >>>> 2) The .algorithm part can be omitted to imply all algorithms under the >>>> security provider and service type; >>>> >>>> 3) The .service-type.algorithm part can be omitted to imply all service >>>> types and algorithms under the security provider; and, >>>> >>>> 4) The non-canonical form #1 can be combined with either #2 or #3. >>>> >>>> >>>> Security provider, service type and algorithm names escaping >>>> ================================================================= >>>> >>>> If the security provider, service type or algorithm name contains >>>> any of >>>> the characters "\", ".", ";" or "*", they have to be escaped by >>>> prepending the character "\". If the character "\" is found not >>>> escaping >>>> a character, it's silently discarded. >>>> >>>> White spaces are discarded at the beginning and end of names. >>>> >>>> It's worth mentioning that the described escaping rules apply to the >>>> jdk.security.providers.filter property value as read in >>>> java.lang.System::getProperty or java.security.Security::getProperty. >>>> Additional escaping might be needed depending on how the property is >>>> passed. For example, Security properties require "\" characters to be >>>> escaped. Thus, to match a provider name whose name is "\.", a filter >>>> would require the "jdk.security.providers.filter=\\\\\\." entry in the >>>> java.security file. See more about this in java.util.Properties::load >>>> [1]. >>>> >>>> >>>> Examples (correct) >>>> ==================== >>>> >>>> -- >>>> >>>> Enable all security providers, service types and algorithms: >>>> >>>> jdk.security.providers.filter= >>>> >>>> or >>>> >>>> jdk.security.providers.filter=* >>>> >>>> or >>>> >>>> jdk.security.providers.filter=*.* >>>> >>>> or >>>> >>>> jdk.security.providers.filter=*.*.* >>>> >>>> -- >>>> >>>> Enable everything except for the MD5 algorithm in MessageDigest >>>> services >>>> when implemented by the SUN security provider: >>>> >>>> jdk.security.providers.filter=!SUN.MessageDigest.MD5; * >>>> >>>> -- >>>> >>>> Enable everything except for the MD5 algorithm in MessageDigest >>>> services, irrespective of the security provider: >>>> >>>> jdk.security.providers.filter=!*.MessageDigest.MD5; * >>>> >>>> -- >>>> >>>> Enable everything except for algorithms using MD5, irrespective of the >>>> security provider and the service type: >>>> >>>> jdk.security.providers.filter=!*.*.*MD5*; * >>>> >>>> Notice that in this case there are wildcards at the beginning and >>>> end of >>>> the algorithm name. The reason is to match MD5 uses in algorithms such >>>> as HmacMD5, MD5withRSA, PBEWithMD5AndDES, etc. >>>> >>>> -- >>>> >>>> Enable everything except for the RC4 algorithm in Cipher services when >>>> implemented by the SunJCE security provider: >>>> >>>> jdk.security.providers.filter=!SunJCE.Cipher.ARCFOUR; * >>>> >>>> or >>>> >>>> jdk.security.providers.filter=!SunJCE.Cipher.RC4; * >>>> >>>> or >>>> >>>> jdk.security.providers.filter=!SunJCE.Cipher.1\.2\.840\.113549\.3\.4; * >>>> >>>> -- >>>> >>>> Enable the SUN security provider only, with all its service types and >>>> algorithms. Other security providers must be disabled. >>>> >>>> jdk.security.providers.filter=SUN >>>> >>>> -- >>>> >>>> Enable the SUN security provider only, with all its service types and >>>> algorithms except for MessageDigest. Other security providers must be >>>> disabled. >>>> >>>> jdk.security.providers.filter=!SUN.MessageDigest; SUN >>>> >>>> -- >>>> >>>> >>>> Examples (mistakes) >>>> ==================== >>>> >>>> -- >>>> >>>> Enable everything except for the MD5 algorithm, irrespective of the >>>> security provider and the service type: >>>> >>>> jdk.security.providers.filter=*; !*.*.MD5 >>>> >>>> This is wrong because the pattern "*" is matched first and a decision >>>> allowing MD5 will be made immediately after. The pattern "!*.*.MD5" >>>> will >>>> never be checked. >>>> >>>> -- >>>> >>>> Enable all SUN service types except for MessageDigest. Disable other >>>> security providers. >>>> >>>> jdk.security.providers.filter=!SUN.MessageDigest >>>> >>>> While non-SUN security providers are effectively disabled, this is >>>> wrong >>>> because SUN services other than MessageDigest will not match any >>>> pattern >>>> and, by default, the decision is to deny registration. >>>> >>>> -- >>>> >>>> Enable the SunPKCS11 security provider only. >>>> >>>> jdk.security.providers.filter=SunPKCS11 >>>> >>>> This is wrong because the SunPKCS11 provider has to be identified by >>>> its >>>> name instead of its class. A possible name would have the form of >>>> SunPKCS11-NAME. In a filter, this can be matched either by >>>> "SunPKCS11-NAME" or "SunPKCS11-*". >>>> >>>> -- >>>> >>>> >>>> Look forward to your thoughts. >>>> >>>> Thanks.- >>>> >>>> >>>> -- >>>> [1] - >>>> https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/util/Properties.html#load%28java.io.Reader%29 >>>> >>>> (?) - Thanks to Francisco Ferrari (@fferrari) for his contributions to >>>> this proposal. >>>> >>>> >>>> >>>> >>>> On 2/24/23 14:49, Anthony Scarpino wrote: >>>>> Hi Martin, >>>>> >>>>> Interesting proposal.? I think Alternative 1 is a better direction to >>>>> explore from a code structure standpoint.? If I remember correctly, >>>>> Preferred Provider is accessed when getting a service or instance >>>>> of the >>>>> algorithm.? That happens on a per-operation basis.? What you >>>>> describe is >>>>> something that would reshape contents of the ProviderList where >>>>> algorithms or services would not be in the list at all.? That is >>>>> were I >>>>> think #2 gets too complex in trying to handle both in the same >>>>> property. >>>>> ?? ?#2 may end up putting all checks in a per-operation check, >>>>> hindering >>>>> performance every time as the list grows. >>>>> >>>>> I agree this is mostly used in the FIPS situation or where someone >>>>> wants >>>>> to disable an algorithm completely, say MD5.? In those cases it's best >>>>> to just prevent the algorithm from ever being available. >>>>> >>>>> On the smaller details side that you list.? I think the name >>>>> ".enabled" >>>>> doesn't fit, particularly as the first thing in the example >>>>> disables all >>>>> Ciphers :).? I don't have any suggestions at this time. >>>>> >>>>> As far as the syntax.? I think it maybe a bit difficult to parse in >>>>> code >>>>> and mental to disable all Ciphers, then enable just for SunJCE and >>>>> SUN. >>>>> The SUN '*" confused me until I realized you were enabling Ciphers. >>>>> Seems too easy to get wrong.? I know you weren't making a formal spec, >>>>> but we have to start somewhere. >>>>> >>>>> thanks >>>>> >>>>> Tony >>>>> >>>>> >>>>> On 2/17/23 10:52 AM, Martin Balao wrote: >>>>>> Hi, >>>>>> >>>>>> We would like to discuss a limitation in the current configuration >>>>>> capabilities for security providers and possible solutions that we >>>>>> are >>>>>> exploring (?). >>>>>> >>>>>> As you know, current configuration capabilities in java.security >>>>>> allow >>>>>> users to install security providers, decide their priority in a list >>>>>> (security.provider. properties) and even circumvent this priority >>>>>> for specific algorithms (jdk.security.provider.preferred property). >>>>>> However, there is no granularity in terms of what service types and >>>>>> algorithms are enabled once a security provider is installed: it's an >>>>>> all or nothing scheme. It is worth noting that security providers can >>>>>> bring with them a diverse range of service types. As an example, the >>>>>> SUN security provider comes with the following service types: >>>>>> SecureRandom, Signature, KeyPairGenerator, >>>>>> AlgorithmParameterGenerator, AlgorithmParameters, KeyFactory, >>>>>> MessageDigest, CertificateFactory, KeyStore, CertStore, Policy, >>>>>> Configuration, CertPathBuilder and CertPathValidator [1]. >>>>>> >>>>>> In some cases, the user may need to enforce that all cryptographic >>>>>> primitives come from a specific security provider. This could happen, >>>>>> for example, when operating in a FIPS-compliant environment or under >>>>>> strict security policies. To better illustrate, let's say that the >>>>>> user requires that all cryptographic operations are performed in a >>>>>> Hardware Security Module (HSM). On the OpenJDK side, this means that >>>>>> the implementation for Cipher, Signature, Mac and other cryptographic >>>>>> services must be the one in the SunPKCS11 security provider. Let's >>>>>> also suppose that other non-cryptographic services such as those for >>>>>> certificates validation and TLS are required, and their >>>>>> implementation >>>>>> is in the SUN and SunJSSE security providers respectively. Setting >>>>>> SunPKCS11 at the highest priority of the list is not a strong >>>>>> guarantee to ensure that all cryptographic operations come from it: >>>>>> it's possible that an algorithm for Signature is not implemented in >>>>>> SunPKCS11 or in its underlying token but in the SUN security >>>>>> provider. >>>>>> Disabling the SUN security provider wouldn't be an option in this >>>>>> case >>>>>> because we need its certificates validation service. >>>>>> >>>>>> This problem goes beyond OpenJDK default security providers. Even if >>>>>> we come up with a new layout for service types, algorithms and >>>>>> providers ?putting backward compatibility issues aside?, there is >>>>>> always the possibility that a 3rd party security provider does not >>>>>> follow any services grouping convention. It might also be the case >>>>>> that we need to disable a specific algorithm only ?i.e. for >>>>>> cryptographic policy reasons? and TLS or JAR signing properties fall >>>>>> short. >>>>>> >>>>>> In our view, it would be beneficial to add more configuration >>>>>> flexibility and control to the existing API in which any security >>>>>> provider can be plugged in, in the form of deciding which service >>>>>> types and algorithms are enabled for each installed provider. >>>>>> >>>>>> There are 2 alternatives that we are exploring to tackle this >>>>>> problem. >>>>>> >>>>>> Alternative #1 >>>>>> =========================== >>>>>> >>>>>> Introduce a new security property to decide which service types and >>>>>> algorithms are enabled for each security provider. The default value >>>>>> for this property would be empty, which keeps this feature disabled >>>>>> and all services from installed security providers available. >>>>>> >>>>>> As for the new property's syntax and semantics, we've been >>>>>> considering >>>>>> an allow-list along the lines of: >>>>>> >>>>>> jdk.security.provider.enabled = security-provider-1 { >>>>>> service-type-1 : >>>>>> alg-1, ... ; ... } , ... >>>>>> >>>>>> Note: we need a formal syntax specification, this is for illustration >>>>>> only. >>>>>> >>>>>> As part of the syntax we are considering the use of wildcards (*) to >>>>>> match multiple security providers, service types and algorithms, and >>>>>> minus signs (-) to remove service types. When a service type is >>>>>> removed, the action applies to all algorithms and any attempt to >>>>>> specify them explicitly would be an error. The minus sign cannot be >>>>>> used at the algorithm level. We are also thinking that in case of a >>>>>> partial or total contradiction between conditions, the right-most >>>>>> value applies on top of the others. If a security provider, service >>>>>> type or algorithm does not exist, we can simply write a debug warning >>>>>> and ignore it. As for the name of the algorithms, we can also include >>>>>> Ciphers transformations. >>>>>> >>>>>> Example: >>>>>> >>>>>> jdk.security.provider.enabled = * { -Cipher }, SunJCE { Cipher : >>>>>> AES/GCM/NoPadding, DES ; Signature }, SUN { * ; -Signature } >>>>>> >>>>>> This would be interpreted as: >>>>>> >>>>>> ????* Irrespective of the provider (*), Cipher services should be >>>>>> removed (-). This rule would be superfluous in this case because the >>>>>> property itself is an allow-list and there is nothing to the left >>>>>> that >>>>>> enables Cipher service types for any provider. >>>>>> ????* From the SunJCE security provider, Cipher services with >>>>>> AES/GCM/NoPadding and DES transformations are allowed, and Signature >>>>>> services with any algorithm are allowed. Notice that there is a >>>>>> shortcut here: the algorithm list that follows the service name, "': >>>>>> alg-1, ..." is optional. When omitted all the service's algorithms >>>>>> are >>>>>> enabled. >>>>>> ????* From the SUN security provider, every service type is allowed >>>>>> except Signature (recall that a minus sign can only apply to a >>>>>> service, removing all associated algorithms). >>>>>> >>>>>> It's not the goal of this proposal to invalidate property values that >>>>>> lead to inconsistent internal states, such as "the Cipher service of >>>>>> SunJCE depends on AlgorithmParameters from SUN". This is because the >>>>>> combinations for a check are virtually infinite: there can be 3rd >>>>>> party security providers with their own semantics and >>>>>> dependencies. In >>>>>> the same way, we cannot determine at start time any application >>>>>> dependencies. It's up to the user to analyze all types of >>>>>> dependencies >>>>>> before setting a value. >>>>>> >>>>>> >>>>>> Alternative #2 >>>>>> =========================== >>>>>> >>>>>> Introduce a boolean security property to turn the value of the >>>>>> existing jdk.security.provider.preferred property into the only >>>>>> combinations of algorithm, service and provider that are allowed: >>>>>> >>>>>> jdk.security.provider.preferredOnly = true >>>>>> >>>>>> The default value for the new property would be "false", keeping the >>>>>> current "preferred" behavior in which all algorithms and services >>>>>> from >>>>>> installed security providers are available. >>>>>> >>>>>> Contrary to Alternative #1, the user has to explicitly list the >>>>>> algorithms and cannot rely on wildcards to express wide categories >>>>>> such as "all Cipher algorithms from SunJCE" or "all algorithms from >>>>>> SunJCE". The use of minus signs to remove service types or algorithms >>>>>> wouldn't be available either. >>>>>> >>>>>> In order to mitigate the burden on users we can consider extending >>>>>> jdk.security.provider.preferred syntax as long as we keep >>>>>> backward-compatibility and stay within the boundaries of a >>>>>> "preferred" >>>>>> semantics. For example, we can accept a value of >>>>>> "jdk.security.provider.preferred=SunJCE" to mean that any service and >>>>>> any algorithm from SunJCE is either preferred or allowed, >>>>>> depending on >>>>>> the value of jdk.security.provider.preferredOnly. This case would >>>>>> be a >>>>>> service type and algorithm wildcard. We can also define an >>>>>> algorithms-only wildcard, such as Cipher.*:SunJCE. >>>>>> >>>>>> Alternative #2 has the advantage of reusing most or all of the >>>>>> existing syntax. However, it's worth noticing that it implies an >>>>>> overloaded semantic that can turn confusing or inconvenient in some >>>>>> cases. As an example, a user that relies on the prioritized security >>>>>> providers list for most of the algorithms and has only a few >>>>>> preferred >>>>>> exceptions, would need to express preferences by extension upon >>>>>> turning on this feature. Alternative #1 keeps preferences and >>>>>> availability as two separate concepts, in a more clear way. >>>>>> >>>>>> >>>>>> Thanks, >>>>>> Martin.- >>>>>> >>>>>> -- >>>>>> [1] - >>>>>> https://docs.oracle.com/en/java/javase/17/security/oracle-providers.html#GUID-3A80CC46-91E1-4E47-AC51-CB7B782CEA7D >>>>>> (?) - Thanks to @fferrari for his contributions to this proposal. >>>>>> >>>>> >>>> >>> >> > From xuelei at openjdk.org Thu Jul 13 16:35:24 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Thu, 13 Jul 2023 16:35:24 GMT Subject: RFR: 8290005: com/sun/jndi/ldap/LdapCBPropertiesTest.java failling with NullPointerException [v2] In-Reply-To: References: <_Q0R_ffxNgj8akEl9DzdoO7Cl17ULr9vKiY-NXNx5g8=.f1eacd05-32c8-4976-9c80-bb8c59c53ea0@github.com> <0gMLhW0oFZMkxjclDGbIJLyh0vhqr8e2cP6Cimb2w9w=.408d9450-09fd-4276-868e-b28a175a60b9@github.com> <2XuGMZnGZ8-4EACWi1YLy8rXEmWHwulFOK6QJkcPNrk=.80ab389c-ecf1-4597-83c1-1ff02b884124@github.com> Message-ID: On Thu, 13 Jul 2023 12:11:09 GMT, Matthew Donovan wrote: >> I reverted the changes to SSLEngineImpl and looked at the history of SSLSocketImpl and TransportContext but didn't see anything that I would be undoing with this change. > > Sorry for the delay on any updates here. > > I updated this branch and verified the tests still pass. I ran jdk_security3 tests from test/jdk/TEST.groups. Is there anything else I should do to test this change? SSLSocketImpl uses the locks similar to SSLEngineImpl. It may get it complicated and hard to maintain if using different locks in SSLSocketImpl and SSLEngineImpl. You may be able to find similar locking scenarios in SSLSocket implementation like: SSLEngineImpl.DelegatedTask.run()->TransportContext.dispatch()->SSLHandshake().consume()->HandshakeConsumer.consume()->SSLExtensions.product()->ServerHello.produce()->shc.handshakeSession = session. I understand where you came from for the NullPointerException in the bug. But it is hardly the direction to change the overall locking scenarios. Maybe, the close() function implementation could be focused on instead. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13742#discussion_r1262802858 From jnimeh at openjdk.org Thu Jul 13 16:50:10 2023 From: jnimeh at openjdk.org (Jamil Nimeh) Date: Thu, 13 Jul 2023 16:50:10 GMT Subject: RFR: 8310070: Test: javax/net/ssl/DTLS/DTLSWontNegotiateV10.java timed out In-Reply-To: References: Message-ID: On Mon, 26 Jun 2023 17:38:04 GMT, Matthew Donovan wrote: > In this PR, I updated the test to use read time-outs. The test is restarted if the read operations time-out within (default) 30 seconds. The test makes 5 attempts before giving up. Aside from the nit, looks good to me. test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java line 51: > 49: private static final String DTLSV_1_2 = "DTLSv1.2"; > 50: > 51: private static final int READ_TIMEOUT_SECS = Integer.getInteger("readtimeout", 30); Nit on line 37 (since I can't flag that directly): Maybe add 8310070 to the @bug line. ------------- Marked as reviewed by jnimeh (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14658#pullrequestreview-1528864782 PR Review Comment: https://git.openjdk.org/jdk/pull/14658#discussion_r1262818408 From sean.mullan at oracle.com Thu Jul 13 17:01:22 2023 From: sean.mullan at oracle.com (Sean Mullan) Date: Thu, 13 Jul 2023 13:01:22 -0400 Subject: RFD: Services lockdown for security providers In-Reply-To: <7c07a7b1-6c68-9534-59e1-1813439d7f47@redhat.com> References: <42a97a54-4301-e0f2-c746-b45d63d1b63d@redhat.com> <800238c6-56ff-a3b0-7af8-c01c3aa402a0@oracle.com> <4b159d35-ee2e-952d-8e22-c035e5ed17ea@oracle.com> <1a0ad927-2da8-c881-a80f-b4928341375f@redhat.com> <7c07a7b1-6c68-9534-59e1-1813439d7f47@redhat.com> Message-ID: <85e89abd-eac3-87df-9e4b-1fa2c36a6286@oracle.com> On 7/13/23 12:27 PM, Martin Balao wrote: > On 7/13/23 12:06, Sean Mullan wrote: >> One other comment that I thought of - is that from a practical >> standpoint, I think it will be hard to unilaterally disable an algorithm >> at the JCE layer unless it is so broken that almost no code ever uses >> it, say MD2 or RC2. There may be cases where a weak algorithm is >> acceptable, for example using MD5 for a checksum. (For a real example, >> UUID.nameUUIDFromBytes uses MD5 to generate a UUID). >> >> If you have a single case in your application where a weak algorithm is >> ok to use, you won't be able to disable it across the board. > > Yes, I agree with this observation. In fact, our original motivation was > not to disable an algorithm across the board but a specific > implementation of it ?i.e. blocking the implementation from provider X, > because we want the one from provider Y or prefer the algorithm not to > be available. What we also have in mind is using this enhancement in > combination with security profiles that can enforce policies of allowed > algorithms, at the risk of requiring changes in an application to be > compliant. > >> >> At the risk of complicating your syntax and implementation, it may be >> worth exploring adding the name of a class to the syntax for cases like >> this. But my comment is more about thinking about this a bit more first. >> >> Or perhaps adding some extensibility into the format would be a good >> idea in case we want to add something like this down the line. >> > > I have a couple of questions regarding this idea: > > 1) Isn't the class name an implementation detail? My concern is not much > on how to extend the syntax but on binding the filter value to internal > names. It is an application-specific detail. I would expect this to be applied by applications that are most familiar with their usage, and not as part of a global configuration. > 2) Why wouldn't a combination of Security Provider + Service Type + > Algorithm be enough to identify a specific implementation? Because that doesn't tell you who is calling the specific provider/service and whether that use case is acceptable or not. Also most code that calls JCE APIs doesn't specify a specific provider. Again, I think this needs more thought, and I am not suggesting this is the best course of action, but one thought is a syntax something like this: jdk.security.providers.filter=java.util.UUID.nameUUIDFromBytes:MessageDigest.MD5;!*.MessageDigest.MD5;* But, that would probably mean extending the implementation to do a stack walk to check if the specified class was one of the callers, which I am very wary about doing something like this. But the overall issue still remains for me. Maybe we should not be providing a way to unilaterally disable algorithms unless it can be used more effectively in practice. Otherwise I don't like the idea of telling a user they have to re-enable the algorithm even if they only have a single case where it is acceptable. --Sean > Thanks, > Martin.- > > >> --Sean >> >> >> On 7/13/23 11:44 AM, Martin Balao wrote: >>> Hi Sean, >>> >>> Thanks for your feedback. >>> >>> Just to give some visibility, we have implemented most of the >>> functionality and are now working on final adjustments, more tests >>> coverage, documentation and internal reviews. The implementation is >>> pretty much aligned to what we previously discussed, with the exception >>> of algorithm's alias that turned up to have more complexity than >>> anticipated ?particularly in the legacy mode of registering Services?. >>> >>> We will send a PR for public discussion in the coming weeks. >>> >>> Martin.- >>> >>> >>> On 6/14/23 12:40, Sean Mullan wrote: >>>> This proposal looks pretty good, although I think I would like to see >>>> more examples and a prototype if you have it. >>>> >>>> I think this would work well in conjunction with Sean Coffey's >>>> enhancement to add a security category to the java -XshowSettings option >>>> [1]. This would help debug issues with the syntax. The provider >>>> suboption could be enhanced (perhaps by default, perhaps with an >>>> additional suboption) to show the services that are disabled, ex, with >>>> the property set to >>>> >>>> jdk.security.providers.filter=!*.MessageDigest.MD5; >>>> !*.MessageDigest.MD2; *: >>>> >>>> it would show something like: >>>> >>>> ? ??????? Provider name: SUN >>>> ? ??????? Provider information: ... >>>> ? ??????? Provider services: (type : algorithm) >>>> ? ??????????? ... >>>> ? ??????????? MessageDigest : MD2 (disabled) >>>> ? ??????????? MessageDigest : MD5 (disabled) >>>> ? ??????????? ... >>>> >>>> I would even add that as a debugging tip in the documenting of the >>>> syntax. >>>> >>>> --Sean >>>> >>>> [1] https://github.com/openjdk/jdk/pull/14394 >>>> >>>> On 5/24/23 5:03 PM, Martin Balao wrote: >>>>> Hi, >>>>> >>>>> Thanks Anthony for your feedback. >>>>> >>>>> We've been exploring the syntax and semantics for this new property >>>>> further, with the goal of making it more consistent and simple while >>>>> retaining expressiveness power. We understand the importance of clarity >>>>> to minimize the risk of security providers, service types or algorithms >>>>> being unexpectedly enabled. >>>>> >>>>> In this new iteration of the proposal, we explore a filter that has >>>>> similarities to the serialization filter (jdk.serialFilter). We think >>>>> that it could be beneficial to leverage on a specification to which the >>>>> user is familiar already. >>>>> >>>>> >>>>> General structure >>>>> ==================== >>>>> >>>>> jdk.security.providers.filter=pattern-1; pattern-2; ...; pattern-n >>>>> >>>>> The property jdk.security.providers.filter is an overrideable Security >>>>> property. Thus, a System property with the same name exists and, when >>>>> specified, overrides any value in its Security counterpart. When not >>>>> specified (value is null), filtering capabilities are completely >>>>> disabled: all installed security providers, service types and >>>>> algorithms >>>>> are allowed. If any of these properties are set during run time, the >>>>> filter could be initialized already and the new value may not take >>>>> effect. >>>>> >>>>> When filtering capabilities are enabled, each service is checked >>>>> against >>>>> the filter before registration. Notice that this affects both the >>>>> initial list of security providers as well as those dynamically >>>>> installed during run time. Once a service is registered, instances >>>>> of it >>>>> can be obtained and used without any other checks that could affect >>>>> performance. >>>>> >>>>> The registration of a service involves a combination of a security >>>>> provider, service type and algorithm. Each combination is evaluated >>>>> against the filter patterns, from left to right. When a pattern matches >>>>> ?or, in other words, the rule concerns the service to be registered?, a >>>>> decision is made: the service will be allowed or denied. When a >>>>> decision >>>>> is made, remaining patterns are not checked for the service under >>>>> consideration. When all patterns are checked and a decision is not >>>>> made, >>>>> the default behavior is to deny the service registration. >>>>> >>>>> Contrary to the serialization filter, white spaces between patterns do >>>>> not have any significance. >>>>> >>>>> >>>>> Pattern matching >>>>> ===================================================== >>>>> >>>>> pattern := ! security-provider.service-type.algorithm >>>>> >>>>> pattern := security-provider.service-type.algorithm >>>>> >>>>> A canonical pattern consists of 3 hierarchical levels separated by ".". >>>>> ?? From left to right in lexicographic order, these levels denote a >>>>> security provider, a service type and an algorithm. If a pattern starts >>>>> with "!", the decision made upon matching is to deny the service >>>>> registration. Otherwise, the service registration is allowed. White >>>>> spaces between "!" and the rest of the pattern do not have any >>>>> significance. >>>>> >>>>> For a match to be successful, the security provider name, the service >>>>> type and the algorithm have to match the pattern exactly (case >>>>> insensitive). If the service type of a security provider interprets the >>>>> algorithm as a transformation composed of different parts, the full >>>>> transformation has to be specified in the pattern: the filter takes a >>>>> conservative approach and does not make any assumptions of what an >>>>> algorithm name means. For example, "AES" as the algorithm of a >>>>> canonical >>>>> filter pattern will not match an "AES/ECB/PKCS5Padding" transformation. >>>>> >>>>> If an algorithm alias is specified in the filter pattern, a service >>>>> registering the alias will be matched. >>>>> >>>>> For convenience, it's possible to specify patterns in non-canonical >>>>> forms: >>>>> >>>>> 1) At any level, the security provider, the service type or the >>>>> algorithm name can contain wildcards ("*") to represent zero or more >>>>> repetitions of any character; >>>>> >>>>> 2) The .algorithm part can be omitted to imply all algorithms under the >>>>> security provider and service type; >>>>> >>>>> 3) The .service-type.algorithm part can be omitted to imply all service >>>>> types and algorithms under the security provider; and, >>>>> >>>>> 4) The non-canonical form #1 can be combined with either #2 or #3. >>>>> >>>>> >>>>> Security provider, service type and algorithm names escaping >>>>> ================================================================= >>>>> >>>>> If the security provider, service type or algorithm name contains >>>>> any of >>>>> the characters "\", ".", ";" or "*", they have to be escaped by >>>>> prepending the character "\". If the character "\" is found not >>>>> escaping >>>>> a character, it's silently discarded. >>>>> >>>>> White spaces are discarded at the beginning and end of names. >>>>> >>>>> It's worth mentioning that the described escaping rules apply to the >>>>> jdk.security.providers.filter property value as read in >>>>> java.lang.System::getProperty or java.security.Security::getProperty. >>>>> Additional escaping might be needed depending on how the property is >>>>> passed. For example, Security properties require "\" characters to be >>>>> escaped. Thus, to match a provider name whose name is "\.", a filter >>>>> would require the "jdk.security.providers.filter=\\\\\\." entry in the >>>>> java.security file. See more about this in java.util.Properties::load >>>>> [1]. >>>>> >>>>> >>>>> Examples (correct) >>>>> ==================== >>>>> >>>>> -- >>>>> >>>>> Enable all security providers, service types and algorithms: >>>>> >>>>> jdk.security.providers.filter= >>>>> >>>>> or >>>>> >>>>> jdk.security.providers.filter=* >>>>> >>>>> or >>>>> >>>>> jdk.security.providers.filter=*.* >>>>> >>>>> or >>>>> >>>>> jdk.security.providers.filter=*.*.* >>>>> >>>>> -- >>>>> >>>>> Enable everything except for the MD5 algorithm in MessageDigest >>>>> services >>>>> when implemented by the SUN security provider: >>>>> >>>>> jdk.security.providers.filter=!SUN.MessageDigest.MD5; * >>>>> >>>>> -- >>>>> >>>>> Enable everything except for the MD5 algorithm in MessageDigest >>>>> services, irrespective of the security provider: >>>>> >>>>> jdk.security.providers.filter=!*.MessageDigest.MD5; * >>>>> >>>>> -- >>>>> >>>>> Enable everything except for algorithms using MD5, irrespective of the >>>>> security provider and the service type: >>>>> >>>>> jdk.security.providers.filter=!*.*.*MD5*; * >>>>> >>>>> Notice that in this case there are wildcards at the beginning and >>>>> end of >>>>> the algorithm name. The reason is to match MD5 uses in algorithms such >>>>> as HmacMD5, MD5withRSA, PBEWithMD5AndDES, etc. >>>>> >>>>> -- >>>>> >>>>> Enable everything except for the RC4 algorithm in Cipher services when >>>>> implemented by the SunJCE security provider: >>>>> >>>>> jdk.security.providers.filter=!SunJCE.Cipher.ARCFOUR; * >>>>> >>>>> or >>>>> >>>>> jdk.security.providers.filter=!SunJCE.Cipher.RC4; * >>>>> >>>>> or >>>>> >>>>> jdk.security.providers.filter=!SunJCE.Cipher.1\.2\.840\.113549\.3\.4; * >>>>> >>>>> -- >>>>> >>>>> Enable the SUN security provider only, with all its service types and >>>>> algorithms. Other security providers must be disabled. >>>>> >>>>> jdk.security.providers.filter=SUN >>>>> >>>>> -- >>>>> >>>>> Enable the SUN security provider only, with all its service types and >>>>> algorithms except for MessageDigest. Other security providers must be >>>>> disabled. >>>>> >>>>> jdk.security.providers.filter=!SUN.MessageDigest; SUN >>>>> >>>>> -- >>>>> >>>>> >>>>> Examples (mistakes) >>>>> ==================== >>>>> >>>>> -- >>>>> >>>>> Enable everything except for the MD5 algorithm, irrespective of the >>>>> security provider and the service type: >>>>> >>>>> jdk.security.providers.filter=*; !*.*.MD5 >>>>> >>>>> This is wrong because the pattern "*" is matched first and a decision >>>>> allowing MD5 will be made immediately after. The pattern "!*.*.MD5" >>>>> will >>>>> never be checked. >>>>> >>>>> -- >>>>> >>>>> Enable all SUN service types except for MessageDigest. Disable other >>>>> security providers. >>>>> >>>>> jdk.security.providers.filter=!SUN.MessageDigest >>>>> >>>>> While non-SUN security providers are effectively disabled, this is >>>>> wrong >>>>> because SUN services other than MessageDigest will not match any >>>>> pattern >>>>> and, by default, the decision is to deny registration. >>>>> >>>>> -- >>>>> >>>>> Enable the SunPKCS11 security provider only. >>>>> >>>>> jdk.security.providers.filter=SunPKCS11 >>>>> >>>>> This is wrong because the SunPKCS11 provider has to be identified by >>>>> its >>>>> name instead of its class. A possible name would have the form of >>>>> SunPKCS11-NAME. In a filter, this can be matched either by >>>>> "SunPKCS11-NAME" or "SunPKCS11-*". >>>>> >>>>> -- >>>>> >>>>> >>>>> Look forward to your thoughts. >>>>> >>>>> Thanks.- >>>>> >>>>> >>>>> -- >>>>> [1] - >>>>> https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/util/Properties.html#load%28java.io.Reader%29 >>>>> >>>>> (?) - Thanks to Francisco Ferrari (@fferrari) for his contributions to >>>>> this proposal. >>>>> >>>>> >>>>> >>>>> >>>>> On 2/24/23 14:49, Anthony Scarpino wrote: >>>>>> Hi Martin, >>>>>> >>>>>> Interesting proposal.? I think Alternative 1 is a better direction to >>>>>> explore from a code structure standpoint.? If I remember correctly, >>>>>> Preferred Provider is accessed when getting a service or instance >>>>>> of the >>>>>> algorithm.? That happens on a per-operation basis.? What you >>>>>> describe is >>>>>> something that would reshape contents of the ProviderList where >>>>>> algorithms or services would not be in the list at all.? That is >>>>>> were I >>>>>> think #2 gets too complex in trying to handle both in the same >>>>>> property. >>>>>> ?? ?#2 may end up putting all checks in a per-operation check, >>>>>> hindering >>>>>> performance every time as the list grows. >>>>>> >>>>>> I agree this is mostly used in the FIPS situation or where someone >>>>>> wants >>>>>> to disable an algorithm completely, say MD5.? In those cases it's best >>>>>> to just prevent the algorithm from ever being available. >>>>>> >>>>>> On the smaller details side that you list.? I think the name >>>>>> ".enabled" >>>>>> doesn't fit, particularly as the first thing in the example >>>>>> disables all >>>>>> Ciphers :).? I don't have any suggestions at this time. >>>>>> >>>>>> As far as the syntax.? I think it maybe a bit difficult to parse in >>>>>> code >>>>>> and mental to disable all Ciphers, then enable just for SunJCE and >>>>>> SUN. >>>>>> The SUN '*" confused me until I realized you were enabling Ciphers. >>>>>> Seems too easy to get wrong.? I know you weren't making a formal spec, >>>>>> but we have to start somewhere. >>>>>> >>>>>> thanks >>>>>> >>>>>> Tony >>>>>> >>>>>> >>>>>> On 2/17/23 10:52 AM, Martin Balao wrote: >>>>>>> Hi, >>>>>>> >>>>>>> We would like to discuss a limitation in the current configuration >>>>>>> capabilities for security providers and possible solutions that we >>>>>>> are >>>>>>> exploring (?). >>>>>>> >>>>>>> As you know, current configuration capabilities in java.security >>>>>>> allow >>>>>>> users to install security providers, decide their priority in a list >>>>>>> (security.provider. properties) and even circumvent this priority >>>>>>> for specific algorithms (jdk.security.provider.preferred property). >>>>>>> However, there is no granularity in terms of what service types and >>>>>>> algorithms are enabled once a security provider is installed: it's an >>>>>>> all or nothing scheme. It is worth noting that security providers can >>>>>>> bring with them a diverse range of service types. As an example, the >>>>>>> SUN security provider comes with the following service types: >>>>>>> SecureRandom, Signature, KeyPairGenerator, >>>>>>> AlgorithmParameterGenerator, AlgorithmParameters, KeyFactory, >>>>>>> MessageDigest, CertificateFactory, KeyStore, CertStore, Policy, >>>>>>> Configuration, CertPathBuilder and CertPathValidator [1]. >>>>>>> >>>>>>> In some cases, the user may need to enforce that all cryptographic >>>>>>> primitives come from a specific security provider. This could happen, >>>>>>> for example, when operating in a FIPS-compliant environment or under >>>>>>> strict security policies. To better illustrate, let's say that the >>>>>>> user requires that all cryptographic operations are performed in a >>>>>>> Hardware Security Module (HSM). On the OpenJDK side, this means that >>>>>>> the implementation for Cipher, Signature, Mac and other cryptographic >>>>>>> services must be the one in the SunPKCS11 security provider. Let's >>>>>>> also suppose that other non-cryptographic services such as those for >>>>>>> certificates validation and TLS are required, and their >>>>>>> implementation >>>>>>> is in the SUN and SunJSSE security providers respectively. Setting >>>>>>> SunPKCS11 at the highest priority of the list is not a strong >>>>>>> guarantee to ensure that all cryptographic operations come from it: >>>>>>> it's possible that an algorithm for Signature is not implemented in >>>>>>> SunPKCS11 or in its underlying token but in the SUN security >>>>>>> provider. >>>>>>> Disabling the SUN security provider wouldn't be an option in this >>>>>>> case >>>>>>> because we need its certificates validation service. >>>>>>> >>>>>>> This problem goes beyond OpenJDK default security providers. Even if >>>>>>> we come up with a new layout for service types, algorithms and >>>>>>> providers ?putting backward compatibility issues aside?, there is >>>>>>> always the possibility that a 3rd party security provider does not >>>>>>> follow any services grouping convention. It might also be the case >>>>>>> that we need to disable a specific algorithm only ?i.e. for >>>>>>> cryptographic policy reasons? and TLS or JAR signing properties fall >>>>>>> short. >>>>>>> >>>>>>> In our view, it would be beneficial to add more configuration >>>>>>> flexibility and control to the existing API in which any security >>>>>>> provider can be plugged in, in the form of deciding which service >>>>>>> types and algorithms are enabled for each installed provider. >>>>>>> >>>>>>> There are 2 alternatives that we are exploring to tackle this >>>>>>> problem. >>>>>>> >>>>>>> Alternative #1 >>>>>>> =========================== >>>>>>> >>>>>>> Introduce a new security property to decide which service types and >>>>>>> algorithms are enabled for each security provider. The default value >>>>>>> for this property would be empty, which keeps this feature disabled >>>>>>> and all services from installed security providers available. >>>>>>> >>>>>>> As for the new property's syntax and semantics, we've been >>>>>>> considering >>>>>>> an allow-list along the lines of: >>>>>>> >>>>>>> jdk.security.provider.enabled = security-provider-1 { >>>>>>> service-type-1 : >>>>>>> alg-1, ... ; ... } , ... >>>>>>> >>>>>>> Note: we need a formal syntax specification, this is for illustration >>>>>>> only. >>>>>>> >>>>>>> As part of the syntax we are considering the use of wildcards (*) to >>>>>>> match multiple security providers, service types and algorithms, and >>>>>>> minus signs (-) to remove service types. When a service type is >>>>>>> removed, the action applies to all algorithms and any attempt to >>>>>>> specify them explicitly would be an error. The minus sign cannot be >>>>>>> used at the algorithm level. We are also thinking that in case of a >>>>>>> partial or total contradiction between conditions, the right-most >>>>>>> value applies on top of the others. If a security provider, service >>>>>>> type or algorithm does not exist, we can simply write a debug warning >>>>>>> and ignore it. As for the name of the algorithms, we can also include >>>>>>> Ciphers transformations. >>>>>>> >>>>>>> Example: >>>>>>> >>>>>>> jdk.security.provider.enabled = * { -Cipher }, SunJCE { Cipher : >>>>>>> AES/GCM/NoPadding, DES ; Signature }, SUN { * ; -Signature } >>>>>>> >>>>>>> This would be interpreted as: >>>>>>> >>>>>>> ????* Irrespective of the provider (*), Cipher services should be >>>>>>> removed (-). This rule would be superfluous in this case because the >>>>>>> property itself is an allow-list and there is nothing to the left >>>>>>> that >>>>>>> enables Cipher service types for any provider. >>>>>>> ????* From the SunJCE security provider, Cipher services with >>>>>>> AES/GCM/NoPadding and DES transformations are allowed, and Signature >>>>>>> services with any algorithm are allowed. Notice that there is a >>>>>>> shortcut here: the algorithm list that follows the service name, "': >>>>>>> alg-1, ..." is optional. When omitted all the service's algorithms >>>>>>> are >>>>>>> enabled. >>>>>>> ????* From the SUN security provider, every service type is allowed >>>>>>> except Signature (recall that a minus sign can only apply to a >>>>>>> service, removing all associated algorithms). >>>>>>> >>>>>>> It's not the goal of this proposal to invalidate property values that >>>>>>> lead to inconsistent internal states, such as "the Cipher service of >>>>>>> SunJCE depends on AlgorithmParameters from SUN". This is because the >>>>>>> combinations for a check are virtually infinite: there can be 3rd >>>>>>> party security providers with their own semantics and >>>>>>> dependencies. In >>>>>>> the same way, we cannot determine at start time any application >>>>>>> dependencies. It's up to the user to analyze all types of >>>>>>> dependencies >>>>>>> before setting a value. >>>>>>> >>>>>>> >>>>>>> Alternative #2 >>>>>>> =========================== >>>>>>> >>>>>>> Introduce a boolean security property to turn the value of the >>>>>>> existing jdk.security.provider.preferred property into the only >>>>>>> combinations of algorithm, service and provider that are allowed: >>>>>>> >>>>>>> jdk.security.provider.preferredOnly = true >>>>>>> >>>>>>> The default value for the new property would be "false", keeping the >>>>>>> current "preferred" behavior in which all algorithms and services >>>>>>> from >>>>>>> installed security providers are available. >>>>>>> >>>>>>> Contrary to Alternative #1, the user has to explicitly list the >>>>>>> algorithms and cannot rely on wildcards to express wide categories >>>>>>> such as "all Cipher algorithms from SunJCE" or "all algorithms from >>>>>>> SunJCE". The use of minus signs to remove service types or algorithms >>>>>>> wouldn't be available either. >>>>>>> >>>>>>> In order to mitigate the burden on users we can consider extending >>>>>>> jdk.security.provider.preferred syntax as long as we keep >>>>>>> backward-compatibility and stay within the boundaries of a >>>>>>> "preferred" >>>>>>> semantics. For example, we can accept a value of >>>>>>> "jdk.security.provider.preferred=SunJCE" to mean that any service and >>>>>>> any algorithm from SunJCE is either preferred or allowed, >>>>>>> depending on >>>>>>> the value of jdk.security.provider.preferredOnly. This case would >>>>>>> be a >>>>>>> service type and algorithm wildcard. We can also define an >>>>>>> algorithms-only wildcard, such as Cipher.*:SunJCE. >>>>>>> >>>>>>> Alternative #2 has the advantage of reusing most or all of the >>>>>>> existing syntax. However, it's worth noticing that it implies an >>>>>>> overloaded semantic that can turn confusing or inconvenient in some >>>>>>> cases. As an example, a user that relies on the prioritized security >>>>>>> providers list for most of the algorithms and has only a few >>>>>>> preferred >>>>>>> exceptions, would need to express preferences by extension upon >>>>>>> turning on this feature. Alternative #1 keeps preferences and >>>>>>> availability as two separate concepts, in a more clear way. >>>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> Martin.- >>>>>>> >>>>>>> -- >>>>>>> [1] - >>>>>>> https://docs.oracle.com/en/java/javase/17/security/oracle-providers.html#GUID-3A80CC46-91E1-4E47-AC51-CB7B782CEA7D >>>>>>> (?) - Thanks to @fferrari for his contributions to this proposal. >>>>>>> >>>>>> >>>>> >>>> >>> >> > From mdonovan at openjdk.org Thu Jul 13 17:40:12 2023 From: mdonovan at openjdk.org (Matthew Donovan) Date: Thu, 13 Jul 2023 17:40:12 GMT Subject: RFR: 8310070: Test: javax/net/ssl/DTLS/DTLSWontNegotiateV10.java timed out In-Reply-To: References: Message-ID: On Thu, 13 Jul 2023 16:47:14 GMT, Jamil Nimeh wrote: >> In this PR, I updated the test to use read time-outs. The test is restarted if the read operations time-out within (default) 30 seconds. The test makes 5 attempts before giving up. > > test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java line 51: > >> 49: private static final String DTLSV_1_2 = "DTLSv1.2"; >> 50: >> 51: private static final int READ_TIMEOUT_SECS = Integer.getInteger("readtimeout", 30); > > Nit on line 37 (since I can't flag that directly): Maybe add 8310070 to the @bug line. On previous PRs, I've been told that test-only updates don't need the bug id. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14658#discussion_r1262873629 From jnimeh at openjdk.org Thu Jul 13 17:52:14 2023 From: jnimeh at openjdk.org (Jamil Nimeh) Date: Thu, 13 Jul 2023 17:52:14 GMT Subject: RFR: 8310070: Test: javax/net/ssl/DTLS/DTLSWontNegotiateV10.java timed out In-Reply-To: References: Message-ID: On Thu, 13 Jul 2023 17:36:47 GMT, Matthew Donovan wrote: >> test/jdk/javax/net/ssl/DTLS/DTLSWontNegotiateV10.java line 51: >> >>> 49: private static final String DTLSV_1_2 = "DTLSv1.2"; >>> 50: >>> 51: private static final int READ_TIMEOUT_SECS = Integer.getInteger("readtimeout", 30); >> >> Nit on line 37 (since I can't flag that directly): Maybe add 8310070 to the @bug line. > > On previous PRs, I've been told that test-only updates don't need the bug id. Works for me. Then as far as I'm concerned you're good to go. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14658#discussion_r1262886217 From mdonovan at openjdk.org Thu Jul 13 17:55:03 2023 From: mdonovan at openjdk.org (Matthew Donovan) Date: Thu, 13 Jul 2023 17:55:03 GMT Subject: Integrated: 8310070: Test: javax/net/ssl/DTLS/DTLSWontNegotiateV10.java timed out In-Reply-To: References: Message-ID: On Mon, 26 Jun 2023 17:38:04 GMT, Matthew Donovan wrote: > In this PR, I updated the test to use read time-outs. The test is restarted if the read operations time-out within (default) 30 seconds. The test makes 5 attempts before giving up. This pull request has now been integrated. Changeset: af7f95e2 Author: Matthew Donovan URL: https://git.openjdk.org/jdk/commit/af7f95e24ad5981c5de4b5dbf37da6f4f5e42129 Stats: 44 lines in 1 file changed: 30 ins; 0 del; 14 mod 8310070: Test: javax/net/ssl/DTLS/DTLSWontNegotiateV10.java timed out Reviewed-by: jnimeh ------------- PR: https://git.openjdk.org/jdk/pull/14658 From jlu at openjdk.org Thu Jul 13 18:07:54 2023 From: jlu at openjdk.org (Justin Lu) Date: Thu, 13 Jul 2023 18:07:54 GMT Subject: RFR: 8311081: KeytoolReaderP12Test.java fail on localized Windows platform [v2] In-Reply-To: References: Message-ID: > Please review this PR which addresses `KeytoolReaderP12Test.java` failing for non-English locale users. > > This test checks output from keytool, but fails on finding the value 'alias name' for non-English locale users. This is because 'alias name' is a localized value. (For example, in `ja` this is '??'). > > To fix the failing issue, the keytool process should be ran with `-J-Duser.language=en -J-Duser.country=US`. Justin Lu has updated the pull request incrementally with two additional commits since the last revision: - Revert spacing changes to KeytoolReaderP12Test.java - Move English locale params to executeKeytoolCommand ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14806/files - new: https://git.openjdk.org/jdk/pull/14806/files/57765c77..452a603d Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14806&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14806&range=00-01 Stats: 18 lines in 2 files changed: 3 ins; 4 del; 11 mod Patch: https://git.openjdk.org/jdk/pull/14806.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14806/head:pull/14806 PR: https://git.openjdk.org/jdk/pull/14806 From jlu at openjdk.org Thu Jul 13 18:08:23 2023 From: jlu at openjdk.org (Justin Lu) Date: Thu, 13 Jul 2023 18:08:23 GMT Subject: RFR: 8311081: KeytoolReaderP12Test.java fail on localized Windows platform In-Reply-To: References: Message-ID: On Fri, 7 Jul 2023 18:58:02 GMT, Justin Lu wrote: > Please review this PR which addresses `KeytoolReaderP12Test.java` failing for non-English locale users. > > This test checks output from keytool, but fails on finding the value 'alias name' for non-English locale users. This is because 'alias name' is a localized value. (For example, in `ja` this is '??'). > > To fix the failing issue, the keytool process should be ran with `-J-Duser.language=en -J-Duser.country=US`. I have updated the fix so that `executeKeytoolCommand()` itself always sets the English locale params, as `executeKeytoolCommand()` is not used in any sort of intentional localized testing. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14806#issuecomment-1634678111 From mullan at openjdk.org Thu Jul 13 18:19:03 2023 From: mullan at openjdk.org (Sean Mullan) Date: Thu, 13 Jul 2023 18:19:03 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: Message-ID: On Thu, 13 Jul 2023 02:46:10 GMT, Valerie Peng wrote: > This change adds back the Reference.ReachabilityFence(Object) call removed by [JDK-8301553](https://bugs.openjdk.org/browse/JDK-8301553). > > Please help review. > Thanks! > Valerie src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java line 1: > 1: /* I believe you also want to revert the changes made to `getPassword()`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14859#discussion_r1262912744 From mullan at openjdk.org Thu Jul 13 18:30:14 2023 From: mullan at openjdk.org (Sean Mullan) Date: Thu, 13 Jul 2023 18:30:14 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: Message-ID: On Thu, 13 Jul 2023 02:46:10 GMT, Valerie Peng wrote: > This change adds back the Reference.ReachabilityFence(Object) call removed by [JDK-8301553](https://bugs.openjdk.org/browse/JDK-8301553). > > Please help review. > Thanks! > Valerie src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java line 1: > 1: /* I also think the change which moved the registering of the `Cleaner` outside the `finally` block in the constructor is not correct, as the passwd is no longer zero-ed out if the code after that throws an Exception. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14859#discussion_r1262922031 From lancea at openjdk.org Thu Jul 13 19:44:12 2023 From: lancea at openjdk.org (Lance Andersen) Date: Thu, 13 Jul 2023 19:44:12 GMT Subject: RFR: 8311081: KeytoolReaderP12Test.java fail on localized Windows platform [v2] In-Reply-To: References: Message-ID: On Thu, 13 Jul 2023 18:07:54 GMT, Justin Lu wrote: >> Please review this PR which addresses `KeytoolReaderP12Test.java` failing for non-English locale users. >> >> This test checks output from keytool, but fails on finding the value 'alias name' for non-English locale users. This is because 'alias name' is a localized value. (For example, in `ja` this is '??'). >> >> To fix the failing issue, the keytool process should be ran with `-J-Duser.language=en -J-Duser.country=US`. > > Justin Lu has updated the pull request incrementally with two additional commits since the last revision: > > - Revert spacing changes to KeytoolReaderP12Test.java > - Move English locale params to executeKeytoolCommand Marked as reviewed by lancea (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14806#pullrequestreview-1529134056 From valeriep at openjdk.org Thu Jul 13 20:52:04 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Thu, 13 Jul 2023 20:52:04 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: Message-ID: On Thu, 13 Jul 2023 18:16:21 GMT, Sean Mullan wrote: >> This change adds back the Reference.ReachabilityFence(Object) call removed by [JDK-8301553](https://bugs.openjdk.org/browse/JDK-8301553). >> >> Please help review. >> Thanks! >> Valerie > > src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java line 1: > >> 1: /* > > I believe you also want to revert the changes made to `getPassword()`. Yes, I will do that. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14859#discussion_r1263041588 From valeriep at openjdk.org Thu Jul 13 21:03:58 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Thu, 13 Jul 2023 21:03:58 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: <1HJGC1CrE5aqAaogrzoW1ZhxdnzGLeR-z1857YENk_8=.3c292fba-897a-4fd4-82ce-a38d0ff85be5@github.com> References: <1HJGC1CrE5aqAaogrzoW1ZhxdnzGLeR-z1857YENk_8=.3c292fba-897a-4fd4-82ce-a38d0ff85be5@github.com> Message-ID: On Thu, 13 Jul 2023 04:15:54 GMT, Xue-Lei Andrew Fan wrote: > It looks good to me to rollback to previous behaviors. I was just wondering, if the use of key in other methods, like hashCode()/equals(), has the similar issue? Thanks! For the usage of hashCode()/equals(), there should be strong reference to the key object for the usage scenarios I'd think. Thus, probably not an issue? ------------- PR Comment: https://git.openjdk.org/jdk/pull/14859#issuecomment-1634913864 From valeriep at openjdk.org Thu Jul 13 21:03:59 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Thu, 13 Jul 2023 21:03:59 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: Message-ID: On Thu, 13 Jul 2023 18:27:08 GMT, Sean Mullan wrote: >> This change adds back the Reference.ReachabilityFence(Object) call removed by [JDK-8301553](https://bugs.openjdk.org/browse/JDK-8301553). >> >> Please help review. >> Thanks! >> Valerie > > src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java line 1: > >> 1: /* > > I also think the change which moved the registering of the `Cleaner` outside the `finally` block in the constructor is not correct, as the passwd is no longer zero-ed out if the code after that throws an Exception. Per my reading of the code. the cleaner is only used when the PBKDF2 key constructor succeeds. If an exception occurred, then the passwd cleanup is handled by the if (key == null) condition in the finally block. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14859#discussion_r1263049090 From mullan at openjdk.org Thu Jul 13 21:17:13 2023 From: mullan at openjdk.org (Sean Mullan) Date: Thu, 13 Jul 2023 21:17:13 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: Message-ID: On Thu, 13 Jul 2023 20:58:45 GMT, Valerie Peng wrote: >> src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java line 1: >> >>> 1: /* >> >> I also think the change which moved the registering of the `Cleaner` outside the `finally` block in the constructor is not correct, as the passwd is no longer zero-ed out if the code after that throws an Exception. > > Per my reading of the code. the cleaner is only used when the PBKDF2 key constructor succeeds. If an exception occurred, then the passwd cleanup is handled by the if (key == null) condition in the finally block. Yes, took another closer look at the code and you are right. So, never mind this comment. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14859#discussion_r1263060330 From prappo at openjdk.org Thu Jul 13 22:57:49 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Thu, 13 Jul 2023 22:57:49 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v9] In-Reply-To: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: > Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. > > I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. > > * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. > > * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. > > * BitArray could be a topic of its own, but I'll do my best to be concise. > > * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. > * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). > > * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: > > // check certs > if (this.certs == null && that.certs != null || > this.certs != null && that.certs == null || > this.certs != null && > this.certs.length != that.certs.length) { > return false; > } > > int i,j; > boolean match; > > for (i = 0; this.certs != nu... Pavel Rappo has updated the pull request incrementally with five additional commits since the last revision: - Feedback: avoid intermediate assignments - More previously missed cases - Fix: log hashCode as an unsigned long If they don't match, this test fails: test/jdk/jdk/security/logging/TestX509ValidationLog.java - Fix: match hashCode implementations hashCode in the included classes must match that of javax.crypto.spec.SecretKeySpec.hashCode. If they don't match, this test fails: test/jdk/javax/crypto/KeyGenerator/CompareKeys.java - Fix: revert short-circuiting when destroyed That change caused this test to fail: test/jdk/javax/security/auth/kerberos/KerberosHashEqualsTest.java ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14738/files - new: https://git.openjdk.org/jdk/pull/14738/files/457b9c56..3caa774d Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=08 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=07-08 Stats: 90 lines in 11 files changed: 23 ins; 25 del; 42 mod Patch: https://git.openjdk.org/jdk/pull/14738.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14738/head:pull/14738 PR: https://git.openjdk.org/jdk/pull/14738 From prappo at openjdk.org Thu Jul 13 22:58:03 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Thu, 13 Jul 2023 22:58:03 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v8] In-Reply-To: <-trukyY0g7D4huUrA8u9GBY13F_8Pyza8rPOlRMgUSM=.9fac7a62-4c79-4a42-b9f3-d4c1b60f6662@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <-trukyY0g7D4huUrA8u9GBY13F_8Pyza8rPOlRMgUSM=.9fac7a62-4c79-4a42-b9f3-d4c1b60f6662@github.com> Message-ID: <7khlBXOjoT13bIFjaz2FxpfWQ2aJ2A0xaZGpyhG-LCM=.7ea21e5f-bd21-4901-9c7d-7d37c70ad218@github.com> On Thu, 13 Jul 2023 08:51:23 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 12 additional commits since the last revision: > > - Much more cases: apologies for extra review work > - Merge branch 'master' into 8311170 > - Merge branch 'master' into 8311170 > - Reflow previously missed doc comment > - Reflow doc comment as suggested > - Revert for readability > - Merge branch 'master' into 8311170 > - Be consistent with the rest of the change > - Fix reported bugs > - Add even more cases and tidy up > - ... and 2 more: https://git.openjdk.org/jdk/compare/2e25106e...457b9c56 > I pushed a new commit, [457b9c5](https://github.com/openjdk/jdk/commit/457b9c56a937b98d64201ce378f6960f769dcf65) > > FWIW, the tests are green. Our CI disagrees with me: testing at 457b9c56a93 revealed three failures. Apologies for misinforming my reviewers. At 3caa774d007 all three failures are fixed, more previously missed use cases are addressed, [feedback](https://github.com/openjdk/jdk/pull/14738#discussion_r1262696059) from @RogerRiggs is incorporated, and the tests are run. This time, the tests are completely green, not just mostly green; I double-checked that. A few comments on new commits. * 6d339fce adds a must-have null-check to equals here. https://github.com/openjdk/jdk/blob/3caa774d007d6a133fd1238f3c4459b1a15d6050/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java#L167 I believe there's no compatibility risk. * f83c1578f13 fixes a peculiar failure related to (JFR?) security events. PKIXCertPathValidator generates an event that TestX509ValidationLog checks. While the actual and the expected formats have mismatched for some time, the bug reveals itself only now because the new hashCode implementation returns a negative int value, which is not expected. I don't know how big can an X.509 key be, but in TestX509ValidationLog it's 294 bytes. That corresponds to a maximum possible old hash code value of 1,392,678, which is a positive int. Now, if my figures are correct, it would require a key of a minimum size of 453,343 (443 kB) for the old hashCode implementation to overflow and return a negative int. And even then, the overflow will only happen if the key consists of all `0xff` bytes, which probably is a bad key. So, in reality, the key would need to be bigger than that for the old hash code to overflow. Hence, the failure hasn't been previously observed. With the new hashCode implementation, it takes as few as 1 byte to overflow. Because I think that it's unreasonable to require hashCode to not be negative, I fix the test, not code. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14738#issuecomment-1635026100 From jpai at openjdk.org Fri Jul 14 01:04:22 2023 From: jpai at openjdk.org (Jaikiran Pai) Date: Fri, 14 Jul 2023 01:04:22 GMT Subject: RFR: 8301686: TLS 1.3 handshake fails if server_name doesn't match resuming session [v2] In-Reply-To: References: Message-ID: <2c9O6G1ia9jD1m_-bRkX02ZDPo8U5nl79gtU_4gOGw4=.f6757325-8f08-4f7d-906e-5c16856281ce@github.com> On Wed, 26 Apr 2023 11:51:23 GMT, Jaikiran Pai wrote: >> Can I please get a review of this change which proposes to fix the issue reported in https://bugs.openjdk.org/browse/JDK-8301686? >> >> The internal implementation of SSLContext caches SSLSession(s). These sessions are for a particular combination or peer host and port. When a TLS handshake completes successfully, the session is then stored in this cache. If/when subsequent handshake attempts against the same host/port combination happens, using this same SSLContext instance, then the internal implementation triggers a session resumption, which is allowed by the TLS RFC. During session resumption, the client then uses the pre-shared key from the previous successful handshake and sends it as part of the `ClientHello` message. >> >> One other part of the TLS handshake is the `server_name` extension. The client sends a `SNI` in the handshake which the server side can either reject or accept. To facilitate this matching on the server side, the `javax.net.ssl.SNIMatcher` can be configured on the (server side) `SSLParameters`. Setting of `SNIMatcher` is optional. >> >> If a successful handshake session (that was cached by the client) used a SNI name which the server accepted, then this SNI name is sent as part of the session resumption `ClientHello` along with the pre-shared key. The current issue is that, during session resumption, on the server side, if the `SNIMatcher` is no longer present, then the server rightly aborts the session resumption, but still ends up sending the pre-shared key extension as part of the `ServerHello` message. The client, upon seeing this pre-shared key extension in the `ServerHello` considers that the session resumption succeeded and ends up using that pre-shared key to derive the early secret. On the server side though, the server has already rejected this resumption request and thus when the client next sends data, the server will no longer be able to decode the data and will fail with `javax.crypto.AEADBadTagException: Tag mismatch` as noted in the JBS issue. >> >> The change in this PR, removes the pre-shared key extension data from the `ServerHello` message, when the server side notices that the session resumption is being aborted. >> >> A new jtreg test has been added which reproduces the issue and verifies the fix. Existing tests in tier1, tier2 and tier3 continue to pass with this change. > > Jaikiran Pai has updated the pull request incrementally with one additional commit since the last revision: > > review comment - use SSLContextTemplate for SSLContext creation in test Please keep open. Waiting for a review from security-libs team. ------------- PR Comment: https://git.openjdk.org/jdk/pull/13669#issuecomment-1635107692 From duke at openjdk.org Fri Jul 14 02:05:15 2023 From: duke at openjdk.org (Craig Andrews) Date: Fri, 14 Jul 2023 02:05:15 GMT Subject: RFR: JDK-8311892: TrustManagerFactory loading an invalid keystore yield vague exception In-Reply-To: References: Message-ID: On Tue, 11 Jul 2023 18:09:26 GMT, Craig Andrews wrote: > When loading the default JVM trust store, if the JVM trust store contains an invalid certificate, the exception contains insufficient information to determine which certificate is invalid, making it very difficult to fix the problem. > > To reproduce the issue: > 1. Modify the default JVM trust store to contain invalid information. A very easy way to do this on openjdk / red hat systems is to edit /etc/pki/ca-trust/extracted/java/cacerts and add garbage text to the file. > 2. Run this code: > > TrustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); > // initializing the trust store with a null KeyStore will load the default JVM trust store > tmf.init((KeyStore) null); > > > This stack trace results: > > Caused by: java.security.KeyStoreException: problem accessing trust store > at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73) > at java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:282) > ... 81 common frames omitted > Caused by: java.io.IOException: toDerInputStream rejects tag type 97 > at java.base/sun.security.util.DerValue.toDerInputStream(DerValue.java:1155) > at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2013) > at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221) > at java.base/java.security.KeyStore.load(KeyStore.java:1473) > at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:390) > at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:336) > at java.base/sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:57) > at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49) > ... 83 common frames omitted > > > Throwing an exception with a more detailed error message facilitates debugging and ultimately fixing such problems. Caused by: java.security.KeyStoreException: problem accessing trust store at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73) at java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:282) ... 73 common frames omitted Caused by: java.security.KeyStoreException: Failed to load key store: /usr/lib/jvm/java-17-openjdk-17.0.7.0.7-5.fc38.x86_64/lib/security/cacerts at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:390) at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:336) at java.base/sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:57) at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49) ... 79 common frames omitted Caused by: java.io.IOException: toDerInputStream rejects tag type 97 at java.base/sun.security.util.DerValue.toDerInputStream(DerValue.java:1155) at java.base/sun.security.pkcs12.PKCS12KeyStore.engine(PKCS12KeyStore.java:2013) at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221) at java.base/java.security.KeyStore.load(KeyStore.java:1473) ... 83 common frames omitted The `KeyStoreException` inside `KeyStoreException` could be eliminated by adding a `catch` clause at https://github.com/openjdk/jdk/blob/257bc1745cf275d691db1801f8dd270b9ff1b324/src/java.base/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java#L67 like this: } catch (KeyStoreException ke) { throw ke; Please let me know if you'd like me to include that change. Thanks! ------------- PR Comment: https://git.openjdk.org/jdk/pull/14834#issuecomment-1635157558 From xuelei at openjdk.org Fri Jul 14 02:40:02 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Fri, 14 Jul 2023 02:40:02 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: <1HJGC1CrE5aqAaogrzoW1ZhxdnzGLeR-z1857YENk_8=.3c292fba-897a-4fd4-82ce-a38d0ff85be5@github.com> Message-ID: On Thu, 13 Jul 2023 21:01:06 GMT, Valerie Peng wrote: > > It looks good to me to rollback to previous behaviors. I was just wondering, if the use of key in other methods, like hashCode()/equals(), has the similar issue? Thanks! > > For the usage of hashCode()/equals(), there should be strong reference to the key object for the usage scenarios I'd think. Thus, probably not an issue? Yes, it makes sense to me. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14859#issuecomment-1635180918 From xuelei at openjdk.org Fri Jul 14 03:07:11 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Fri, 14 Jul 2023 03:07:11 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: <1HJGC1CrE5aqAaogrzoW1ZhxdnzGLeR-z1857YENk_8=.3c292fba-897a-4fd4-82ce-a38d0ff85be5@github.com> Message-ID: On Fri, 14 Jul 2023 02:37:09 GMT, Xue-Lei Andrew Fan wrote: > > > It looks good to me to rollback to previous behaviors. I was just wondering, if the use of key in other methods, like hashCode()/equals(), has the similar issue? Thanks! > > > > > > For the usage of hashCode()/equals(), there should be strong reference to the key object for the usage scenarios I'd think. Thus, probably not an issue? > > Yes, it makes sense to me. I may reply too quickly to get the idea. Why you think there will be strong reference to the key object for hashCode()/equals(), but not for getEncoded()? I did not get the idea. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14859#issuecomment-1635198764 From ascarpino at openjdk.org Fri Jul 14 03:45:47 2023 From: ascarpino at openjdk.org (Anthony Scarpino) Date: Fri, 14 Jul 2023 03:45:47 GMT Subject: RFR: JDK-8308398 Move SunEC crypto provider into java.base [v4] In-Reply-To: <6lzoh0vmMyKVEF9wFGW-axNSgbgKmMKTclBro12Pa40=.001e679b-3108-46d9-8922-29d8e551abbc@github.com> References: <6lzoh0vmMyKVEF9wFGW-axNSgbgKmMKTclBro12Pa40=.001e679b-3108-46d9-8922-29d8e551abbc@github.com> Message-ID: <2UmfWx8vlC4edcNuIKfx34nf8n1rZ5xKes8w4okuOQU=.288bbe5e-4b34-4e02-b29d-b8fb73bb4366@github.com> > Hi, > > I need a code review for moving the contents of the jdk.crypto.ec module into java.base. This moves the SunEC JCE Provider (Elliptic Curve) into java.base. EC has always been separate from the base module/pkg because of its dependence on a native library. That library was removed in JDK 16. An empty jdk.crypto.ec module will remain for compatibility, but marked as deprecated with the intent to be removed in a future release. > > There should be no compatibility risk for application using EC through JCE. There are no public API changes to EC, XEC, and EdDSA classes . Applications that unwisely accessing internal EC classes will need to use the java.base module. > > Thanks > > Tony Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision: update tier2 JLinkOptionsTest ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14457/files - new: https://git.openjdk.org/jdk/pull/14457/files/cf8e954d..b10c7ebd Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14457&range=03 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14457&range=02-03 Stats: 4 lines in 1 file changed: 0 ins; 0 del; 4 mod Patch: https://git.openjdk.org/jdk/pull/14457.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14457/head:pull/14457 PR: https://git.openjdk.org/jdk/pull/14457 From ascarpino at openjdk.org Fri Jul 14 05:14:08 2023 From: ascarpino at openjdk.org (Anthony Scarpino) Date: Fri, 14 Jul 2023 05:14:08 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Wed, 12 Jul 2023 23:12:18 GMT, Valerie Peng wrote: >> This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. >> >> Thanks in advance for review~ >> Valerie > > Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: > > Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as before. src/java.base/share/classes/com/sun/crypto/provider/RSACipher.java line 349: > 347: byte[] result = null; > 348: try { > 349: switch (mode) { Nothing wrong what you did here, but since you used the new style switch elsewhere, you could do: return switch(mode) { case MODE_SIGN -> { paddingCopy = padding.pad(buffer, 0, bufOfs); if (paddingCopy == null) { throw new BadPaddingException("Padding error in signing"); } yield RSACore.rsa(paddingCopy, privateKey, true); } ... and so on... ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1263293856 From alanb at openjdk.org Fri Jul 14 06:21:56 2023 From: alanb at openjdk.org (Alan Bateman) Date: Fri, 14 Jul 2023 06:21:56 GMT Subject: RFR: JDK-8308398 Move SunEC crypto provider into java.base [v4] In-Reply-To: <2UmfWx8vlC4edcNuIKfx34nf8n1rZ5xKes8w4okuOQU=.288bbe5e-4b34-4e02-b29d-b8fb73bb4366@github.com> References: <6lzoh0vmMyKVEF9wFGW-axNSgbgKmMKTclBro12Pa40=.001e679b-3108-46d9-8922-29d8e551abbc@github.com> <2UmfWx8vlC4edcNuIKfx34nf8n1rZ5xKes8w4okuOQU=.288bbe5e-4b34-4e02-b29d-b8fb73bb4366@github.com> Message-ID: On Fri, 14 Jul 2023 03:45:47 GMT, Anthony Scarpino wrote: >> Hi, >> >> I need a code review for moving the contents of the jdk.crypto.ec module into java.base. This moves the SunEC JCE Provider (Elliptic Curve) into java.base. EC has always been separate from the base module/pkg because of its dependence on a native library. That library was removed in JDK 16. An empty jdk.crypto.ec module will remain for compatibility, but marked as deprecated with the intent to be removed in a future release. >> >> There should be no compatibility risk for application using EC through JCE. There are no public API changes to EC, XEC, and EdDSA classes . Applications that unwisely accessing internal EC classes will need to use the java.base module. >> >> Thanks >> >> Tony > > Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision: > > update tier2 JLinkOptionsTest Marked as reviewed by alanb (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14457#pullrequestreview-1529689186 From coffeys at openjdk.org Fri Jul 14 07:24:58 2023 From: coffeys at openjdk.org (Sean Coffey) Date: Fri, 14 Jul 2023 07:24:58 GMT Subject: RFR: 8281658: Add a security category to the java -XshowSettings option [v11] In-Reply-To: References: Message-ID: > New functionality in the -XshowSettings menu to display relevant information about JDK security configuration Sean Coffey has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 21 additional commits since the last revision: - Testcase correction - Merge branch 'master' into 8281658-showsettings-security - Harden code to report lack of SSL support - Testcase correction - tweaks based on latest reviews - Merge branch 'master' into 8281658-showsettings-security - Avoid sharing INDENT variables - Merge branch 'master' into 8281658-showsettings-security - Don't allow bad subcommand values for security component - restore more informative help message - ... and 11 more: https://git.openjdk.org/jdk/compare/5a42dce4...5b8fc0b9 ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14394/files - new: https://git.openjdk.org/jdk/pull/14394/files/559f698e..5b8fc0b9 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14394&range=10 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14394&range=09-10 Stats: 15871 lines in 519 files changed: 8231 ins; 7026 del; 614 mod Patch: https://git.openjdk.org/jdk/pull/14394.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14394/head:pull/14394 PR: https://git.openjdk.org/jdk/pull/14394 From coffeys at openjdk.org Fri Jul 14 07:34:29 2023 From: coffeys at openjdk.org (Sean Coffey) Date: Fri, 14 Jul 2023 07:34:29 GMT Subject: Integrated: 8281658: Add a security category to the java -XshowSettings option In-Reply-To: References: Message-ID: On Fri, 9 Jun 2023 13:54:14 GMT, Sean Coffey wrote: > New functionality in the -XshowSettings menu to display relevant information about JDK security configuration This pull request has now been integrated. Changeset: 2e12a123 Author: Sean Coffey URL: https://git.openjdk.org/jdk/commit/2e12a123c9955b7360fd752a6a33d59b6271c5af Stats: 320 lines in 5 files changed: 314 ins; 2 del; 4 mod 8281658: Add a security category to the java -XshowSettings option Reviewed-by: rriggs, mullan ------------- PR: https://git.openjdk.org/jdk/pull/14394 From alanb at openjdk.org Fri Jul 14 10:27:54 2023 From: alanb at openjdk.org (Alan Bateman) Date: Fri, 14 Jul 2023 10:27:54 GMT Subject: RFR: 8311943: Cleanup usages of toLowerCase() and toUpperCase() in java.base [v2] In-Reply-To: References: Message-ID: On Wed, 12 Jul 2023 16:17:49 GMT, Glavo wrote: >> Maybe a small suggestion to make it clear whats wanted here. In other projects I am involved in (Apache Lucene/Solr, Apache TIKA, PostgresSQL JDBC, Checkstyle itsself, Elasticserach/Opensearch), which use the [forbiddenapis Maven/Gradle/Ant plugin](https://github.com/policeman-tools/forbidden-apis/), we forbid all calls to several Java APIs (including toLowerCase/toUpperCase case). All bytecode using this will build failure (FYI, we also disallow other stuff like relying of default timezone or characterset). >> To make it clear what is really intended, those projects agreed on having `toLowerCase(Locale.getDefault())`, so it is explicit what's wanted. >> Without that it could be that somebody else starts the discussion again. >> >> This is just a suggestion to be explicit as it makes maintaining the code easier. > >> Maybe a small suggestion to make it clear whats wanted here. In other projects I am involved in (Apache Lucene/Solr, Apache TIKA, PostgresSQL JDBC, Checkstyle itsself, Elasticserach/Opensearch), which use the [forbiddenapis Maven/Gradle/Ant plugin](https://github.com/policeman-tools/forbidden-apis/), we forbid all calls to several Java APIs (including toLowerCase/toUpperCase case). All bytecode using this will build failure (FYI, we also disallow other stuff like relying of default timezone or characterset). To make it clear what is really intended, those projects agreed on having `toLowerCase(Locale.getDefault())`, so it is explicit what's wanted. Without that it could be that somebody else starts the discussion again. >> >> This is just a suggestion to be explicit as it makes maintaining the code easier. > > I agree with this. > > I'm working on deprecating `toLowerCase()` and `toUpperCase()`, this PR is part of that effort. I wish to convert all use cases of them to `toLowerCase(Locale)` and `toUpperCase(Locale)`. > > More backstory is detailed in https://github.com/openjdk/jdk/pull/13434#issuecomment-1503989660. > However, while I think this corrects the behavior, this caused a change in the behavior of the API, so a CSR may be required. I don't want to debate this in this PR, so I'll revert this change and open a new PR in the future. StreamTokenizer is a very old API and changing long standing behavior may break something or be observable with existing code/usages. I see youve reverted this part (thanks) and looking at it separately is fine. It might be that the conclusion is that it's just too risky to change, in which case Uwe's suggestion is good and would avoid it showing up on someone's else radar in the future. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14763#discussion_r1263570865 From duke at openjdk.org Fri Jul 14 12:35:57 2023 From: duke at openjdk.org (Ferenc Rakoczi) Date: Fri, 14 Jul 2023 12:35:57 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Fri, 14 Jul 2023 05:06:14 GMT, Anthony Scarpino wrote: >> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: >> >> Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as before. > > src/java.base/share/classes/com/sun/crypto/provider/RSACipher.java line 349: > >> 347: byte[] result = null; >> 348: try { >> 349: switch (mode) { > > Nothing wrong what you did here, but since you used the new style switch elsewhere, you could do: > > return switch(mode) { > case MODE_SIGN -> { > paddingCopy = padding.pad(buffer, 0, bufOfs); > if (paddingCopy == null) { > throw new BadPaddingException("Padding error in signing"); > } > yield RSACore.rsa(paddingCopy, privateKey, true); > } > > ... and so on... In code that would probably need to be back ported, I would not use language features that might not be available in earlier versions (I don't know whether this is the case here, though) unless they provide noticeable performance benefits, not just "look better/more modern". ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1263683279 From duke at openjdk.org Fri Jul 14 13:05:14 2023 From: duke at openjdk.org (Glavo) Date: Fri, 14 Jul 2023 13:05:14 GMT Subject: RFR: 8311943: Cleanup usages of toLowerCase() and toUpperCase() in java.base [v2] In-Reply-To: References: Message-ID: On Fri, 14 Jul 2023 10:24:47 GMT, Alan Bateman wrote: > It might be that the conclusion is that it's just too risky to change, in which case Uwe's suggestion is good and would avoid it showing up on someone's else radar in the future. Until we're sure we want to normalize a usage of `toLowerCase()` to one of `toLowerCase(Locale.ROOT)` or `toLowerCase(Locale.getDefault())`, I think it should be left here as-is, thus keeping it in an ambiguous state to remind us to continue discussing it in the future. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14763#discussion_r1263710911 From duke at openjdk.org Fri Jul 14 13:18:08 2023 From: duke at openjdk.org (Glavo) Date: Fri, 14 Jul 2023 13:18:08 GMT Subject: RFR: 8311943: Cleanup usages of toLowerCase() and toUpperCase() in java.base [v2] In-Reply-To: References: Message-ID: On Fri, 14 Jul 2023 13:01:46 GMT, Glavo wrote: >>> However, while I think this corrects the behavior, this caused a change in the behavior of the API, so a CSR may be required. I don't want to debate this in this PR, so I'll revert this change and open a new PR in the future. >> >> StreamTokenizer is a very old API and changing long standing behavior may break something or be observable with existing code/usages. I see youve reverted this part (thanks) and looking at it separately is fine. It might be that the conclusion is that it's just too risky to change, in which case Uwe's suggestion is good and would avoid it showing up on someone's else radar in the future. > >> It might be that the conclusion is that it's just too risky to change, in which case Uwe's suggestion is good and would avoid it showing up on someone's else radar in the future. > > Until we're sure we want to normalize a usage of `toLowerCase()` to one of `toLowerCase(Locale.ROOT)` or `toLowerCase(Locale.getDefault())`, I think it should be left here as-is, thus keeping it in an ambiguous state to remind us to continue discussing it in the future. If we can't normalize this use case to be locale-independent, then I even think `lowerCaseMode` should be deprecated, because it's almost impossible for users to get expected behavior with this method. In order to make it meaningful, I think it is still necessary to consider making it locale insensitive. We can allow users to fall back to the old behavior through new system properties, or introduce new API methods in `StreamTokenizer` to allow users to set the Locale to be used. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14763#discussion_r1263725166 From forax at univ-mlv.fr Fri Jul 14 13:29:27 2023 From: forax at univ-mlv.fr (Remi Forax) Date: Fri, 14 Jul 2023 15:29:27 +0200 (CEST) Subject: RFR: 8311943: Cleanup usages of toLowerCase() and toUpperCase() in java.base [v2] In-Reply-To: References: Message-ID: <1059971530.104670971.1689341367155.JavaMail.zimbra@univ-eiffel.fr> ----- Original Message ----- > From: "Uwe Schindler" > To: "core-libs-dev" , net-dev at openjdk.org, nio-dev at openjdk.org, security-dev at openjdk.org > Sent: Wednesday, July 12, 2023 6:08:17 PM > Subject: Re: RFR: 8311943: Cleanup usages of toLowerCase() and toUpperCase() in java.base [v2] > On Wed, 12 Jul 2023 14:31:53 GMT, Glavo wrote: > >>> src/java.base/share/classes/java/io/StreamTokenizer.java line 632: >>> >>>> 630: sval = String.copyValueOf(buf, 0, i); >>>> 631: if (forceLower) >>>> 632: sval = sval.toLowerCase(Locale.ROOT); >>> >>> I suspect this change to StreamTokenizer needs eyes. I think long standing >>> behavior of the lowerCaseMode(true) has been to use the rules for the default >>> locale so we need to be careful. >> >>> I suspect this change to StreamTokenizer needs eyes. I think long standing >>> behavior of the lowerCaseMode(true) has been to use the rules for the default >>> locale so we need to be careful. >> >> I investigated usage of this method on GitHub: >> >> https://github.com/search?q=%22lowerCaseMode%28true%29%22+language%3AJava&type=code >> >> In some of the use cases I investigated, it seems that no one wants to rely on >> the default locale. >> >> However, while I think this corrects the behavior, this caused a change in the >> behavior of the API, so a CSR may be required. I don't want to debate this in >> this PR, so I'll revert this change and open a new PR in the future. > > Maybe a small suggestion to make it clear whats wanted here. In other projects I > am involved in (Apache Lucene/Solr, Apache TIKA, PostgresSQL JDBC, Checkstyle > itsself, Elasticserach/Opensearch), which use the [forbiddenapis > Maven/Gradle/Ant plugin](https://github.com/policeman-tools/forbidden-apis/), > we forbid all calls to several Java APIs (including toLowerCase/toUpperCase > case). All bytecode using this will build failure (FYI, we also disallow other > stuff like relying of default timezone or characterset). > To make it clear what is really intended, those projects agreed on having > `toLowerCase(Locale.getDefault())`, so it is explicit what's wanted. > Without that it could be that somebody else starts the discussion again. > > This is just a suggestion to be explicit as it makes maintaining the code > easier. One solution is to deprecate String.toLowerCase()/toUpperCase(), forcing users to explicitly use the variants that takes a Locale. Obviously, I'm talking about a simple deprecation not a deprecation for removal. R?mi > > ------------- > > PR Review Comment: https://git.openjdk.org/jdk/pull/14763#discussion_r1261404900 From mdonovan at openjdk.org Fri Jul 14 14:19:09 2023 From: mdonovan at openjdk.org (Matthew Donovan) Date: Fri, 14 Jul 2023 14:19:09 GMT Subject: RFR: 8290005: com/sun/jndi/ldap/LdapCBPropertiesTest.java failling with NullPointerException [v2] In-Reply-To: References: <_Q0R_ffxNgj8akEl9DzdoO7Cl17ULr9vKiY-NXNx5g8=.f1eacd05-32c8-4976-9c80-bb8c59c53ea0@github.com> <0gMLhW0oFZMkxjclDGbIJLyh0vhqr8e2cP6Cimb2w9w=.408d9450-09fd-4276-868e-b28a175a60b9@github.com> <2XuGMZnGZ8-4EACWi1YLy8rXEmWHwulFOK6QJkcPNrk=.80ab389c-ecf1-4597-83c1-1ff02b884124@github.com> Message-ID: <-iob8WZ1SqOZVrsQDnNvncmD6pfL_cZK5cd3Q9-rhcQ=.9ecc7094-f484-436a-813a-7d01010432ed@github.com> On Thu, 13 Jul 2023 16:31:41 GMT, Xue-Lei Andrew Fan wrote: >> Sorry for the delay on any updates here. >> >> I updated this branch and verified the tests still pass. I ran jdk_security3 tests from test/jdk/TEST.groups. Is there anything else I should do to test this change? > > SSLSocketImpl uses the locks similar to SSLEngineImpl. It may get it complicated and hard to maintain if using different locks in SSLSocketImpl and SSLEngineImpl. You may be able to find similar locking scenarios in SSLSocket implementation like: SSLEngineImpl.DelegatedTask.run()->TransportContext.dispatch()->SSLHandshake().consume()->HandshakeConsumer.consume()->SSLExtensions.product()->ServerHello.produce()->shc.handshakeSession = session. > > I understand where you came from for the NullPointerException in the bug. But it is hardly the direction to change the overall locking scenarios. Maybe, the close() function implementation could be focused on instead. The only lock I added was in `TransportContext` to synchronize access to the `handshakeContext` field, but I understand your reluctance to make any changes with locks. The problem is that SSLSocketImpl tries to access `conContext.handshakeContext.negotiatedProtocol` after TransportContext has set handshakeContext to null. TransportContext also has a `protocolVersion` field. Is it possible to just use that instead? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13742#discussion_r1263789964 From rriggs at openjdk.org Fri Jul 14 15:06:59 2023 From: rriggs at openjdk.org (Roger Riggs) Date: Fri, 14 Jul 2023 15:06:59 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v9] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: On Thu, 13 Jul 2023 22:57:49 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request incrementally with five additional commits since the last revision: > > - Feedback: avoid intermediate assignments > - More previously missed cases > - Fix: log hashCode as an unsigned long > > If they don't match, this test fails: > test/jdk/jdk/security/logging/TestX509ValidationLog.java > - Fix: match hashCode implementations > > hashCode in the included classes must match that of > javax.crypto.spec.SecretKeySpec.hashCode. > > If they don't match, this test fails: > test/jdk/javax/crypto/KeyGenerator/CompareKeys.java > - Fix: revert short-circuiting when destroyed > > That change caused this test to fail: > test/jdk/javax/security/auth/kerberos/KerberosHashEqualsTest.java Thanks for the thorough checking and testing. ------------- Marked as reviewed by rriggs (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14738#pullrequestreview-1530476884 From xuelei at openjdk.org Fri Jul 14 16:47:11 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Fri, 14 Jul 2023 16:47:11 GMT Subject: RFR: 8290005: com/sun/jndi/ldap/LdapCBPropertiesTest.java failling with NullPointerException [v2] In-Reply-To: <-iob8WZ1SqOZVrsQDnNvncmD6pfL_cZK5cd3Q9-rhcQ=.9ecc7094-f484-436a-813a-7d01010432ed@github.com> References: <_Q0R_ffxNgj8akEl9DzdoO7Cl17ULr9vKiY-NXNx5g8=.f1eacd05-32c8-4976-9c80-bb8c59c53ea0@github.com> <0gMLhW0oFZMkxjclDGbIJLyh0vhqr8e2cP6Cimb2w9w=.408d9450-09fd-4276-868e-b28a175a60b9@github.com> <2XuGMZnGZ8-4EACWi1YLy8rXEmWHwulFOK6QJkcPNrk=.80ab389c-ecf1-4597-83c1-1ff02b884124@github.com> <-iob8WZ1SqOZVrsQDnNvncmD6pfL_cZK5cd3Q9-rhcQ=.9ecc7094-f484-436a-813a-7d01010432ed@github.com> Message-ID: <88ibxRrlbXPvprmVXIibNGP2nsFn31QEO4DYuDEKqtU=.f733a732-5394-43b1-a548-d7bca236d037@github.com> On Fri, 14 Jul 2023 14:16:00 GMT, Matthew Donovan wrote: > TransportContext also has a `protocolVersion` field. Is it possible to just use that instead? Did you mean a change in duplexCloseOutput() like the following? - // The protocol version may have been negotiated. - ProtocolVersion pv = conContext.handshakeContext.negotiatedProtocol; + // The protocol version may have been negotiated. The + // conContext.handshakeContext.negotiatedProtocol is not used as there + // may be a race to set it to null. + ProtocolVersion pv = conContext.protocolVersion; if (pv == null || (!pv.useTLS13PlusSpec())) { hasCloseReceipt = true; } I like the idea as it looks like a safe update in the current implementation. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13742#discussion_r1263934419 From mdonovan at openjdk.org Fri Jul 14 18:06:17 2023 From: mdonovan at openjdk.org (Matthew Donovan) Date: Fri, 14 Jul 2023 18:06:17 GMT Subject: RFR: 8290005: com/sun/jndi/ldap/LdapCBPropertiesTest.java failling with NullPointerException [v2] In-Reply-To: <88ibxRrlbXPvprmVXIibNGP2nsFn31QEO4DYuDEKqtU=.f733a732-5394-43b1-a548-d7bca236d037@github.com> References: <_Q0R_ffxNgj8akEl9DzdoO7Cl17ULr9vKiY-NXNx5g8=.f1eacd05-32c8-4976-9c80-bb8c59c53ea0@github.com> <0gMLhW0oFZMkxjclDGbIJLyh0vhqr8e2cP6Cimb2w9w=.408d9450-09fd-4276-868e-b28a175a60b9@github.com> <2XuGMZnGZ8-4EACWi1YLy8rXEmWHwulFOK6QJkcPNrk=.80ab389c-ecf1-4597-83c1-1ff02b884124@github.com> <-iob8WZ1SqOZVrsQDnNvncmD6pfL_cZK5cd3Q9-rhcQ=.9ecc7094-f484-436a-813a-7d01010432ed@github.com> <88ibxRrlbXPvprmVXIibNGP2nsFn31QEO4DYuDEKqtU=.f733a732-5394-43b1-a548-d7bca236d037@github.com> Message-ID: On Fri, 14 Jul 2023 16:44:10 GMT, Xue-Lei Andrew Fan wrote: >> The only lock I added was in `TransportContext` to synchronize access to the `handshakeContext` field, but I understand your reluctance to make any changes with locks. The problem is that SSLSocketImpl tries to access `conContext.handshakeContext.negotiatedProtocol` after TransportContext has set handshakeContext to null. >> >> TransportContext also has a `protocolVersion` field. Is it possible to just use that instead? > >> TransportContext also has a `protocolVersion` field. Is it possible to just use that instead? > > Did you mean a change in duplexCloseOutput() like the following? > > > - // The protocol version may have been negotiated. > - ProtocolVersion pv = conContext.handshakeContext.negotiatedProtocol; > + // The protocol version may have been negotiated. The > + // conContext.handshakeContext.negotiatedProtocol is not used as there > + // may be a race to set it to null. > + ProtocolVersion pv = conContext.protocolVersion; > if (pv == null || (!pv.useTLS13PlusSpec())) { > hasCloseReceipt = true; > } > > > I like the idea as it looks like a safe update in the current implementation. Yes, that is what I was thinking.I will make the change and test it out. Thanks. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13742#discussion_r1264004624 From mullan at openjdk.org Fri Jul 14 18:30:14 2023 From: mullan at openjdk.org (Sean Mullan) Date: Fri, 14 Jul 2023 18:30:14 GMT Subject: RFR: JDK-8311892: TrustManagerFactory loading an invalid keystore yield vague exception In-Reply-To: References: Message-ID: On Tue, 11 Jul 2023 18:09:26 GMT, Craig Andrews wrote: > When loading the default JVM trust store, if the JVM trust store contains an invalid certificate, the exception contains insufficient information to determine which certificate is invalid, making it very difficult to fix the problem. > > To reproduce the issue: > 1. Modify the default JVM trust store to contain invalid information. A very easy way to do this on openjdk / red hat systems is to edit /etc/pki/ca-trust/extracted/java/cacerts and add garbage text to the file. > 2. Run this code: > > TrustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); > // initializing the trust store with a null KeyStore will load the default JVM trust store > tmf.init((KeyStore) null); > > > This stack trace results: > > Caused by: java.security.KeyStoreException: problem accessing trust store > at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73) > at java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:282) > ... 81 common frames omitted > Caused by: java.io.IOException: toDerInputStream rejects tag type 97 > at java.base/sun.security.util.DerValue.toDerInputStream(DerValue.java:1155) > at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2013) > at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221) > at java.base/java.security.KeyStore.load(KeyStore.java:1473) > at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:390) > at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:336) > at java.base/sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:57) > at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49) > ... 83 common frames omitted > > > Throwing an exception with a more detailed error message facilitates debugging and ultimately fixing such problems. Making this change would potentially reveal sensitive information about the file system (i.e. the pathname of the keystore) in an Exception message. This would go against the recommendations in [guideline 2.1 of the Java Secure Coding Guidelines](https://www.oracle.com/java/technologies/javase/seccodeguide.html). Thus, I do not accept this change as proposed. You can already obtain similar helpful information by enabling debugging by specifying `-Djavax.net.debug=ssl:trustmanager` on the command-line. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14834#issuecomment-1636230292 From mdonovan at openjdk.org Fri Jul 14 20:00:55 2023 From: mdonovan at openjdk.org (Matthew Donovan) Date: Fri, 14 Jul 2023 20:00:55 GMT Subject: RFR: 8290005: com/sun/jndi/ldap/LdapCBPropertiesTest.java failling with NullPointerException [v6] In-Reply-To: References: Message-ID: > In this PR, I added methods to the TransportContext class to synchronize access to the handshakeContext field. I also updated locations in the code that rely on the handshakeContext field to not be null to use the synchronized methods. > > Thanks Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 10 additional commits since the last revision: - Merge branch 'master' into socket-close-null - Removed changes in TransportContext; changed SSLSocketImpl to use conContext.protocolVersion during close operation - Merge branch 'master' into socket-close-null - Merge branch 'master' into socket-close-null - reverted changes in SSLEngineImpl - I missed a method that needed updating - Merge branch 'master' into socket-close-null - made handshake context lock final - using try/finally in terminateHandshakeContext and using local context variable in all places it should be - 8290005: com/sun/jndi/ldap/LdapCBPropertiesTest.java failling with NullPointerException ------------- Changes: - all: https://git.openjdk.org/jdk/pull/13742/files - new: https://git.openjdk.org/jdk/pull/13742/files/ba27e19e..6d42b368 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=13742&range=05 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=13742&range=04-05 Stats: 79099 lines in 1554 files changed: 20307 ins; 52461 del; 6331 mod Patch: https://git.openjdk.org/jdk/pull/13742.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/13742/head:pull/13742 PR: https://git.openjdk.org/jdk/pull/13742 From mullan at openjdk.org Fri Jul 14 20:12:19 2023 From: mullan at openjdk.org (Sean Mullan) Date: Fri, 14 Jul 2023 20:12:19 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Wed, 12 Jul 2023 23:12:18 GMT, Valerie Peng wrote: >> This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. >> >> Thanks in advance for review~ >> Valerie > > Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: > > Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as before. src/java.base/share/classes/sun/security/rsa/RSASignature.java line 233: > 231: } > 232: return status; > 233: } catch (javax.crypto.BadPaddingException e) { Can this exception still be thrown? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1264109220 From duke at openjdk.org Fri Jul 14 20:40:13 2023 From: duke at openjdk.org (Craig Andrews) Date: Fri, 14 Jul 2023 20:40:13 GMT Subject: RFR: JDK-8311892: TrustManagerFactory loading an invalid keystore yield vague exception In-Reply-To: References: Message-ID: On Tue, 11 Jul 2023 18:09:26 GMT, Craig Andrews wrote: > When loading the default JVM trust store, if the JVM trust store contains an invalid certificate, the exception contains insufficient information to determine which certificate is invalid, making it very difficult to fix the problem. > > To reproduce the issue: > 1. Modify the default JVM trust store to contain invalid information. A very easy way to do this on openjdk / red hat systems is to edit /etc/pki/ca-trust/extracted/java/cacerts and add garbage text to the file. > 2. Run this code: > > TrustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); > // initializing the trust store with a null KeyStore will load the default JVM trust store > tmf.init((KeyStore) null); > > > This stack trace results: > > Caused by: java.security.KeyStoreException: problem accessing trust store > at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73) > at java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:282) > ... 81 common frames omitted > Caused by: java.io.IOException: toDerInputStream rejects tag type 97 > at java.base/sun.security.util.DerValue.toDerInputStream(DerValue.java:1155) > at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2013) > at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221) > at java.base/java.security.KeyStore.load(KeyStore.java:1473) > at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:390) > at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:336) > at java.base/sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:57) > at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49) > ... 83 common frames omitted > > > Throwing an exception with a more detailed error message facilitates debugging and ultimately fixing such problems. Excellent point, thank you for your thoughtful review and for linking the documentation :) It would be really nice to give the user some information to help them along without requiring a JVM argument, though... What if we just included the file name (but not the path) in the exception message, something like: throw new KeyStoreException("Failed to load key store with file name: " + descriptor.storeFile.getName(), e); Would that be acceptable? Or is there something else we could do to provide a little more helpful of a message? ------------- PR Comment: https://git.openjdk.org/jdk/pull/14834#issuecomment-1636412000 From xuelei at openjdk.org Fri Jul 14 21:07:26 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Fri, 14 Jul 2023 21:07:26 GMT Subject: RFR: 8290005: com/sun/jndi/ldap/LdapCBPropertiesTest.java failling with NullPointerException [v6] In-Reply-To: References: Message-ID: On Fri, 14 Jul 2023 20:00:55 GMT, Matthew Donovan wrote: >> In this PR, I added methods to the TransportContext class to synchronize access to the handshakeContext field. I also updated locations in the code that rely on the handshakeContext field to not be null to use the synchronized methods. >> >> Thanks > > Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 10 additional commits since the last revision: > > - Merge branch 'master' into socket-close-null > - Removed changes in TransportContext; changed SSLSocketImpl to use conContext.protocolVersion during close operation > - Merge branch 'master' into socket-close-null > - Merge branch 'master' into socket-close-null > - reverted changes in SSLEngineImpl > - I missed a method that needed updating > - Merge branch 'master' into socket-close-null > - made handshake context lock final > - using try/finally in terminateHandshakeContext and using local context variable in all places it should be > - 8290005: com/sun/jndi/ldap/LdapCBPropertiesTest.java failling with NullPointerException Looks good to me. Thank you! ------------- Marked as reviewed by xuelei (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/13742#pullrequestreview-1531045819 From valeriep at openjdk.org Fri Jul 14 21:57:32 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Fri, 14 Jul 2023 21:57:32 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider [v2] In-Reply-To: References: Message-ID: > This change adds back the Reference.ReachabilityFence(Object) call removed by [JDK-8301553](https://bugs.openjdk.org/browse/JDK-8301553). > > Please help review. > Thanks! > Valerie Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: Include more methods into the scope for consistency/correctness sake. ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14859/files - new: https://git.openjdk.org/jdk/pull/14859/files/9d3c15a7..949f1891 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14859&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14859&range=00-01 Stats: 52 lines in 1 file changed: 27 ins; 1 del; 24 mod Patch: https://git.openjdk.org/jdk/pull/14859.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14859/head:pull/14859 PR: https://git.openjdk.org/jdk/pull/14859 From valeriep at openjdk.org Fri Jul 14 21:57:32 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Fri, 14 Jul 2023 21:57:32 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider [v2] In-Reply-To: References: <1HJGC1CrE5aqAaogrzoW1ZhxdnzGLeR-z1857YENk_8=.3c292fba-897a-4fd4-82ce-a38d0ff85be5@github.com> Message-ID: On Fri, 14 Jul 2023 03:04:13 GMT, Xue-Lei Andrew Fan wrote: > > > > It looks good to me to rollback to previous behaviors. I was just wondering, if the use of key in other methods, like hashCode()/equals(), has the similar issue? Thanks! > > > > > > > > > For the usage of hashCode()/equals(), there should be strong reference to the key object for the usage scenarios I'd think. Thus, probably not an issue? > > > > > > Yes, it makes sense to me. > > I may reply too quickly to get the idea. Why you think there will be strong reference to the key object for hashCode()/equals(), but not for getEncoded()? I did not get the idea. hashCode()/equals() are normally used when objects are still around, e.g. used in hash map. As for getEncoded(), callers may just want to retrieve the bytes and not keep the Key object. After some internal discussion, I am inclined to include all methods including the hashCode(), equals() into this reachabilityFence() change for the sake of consistency. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14859#issuecomment-1636478233 From xuelei at openjdk.org Sat Jul 15 03:09:10 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Sat, 15 Jul 2023 03:09:10 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider [v2] In-Reply-To: References: Message-ID: On Fri, 14 Jul 2023 21:57:32 GMT, Valerie Peng wrote: >> This change adds back the Reference.ReachabilityFence(Object) call removed by [JDK-8301553](https://bugs.openjdk.org/browse/JDK-8301553). >> >> Please help review. >> Thanks! >> Valerie > > Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: > > Include more methods into the scope for consistency/correctness sake. I have no more comments. Thanks! ------------- Marked as reviewed by xuelei (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14859#pullrequestreview-1531239782 From djelinski at openjdk.org Mon Jul 17 11:08:07 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Mon, 17 Jul 2023 11:08:07 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v9] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: On Thu, 13 Jul 2023 22:57:49 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request incrementally with five additional commits since the last revision: > > - Feedback: avoid intermediate assignments > - More previously missed cases > - Fix: log hashCode as an unsigned long > > If they don't match, this test fails: > test/jdk/jdk/security/logging/TestX509ValidationLog.java > - Fix: match hashCode implementations > > hashCode in the included classes must match that of > javax.crypto.spec.SecretKeySpec.hashCode. > > If they don't match, this test fails: > test/jdk/javax/crypto/KeyGenerator/CompareKeys.java > - Fix: revert short-circuiting when destroyed > > That change caused this test to fail: > test/jdk/javax/security/auth/kerberos/KerberosHashEqualsTest.java Marked as reviewed by djelinski (Reviewer). src/java.base/share/classes/sun/security/x509/OtherName.java line 212: > 210: public int hashCode() { > 211: if (myhash == -1) { > 212: myhash = 37 + oid.hashCode() + Arrays.hashCode(nameValue); I think you can drop 37 here. Either that, or use `37 * oid.hashCode()`. ------------- PR Review: https://git.openjdk.org/jdk/pull/14738#pullrequestreview-1532435670 PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1265146582 From prappo at openjdk.org Mon Jul 17 11:08:08 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Mon, 17 Jul 2023 11:08:08 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v9] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: <2LYCcd4GajRctOLh5zGfICw1nWWsFfsJopZsZxKnglA=.54061443-5a0d-4c16-b884-dcae5fc3aac9@github.com> On Mon, 17 Jul 2023 10:15:18 GMT, Daniel Jeli?ski wrote: >> Pavel Rappo has updated the pull request incrementally with five additional commits since the last revision: >> >> - Feedback: avoid intermediate assignments >> - More previously missed cases >> - Fix: log hashCode as an unsigned long >> >> If they don't match, this test fails: >> test/jdk/jdk/security/logging/TestX509ValidationLog.java >> - Fix: match hashCode implementations >> >> hashCode in the included classes must match that of >> javax.crypto.spec.SecretKeySpec.hashCode. >> >> If they don't match, this test fails: >> test/jdk/javax/crypto/KeyGenerator/CompareKeys.java >> - Fix: revert short-circuiting when destroyed >> >> That change caused this test to fail: >> test/jdk/javax/security/auth/kerberos/KerberosHashEqualsTest.java > > src/java.base/share/classes/sun/security/x509/OtherName.java line 212: > >> 210: public int hashCode() { >> 211: if (myhash == -1) { >> 212: myhash = 37 + oid.hashCode() + Arrays.hashCode(nameValue); > > I think you can drop 37 here. Either that, or use `37 * oid.hashCode()`. You think it was a typo (+ instead of *) in the original code? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1265187193 From djelinski at openjdk.org Mon Jul 17 11:08:09 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Mon, 17 Jul 2023 11:08:09 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v9] In-Reply-To: <2LYCcd4GajRctOLh5zGfICw1nWWsFfsJopZsZxKnglA=.54061443-5a0d-4c16-b884-dcae5fc3aac9@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <2LYCcd4GajRctOLh5zGfICw1nWWsFfsJopZsZxKnglA=.54061443-5a0d-4c16-b884-dcae5fc3aac9@github.com> Message-ID: On Mon, 17 Jul 2023 10:59:42 GMT, Pavel Rappo wrote: >> src/java.base/share/classes/sun/security/x509/OtherName.java line 212: >> >>> 210: public int hashCode() { >>> 211: if (myhash == -1) { >>> 212: myhash = 37 + oid.hashCode() + Arrays.hashCode(nameValue); >> >> I think you can drop 37 here. Either that, or use `37 * oid.hashCode()`. > > You think it was a typo (+ instead of *) in the original code? The original code calculated `(37 ** nameValue.length)*(37+oid.hashCode)+Arrays.hashCode`; since you already dropped the multiplication, you can also drop the addition. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1265190084 From mdonovan at openjdk.org Mon Jul 17 11:19:19 2023 From: mdonovan at openjdk.org (Matthew Donovan) Date: Mon, 17 Jul 2023 11:19:19 GMT Subject: Integrated: 8290005: com/sun/jndi/ldap/LdapCBPropertiesTest.java failling with NullPointerException In-Reply-To: References: Message-ID: <7cq8eSaK_28DOT_oT8DHMrTFJPAKus0DnwMLpz0Qusg=.b33fcde3-eaf4-4f19-b930-33577d183c99@github.com> On Mon, 1 May 2023 17:39:02 GMT, Matthew Donovan wrote: > In this PR, I added methods to the TransportContext class to synchronize access to the handshakeContext field. I also updated locations in the code that rely on the handshakeContext field to not be null to use the synchronized methods. > > Thanks This pull request has now been integrated. Changeset: afcf8e47 Author: Matthew Donovan URL: https://git.openjdk.org/jdk/commit/afcf8e4751c3d6c33abc34b5a04b7282e84f7cce Stats: 5 lines in 1 file changed: 2 ins; 1 del; 2 mod 8290005: com/sun/jndi/ldap/LdapCBPropertiesTest.java failling with NullPointerException Reviewed-by: jnimeh, xuelei ------------- PR: https://git.openjdk.org/jdk/pull/13742 From prappo at openjdk.org Mon Jul 17 12:26:13 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Mon, 17 Jul 2023 12:26:13 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v9] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <2LYCcd4GajRctOLh5zGfICw1nWWsFfsJopZsZxKnglA=.54061443-5a0d-4c16-b884-dcae5fc3aac9@github.com> Message-ID: On Mon, 17 Jul 2023 11:02:46 GMT, Daniel Jeli?ski wrote: >> You think it was a typo (+ instead of *) in the original code? > > The original code calculated `(37 ** nameValue.length)*(37+oid.hashCode)+Arrays.hashCode`; since you already dropped the multiplication, you can also drop the addition. Thanks for noticing this difference! Yes, the initial value would've been exponentiated (^ or ** in your notation). However, I note that the original code computed this: if nameValue.length > 0 (37^nameValue.length) * oid.hashCode() + 37 + Arrays.hashCode(nameValue) otherwise 37 + oid.hashCode() Well, it would've computed that, had the multiplier constant been 37 in Arrays.hashCode, which it is not; it's 31. Since we cannot achieve absolute fidelity with the old code, I suggest we do this instead, what do you think? public int hashCode() { if (myhash == -1) { myhash = Arrays.deepHashCode(new Object[]{oid, nameValue}); } return myhash; ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1265276585 From ascarpino at openjdk.org Mon Jul 17 17:42:24 2023 From: ascarpino at openjdk.org (Anthony Scarpino) Date: Mon, 17 Jul 2023 17:42:24 GMT Subject: Integrated: JDK-8308398 Move SunEC crypto provider into java.base In-Reply-To: <6lzoh0vmMyKVEF9wFGW-axNSgbgKmMKTclBro12Pa40=.001e679b-3108-46d9-8922-29d8e551abbc@github.com> References: <6lzoh0vmMyKVEF9wFGW-axNSgbgKmMKTclBro12Pa40=.001e679b-3108-46d9-8922-29d8e551abbc@github.com> Message-ID: On Tue, 13 Jun 2023 20:36:28 GMT, Anthony Scarpino wrote: > Hi, > > I need a code review for moving the contents of the jdk.crypto.ec module into java.base. This moves the SunEC JCE Provider (Elliptic Curve) into java.base. EC has always been separate from the base module/pkg because of its dependence on a native library. That library was removed in JDK 16. An empty jdk.crypto.ec module will remain for compatibility, but marked as deprecated with the intent to be removed in a future release. > > There should be no compatibility risk for application using EC through JCE. There are no public API changes to EC, XEC, and EdDSA classes . Applications that unwisely accessing internal EC classes will need to use the java.base module. > > Thanks > > Tony This pull request has now been integrated. Changeset: e7379687 Author: Anthony Scarpino URL: https://git.openjdk.org/jdk/commit/e73796879299c6170b63edb998439db4764ceae0 Stats: 187 lines in 58 files changed: 73 ins; 41 del; 73 mod 8308398: Move SunEC crypto provider into java.base Reviewed-by: valeriep, alanb ------------- PR: https://git.openjdk.org/jdk/pull/14457 From mdonovan at openjdk.org Mon Jul 17 17:52:32 2023 From: mdonovan at openjdk.org (Matthew Donovan) Date: Mon, 17 Jul 2023 17:52:32 GMT Subject: RFR: 8310629: java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java fails with RuntimeException Server not ready Message-ID: In this PR, i raised the client timeout from 5 to 60 seconds. I considered refactoring the SimpleOSCPServer class a little but ultimately, the client needs to just wait until the server is ready or a time-out is reached. Alternately, we can wait indefinitely and let the test time out but that results in holding onto resources for too long. Thanks ------------- Commit messages: - 8310629: java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java fails with RuntimeException Server not ready Changes: https://git.openjdk.org/jdk/pull/14905/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14905&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8310629 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/14905.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14905/head:pull/14905 PR: https://git.openjdk.org/jdk/pull/14905 From prappo at openjdk.org Mon Jul 17 18:17:15 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Mon, 17 Jul 2023 18:17:15 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v9] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <2LYCcd4GajRctOLh5zGfICw1nWWsFfsJopZsZxKnglA=.54061443-5a0d-4c16-b884-dcae5fc3aac9@github.com> Message-ID: On Mon, 17 Jul 2023 12:23:17 GMT, Pavel Rappo wrote: >> The original code calculated `(37 ** nameValue.length)*(37+oid.hashCode)+Arrays.hashCode`; since you already dropped the multiplication, you can also drop the addition. > > Thanks for noticing this difference! > > Yes, the initial value would've been exponentiated (^ or ** in your notation). However, I note that the original code computed this: > > if nameValue.length > 0 > > (37^nameValue.length) * oid.hashCode() + 37 + Arrays.hashCode(nameValue) > > otherwise > > 37 + oid.hashCode() > > Well, it would've computed that, had the multiplier constant been 37 in Arrays.hashCode, which it is not; it's 31. > > Since we cannot achieve absolute fidelity with the old code, I suggest we do this instead, what do you think? > > public int hashCode() { > if (myhash == -1) { > myhash = Arrays.deepHashCode(new Object[]{oid, nameValue}); > } > return myhash; Correction. If the multiplier were 31, then it would've been this: return ( 30 + oid.hashCode() ) * 31**nameValue.length + Arrays.hashCode(nameValue); ^ ^ @djelinski, do you think we should use this instead? return Arrays.deepHashCode(new Object[]{oid, nameValue}); ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1265737576 From djelinski at openjdk.org Mon Jul 17 18:43:17 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Mon, 17 Jul 2023 18:43:17 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v9] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <2LYCcd4GajRctOLh5zGfICw1nWWsFfsJopZsZxKnglA=.54061443-5a0d-4c16-b884-dcae5fc3aac9@github.com> Message-ID: On Mon, 17 Jul 2023 18:13:38 GMT, Pavel Rappo wrote: >> Thanks for noticing this difference! >> >> Yes, the initial value would've been exponentiated (^ or ** in your notation). However, I note that the original code computed this: >> >> if nameValue.length > 0 >> >> (37^nameValue.length) * oid.hashCode() + 37 + Arrays.hashCode(nameValue) >> >> otherwise >> >> 37 + oid.hashCode() >> >> Well, it would've computed that, had the multiplier constant been 37 in Arrays.hashCode, which it is not; it's 31. >> >> Since we cannot achieve absolute fidelity with the old code, I suggest we do this instead, what do you think? >> >> public int hashCode() { >> if (myhash == -1) { >> myhash = Arrays.deepHashCode(new Object[]{oid, nameValue}); >> } >> return myhash; > > Correction. If the multiplier were 31, then it would've been this: > > return ( 30 + oid.hashCode() ) * 31**nameValue.length + Arrays.hashCode(nameValue); > ^ ^ > > @djelinski, do you think we should use this instead? > > return Arrays.deepHashCode(new Object[]{oid, nameValue}); I think `oid.hashCode() + Arrays.hashCode(nameValue)` would have been good enough, but deepHashCode is also acceptable. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1265763292 From jnimeh at openjdk.org Mon Jul 17 21:22:54 2023 From: jnimeh at openjdk.org (Jamil Nimeh) Date: Mon, 17 Jul 2023 21:22:54 GMT Subject: RFR: 8310629: java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java fails with RuntimeException Server not ready In-Reply-To: References: Message-ID: <2htiHzXyipxVbN1QFc7os-LUSKbUQYVi82iSnsLFxfs=.33fb6476-8785-488d-b596-e0258b2208b4@github.com> On Mon, 17 Jul 2023 17:45:56 GMT, Matthew Donovan wrote: > In this PR, i raised the client timeout from 5 to 60 seconds. I considered refactoring the SimpleOSCPServer class a little but ultimately, the client needs to just wait until the server is ready or a time-out is reached. Alternately, we can wait indefinitely and let the test time out but that results in holding onto resources for too long. > > Thanks I'm good with this. ------------- Marked as reviewed by jnimeh (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14905#pullrequestreview-1533717455 From cslucas at openjdk.org Mon Jul 17 21:50:21 2023 From: cslucas at openjdk.org (Cesar Soares Lucas) Date: Mon, 17 Jul 2023 21:50:21 GMT Subject: RFR: JDK-8287061: Support for rematerializing scalar replaced objects participating in allocation merges [v18] In-Reply-To: <72OcyhmFKGyTwDy8LQ0blp5HG5dg5l9OsU5dh9osVxo=.73b3a79e-ff24-4f41-b39b-650a9036ee76@github.com> References: <7nqFW-lgT1FzuMHPMUQiCj1ATcV_bQtroolf4V_kCc4=.ccd12605-aad0-433e-ba44-5772d972f05d@github.com> <-A7bd8C0q5o1WuRSeSkYYnUoApV4s9uijPmiNB2Wteo=.c5bc944c-88a3-4228-bd41-091ac6c8fb1d@github.com> <72OcyhmFKGyTwDy8LQ0blp5HG5dg5l9OsU5dh9osVxo=.73b3a79e-ff24-4f41-b39b-650a9036ee76@github.com> Message-ID: On Tue, 20 Jun 2023 16:44:28 GMT, Vladimir Ivanov wrote: >> Thank you once more for the comments @iwanowww . I?ll address them asap. >> >> Can I ask what requirements are there for a product flag? > >> Can I ask what requirements are there for a product flag? > > Product flags are treated as part of public API of the JVM. So, changes in behavior have to go through CSR process. Also, a product flag has to be deprecated/obsoleted first before it can be removed which takes multiple releases to happen. Better to avoid introducing new product flags unless it is well-justified or necessary. @iwanowww @vnkozlov - can I ask one of you to sponsor this PR? ------------- PR Comment: https://git.openjdk.org/jdk/pull/12897#issuecomment-1638931020 From prappo at openjdk.org Mon Jul 17 23:03:45 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Mon, 17 Jul 2023 23:03:45 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v10] In-Reply-To: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: > Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. > > I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. > > * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. > > * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. > > * BitArray could be a topic of its own, but I'll do my best to be concise. > > * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. > * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). > > * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: > > // check certs > if (this.certs == null && that.certs != null || > this.certs != null && that.certs == null || > this.certs != null && > this.certs.length != that.certs.length) { > return false; > } > > int i,j; > boolean match; > > for (i = 0; this.certs != nu... Pavel Rappo has updated the pull request incrementally with one additional commit since the last revision: Feedback ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14738/files - new: https://git.openjdk.org/jdk/pull/14738/files/3caa774d..31390433 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=09 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=08-09 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/14738.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14738/head:pull/14738 PR: https://git.openjdk.org/jdk/pull/14738 From prappo at openjdk.org Mon Jul 17 23:03:46 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Mon, 17 Jul 2023 23:03:46 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v9] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> <2LYCcd4GajRctOLh5zGfICw1nWWsFfsJopZsZxKnglA=.54061443-5a0d-4c16-b884-dcae5fc3aac9@github.com> Message-ID: On Mon, 17 Jul 2023 18:39:37 GMT, Daniel Jeli?ski wrote: > I think `oid.hashCode() + Arrays.hashCode(nameValue)` would have been good enough, but deepHashCode is also acceptable. Fixed as you suggested, in 3139043370f. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1265978049 From valeriep at openjdk.org Mon Jul 17 23:04:05 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Mon, 17 Jul 2023 23:04:05 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Thu, 13 Jul 2023 04:25:19 GMT, Xue-Lei Andrew Fan wrote: >> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: >> >> Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as before. > > src/java.base/share/classes/sun/security/rsa/RSASignature.java line 196: > >> 194: return RSACore.rsa(padded, privateKey, true); >> 195: } >> 196: throw new SignatureException("Could not sign data"); > > It may be clearer if the throw line is moved to the end of the method. Otherwise, I have to check if SignatureException is a sub-class of GeneralSecurityException. Yes, I think so too. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1265980475 From cslucas at openjdk.org Mon Jul 17 23:05:29 2023 From: cslucas at openjdk.org (Cesar Soares Lucas) Date: Mon, 17 Jul 2023 23:05:29 GMT Subject: Integrated: JDK-8287061: Support for rematerializing scalar replaced objects participating in allocation merges In-Reply-To: <7nqFW-lgT1FzuMHPMUQiCj1ATcV_bQtroolf4V_kCc4=.ccd12605-aad0-433e-ba44-5772d972f05d@github.com> References: <7nqFW-lgT1FzuMHPMUQiCj1ATcV_bQtroolf4V_kCc4=.ccd12605-aad0-433e-ba44-5772d972f05d@github.com> Message-ID: On Tue, 7 Mar 2023 01:40:48 GMT, Cesar Soares Lucas wrote: > Can I please get reviews for this PR? > > The most common and frequent use of NonEscaping Phis merging object allocations is for debugging information. The two graphs below show numbers for Renaissance and DaCapo benchmarks - similar results are obtained for all other applications that I tested. > > With what frequency does each IR node type occurs as an allocation merge user? I.e., if the same node type uses a Phi N times the counter is incremented by N: > > ![image](https://user-images.githubusercontent.com/2249648/222280517-4dcf5871-2564-4207-b49e-22aee47fa49d.png) > > What are the most common users of allocation merges? I.e., if the same node type uses a Phi N times the counter is incremented by 1: > > ![image](https://user-images.githubusercontent.com/2249648/222280608-ca742a4e-1622-4e69-a778-e4db6805ea02.png) > > This PR adds support scalar replacing allocations participating in merges used as debug information OR as a base for field loads. I plan to create subsequent PRs to enable scalar replacement of merges used by other node types (CmpP is next on the list) subsequently. > > The approach I used for _rematerialization_ is pretty straightforward. It consists basically of the following. 1) New IR node (suggested by V. Kozlov), named SafePointScalarMergeNode, to represent a set of SafePointScalarObjectNode; 2) Each scalar replaceable input participating in a merge will get a SafePointScalarObjectNode like if it weren't part of a merge. 3) Add a new Class to support the rematerialization of SR objects that are part of a merge; 4) Patch HotSpot to be able to serialize and deserialize debug information related to allocation merges; 5) Patch C2 to generate unique types for SR objects participating in some allocation merges. > > The approach I used for _enabling the scalar replacement of some of the inputs of the allocation merge_ is also pretty straightforward: call `MemNode::split_through_phi` to, well, split AddP->Load* through the merge which will render the Phi useless. > > I tested this with JTREG tests tier 1-4 (Windows, Linux, and Mac) and didn't see regression. I also experimented with several applications and didn't see any failure. I also ran tests with "-ea -esa -Xbatch -Xcomp -XX:+UnlockExperimentalVMOptions -XX:-TieredCompilation -server -XX:+IgnoreUnrecognizedVMOptions -XX:+UnlockDiagnosticVMOptions -XX:+StressLCM -XX:+StressGCM -XX:+StressCCP" and didn't observe any related failures. This pull request has now been integrated. Changeset: a53345ad Author: Cesar Soares Lucas Committer: Vladimir Kozlov URL: https://git.openjdk.org/jdk/commit/a53345ad03e07ab2a990721a506ebc25eed0f7c9 Stats: 2733 lines in 26 files changed: 2485 ins; 108 del; 140 mod 8287061: Support for rematerializing scalar replaced objects participating in allocation merges Reviewed-by: kvn, vlivanov ------------- PR: https://git.openjdk.org/jdk/pull/12897 From valeriep at openjdk.org Mon Jul 17 23:10:16 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Mon, 17 Jul 2023 23:10:16 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Fri, 14 Jul 2023 20:08:54 GMT, Sean Mullan wrote: >> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: >> >> Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as before. > > src/java.base/share/classes/sun/security/rsa/RSASignature.java line 233: > >> 231: } >> 232: return status; >> 233: } catch (javax.crypto.BadPaddingException e) { > > Can this exception still be thrown? Yes, BadPaddingException is still thrown by RSACore class. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1265982964 From valeriep at openjdk.org Mon Jul 17 23:43:12 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Mon, 17 Jul 2023 23:43:12 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Thu, 13 Jul 2023 11:31:40 GMT, Ferenc Rakoczi wrote: >> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: >> >> Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as before. > > src/java.base/share/classes/sun/security/rsa/RSASignature.java line 223: > >> 221: byte[] decrypted = RSACore.rsa(sigBytes, publicKey); >> 222: >> 223: boolean status = MessageDigest.isEqual(padded, decrypted); > > You should compare only the relevant parts (mask out the random padding bytes). Good catch, I wonder why this isn't caught by the regression tests... ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1266010309 From mdonovan at openjdk.org Tue Jul 18 10:49:11 2023 From: mdonovan at openjdk.org (Matthew Donovan) Date: Tue, 18 Jul 2023 10:49:11 GMT Subject: Integrated: 8310629: java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java fails with RuntimeException Server not ready In-Reply-To: References: Message-ID: On Mon, 17 Jul 2023 17:45:56 GMT, Matthew Donovan wrote: > In this PR, i raised the client timeout from 5 to 60 seconds. I considered refactoring the SimpleOSCPServer class a little but ultimately, the client needs to just wait until the server is ready or a time-out is reached. Alternately, we can wait indefinitely and let the test time out but that results in holding onto resources for too long. > > Thanks This pull request has now been integrated. Changeset: b20dc1e9 Author: Matthew Donovan URL: https://git.openjdk.org/jdk/commit/b20dc1e9cda1ea3a76b3f14c778c6816e5cc1c0c Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod 8310629: java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java fails with RuntimeException Server not ready Reviewed-by: jnimeh ------------- PR: https://git.openjdk.org/jdk/pull/14905 From duke at openjdk.org Tue Jul 18 10:50:21 2023 From: duke at openjdk.org (Ferenc Rakoczi) Date: Tue, 18 Jul 2023 10:50:21 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Mon, 17 Jul 2023 23:06:57 GMT, Valerie Peng wrote: >> src/java.base/share/classes/sun/security/rsa/RSASignature.java line 233: >> >>> 231: } >>> 232: return status; >>> 233: } catch (javax.crypto.BadPaddingException e) { >> >> Can this exception still be thrown? > > Yes, BadPaddingException is still thrown by RSACore class. That exception is thrown by RSACore.parseMsg() if the Message is larger than the modulus. I think it is at least debatable whether it should be a BadPaddingException. I would rather use an IllegalArgumentException there. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1266594911 From xuelei at openjdk.org Tue Jul 18 16:29:13 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Tue, 18 Jul 2023 16:29:13 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Tue, 18 Jul 2023 10:46:52 GMT, Ferenc Rakoczi wrote: >> Yes, BadPaddingException is still thrown by RSACore class. > > That exception is thrown by RSACore.parseMsg() if the message is larger than the modulus. I think it is at least debatable whether it should be a BadPaddingException. I would rather use an IllegalArgumentException there. I don't have a preference to change the BadPaddingException to something else. But if you want it, I may prefer to use checked exception, for example GeneralSecurityException, so that the compiler could check it. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1267025300 From mullan at openjdk.org Tue Jul 18 16:36:12 2023 From: mullan at openjdk.org (Sean Mullan) Date: Tue, 18 Jul 2023 16:36:12 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider [v2] In-Reply-To: References: Message-ID: On Fri, 14 Jul 2023 21:57:32 GMT, Valerie Peng wrote: >> This change adds back the Reference.ReachabilityFence(Object) call removed by [JDK-8301553](https://bugs.openjdk.org/browse/JDK-8301553). >> >> Please help review. >> Thanks! >> Valerie > > Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: > > Include more methods into the scope for consistency/correctness sake. Looks good. I think you should file a follow-on issue to make similar changes to DESKey, DESedeKey, PBEKey and other security classes that use Cleaner. ------------- Marked as reviewed by mullan (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14859#pullrequestreview-1535463205 From xuelei at openjdk.org Tue Jul 18 18:14:56 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Tue, 18 Jul 2023 18:14:56 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Thu, 13 Jul 2023 09:58:34 GMT, Ferenc Rakoczi wrote: >> src/java.base/share/classes/sun/security/rsa/RSASignature.java line 231: >> >>> 229: RSAUtil.decodeSignature(digestOID, unpadded)); >>> 230: } >>> 231: } >> >> I understand where the fallback code came from. As the padding code is exactly the same as engineSign(), the risk may be minimal. With the fallback code, the security concern (time-constant) we cared about will come back. Did you run into testing failure without the fallback doe? > > Instead of falling back to unpad()/decodeSignature() I suggest to try a new version of encodeSignature() (in addition to trying the current version of it) in which you omit putting the null for params into the DER encoding and compare the decrypted message with that, too. Accept if any of the two encodings matches the decrypted one, reject otherwise. This can be done in constant time, although it is not necessary to be constant time as the time of doing it does not depend on any secret. I'm OK with @ferakocz's suggestion, by avoiding the use of null params. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1267141110 From valeriep at openjdk.org Tue Jul 18 18:14:55 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Tue, 18 Jul 2023 18:14:55 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: <_eTWAHYBgr47BvcyUEKq2CQD_9NWiqlHfIEKj2b4p4o=.7a6af271-74c2-4bb0-821d-519e66d0c174@github.com> On Thu, 13 Jul 2023 04:35:31 GMT, Xue-Lei Andrew Fan wrote: >> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: >> >> Address review feedbacks, e.g. Removed RSAPadding.Output and use byte[] as before. > > src/java.base/share/classes/sun/security/rsa/RSASignature.java line 231: > >> 229: RSAUtil.decodeSignature(digestOID, unpadded)); >> 230: } >> 231: } > > I understand where the fallback code came from. As the padding code is exactly the same as engineSign(), the risk may be minimal. With the fallback code, the security concern (time-constant) we cared about will come back. Did you run into testing failure without the fallback doe? @XueleiFan No failure observed in regression tests as well as Max's preliminary interop testing. However, it is suggested to ensure max compatibility as you know. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1267137659 From valeriep at openjdk.org Tue Jul 18 18:22:46 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Tue, 18 Jul 2023 18:22:46 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Thu, 13 Jul 2023 09:58:34 GMT, Ferenc Rakoczi wrote: >> src/java.base/share/classes/sun/security/rsa/RSASignature.java line 231: >> >>> 229: RSAUtil.decodeSignature(digestOID, unpadded)); >>> 230: } >>> 231: } >> >> I understand where the fallback code came from. As the padding code is exactly the same as engineSign(), the risk may be minimal. With the fallback code, the security concern (time-constant) we cared about will come back. Did you run into testing failure without the fallback doe? > > Instead of falling back to unpad()/decodeSignature() I suggest to try a new version of encodeSignature() (in addition to trying the current version of it) in which you omit putting the null for params into the DER encoding and compare the decrypted message with that, too. Accept if any of the two encodings matches the decrypted one, reject otherwise. This can be done in constant time, although it is not necessary to be constant time as the time of doing it does not depend on any secret. @ferakocz So, with this approach, we are paying the extra cost of encode signature + pad (for the omit null case) even for impls conforming to RFC 8017 spec. Based on the current interoperability testing, do you still feel that this is worthwhile to do? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1267148387 From xuelei at openjdk.org Tue Jul 18 19:19:58 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Tue, 18 Jul 2023 19:19:58 GMT Subject: RFR: 8312259: StatusResponseManager unused code clean up Message-ID: Hi, May I have the code cleanup update reviewed? With this update, the unused code in StatusResponseManager.java will be removed. Thanks, Xuelei ------------- Commit messages: - 8312259: StatusResponseManager unused code clean up Changes: https://git.openjdk.org/jdk/pull/14924/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14924&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8312259 Stats: 144 lines in 1 file changed: 0 ins; 142 del; 2 mod Patch: https://git.openjdk.org/jdk/pull/14924.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14924/head:pull/14924 PR: https://git.openjdk.org/jdk/pull/14924 From duke at openjdk.org Tue Jul 18 20:06:48 2023 From: duke at openjdk.org (Ben Perez) Date: Tue, 18 Jul 2023 20:06:48 GMT Subject: RFR: 8175874: Security.insertProviderAt should throw IllegalArgumentException when index is illegal Message-ID: Fixing the bug as stated would cause compatibility issues. E.g. the `addProvider` function always adds new providers at position 0 and therefore would always throw an error. Instead of changing how the function handles indices, we instead have left an `@implNote` ------------- Commit messages: - removed unnecessary newlines - added impl note to insertProviderAt Changes: https://git.openjdk.org/jdk/pull/14925/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14925&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8175874 Stats: 4 lines in 1 file changed: 4 ins; 0 del; 0 mod Patch: https://git.openjdk.org/jdk/pull/14925.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14925/head:pull/14925 PR: https://git.openjdk.org/jdk/pull/14925 From kdriver at openjdk.org Tue Jul 18 20:59:41 2023 From: kdriver at openjdk.org (Kevin Driver) Date: Tue, 18 Jul 2023 20:59:41 GMT Subject: RFR: 8175874: Security.insertProviderAt should throw IllegalArgumentException when index is illegal In-Reply-To: References: Message-ID: On Tue, 18 Jul 2023 19:59:34 GMT, Ben Perez wrote: > Fixing the bug as stated would cause compatibility issues. E.g. the `addProvider` function always adds new providers at position 0 and therefore would always throw an error. Instead of changing how the function handles indices, we instead have left an `@implNote` Double-checked the logic here. The implementation note reflects the behavior. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14925#issuecomment-1640981033 From valeriep at openjdk.org Tue Jul 18 21:38:49 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Tue, 18 Jul 2023 21:38:49 GMT Subject: RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider [v2] In-Reply-To: References: Message-ID: On Fri, 14 Jul 2023 21:57:32 GMT, Valerie Peng wrote: >> This change adds back the Reference.ReachabilityFence(Object) call removed by [JDK-8301553](https://bugs.openjdk.org/browse/JDK-8301553). >> >> Please help review. >> Thanks! >> Valerie > > Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: > > Include more methods into the scope for consistency/correctness sake. Yes, I do plan a follow-on issue to apply this to other security classes which use Cleaner... Thanks all for the review and comments~ ------------- PR Comment: https://git.openjdk.org/jdk/pull/14859#issuecomment-1641025361 From valeriep at openjdk.org Tue Jul 18 21:38:51 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Tue, 18 Jul 2023 21:38:51 GMT Subject: Integrated: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: Message-ID: On Thu, 13 Jul 2023 02:46:10 GMT, Valerie Peng wrote: > This change adds back the Reference.ReachabilityFence(Object) call removed by [JDK-8301553](https://bugs.openjdk.org/browse/JDK-8301553). > > Please help review. > Thanks! > Valerie This pull request has now been integrated. Changeset: 28c4d196 Author: Valerie Peng URL: https://git.openjdk.org/jdk/commit/28c4d196cff8576b69cf115cda538ab1dad978d2 Stats: 53 lines in 1 file changed: 32 ins; 1 del; 20 mod 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider Reviewed-by: ascarpino, xuelei, mullan ------------- PR: https://git.openjdk.org/jdk/pull/14859 From mpowers at openjdk.org Tue Jul 18 22:01:44 2023 From: mpowers at openjdk.org (Mark Powers) Date: Tue, 18 Jul 2023 22:01:44 GMT Subject: RFR: 8312259: StatusResponseManager unused code clean up In-Reply-To: References: Message-ID: <9KPpR-t0Z5lH-viHoNvuV2abPWy2E0pOD4IB8Di8J0Y=.5a2482cc-3c34-48ea-afc7-aac55a1408b5@github.com> On Tue, 18 Jul 2023 17:43:42 GMT, Xue-Lei Andrew Fan wrote: > Hi, > > May I have the code cleanup update reviewed? With this update, the unused code in StatusResponseManager.java will be removed. > > Thanks, > Xuelei src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java line 584: > 582: } > 583: > 584: static StaplingParameters processStapling( Even though a static method is implicitly final, the final keyword does prevent subclasses from inadvertently using the same method signature. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14924#discussion_r1267338764 From xuelei at openjdk.org Wed Jul 19 03:59:57 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Wed, 19 Jul 2023 03:59:57 GMT Subject: RFR: 8312259: StatusResponseManager unused code clean up In-Reply-To: <9KPpR-t0Z5lH-viHoNvuV2abPWy2E0pOD4IB8Di8J0Y=.5a2482cc-3c34-48ea-afc7-aac55a1408b5@github.com> References: <9KPpR-t0Z5lH-viHoNvuV2abPWy2E0pOD4IB8Di8J0Y=.5a2482cc-3c34-48ea-afc7-aac55a1408b5@github.com> Message-ID: On Tue, 18 Jul 2023 21:54:07 GMT, Mark Powers wrote: >> Hi, >> >> May I have the code cleanup update reviewed? With this update, the unused code in StatusResponseManager.java will be removed. >> >> Thanks, >> Xuelei > > src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java line 584: > >> 582: } >> 583: >> 584: static StaplingParameters processStapling( > > Even though a static method is implicitly final, the final keyword does prevent subclasses from inadvertently using the same method signature. Did you mean a subclass can declare a static method with the same signature? I tried an example and the compiling failed. Did I miss something? class Base { public static void display() { System.out.println(); } public void print() { System.out.println(); } } class Derived extends Base { // public void display() { public static void display() { System.out.println(); } public void print() { System.out.println(); } } XXX: error: display() in Derived cannot override display() in Base public void display() { ^ overridden method is static ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14924#discussion_r1267510020 From xuelei at openjdk.org Wed Jul 19 04:05:47 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Wed, 19 Jul 2023 04:05:47 GMT Subject: RFR: 8312259: StatusResponseManager unused code clean up [v2] In-Reply-To: References: Message-ID: > Hi, > > May I have the code cleanup update reviewed? With this update, the unused code in StatusResponseManager.java will be removed. > > Thanks, > Xuelei Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision: add final keyword back ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14924/files - new: https://git.openjdk.org/jdk/pull/14924/files/a122e594..72879cff Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14924&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14924&range=00-01 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/14924.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14924/head:pull/14924 PR: https://git.openjdk.org/jdk/pull/14924 From xuelei at openjdk.org Wed Jul 19 04:05:49 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Wed, 19 Jul 2023 04:05:49 GMT Subject: RFR: 8312259: StatusResponseManager unused code clean up [v2] In-Reply-To: <9KPpR-t0Z5lH-viHoNvuV2abPWy2E0pOD4IB8Di8J0Y=.5a2482cc-3c34-48ea-afc7-aac55a1408b5@github.com> References: <9KPpR-t0Z5lH-viHoNvuV2abPWy2E0pOD4IB8Di8J0Y=.5a2482cc-3c34-48ea-afc7-aac55a1408b5@github.com> Message-ID: On Tue, 18 Jul 2023 21:54:07 GMT, Mark Powers wrote: >> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision: >> >> add final keyword back > > src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java line 584: > >> 582: } >> 583: >> 584: static StaplingParameters processStapling( > > Even though a static method is implicitly final, the final keyword does prevent subclasses from inadvertently using the same method signature. Good point. I got what you meant and will add the final keyword back. Thanks! ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14924#discussion_r1267511186 From xuelei at openjdk.org Wed Jul 19 04:35:56 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Wed, 19 Jul 2023 04:35:56 GMT Subject: RFR: 8312259: StatusResponseManager unused code clean up [v3] In-Reply-To: References: Message-ID: > Hi, > > May I have the code cleanup update reviewed? With this update, the unused code in StatusResponseManager.java will be removed. > > Thanks, > Xuelei Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision: revise test case ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14924/files - new: https://git.openjdk.org/jdk/pull/14924/files/72879cff..cf894899 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14924&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14924&range=01-02 Stats: 31 lines in 1 file changed: 18 ins; 0 del; 13 mod Patch: https://git.openjdk.org/jdk/pull/14924.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14924/head:pull/14924 PR: https://git.openjdk.org/jdk/pull/14924 From duke at openjdk.org Wed Jul 19 08:49:42 2023 From: duke at openjdk.org (Ferenc Rakoczi) Date: Wed, 19 Jul 2023 08:49:42 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Tue, 18 Jul 2023 18:20:02 GMT, Valerie Peng wrote: >> Instead of falling back to unpad()/decodeSignature() I suggest to try a new version of encodeSignature() (in addition to trying the current version of it) in which you omit putting the null for params into the DER encoding and compare the decrypted message with that, too. Accept if any of the two encodings matches the decrypted one, reject otherwise. This can be done in constant time, although it is not necessary to be constant time as the time of doing it does not depend on any secret. > > @ferakocz So, with this approach, we are paying the extra cost of encode signature + pad (for the omit null case) even for impls conforming to RFC 8017 spec. Based on the current interoperability testing, do you still feel that this is worthwhile to do? Well, for conforming implementations we just do the first check and succeed. What I suggested was that we do the encode without null params and pad() *instead* of the fallback to unpad()decodeSignature(). As I said, this part need not be constant time (except for the byte array comparison part), but it can even be made constant time to satisfy the purists :-) at the expense of an extra encode/pad operation which is not that expensive. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1267755745 From djelinski at openjdk.org Wed Jul 19 12:35:09 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Wed, 19 Jul 2023 12:35:09 GMT Subject: RFR: 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock Message-ID: This patch fixes random deadlocks in PKCS11 decryption and encryption code. The deadlocks were caused by object allocation in `ckAssertReturnValueOK` waiting for GC; GC was in turn waiting for `ReleasePrimitiveArrayCritical`, which never happened. The fix moves the call to `ckAssertReturnValueOK` after `ReleasePrimitiveArrayCritical`. All tests in sun/security/pkcs11 were executed with `JTREG=JAVA_OPTIONS=-Xcheck:jni` with and without this patch. Without this patch, 5 tests produced the following warning: Warning: Calling other JNI functions in the scope of Get/ReleasePrimitiveArrayCritical or Get/ReleaseStringCritical With this patch the warning was not observed. Tier2-3 tests are still green. ------------- Commit messages: - Fix JNI usage in PKCS11 Changes: https://git.openjdk.org/jdk/pull/14931/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14931&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8307185 Stats: 34 lines in 2 files changed: 16 ins; 11 del; 7 mod Patch: https://git.openjdk.org/jdk/pull/14931.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14931/head:pull/14931 PR: https://git.openjdk.org/jdk/pull/14931 From alanb at openjdk.org Wed Jul 19 14:21:45 2023 From: alanb at openjdk.org (Alan Bateman) Date: Wed, 19 Jul 2023 14:21:45 GMT Subject: RFR: 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock In-Reply-To: References: Message-ID: On Wed, 19 Jul 2023 12:03:14 GMT, Daniel Jeli?ski wrote: > This patch fixes random deadlocks in PKCS11 decryption and encryption code. > > The deadlocks were caused by object allocation in `ckAssertReturnValueOK` waiting for GC; GC was in turn waiting for `ReleasePrimitiveArrayCritical`, which never happened. > > The fix moves the call to `ckAssertReturnValueOK` after `ReleasePrimitiveArrayCritical`. > > All tests in sun/security/pkcs11 were executed with `JTREG=JAVA_OPTIONS=-Xcheck:jni` with and without this patch. > Without this patch, 5 tests produced the following warning: > > Warning: Calling other JNI functions in the scope of Get/ReleasePrimitiveArrayCritical or Get/ReleaseStringCritical > > With this patch the warning was not observed. > > Tier2-3 tests are still green. Marked as reviewed by alanb (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14931#pullrequestreview-1537216659 From valeriep at openjdk.org Wed Jul 19 17:30:43 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Wed, 19 Jul 2023 17:30:43 GMT Subject: RFR: 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock In-Reply-To: References: Message-ID: <4N0ZKn80RRDdKUlaNTRVkeAz0z5iEkZ3jG2-rKzQYOM=.f8d548ff-17ba-4b4d-93dc-0389c3e7acec@github.com> On Wed, 19 Jul 2023 12:03:14 GMT, Daniel Jeli?ski wrote: > This patch fixes random deadlocks in PKCS11 decryption and encryption code. > > The deadlocks were caused by object allocation in `ckAssertReturnValueOK` waiting for GC; GC was in turn waiting for `ReleasePrimitiveArrayCritical`, which never happened. > > The fix moves the call to `ckAssertReturnValueOK` after `ReleasePrimitiveArrayCritical`. > > All tests in sun/security/pkcs11 were executed with `JTREG=JAVA_OPTIONS=-Xcheck:jni` with and without this patch. > Without this patch, 5 tests produced the following warning: > > Warning: Calling other JNI functions in the scope of Get/ReleasePrimitiveArrayCritical or Get/ReleaseStringCritical > > With this patch the warning was not observed. > > Tier2-3 tests are still green. src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_crypt.c line 172: > 170: &ckEncryptedLen); > 171: > 172: if (directIn == 0 && inBufP != NULL) { with this change, inBufP and outBufP should be non-null when directIn ==0 and directOut == 0, right? Perhaps we only need to check for one instead of both. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14931#discussion_r1268400446 From valeriep at openjdk.org Wed Jul 19 17:30:44 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Wed, 19 Jul 2023 17:30:44 GMT Subject: RFR: 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock In-Reply-To: <4N0ZKn80RRDdKUlaNTRVkeAz0z5iEkZ3jG2-rKzQYOM=.f8d548ff-17ba-4b4d-93dc-0389c3e7acec@github.com> References: <4N0ZKn80RRDdKUlaNTRVkeAz0z5iEkZ3jG2-rKzQYOM=.f8d548ff-17ba-4b4d-93dc-0389c3e7acec@github.com> Message-ID: On Wed, 19 Jul 2023 17:26:52 GMT, Valerie Peng wrote: >> This patch fixes random deadlocks in PKCS11 decryption and encryption code. >> >> The deadlocks were caused by object allocation in `ckAssertReturnValueOK` waiting for GC; GC was in turn waiting for `ReleasePrimitiveArrayCritical`, which never happened. >> >> The fix moves the call to `ckAssertReturnValueOK` after `ReleasePrimitiveArrayCritical`. >> >> All tests in sun/security/pkcs11 were executed with `JTREG=JAVA_OPTIONS=-Xcheck:jni` with and without this patch. >> Without this patch, 5 tests produced the following warning: >> >> Warning: Calling other JNI functions in the scope of Get/ReleasePrimitiveArrayCritical or Get/ReleaseStringCritical >> >> With this patch the warning was not observed. >> >> Tier2-3 tests are still green. > > src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_crypt.c line 172: > >> 170: &ckEncryptedLen); >> 171: >> 172: if (directIn == 0 && inBufP != NULL) { > > with this change, inBufP and outBufP should be non-null when directIn ==0 and directOut == 0, right? Perhaps we only need to check for one instead of both. Same goes for the rest of the file. Otherwise, changes look good. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14931#discussion_r1268402091 From djelinski at openjdk.org Wed Jul 19 17:39:41 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Wed, 19 Jul 2023 17:39:41 GMT Subject: RFR: 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock In-Reply-To: References: <4N0ZKn80RRDdKUlaNTRVkeAz0z5iEkZ3jG2-rKzQYOM=.f8d548ff-17ba-4b4d-93dc-0389c3e7acec@github.com> Message-ID: <0B1YozLQGJOEIsg_wrRz_5oTiIQscMf1ehfcF1CgERY=.989a2c05-e5c7-4f62-9dfb-1f632d078f5b@github.com> On Wed, 19 Jul 2023 17:28:15 GMT, Valerie Peng wrote: >> src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_crypt.c line 172: >> >>> 170: &ckEncryptedLen); >>> 171: >>> 172: if (directIn == 0 && inBufP != NULL) { >> >> with this change, inBufP and outBufP should be non-null when directIn ==0 and directOut == 0, right? Perhaps we only need to check for one instead of both. > > Same goes for the rest of the file. Otherwise, changes look good. Good point, will remove the extra checks. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14931#discussion_r1268416624 From valeriep at openjdk.org Wed Jul 19 17:59:04 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Wed, 19 Jul 2023 17:59:04 GMT Subject: [jdk21] RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider Message-ID: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider ------------- Commit messages: - Backport 28c4d196cff8576b69cf115cda538ab1dad978d2 Changes: https://git.openjdk.org/jdk21/pull/139/files Webrev: https://webrevs.openjdk.org/?repo=jdk21&pr=139&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8311902 Stats: 53 lines in 1 file changed: 32 ins; 1 del; 20 mod Patch: https://git.openjdk.org/jdk21/pull/139.diff Fetch: git fetch https://git.openjdk.org/jdk21.git pull/139/head:pull/139 PR: https://git.openjdk.org/jdk21/pull/139 From djelinski at openjdk.org Wed Jul 19 18:03:06 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Wed, 19 Jul 2023 18:03:06 GMT Subject: RFR: 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock [v2] In-Reply-To: References: Message-ID: > This patch fixes random deadlocks in PKCS11 decryption and encryption code. > > The deadlocks were caused by object allocation in `ckAssertReturnValueOK` waiting for GC; GC was in turn waiting for `ReleasePrimitiveArrayCritical`, which never happened. > > The fix moves the call to `ckAssertReturnValueOK` after `ReleasePrimitiveArrayCritical`. > > All tests in sun/security/pkcs11 were executed with `JTREG=JAVA_OPTIONS=-Xcheck:jni` with and without this patch. > Without this patch, 5 tests produced the following warning: > > Warning: Calling other JNI functions in the scope of Get/ReleasePrimitiveArrayCritical or Get/ReleaseStringCritical > > With this patch the warning was not observed. > > Tier2-3 tests are still green. Daniel Jeli?ski has updated the pull request incrementally with one additional commit since the last revision: Remove redundant checks ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14931/files - new: https://git.openjdk.org/jdk/pull/14931/files/64f4894a..33e08bcf Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14931&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14931&range=00-01 Stats: 8 lines in 1 file changed: 0 ins; 0 del; 8 mod Patch: https://git.openjdk.org/jdk/pull/14931.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14931/head:pull/14931 PR: https://git.openjdk.org/jdk/pull/14931 From valeriep at openjdk.org Wed Jul 19 18:03:21 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Wed, 19 Jul 2023 18:03:21 GMT Subject: RFR: 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock [v2] In-Reply-To: References: Message-ID: <2HUgtnOKAcvIcFIM77sbGdzPDUQozDwyuaQTUBqVc2M=.c84fbd6a-c3ec-4c60-abc9-ed4cebcd9914@github.com> On Wed, 19 Jul 2023 18:03:06 GMT, Daniel Jeli?ski wrote: >> This patch fixes random deadlocks in PKCS11 decryption and encryption code. >> >> The deadlocks were caused by object allocation in `ckAssertReturnValueOK` waiting for GC; GC was in turn waiting for `ReleasePrimitiveArrayCritical`, which never happened. >> >> The fix moves the call to `ckAssertReturnValueOK` after `ReleasePrimitiveArrayCritical`. >> >> All tests in sun/security/pkcs11 were executed with `JTREG=JAVA_OPTIONS=-Xcheck:jni` with and without this patch. >> Without this patch, 5 tests produced the following warning: >> >> Warning: Calling other JNI functions in the scope of Get/ReleasePrimitiveArrayCritical or Get/ReleaseStringCritical >> >> With this patch the warning was not observed. >> >> Tier2-3 tests are still green. > > Daniel Jeli?ski has updated the pull request incrementally with one additional commit since the last revision: > > Remove redundant checks Thanks, changes look good. ------------- Marked as reviewed by valeriep (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14931#pullrequestreview-1537686990 From mullan at openjdk.org Wed Jul 19 18:44:30 2023 From: mullan at openjdk.org (Sean Mullan) Date: Wed, 19 Jul 2023 18:44:30 GMT Subject: [jdk21] RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: Message-ID: <9xmzFX0u2-NOCcd7FiUGAUPKNVFBnwvE1G_jEPPnmJk=.8b22f364-f803-4819-bc4b-0ea499eb7e39@github.com> On Wed, 19 Jul 2023 17:51:20 GMT, Valerie Peng wrote: > 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider Marked as reviewed by mullan (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk21/pull/139#pullrequestreview-1537771538 From ascarpino at openjdk.org Wed Jul 19 19:08:25 2023 From: ascarpino at openjdk.org (Anthony Scarpino) Date: Wed, 19 Jul 2023 19:08:25 GMT Subject: [jdk21] RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: Message-ID: On Wed, 19 Jul 2023 17:51:20 GMT, Valerie Peng wrote: > 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider Marked as reviewed by ascarpino (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk21/pull/139#pullrequestreview-1537839835 From xuelei at openjdk.org Wed Jul 19 21:05:49 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Wed, 19 Jul 2023 21:05:49 GMT Subject: [jdk21] RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: Message-ID: On Wed, 19 Jul 2023 17:51:20 GMT, Valerie Peng wrote: > 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider Marked as reviewed by xuelei (Reviewer). src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java line 274: > 272: } > 273: > 274: SecretKey that = (SecretKey) obj; is there a tab space? ------------- PR Review: https://git.openjdk.org/jdk21/pull/139#pullrequestreview-1538015946 PR Review Comment: https://git.openjdk.org/jdk21/pull/139#discussion_r1268662947 From valeriep at openjdk.org Wed Jul 19 22:31:39 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Wed, 19 Jul 2023 22:31:39 GMT Subject: [jdk21] RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: Message-ID: On Wed, 19 Jul 2023 17:51:20 GMT, Valerie Peng wrote: > 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider /Integrate ------------- PR Comment: https://git.openjdk.org/jdk21/pull/139#issuecomment-1642849132 From valeriep at openjdk.org Wed Jul 19 22:31:40 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Wed, 19 Jul 2023 22:31:40 GMT Subject: [jdk21] RFR: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: Message-ID: <3YdVvfFAZk_YsgDYqNwDRIOossA7VpS7oKGz2XSeXk4=.b7356069-427b-4d7f-98a5-e680d56c8b26@github.com> On Wed, 19 Jul 2023 21:02:56 GMT, Xue-Lei Andrew Fan wrote: >> 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider > > src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java line 274: > >> 272: } >> 273: >> 274: SecretKey that = (SecretKey) obj; > > is there a tab space? I didn't find a tab space. ------------- PR Review Comment: https://git.openjdk.org/jdk21/pull/139#discussion_r1268742198 From valeriep at openjdk.org Wed Jul 19 23:35:41 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Wed, 19 Jul 2023 23:35:41 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v2] In-Reply-To: References: <9av18v7LjWdgjmIQNoOlDoT_oj5GcP_ROfGUx5Q9uUE=.30d64de6-5a5b-4799-b358-cd29b61f3b8e@github.com> Message-ID: On Wed, 19 Jul 2023 08:46:53 GMT, Ferenc Rakoczi wrote: >> @ferakocz So, with this approach, we are paying the extra cost of encode signature + pad (for the omit null case) even for impls conforming to RFC 8017 spec. Based on the current interoperability testing, do you still feel that this is worthwhile to do? > > Well, for conforming implementations we just do the first check and succeed. What I suggested was that we do the encode without null params and pad() *instead* of the fallback to unpad()decodeSignature(). As I said, this part need not be constant time (except for the byte array comparison part), but it can even be made constant time to satisfy the purists :-) at the expense of an extra encode/pad operation which is not that expensive. If it need not be constant time, I'd prefer to not pay the extra cost for every operation and for all callers. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1268780497 From valeriep at openjdk.org Thu Jul 20 00:39:08 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Thu, 20 Jul 2023 00:39:08 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v3] In-Reply-To: References: Message-ID: > This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. > > Thanks in advance for review~ > Valerie Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: Update to address review feedbacks ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14839/files - new: https://git.openjdk.org/jdk/pull/14839/files/cbb958d9..3426b38d Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14839&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14839&range=01-02 Stats: 53 lines in 4 files changed: 34 ins; 10 del; 9 mod Patch: https://git.openjdk.org/jdk/pull/14839.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14839/head:pull/14839 PR: https://git.openjdk.org/jdk/pull/14839 From valeriep at openjdk.org Thu Jul 20 01:26:49 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Thu, 20 Jul 2023 01:26:49 GMT Subject: [jdk21] Integrated: 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider In-Reply-To: References: Message-ID: On Wed, 19 Jul 2023 17:51:20 GMT, Valerie Peng wrote: > 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider This pull request has now been integrated. Changeset: 6786fa4b Author: Valerie Peng URL: https://git.openjdk.org/jdk21/commit/6786fa4bfd536897b80136ee912a387a45957115 Stats: 53 lines in 1 file changed: 32 ins; 1 del; 20 mod 8311902: Concurrency regression in the PBKDF2 key impl of SunJCE provider Reviewed-by: mullan, ascarpino, xuelei Backport-of: 28c4d196cff8576b69cf115cda538ab1dad978d2 ------------- PR: https://git.openjdk.org/jdk21/pull/139 From xuelei at openjdk.org Thu Jul 20 05:09:45 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Thu, 20 Jul 2023 05:09:45 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v3] In-Reply-To: References: Message-ID: On Thu, 20 Jul 2023 00:39:08 GMT, Valerie Peng wrote: >> This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. >> >> Thanks in advance for review~ >> Valerie > > Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: > > Update to address review feedbacks Let make sure the fall-back is really necessary before integration. Thanks! src/java.base/share/classes/sun/security/rsa/RSASignature.java line 227: > 225: byte[] padded2 = padding.pad(encoded2); > 226: return MessageDigest.isEqual(padded2, decrypted); > 227: } I had a check of the specification (Section A.2.4 of RFC 8017), and the [update](https://github.com/openjdk/jdk/pull/8365) and the [JBS entry](https://bugs.openjdk.org/browse/JDK-8285404) that added the comment "some vendors might omit the NULL params". Per section A.2.4 of RFC 8017, it is said "For each OID, the parameters field associated with this OID in a value of type AlgorithmIdentifier SHALL have a value of type NULL." Per the key words specification, RFC 2119, "SHALL" is the same as MUST which "mean that the definition is an absolute requirement of the specification." In the bug description of bug JDK-8285404, there is a section "*Update*: We think it's possible that there might be signers omitting the NULL params in the digest algorithm identifier. " For this case, if the signers omitting the NULL params, does it means the signer does not follow the specification and should be rejected? @wangweij could you recall if there is a real case that omits the NULL params in practice? ------------- Changes requested by xuelei (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14839#pullrequestreview-1538434261 PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1268937806 From jjiang at openjdk.org Thu Jul 20 09:36:59 2023 From: jjiang at openjdk.org (John Jiang) Date: Thu, 20 Jul 2023 09:36:59 GMT Subject: RFR: 8312443: sun.security should use toLowerCase(Locale.ROOT) Message-ID: sun.security codes should use `toLowerCase(Locale.ROOT)` instead of `toLowerCase()`. In addition, no `toUpperCase()` was found in this code scope. ------------- Commit messages: - 8312443: sun.security should use toLowerCase(Locale.ROOT) Changes: https://git.openjdk.org/jdk/pull/14948/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14948&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8312443 Stats: 9 lines in 3 files changed: 2 ins; 1 del; 6 mod Patch: https://git.openjdk.org/jdk/pull/14948.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14948/head:pull/14948 PR: https://git.openjdk.org/jdk/pull/14948 From xuelei at openjdk.org Thu Jul 20 15:46:40 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Thu, 20 Jul 2023 15:46:40 GMT Subject: RFR: 8312443: sun.security should use toLowerCase(Locale.ROOT) In-Reply-To: References: Message-ID: On Thu, 20 Jul 2023 09:29:50 GMT, John Jiang wrote: > sun.security codes should use `toLowerCase(Locale.ROOT)` instead of `toLowerCase()`. > In addition, no `toUpperCase()` was found in this code scope. Looks good to me. ------------- Marked as reviewed by xuelei (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14948#pullrequestreview-1539584307 From djelinski at openjdk.org Thu Jul 20 16:42:52 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Thu, 20 Jul 2023 16:42:52 GMT Subject: RFR: 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock [v2] In-Reply-To: References: Message-ID: <_wKqSIED7R5EKqYDb3N4VVvnW_c5_yMmDDXYGaLIvVs=.ff9646be-62ad-40af-8467-38ffe0e530c4@github.com> On Wed, 19 Jul 2023 18:03:06 GMT, Daniel Jeli?ski wrote: >> This patch fixes random deadlocks in PKCS11 decryption and encryption code. >> >> The deadlocks were caused by object allocation in `ckAssertReturnValueOK` waiting for GC; GC was in turn waiting for `ReleasePrimitiveArrayCritical`, which never happened. >> >> The fix moves the call to `ckAssertReturnValueOK` after `ReleasePrimitiveArrayCritical`. >> >> All tests in sun/security/pkcs11 were executed with `JTREG=JAVA_OPTIONS=-Xcheck:jni` with and without this patch. >> Without this patch, 5 tests produced the following warning: >> >> Warning: Calling other JNI functions in the scope of Get/ReleasePrimitiveArrayCritical or Get/ReleaseStringCritical >> >> With this patch the warning was not observed. >> >> Tier2-3 tests are still green. > > Daniel Jeli?ski has updated the pull request incrementally with one additional commit since the last revision: > > Remove redundant checks Thanks for the reviews! ------------- PR Comment: https://git.openjdk.org/jdk/pull/14931#issuecomment-1644244075 From djelinski at openjdk.org Thu Jul 20 16:42:53 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Thu, 20 Jul 2023 16:42:53 GMT Subject: Integrated: 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock In-Reply-To: References: Message-ID: On Wed, 19 Jul 2023 12:03:14 GMT, Daniel Jeli?ski wrote: > This patch fixes random deadlocks in PKCS11 decryption and encryption code. > > The deadlocks were caused by object allocation in `ckAssertReturnValueOK` waiting for GC; GC was in turn waiting for `ReleasePrimitiveArrayCritical`, which never happened. > > The fix moves the call to `ckAssertReturnValueOK` after `ReleasePrimitiveArrayCritical`. > > All tests in sun/security/pkcs11 were executed with `JTREG=JAVA_OPTIONS=-Xcheck:jni` with and without this patch. > Without this patch, 5 tests produced the following warning: > > Warning: Calling other JNI functions in the scope of Get/ReleasePrimitiveArrayCritical or Get/ReleaseStringCritical > > With this patch the warning was not observed. > > Tier2-3 tests are still green. This pull request has now been integrated. Changeset: 354c6605 Author: Daniel Jeli?ski URL: https://git.openjdk.org/jdk/commit/354c6605e32790ca421869636d8bf5456fc51717 Stats: 42 lines in 2 files changed: 16 ins; 11 del; 15 mod 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock Reviewed-by: alanb, valeriep ------------- PR: https://git.openjdk.org/jdk/pull/14931 From xuelei.f at gmail.com Thu Jul 20 16:53:58 2023 From: xuelei.f at gmail.com (Xuelei Fan) Date: Thu, 20 Jul 2023 09:53:58 -0700 Subject: [Internet]Re: Re: Re: JEP Review Request: TLS Certificate Compression In-Reply-To: <6D8F2B44-D17F-424E-853C-743834C2F0C4@gmail.com> References: <2b0e381c-d41d-2b03-238e-cf2d4af4201c@oracle.com> <8c1fadcd-6613-02a8-db38-a2fc1b195563@oracle.com> <6D8F2B44-D17F-424E-853C-743834C2F0C4@gmail.com> Message-ID: Hi, This feature had been implemented in OpenSSL [1] and Chrome browser [2] for a while. Maybe, it is time to pick this request up for further discussion and review if there are resources available. What do you think? Best, Xuelei [1]: https://github.com/openssl/openssl/issues/13597 [2]: https://chromestatus.com/feature/5696925844111360 > On Aug 2, 2022, at 7:53 PM, Xuelei Fan wrote: > >> >> On Aug 2, 2022, at 2:55 PM, Bradford Wetmore wrote: >> >> Hi Xuelei, >> >> Sean wrote: >> >>> I haven't had time to look at this in detail yet. I would like a >>> couple more weeks to review the draft. >> >> We've been looking closely at RFC 8879 and your proposal to add support into JSSE. I think we're in agreement that this would be a good addition for the reasons you outline. >> >> We are currently busy with some high-priority projects so reviewing this JEP will need more time. This means that we'll need to wait a release or two for proper and thorough discussion and review. Timeline wise this is reasonable as other TLS implementations such as OpenSSL and GoLang are at a similar assessment stage [1][2]. > > Thanks for the feedback. The timeline sounds reasonable to me. > > >> >> On the technical side, while having a pluggable API for supporting different/additional compression types has its merits, my preference is to have some/all of these compression types directly supported within JSSE so that this works out-of-the-box, and developers don't introduce unexpected/hard-to-debug compression errors. Otherwise everyone would have to copy the same compression code everywhere. Seems a bit painful when a simple implementation could be provided that works for many/most. The other big benefit is that this will allow for trivial backports as no API will be needed for earlier releases. >> > > It?s fine to me to add default compression implementations, while we are keeping the flexibility for customization. I may come back for a revised design at around version 22. > > >> When more implementations start supporting this Certificate Compression RFC, I think Zlib might be the most widely used. Adding the ZLIB extension seems a natural first target as there is already an implementation in JDK, and you demonstrated how easy encoding in ZLIB is. I see Chrome already has brotli, and zstd seems like it would be a faster algorithm with tighter compression, though without prototyping, I'm not sure how much gain we'll get with smallish cert chains (i.e. 10's of kb) vs. large data sets that I've seen numbers for[3]. Patrick McManus/Fastly felt anecdotally that the difference between the three wasn't that different, compared to not having compression at all. >> >> The TLS certificate compression specification allows any of the >> deflate, brotli, or zstd formats for compression. Anecdotally, the >> differences between them were very small compared to the difference >> between compressed and uncompressed representations. [4] >> > > I?m not sure if the performance really plays a critical role in practice. The support of compression algorithms could be an impact of interoperability (for example, work with Internet browsers such as Chrome). > > > Thanks for the feedback! > > Best, > Xuelei > > >> Brad >> >> [1] https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenssl%2Fopenssl%2Fissues%2F13597&data=05%7C01%7Cxueleifan%40global.tencent.com%7Cc21799c52d1540bd324b08da74fa8a0a%7Ca32856f21731405cb53d480e26413adf%7C1%7C0%7C637950916681863507%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EGu0LBAOv9KVtgP5ivRjFI9HLLelX4mIVy5raBQm0EU%3D&reserved=0 >> [2] https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fissues%2F42967&data=05%7C01%7Cxueleifan%40global.tencent.com%7Cc21799c52d1540bd324b08da74fa8a0a%7Ca32856f21731405cb53d480e26413adf%7C1%7C0%7C637950916681863507%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eOwziZmg2Kee8KdO31pvfiXAzIxOu9plShJ11bngo2I%3D&reserved=0 >> [3] https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffacebook.github.io%2Fzstd%2F&data=05%7C01%7Cxueleifan%40global.tencent.com%7Cc21799c52d1540bd324b08da74fa8a0a%7Ca32856f21731405cb53d480e26413adf%7C1%7C0%7C637950916682019740%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TBR0haf0nGvb73pqbzcsbJlUvpSuARCSlgjUMt140As%3D&reserved=0 >> [4] https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.fastly.com%2Fblog%2Fquic-handshake-tls-compression-certificates-extension-study&data=05%7C01%7Cxueleifan%40global.tencent.com%7Cc21799c52d1540bd324b08da74fa8a0a%7Ca32856f21731405cb53d480e26413adf%7C1%7C0%7C637950916682019740%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jmMY1Y4876EvoxfU%2F0XUPUnuEN0z2466JxnQfOC%2BX7k%3D&reserved=0 -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin.driver at oracle.com Thu Jul 20 20:05:34 2023 From: kevin.driver at oracle.com (Kevin Driver) Date: Thu, 20 Jul 2023 20:05:34 +0000 Subject: KDF JEP for the Java Platform Message-ID: <349FFB87-C096-4BBD-A74E-91DDD0AAE25D@oracle.com> As a newly minted committer and Oracle employee tasked with the following, I thought I should send an introductory mail to the list and start a discussion on adding a standard API for key derivation functions (KDFs) to the Java Platform. You may have noticed the KEM [1] APIs and associated implementation coming in JDK 21. KDF [2] is another building block in support of HPKE [3] (which requires KEM and KDF as dependencies/primitives). HPKE will become important during the transition to post-quantum cryptography. The concept of a KDF implementation within the security libraries is not entirely new (a JEP was put forth previously but withdrawn [4]); however it is time to formalize an API, add some additional implementations, and make some older implementations available for use in a more standard way. We look forward to your feedback on the below proposal and would be interested in any thoughts on the design considerations listed at the end. To wit, I?ll try to give a brief overview of the following: - high level design - current status - design considerations *High Level Design* In general, this diagram encapsulates a lot of our intended trajectory (see attached diagram). The new KDF APIs will serve as an umbrella over an RFC 5869 [5] implementation of HKDF, existing PBE implementations, and future implementations. However, our current plans are to allow algorithms, such as PBE, to continue to be accessible in the manner they are today (with possible deprecation at some point in the future). In addition, JSSE has a ?sibling? implementation of something very similar to RFC 5869 (but perhaps somewhat specialized for the JSSE use-cases), so it will likely be merged into the ?proper?/main RFC 5869 implementation and called/utilized in a fashion similar to how JSSE does today. One goal is certainly to be minimally disruptive to JSSE implementation code where possible, so as to not incur a massive retesting/validation effort for TLS. Also related to JSSE, one of the reasons for the Tls* classes (mentioned in the SunJCE provider) being located in restricted packages, I?m told, is because there was not yet a KDF API available. The classes described are in: ? sun.security.internal.interfaces ? sun.security.internal.spec A side-goal/benefit of this work will be to relocate the above classes out of their restricted packages (ie - not in sun.security.internal any longer). *Current Status* Currently we (Oracle) have a set of KDF framework APIs as well as an implementation of RFC 5869 and a TLSPrfKDF implementation, which were developed previously but not yet made available. I have taken up this work, and I?m working through suggested modifications and/or improvements. There are, however, a few ongoing points of discussion, a couple of which I will be bringing forward today. *Design Considerations* ? What, if any, JSSE implementations are there outside of Oracle which might be affected by the choice to relocate the Tls* classes from their SunJCE restricted packages? We are interested in speaking with those affected by this potential change. ? APIs in JCE have historically been ?multi-phased? (ie - Cipher?s init, update, doFinal). However, it is also somewhat en vogue to lean toward immutability as much as possible. We?re weighing the relative merits of a ?one and done? style API with lots of parameters vs a more ?traditional? multi-phased approach. [1] https://openjdk.org/jeps/452 [2] https://en.wikipedia.org/wiki/Key_derivation_function [3] https://www.rfc-editor.org/rfc/rfc9180.html [4] https://bugs.openjdk.org/browse/JDK-8189808 [5] https://www.rfc-editor.org/rfc/rfc5869.html I will followup in a few weeks with more detail and will look forward to your feedback in the meantime. Thanks for your interest/participation! Kevin Driver Mobile: +1.512.431.5690 Java Security Libraries -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: KDF Diagram.png Type: image/png Size: 121864 bytes Desc: KDF Diagram.png URL: From ecki at zusammenkunft.net Thu Jul 20 20:17:28 2023 From: ecki at zusammenkunft.net (Bernd) Date: Thu, 20 Jul 2023 22:17:28 +0200 Subject: KDF JEP for the Java Platform In-Reply-To: <349FFB87-C096-4BBD-A74E-91DDD0AAE25D@oracle.com> References: <349FFB87-C096-4BBD-A74E-91DDD0AAE25D@oracle.com> Message-ID: <1B6C9235-722C-4C45-8877-F3E677977FA2@hxcore.ol> An HTML attachment was scrubbed... URL: From jjiang at openjdk.org Thu Jul 20 21:51:46 2023 From: jjiang at openjdk.org (John Jiang) Date: Thu, 20 Jul 2023 21:51:46 GMT Subject: RFR: 8312443: sun.security should use toLowerCase(Locale.ROOT) In-Reply-To: References: Message-ID: On Thu, 20 Jul 2023 09:29:50 GMT, John Jiang wrote: > sun.security codes should use `toLowerCase(Locale.ROOT)` instead of `toLowerCase()`. > In addition, no `toUpperCase()` was found in this code scope. @XueleiFan Thanks for your review! ------------- PR Comment: https://git.openjdk.org/jdk/pull/14948#issuecomment-1644647852 From jjiang at openjdk.org Thu Jul 20 21:51:46 2023 From: jjiang at openjdk.org (John Jiang) Date: Thu, 20 Jul 2023 21:51:46 GMT Subject: Integrated: 8312443: sun.security should use toLowerCase(Locale.ROOT) In-Reply-To: References: Message-ID: <4cHEg9nxhzh72syLNxbarkR9tFrnX_tXgbALRMa7TIg=.54488afb-071b-4bde-a017-53cfc85dc6be@github.com> On Thu, 20 Jul 2023 09:29:50 GMT, John Jiang wrote: > sun.security codes should use `toLowerCase(Locale.ROOT)` instead of `toLowerCase()`. > In addition, no `toUpperCase()` was found in this code scope. This pull request has now been integrated. Changeset: 4e8f331a Author: John Jiang URL: https://git.openjdk.org/jdk/commit/4e8f331a80fdfbf3b73ad12b41920fcf4f242275 Stats: 9 lines in 3 files changed: 2 ins; 1 del; 6 mod 8312443: sun.security should use toLowerCase(Locale.ROOT) Reviewed-by: xuelei ------------- PR: https://git.openjdk.org/jdk/pull/14948 From ascarpino at openjdk.org Fri Jul 21 00:18:54 2023 From: ascarpino at openjdk.org (Anthony Scarpino) Date: Fri, 21 Jul 2023 00:18:54 GMT Subject: RFR: JDK-8311592 ECKeySizeParameterSpec causes too many exceptions on third party providers Message-ID: <6DbK3TMs91wt61OCBdqpAyaQ_GCWsP35X1Fi5ZoFbSs=.eb70f056-86b9-4afd-869c-2adf4e511b9c@github.com> Hi, This fix eliminates needless exceptions each time the EC key size is obtained through AlgorithmParameters on third party providers. These providers throw an InvalidParameterSpecException as `sun.security.util.KeyUtil.getKey()` sends an internal `sun.security.util.ECKeySizeParameterSpec`. The exception is properly handled, but the number of exceptions becomes excessive with TLS. Calling ECKeySizeParameterSpec only with SunEC resolves this issue. Thanks Tony ------------- Commit messages: - verified fix - Merge remote-tracking branch 'origin' into ecsize - add sunec check Changes: https://git.openjdk.org/jdk/pull/14916/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14916&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8311592 Stats: 14 lines in 1 file changed: 5 ins; 3 del; 6 mod Patch: https://git.openjdk.org/jdk/pull/14916.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14916/head:pull/14916 PR: https://git.openjdk.org/jdk/pull/14916 From djelinski at openjdk.org Fri Jul 21 10:38:05 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Fri, 21 Jul 2023 10:38:05 GMT Subject: [jdk21] RFR: 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock Message-ID: Hi all, This pull request contains a backport of commit [354c6605](https://github.com/openjdk/jdk/commit/354c6605e32790ca421869636d8bf5456fc51717) from the [openjdk/jdk](https://git.openjdk.org/jdk) repository. The commit being backported was authored by Daniel Jeli?ski on 20 Jul 2023 and was reviewed by Alan Bateman and Valerie Peng. Thanks! ------------- Commit messages: - Backport 354c6605e32790ca421869636d8bf5456fc51717 Changes: https://git.openjdk.org/jdk21/pull/142/files Webrev: https://webrevs.openjdk.org/?repo=jdk21&pr=142&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8307185 Stats: 42 lines in 2 files changed: 16 ins; 11 del; 15 mod Patch: https://git.openjdk.org/jdk21/pull/142.diff Fetch: git fetch https://git.openjdk.org/jdk21.git pull/142/head:pull/142 PR: https://git.openjdk.org/jdk21/pull/142 From djelinski at openjdk.org Fri Jul 21 12:45:41 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Fri, 21 Jul 2023 12:45:41 GMT Subject: RFR: 8309305: sun/security/ssl/SSLSocketImpl/BlockedAsyncClose.java fails with jtreg test timeout [v2] In-Reply-To: References: Message-ID: On Tue, 13 Jun 2023 14:24:20 GMT, Matthew Donovan wrote: >> This PR improves the reliability of the BlockedAsyncClose test by addressing an edge case/race condition between the two test threads. The purpose of the test is to verify that an SSLSocket can be closed if a thread is blocked in a write operation. >> >> The test starts a "write" thread that writes data to a socket until the output buffer was filled, causing the write operation to block. The main thread then calls `SSLSocket.close()`. The original code used `Thread.sleep(1000)` to wait for the write-thread to block. However, 1 second isn't always long enough and if the write-thread isn't blocked and the output buffer is full (or almost full), the `socket.close()` call may block when it tries to send the close_notify alert. This is the condition that caused this bug. >> >> My change uses a Lock to determine if the write thread is blocked. In the write thread, the lock creates a critical section around the `write()` call. The main thread uses `tryLock()` with a timeout to determine that the write() call is taking too long and thus likely blocked. >> >> While there, I also updated the test to use the SSLContextTemplate class. > > Matthew Donovan has updated the pull request incrementally with one additional commit since the last revision: > > Fixed whitespace. > > Co-authored-by: Andrey Turbanov LGTM. Some OSes spontaneously increase the buffer size after a few seconds, unblocking blocked write operations. We also use 10 seconds limit in networking tests, seems to work pretty well. See https://github.com/openjdk/jdk/blob/9e4fc568a6f1a93c84a84d6cc5220c6eb4e546a5/test/jdk/java/net/httpclient/websocket/PendingOperations.java#L43-L47 ------------- Marked as reviewed by djelinski (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14378#pullrequestreview-1541088196 From mdonovan at openjdk.org Fri Jul 21 14:48:49 2023 From: mdonovan at openjdk.org (Matthew Donovan) Date: Fri, 21 Jul 2023 14:48:49 GMT Subject: Integrated: 8309305: sun/security/ssl/SSLSocketImpl/BlockedAsyncClose.java fails with jtreg test timeout In-Reply-To: References: Message-ID: On Thu, 8 Jun 2023 14:25:26 GMT, Matthew Donovan wrote: > This PR improves the reliability of the BlockedAsyncClose test by addressing an edge case/race condition between the two test threads. The purpose of the test is to verify that an SSLSocket can be closed if a thread is blocked in a write operation. > > The test starts a "write" thread that writes data to a socket until the output buffer was filled, causing the write operation to block. The main thread then calls `SSLSocket.close()`. The original code used `Thread.sleep(1000)` to wait for the write-thread to block. However, 1 second isn't always long enough and if the write-thread isn't blocked and the output buffer is full (or almost full), the `socket.close()` call may block when it tries to send the close_notify alert. This is the condition that caused this bug. > > My change uses a Lock to determine if the write thread is blocked. In the write thread, the lock creates a critical section around the `write()` call. The main thread uses `tryLock()` with a timeout to determine that the write() call is taking too long and thus likely blocked. > > While there, I also updated the test to use the SSLContextTemplate class. This pull request has now been integrated. Changeset: 8042a50b Author: Matthew Donovan URL: https://git.openjdk.org/jdk/commit/8042a50b99a671390910afa5f816894f77255429 Stats: 57 lines in 1 file changed: 20 ins; 24 del; 13 mod 8309305: sun/security/ssl/SSLSocketImpl/BlockedAsyncClose.java fails with jtreg test timeout Reviewed-by: djelinski ------------- PR: https://git.openjdk.org/jdk/pull/14378 From duke at openjdk.org Fri Jul 21 15:52:51 2023 From: duke at openjdk.org (duke) Date: Fri, 21 Jul 2023 15:52:51 GMT Subject: Withdrawn: 8308144: HttpClient - uncontrolled memory consumption in SSLFlowDelegate.Reader In-Reply-To: References: Message-ID: <7Q_ZpqQm8J0MxmT2_k5FoflkSTk19JzaAGuirkoCrVo=.56de85aa-66ac-4586-b6e5-7befd3d77e2a@github.com> On Thu, 25 May 2023 20:17:39 GMT, zhurs wrote: > When using HttpClient to make requests to HTTPS resources, there is an issue where the entire file is being downloaded into memory without the ability to limit the buffer size. > If the SSLEngine cannot decode the entire buffer due to the algorithm's blocking nature, it returns a decoded chunk of data and BUFFER_UNDERFLOW status, which leads to SSLFlowDelegate.Reader requesting more data despite the output queue being full. This pull request has been closed without being integrated. ------------- PR: https://git.openjdk.org/jdk/pull/14159 From bpb at openjdk.org Fri Jul 21 22:46:53 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Fri, 21 Jul 2023 22:46:53 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available Message-ID: Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. ------------- Commit messages: - 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available Changes: https://git.openjdk.org/jdk/pull/14981/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14981&range=00 Issue: https://bugs.openjdk.org/browse/JDK-6478546 Stats: 81 lines in 7 files changed: 29 ins; 15 del; 37 mod Patch: https://git.openjdk.org/jdk/pull/14981.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14981/head:pull/14981 PR: https://git.openjdk.org/jdk/pull/14981 From bpb at openjdk.org Fri Jul 21 22:46:54 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Fri, 21 Jul 2023 22:46:54 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available In-Reply-To: References: Message-ID: On Fri, 21 Jul 2023 22:40:00 GMT, Brian Burkhalter wrote: > Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. The cost of native memory allocation appears to degrade the throughput of reads and writes of larger arrays. Above a certain size, allocating and looping over a smaller array was measured to achieve higher throughput. As `Objects::checkFromIndexSize` now guards against out of bounds conditions, and obtaining the array length as its third parameter provides a null check, the NULL and bounds checks could be removed from the C code. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14981#issuecomment-1646312987 From alanb at openjdk.org Sun Jul 23 06:35:51 2023 From: alanb at openjdk.org (Alan Bateman) Date: Sun, 23 Jul 2023 06:35:51 GMT Subject: [jdk21] RFR: 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock In-Reply-To: References: Message-ID: On Fri, 21 Jul 2023 10:29:43 GMT, Daniel Jeli?ski wrote: > Hi all, > > This pull request contains a backport of commit [354c6605](https://github.com/openjdk/jdk/commit/354c6605e32790ca421869636d8bf5456fc51717) from the [openjdk/jdk](https://git.openjdk.org/jdk) repository. > > The commit being backported was authored by Daniel Jeli?ski on 20 Jul 2023 and was reviewed by Alan Bateman and Valerie Peng. > > Thanks! Marked as reviewed by alanb (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk21/pull/142#pullrequestreview-1542192659 From jpai at openjdk.org Mon Jul 24 06:30:48 2023 From: jpai at openjdk.org (Jaikiran Pai) Date: Mon, 24 Jul 2023 06:30:48 GMT Subject: RFR: 8308144: HttpClient - uncontrolled memory consumption in SSLFlowDelegate.Reader In-Reply-To: References: Message-ID: On Fri, 26 May 2023 09:17:41 GMT, zhurs wrote: >> When using HttpClient to make requests to HTTPS resources, there is an issue where the entire file is being downloaded into memory without the ability to limit the buffer size. >> If the SSLEngine cannot decode the entire buffer due to the algorithm's blocking nature, it returns a decoded chunk of data and BUFFER_UNDERFLOW status, which leads to SSLFlowDelegate.Reader requesting more data despite the output queue being full. > > Thank you, I will look at these options. Hello @zhurs, would you mind if one of us took over this PR and moved this forward? Daniel noted that the fix looks reasonable and it's the test which will need some work. We will add you as the co-author. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14159#issuecomment-1647292115 From mbaesken at openjdk.org Mon Jul 24 08:00:53 2023 From: mbaesken at openjdk.org (Matthias Baesken) Date: Mon, 24 Jul 2023 08:00:53 GMT Subject: RFR: JDK-8312512: sspi.cpp gss_export_name avoid delete on NULL fullname Message-ID: <4PUPVt-mpUY9voOpPmDMRF02mv7cUFBABptrLUmQa54=.dfb07891-d26d-42c8-b099-7e46e7836f90@github.com> sspi.cpp contains the gss_export_name function, where at the end some cleanup is done by calling delete. However this should be done more careful, because the function get_full_name which is called in gss_export_name might return NULL, so we better avoid calling delete in this case. ------------- Commit messages: - JDK-8312512 Changes: https://git.openjdk.org/jdk/pull/14989/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14989&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8312512 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/14989.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14989/head:pull/14989 PR: https://git.openjdk.org/jdk/pull/14989 From jjiang at openjdk.org Mon Jul 24 08:11:53 2023 From: jjiang at openjdk.org (John Jiang) Date: Mon, 24 Jul 2023 08:11:53 GMT Subject: RFR: 8312578: Redundant javadoc in X400Address Message-ID: [JDK-8296741] removed the constructor `X400Address(byte[] value)`, but it didn't remove the javadoc for this constructor. This simple patch just removes this javadoc. [JDK-8296741]: ------------- Commit messages: - 8312578: Redundant javadoc in X400Address Changes: https://git.openjdk.org/jdk/pull/14990/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14990&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8312578 Stats: 7 lines in 1 file changed: 0 ins; 6 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/14990.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14990/head:pull/14990 PR: https://git.openjdk.org/jdk/pull/14990 From vtewari at openjdk.org Mon Jul 24 09:18:40 2023 From: vtewari at openjdk.org (Vyom Tewari) Date: Mon, 24 Jul 2023 09:18:40 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available In-Reply-To: References: Message-ID: On Fri, 21 Jul 2023 22:40:00 GMT, Brian Burkhalter wrote: > Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. src/java.base/share/native/libjava/io_util.c line 99: > 97: return 0; > 98: } else if (len > BUF_SIZE) { > 99: if (len > MAX_MALLOC_SIZE) Hi Brian if I am reading code correctly then with the current code change FIS.read(byte[] b, int off, int len) will always read (MAX_MALLOC_SIZE 2097152) bytes if len > MAX_MALLOC_SIZE. The java doc of read as below public?int?read(byte[]?b, int?off, int?len) throws IOException Reads up to len bytes of data from the input stream into an array of bytes. An attempt is made to read as many as len bytes, but a smaller number may be read. The number of bytes actually read is returned as an integer. I think if you are limiting the internal dynamic buffer to 2097152 byte then you have to at least attempt to read as many as len bytes if possible before returning. If I simply the run the following code int size = 501 * 501 * 501 * 3; FileInputStream fis = new FileInputStream("/home/vyom1/test.img"); // Any file with size >= 501*501*501*2 System.out.println("size: " + size); byte buf[] = new byte[size]; System.out.println("buf ok"); int bytesRead = fis.read(buf, 0, size); System.out.println("Bytes read " + bytesRead); It will always print ?Bytes read 2097152? which is not as per Java specification of InputStream.read(byte[]b, int off, int len). ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1271976654 From djelinski at openjdk.org Mon Jul 24 10:12:52 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Mon, 24 Jul 2023 10:12:52 GMT Subject: [jdk21] Integrated: 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock In-Reply-To: References: Message-ID: On Fri, 21 Jul 2023 10:29:43 GMT, Daniel Jeli?ski wrote: > Hi all, > > This pull request contains a backport of commit [354c6605](https://github.com/openjdk/jdk/commit/354c6605e32790ca421869636d8bf5456fc51717) from the [openjdk/jdk](https://git.openjdk.org/jdk) repository. > > The commit being backported was authored by Daniel Jeli?ski on 20 Jul 2023 and was reviewed by Alan Bateman and Valerie Peng. > > Thanks! This pull request has now been integrated. Changeset: aae2cbd3 Author: Daniel Jeli?ski URL: https://git.openjdk.org/jdk21/commit/aae2cbd308044bcc00419a4b7ab19d7ffcf88514 Stats: 42 lines in 2 files changed: 16 ins; 11 del; 15 mod 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock Reviewed-by: alanb Backport-of: 354c6605e32790ca421869636d8bf5456fc51717 ------------- PR: https://git.openjdk.org/jdk21/pull/142 From djelinski at openjdk.org Mon Jul 24 11:03:41 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Mon, 24 Jul 2023 11:03:41 GMT Subject: RFR: JDK-8312512: sspi.cpp gss_export_name avoid delete on NULL fullname In-Reply-To: <4PUPVt-mpUY9voOpPmDMRF02mv7cUFBABptrLUmQa54=.dfb07891-d26d-42c8-b099-7e46e7836f90@github.com> References: <4PUPVt-mpUY9voOpPmDMRF02mv7cUFBABptrLUmQa54=.dfb07891-d26d-42c8-b099-7e46e7836f90@github.com> Message-ID: On Mon, 24 Jul 2023 07:50:44 GMT, Matthias Baesken wrote: > sspi.cpp contains the gss_export_name function, where at the end some cleanup is done by calling delete. However this should be done more careful, because the function get_full_name which is called in gss_export_name might return NULL, so we better avoid calling delete in this case. `free`, `delete` and `delete[]` are all safe to call on a NULL pointer. I noticed that we are checking for NULL in other places in this file; could you remove these checks? ------------- Changes requested by djelinski (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14989#pullrequestreview-1543239479 From duke at openjdk.org Mon Jul 24 11:07:53 2023 From: duke at openjdk.org (zhurs) Date: Mon, 24 Jul 2023 11:07:53 GMT Subject: RFR: 8308144: HttpClient - uncontrolled memory consumption in SSLFlowDelegate.Reader In-Reply-To: References: Message-ID: On Mon, 24 Jul 2023 06:28:23 GMT, Jaikiran Pai wrote: >> Thank you, I will look at these options. > > Hello @zhurs, would you mind if one of us took over this PR and moved this forward? Daniel noted that the fix looks reasonable and it's the test which will need some work. We will add you as the co-author. Hi, @jaikiran Unfortunately I didn't find the way to write good test for this PR. I will be happy if someone will continue work. Thank you! ------------- PR Comment: https://git.openjdk.org/jdk/pull/14159#issuecomment-1647697687 From mbaesken at openjdk.org Mon Jul 24 11:30:29 2023 From: mbaesken at openjdk.org (Matthias Baesken) Date: Mon, 24 Jul 2023 11:30:29 GMT Subject: RFR: JDK-8312512: sspi.cpp gss_export_name avoid delete on NULL fullname [v2] In-Reply-To: <4PUPVt-mpUY9voOpPmDMRF02mv7cUFBABptrLUmQa54=.dfb07891-d26d-42c8-b099-7e46e7836f90@github.com> References: <4PUPVt-mpUY9voOpPmDMRF02mv7cUFBABptrLUmQa54=.dfb07891-d26d-42c8-b099-7e46e7836f90@github.com> Message-ID: > sspi.cpp contains the gss_export_name function, where at the end some cleanup is done by calling delete. However this should be done more careful, because the function get_full_name which is called in gss_export_name might return NULL, so we better avoid calling delete in this case. Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision: remove unneeded NULL checks forfree and delete calls ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14989/files - new: https://git.openjdk.org/jdk/pull/14989/files/25df9f2e..75425475 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14989&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14989&range=00-01 Stats: 33 lines in 1 file changed: 0 ins; 19 del; 14 mod Patch: https://git.openjdk.org/jdk/pull/14989.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14989/head:pull/14989 PR: https://git.openjdk.org/jdk/pull/14989 From mbaesken at openjdk.org Mon Jul 24 11:30:31 2023 From: mbaesken at openjdk.org (Matthias Baesken) Date: Mon, 24 Jul 2023 11:30:31 GMT Subject: RFR: JDK-8312512: sspi.cpp gss_export_name avoid delete on NULL fullname [v2] In-Reply-To: References: <4PUPVt-mpUY9voOpPmDMRF02mv7cUFBABptrLUmQa54=.dfb07891-d26d-42c8-b099-7e46e7836f90@github.com> Message-ID: On Mon, 24 Jul 2023 11:01:07 GMT, Daniel Jeli?ski wrote: > `free`, `delete` and `delete[]` are all safe to call on a NULL pointer. > > I noticed that we are checking for NULL in other places in this file; could you remove these checks? Hi, I found and adjusted a number of places where the pointer ws checked for NULL before calling free/delete in this file. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14989#issuecomment-1647726508 From djelinski at openjdk.org Mon Jul 24 11:38:40 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Mon, 24 Jul 2023 11:38:40 GMT Subject: RFR: JDK-8312512: sspi.cpp gss_export_name avoid delete on NULL fullname [v2] In-Reply-To: References: <4PUPVt-mpUY9voOpPmDMRF02mv7cUFBABptrLUmQa54=.dfb07891-d26d-42c8-b099-7e46e7836f90@github.com> Message-ID: On Mon, 24 Jul 2023 11:30:29 GMT, Matthias Baesken wrote: >> sspi.cpp contains the gss_export_name function, where at the end some cleanup is done by calling delete. However this should be done more careful, because the function get_full_name which is called in gss_export_name might return NULL, so we better avoid calling delete in this case. > > Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision: > > remove unneeded NULL checks forfree and delete calls LGTM ------------- Marked as reviewed by djelinski (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/14989#pullrequestreview-1543294040 From mbaesken at openjdk.org Mon Jul 24 12:04:41 2023 From: mbaesken at openjdk.org (Matthias Baesken) Date: Mon, 24 Jul 2023 12:04:41 GMT Subject: RFR: JDK-8312512: sspi.cpp avoid some NULL checks related to free and delete [v2] In-Reply-To: References: <4PUPVt-mpUY9voOpPmDMRF02mv7cUFBABptrLUmQa54=.dfb07891-d26d-42c8-b099-7e46e7836f90@github.com> Message-ID: On Mon, 24 Jul 2023 11:30:29 GMT, Matthias Baesken wrote: >> sspi.cpp contains the gss_export_name function, where at the end some cleanup is done by calling delete. However this should be done more careful, because the function get_full_name which is called in gss_export_name might return NULL, so we better avoid calling delete in this case. > > Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision: > > remove unneeded NULL checks forfree and delete calls Hi Daniel , thanks for the review ! I adjusted the JBS issue short description text to better reflect what the change now does. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14989#issuecomment-1647775509 From alanb at openjdk.org Mon Jul 24 13:19:42 2023 From: alanb at openjdk.org (Alan Bateman) Date: Mon, 24 Jul 2023 13:19:42 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available In-Reply-To: References: Message-ID: On Fri, 21 Jul 2023 22:40:00 GMT, Brian Burkhalter wrote: > Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. src/java.base/share/classes/java/io/FileOutputStream.java line 366: > 364: int n = writeBytes(b, off, len, append); > 365: if (n == -1) > 366: break; Checking if n is -1 doesn't look right here. Isn't return -1 just to keep the compiler happy when an exception is thrown. src/java.base/share/native/libjava/io_util.c line 62: > 60: /* The maximum size of a dynamically-allocated buffer. > 61: */ > 62: #define MAX_MALLOC_SIZE 2097152 How did you choose 2Mb, it seems high. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1272230776 PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1272250651 From alanb at openjdk.org Mon Jul 24 13:19:45 2023 From: alanb at openjdk.org (Alan Bateman) Date: Mon, 24 Jul 2023 13:19:45 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available In-Reply-To: References: Message-ID: On Mon, 24 Jul 2023 09:16:23 GMT, Vyom Tewari wrote: >> Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. > > src/java.base/share/native/libjava/io_util.c line 99: > >> 97: return 0; >> 98: } else if (len > BUF_SIZE) { >> 99: if (len > MAX_MALLOC_SIZE) > > Hi Brian if I am reading code correctly then with the current code change FIS.read(byte[] b, int off, int len) will always read (MAX_MALLOC_SIZE 2097152) bytes if len > MAX_MALLOC_SIZE. > > The java doc of read as below > > public?int?read(byte[]?b, > int?off, > int?len) > throws IOException > Reads up to len bytes of data from the input stream into an array of bytes. An attempt is made to read as many as len bytes, but a smaller number may be read. The number of bytes actually read is returned as an integer. > > I think if you are limiting the internal dynamic buffer to 2097152 byte then you have to at least attempt to read as many as len bytes if possible before returning. > > If I simply the run the following code > > int size = 501 * 501 * 501 * 3; > > FileInputStream fis = new FileInputStream("/home/vyom1/test.img"); // Any file with size >= 501*501*501*2 > > System.out.println("size: " + size); > > byte buf[] = new byte[size]; > > System.out.println("buf ok"); > > int bytesRead = fis.read(buf, 0, size); > System.out.println("Bytes read " + bytesRead); > > It will always print ?Bytes read 2097152? which is not as per Java specification of InputStream.read(byte[]b, int off, int len). A short read is okay but changing long standing behavior could potentially break already broken code that calls the method with a large byte array and assumes it will read to EOF. So I think it's a forced move to read until there is no space remaining or EOF is reached. This is logic for the Java level, not the native code of course. If an I/O exception is on the second/subsequent reads then it will have to return the bytes that are read, not throw with bytes in the buffer. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1272236807 From rhalade at openjdk.org Mon Jul 24 15:20:59 2023 From: rhalade at openjdk.org (Rajan Halade) Date: Mon, 24 Jul 2023 15:20:59 GMT Subject: RFR: 8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails Message-ID: This is an update to test certificates issued by Amazon root CA. The new EE certificates have CRLDP so I have enabled CRL check on those. This test is updated to cover the failure while we wait for [JDK-8308592](https://bugs.openjdk.org/browse/JDK-8308592) ------------- Commit messages: - 8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails Changes: https://git.openjdk.org/jdk/pull/15000/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=15000&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8309088 Stats: 491 lines in 1 file changed: 142 ins; 30 del; 319 mod Patch: https://git.openjdk.org/jdk/pull/15000.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15000/head:pull/15000 PR: https://git.openjdk.org/jdk/pull/15000 From xuelei at openjdk.org Mon Jul 24 15:44:40 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Mon, 24 Jul 2023 15:44:40 GMT Subject: RFR: 8312578: Redundant javadoc in X400Address In-Reply-To: References: Message-ID: On Mon, 24 Jul 2023 08:04:53 GMT, John Jiang wrote: > [JDK-8296741] removed the constructor `X400Address(byte[] value)`, but it didn't remove the javadoc for this constructor. > This simple patch just removes this javadoc. > > [JDK-8296741]: > Marked as reviewed by xuelei (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14990#pullrequestreview-1543770745 From ecki at zusammenkunft.net Mon Jul 24 15:33:31 2023 From: ecki at zusammenkunft.net (Bernd) Date: Mon, 24 Jul 2023 17:33:31 +0200 Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available In-Reply-To: References: , Message-ID: <65CB143B-81BD-9D4B-90CE-C4A1E7AC90A0@hxcore.ol> An HTML attachment was scrubbed... URL: From hchao at openjdk.org Mon Jul 24 17:56:45 2023 From: hchao at openjdk.org (Hai-May Chao) Date: Mon, 24 Jul 2023 17:56:45 GMT Subject: RFR: JDK-8311592 ECKeySizeParameterSpec causes too many exceptions on third party providers In-Reply-To: <6DbK3TMs91wt61OCBdqpAyaQ_GCWsP35X1Fi5ZoFbSs=.eb70f056-86b9-4afd-869c-2adf4e511b9c@github.com> References: <6DbK3TMs91wt61OCBdqpAyaQ_GCWsP35X1Fi5ZoFbSs=.eb70f056-86b9-4afd-869c-2adf4e511b9c@github.com> Message-ID: <0zPibeythprugjl_xCnOFQDyFFaH3C2sB6--TTEqY6w=.0502cf99-c7aa-4e1c-b82d-e0ffeaa94656@github.com> On Tue, 18 Jul 2023 03:58:50 GMT, Anthony Scarpino wrote: > Hi, > > This fix eliminates needless exceptions each time the EC key size is obtained through AlgorithmParameters on third party providers. These providers throw an InvalidParameterSpecException as `sun.security.util.KeyUtil.getKey()` sends an internal `sun.security.util.ECKeySizeParameterSpec`. The exception is properly handled, but the number of exceptions becomes excessive with TLS. > Calling ECKeySizeParameterSpec only with SunEC resolves this issue. > > Thanks > > Tony Marked as reviewed by hchao (Committer). LGTM ------------- PR Review: https://git.openjdk.org/jdk/pull/14916#pullrequestreview-1543980287 PR Comment: https://git.openjdk.org/jdk/pull/14916#issuecomment-1648351803 From hchao at openjdk.org Mon Jul 24 18:00:42 2023 From: hchao at openjdk.org (Hai-May Chao) Date: Mon, 24 Jul 2023 18:00:42 GMT Subject: RFR: 8312578: Redundant javadoc in X400Address In-Reply-To: References: Message-ID: On Mon, 24 Jul 2023 08:04:53 GMT, John Jiang wrote: > [JDK-8296741] removed the constructor `X400Address(byte[] value)`, but it didn't remove the javadoc for this constructor. > This simple patch just removes this javadoc. > > [JDK-8296741]: > Marked as reviewed by hchao (Committer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14990#pullrequestreview-1543985258 From valeriep at openjdk.org Mon Jul 24 20:01:45 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Mon, 24 Jul 2023 20:01:45 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v3] In-Reply-To: References: Message-ID: On Thu, 20 Jul 2023 05:06:11 GMT, Xue-Lei Andrew Fan wrote: >> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: >> >> Update to address review feedbacks > > src/java.base/share/classes/sun/security/rsa/RSASignature.java line 227: > >> 225: byte[] padded2 = padding.pad(encoded2); >> 226: return MessageDigest.isEqual(padded2, decrypted); >> 227: } > > I had a check of the specification (Section A.2.4 of RFC 8017), and the [update](https://github.com/openjdk/jdk/pull/8365) and the [JBS entry](https://bugs.openjdk.org/browse/JDK-8285404) that added the comment "some vendors might omit the NULL params". > > Per section A.2.4 of RFC 8017, it is said "For each OID, the parameters field associated with this OID in a value of type AlgorithmIdentifier SHALL have a value of type NULL." > > Per the key words specification, RFC 2119, "SHALL" is the same as MUST which "mean that the definition is an absolute requirement of the specification." > > In the bug description of bug JDK-8285404, there is a section "*Update*: We think it's possible that there might be signers omitting the NULL params in the digest algorithm identifier. " > > For this case, if the signers omitting the NULL params, does it means the signer does not follow the specification and should be rejected? @wangweij could you recall if there is a real case that omits the NULL params in practice? Max is on vacation and may not see your question for a while... IIRC, the inconsistency (NULL vs omission) goes way back. As time goes on, this may no longer be an issue as spec is clarified and vendors update their implementation. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1272692439 From brian.burkhalter at oracle.com Mon Jul 24 20:37:56 2023 From: brian.burkhalter at oracle.com (Brian Burkhalter) Date: Mon, 24 Jul 2023 20:37:56 +0000 Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available In-Reply-To: <65CB143B-81BD-9D4B-90CE-C4A1E7AC90A0@hxcore.ol> References: <65CB143B-81BD-9D4B-90CE-C4A1E7AC90A0@hxcore.ol> Message-ID: I think the idea is to treat an IOException thrown by any but the first invocation of readBytes() as equivalent to end-of-file such as described for InputStream::read(byte[],int,int) with respect to its invocation of InputStream::read(). On Jul 24, 2023, at 8:33 AM, Bernd > wrote: If you return the short buffer (on IOException), does it need to cache the pending exception or can you just rely on the next read hitting that underlying exception again? (Is there an actual guarantee somewhere that the read position is not altered on IOExceptions or that you always get lending bytes before this report? (If so, does the native code do that as well?) -------------- next part -------------- An HTML attachment was scrubbed... URL: From valeriep at openjdk.org Mon Jul 24 20:55:40 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Mon, 24 Jul 2023 20:55:40 GMT Subject: RFR: JDK-8311592 ECKeySizeParameterSpec causes too many exceptions on third party providers In-Reply-To: <6DbK3TMs91wt61OCBdqpAyaQ_GCWsP35X1Fi5ZoFbSs=.eb70f056-86b9-4afd-869c-2adf4e511b9c@github.com> References: <6DbK3TMs91wt61OCBdqpAyaQ_GCWsP35X1Fi5ZoFbSs=.eb70f056-86b9-4afd-869c-2adf4e511b9c@github.com> Message-ID: On Tue, 18 Jul 2023 03:58:50 GMT, Anthony Scarpino wrote: > Hi, > > This fix eliminates needless exceptions each time the EC key size is obtained through AlgorithmParameters on third party providers. These providers throw an InvalidParameterSpecException as `sun.security.util.KeyUtil.getKey()` sends an internal `sun.security.util.ECKeySizeParameterSpec`. The exception is properly handled, but the number of exceptions becomes excessive with TLS. > Calling ECKeySizeParameterSpec only with SunEC resolves this issue. > > Thanks > > Tony Marked as reviewed by valeriep (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14916#pullrequestreview-1544260493 From jjiang at openjdk.org Mon Jul 24 22:15:45 2023 From: jjiang at openjdk.org (John Jiang) Date: Mon, 24 Jul 2023 22:15:45 GMT Subject: Integrated: 8312578: Redundant javadoc in X400Address In-Reply-To: References: Message-ID: On Mon, 24 Jul 2023 08:04:53 GMT, John Jiang wrote: > [JDK-8296741] removed the constructor `X400Address(byte[] value)`, but it didn't remove the javadoc for this constructor. > This simple patch just removes this javadoc. > > [JDK-8296741]: > This pull request has now been integrated. Changeset: d63bff67 Author: John Jiang URL: https://git.openjdk.org/jdk/commit/d63bff672feafc7df4b1324bf7acce105a998913 Stats: 7 lines in 1 file changed: 0 ins; 6 del; 1 mod 8312578: Redundant javadoc in X400Address Reviewed-by: xuelei, hchao ------------- PR: https://git.openjdk.org/jdk/pull/14990 From bpb at openjdk.org Tue Jul 25 02:08:42 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Tue, 25 Jul 2023 02:08:42 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available In-Reply-To: References: Message-ID: On Mon, 24 Jul 2023 12:59:55 GMT, Alan Bateman wrote: >> Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. > > src/java.base/share/classes/java/io/FileOutputStream.java line 366: > >> 364: int n = writeBytes(b, off, len, append); >> 365: if (n == -1) >> 366: break; > > Checking if n is -1 doesn't look right here. Isn't return -1 just to keep the compiler happy when an exception is thrown. This is a copy-paste vestige; will remove. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1272919429 From bpb at openjdk.org Tue Jul 25 02:12:52 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Tue, 25 Jul 2023 02:12:52 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available In-Reply-To: References: Message-ID: <6XShzHu2amAup0TTtPTFTkZMdVVjU1Pr4N2RefUgYmw=.ed3432c4-7376-4295-b9bf-f4709eecd986@github.com> On Mon, 24 Jul 2023 13:16:56 GMT, Alan Bateman wrote: >> Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. > > src/java.base/share/native/libjava/io_util.c line 62: > >> 60: /* The maximum size of a dynamically-allocated buffer. >> 61: */ >> 62: #define MAX_MALLOC_SIZE 2097152 > > How did you choose 2Mb, it seems high. It's based on micro-benchmarks. Having the loops in Java reduces throughput but allocating memory using `malloc(len)` also reduces throughput as `len` gets larger and this threshold appears to balance the two. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1272921060 From xuelei at openjdk.org Tue Jul 25 05:32:44 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Tue, 25 Jul 2023 05:32:44 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v3] In-Reply-To: References: Message-ID: On Mon, 24 Jul 2023 19:58:34 GMT, Valerie Peng wrote: >> src/java.base/share/classes/sun/security/rsa/RSASignature.java line 227: >> >>> 225: byte[] padded2 = padding.pad(encoded2); >>> 226: return MessageDigest.isEqual(padded2, decrypted); >>> 227: } >> >> I had a check of the specification (Section A.2.4 of RFC 8017), and the [update](https://github.com/openjdk/jdk/pull/8365) and the [JBS entry](https://bugs.openjdk.org/browse/JDK-8285404) that added the comment "some vendors might omit the NULL params". >> >> Per section A.2.4 of RFC 8017, it is said "For each OID, the parameters field associated with this OID in a value of type AlgorithmIdentifier SHALL have a value of type NULL." >> >> Per the key words specification, RFC 2119, "SHALL" is the same as MUST which "mean that the definition is an absolute requirement of the specification." >> >> In the bug description of bug JDK-8285404, there is a section "*Update*: We think it's possible that there might be signers omitting the NULL params in the digest algorithm identifier. " >> >> For this case, if the signers omitting the NULL params, does it means the signer does not follow the specification and should be rejected? @wangweij could you recall if there is a real case that omits the NULL params in practice? > > Max is on vacation and may not see your question for a while... > IIRC, the inconsistency (NULL vs omission) goes way back. As time goes on, this may no longer be an issue as spec is clarified and vendors update their implementation. I checked back the specification back to RFC 2437, released on October 1998, which requires to encode NULL parameters as well. As the update to keep the consistency is not trivial, I may just remove it and see if it could be a real problem in practice. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1273015418 From alanb at openjdk.org Tue Jul 25 05:54:41 2023 From: alanb at openjdk.org (Alan Bateman) Date: Tue, 25 Jul 2023 05:54:41 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available In-Reply-To: <6XShzHu2amAup0TTtPTFTkZMdVVjU1Pr4N2RefUgYmw=.ed3432c4-7376-4295-b9bf-f4709eecd986@github.com> References: <6XShzHu2amAup0TTtPTFTkZMdVVjU1Pr4N2RefUgYmw=.ed3432c4-7376-4295-b9bf-f4709eecd986@github.com> Message-ID: On Tue, 25 Jul 2023 02:09:29 GMT, Brian Burkhalter wrote: > It's based on micro-benchmarks. Having the loops in Java reduces throughput but allocating memory using `malloc(len)` also reduces throughput as `len` gets larger and this threshold appears to balance the two. Are these micro benchmarks dropping the file system cache so there is real file I/O? I wasn't expecting to see a buffer larger than 1Mb so curious what the benchmarks say. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1273028051 From jjiang at openjdk.org Tue Jul 25 06:33:58 2023 From: jjiang at openjdk.org (John Jiang) Date: Tue, 25 Jul 2023 06:33:58 GMT Subject: RFR: 8312630: java/security should not create unmodifiable collections with redundant wrapping Message-ID: Some java/security classes apply the below coding style, Set set = ...; Set unmodifiableSet = Collections.unmodifiableSet(new HashSet<>(set)); It may be unnecessary to wrap that `set` with HashSet before creating `unmodifiableSet`. Some usages on `Collections.unmodifiableList` and `Collections.unmodifiableMap` have the same issue. ------------- Commit messages: - 8312630: java/security should not create unmodifiable collections with redundant wrapping Changes: https://git.openjdk.org/jdk/pull/15008/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=15008&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8312630 Stats: 20 lines in 4 files changed: 0 ins; 7 del; 13 mod Patch: https://git.openjdk.org/jdk/pull/15008.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15008/head:pull/15008 PR: https://git.openjdk.org/jdk/pull/15008 From mbaesken at openjdk.org Tue Jul 25 11:00:08 2023 From: mbaesken at openjdk.org (Matthias Baesken) Date: Tue, 25 Jul 2023 11:00:08 GMT Subject: Integrated: JDK-8312512: sspi.cpp avoid some NULL checks related to free and delete In-Reply-To: <4PUPVt-mpUY9voOpPmDMRF02mv7cUFBABptrLUmQa54=.dfb07891-d26d-42c8-b099-7e46e7836f90@github.com> References: <4PUPVt-mpUY9voOpPmDMRF02mv7cUFBABptrLUmQa54=.dfb07891-d26d-42c8-b099-7e46e7836f90@github.com> Message-ID: On Mon, 24 Jul 2023 07:50:44 GMT, Matthias Baesken wrote: > sspi.cpp contains the gss_export_name function, where at the end some cleanup is done by calling delete. However this should be done more careful, because the function get_full_name which is called in gss_export_name might return NULL, so we better avoid calling delete in this case. This pull request has now been integrated. Changeset: bd098806 Author: Matthias Baesken URL: https://git.openjdk.org/jdk/commit/bd098806f768c6afd87cee06b983c13a471268d0 Stats: 32 lines in 1 file changed: 0 ins; 19 del; 13 mod 8312512: sspi.cpp avoid some NULL checks related to free and delete Reviewed-by: djelinski ------------- PR: https://git.openjdk.org/jdk/pull/14989 From ascarpino at openjdk.org Tue Jul 25 15:52:00 2023 From: ascarpino at openjdk.org (Anthony Scarpino) Date: Tue, 25 Jul 2023 15:52:00 GMT Subject: Integrated: JDK-8311592 ECKeySizeParameterSpec causes too many exceptions on third party providers In-Reply-To: <6DbK3TMs91wt61OCBdqpAyaQ_GCWsP35X1Fi5ZoFbSs=.eb70f056-86b9-4afd-869c-2adf4e511b9c@github.com> References: <6DbK3TMs91wt61OCBdqpAyaQ_GCWsP35X1Fi5ZoFbSs=.eb70f056-86b9-4afd-869c-2adf4e511b9c@github.com> Message-ID: <7ww0Ealroz_46p95rQZ6PYsjwpkSjPsMplmNi1pFfic=.24f51a3f-f385-4862-855b-7f39a5bdb505@github.com> On Tue, 18 Jul 2023 03:58:50 GMT, Anthony Scarpino wrote: > Hi, > > This fix eliminates needless exceptions each time the EC key size is obtained through AlgorithmParameters on third party providers. These providers throw an InvalidParameterSpecException as `sun.security.util.KeyUtil.getKey()` sends an internal `sun.security.util.ECKeySizeParameterSpec`. The exception is properly handled, but the number of exceptions becomes excessive with TLS. > Calling ECKeySizeParameterSpec only with SunEC resolves this issue. > > Thanks > > Tony This pull request has now been integrated. Changeset: e554fdee Author: Anthony Scarpino URL: https://git.openjdk.org/jdk/commit/e554fdee254ce51d605fe127b73644620e87e23b Stats: 14 lines in 1 file changed: 5 ins; 3 del; 6 mod 8311592: ECKeySizeParameterSpec causes too many exceptions on third party providers Reviewed-by: hchao, valeriep ------------- PR: https://git.openjdk.org/jdk/pull/14916 From bpb at openjdk.org Tue Jul 25 23:50:07 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Tue, 25 Jul 2023 23:50:07 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: References: Message-ID: On Mon, 24 Jul 2023 13:04:56 GMT, Alan Bateman wrote: >> src/java.base/share/native/libjava/io_util.c line 99: >> >>> 97: return 0; >>> 98: } else if (len > BUF_SIZE) { >>> 99: if (len > MAX_MALLOC_SIZE) >> >> Hi Brian if I am reading code correctly then with the current code change FIS.read(byte[] b, int off, int len) will always read (MAX_MALLOC_SIZE 2097152) bytes if len > MAX_MALLOC_SIZE. >> >> The java doc of read as below >> >> public?int?read(byte[]?b, >> int?off, >> int?len) >> throws IOException >> Reads up to len bytes of data from the input stream into an array of bytes. An attempt is made to read as many as len bytes, but a smaller number may be read. The number of bytes actually read is returned as an integer. >> >> I think if you are limiting the internal dynamic buffer to 2097152 byte then you have to at least attempt to read as many as len bytes if possible before returning. >> >> If I simply the run the following code >> >> int size = 501 * 501 * 501 * 3; >> >> FileInputStream fis = new FileInputStream("/home/vyom1/test.img"); // Any file with size >= 501*501*501*2 >> >> System.out.println("size: " + size); >> >> byte buf[] = new byte[size]; >> >> System.out.println("buf ok"); >> >> int bytesRead = fis.read(buf, 0, size); >> System.out.println("Bytes read " + bytesRead); >> >> It will always print ?Bytes read 2097152? which is not as per Java specification of InputStream.read(byte[]b, int off, int len). > > A short read is okay but changing long standing behavior could potentially break already broken code that calls the method with a large byte array and assumes it will read to EOF. So I think it's a forced move to read until there is no space remaining or EOF is reached. This is logic for the Java level, not the native code of course. If an I/O exception is on the second/subsequent reads then it will have to return the bytes that are read, not throw with bytes in the buffer. Addressed in 973e848a84113f8d6eb65702a148138f2edca1ee. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1274219415 From bpb at openjdk.org Tue Jul 25 23:50:07 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Tue, 25 Jul 2023 23:50:07 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: References: Message-ID: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> > Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. Brian Burkhalter has updated the pull request incrementally with three additional commits since the last revision: - 6478546: Decrease malloc limit to 1.5 MB - 6478546: Minor refactoring - 6478546: Prevent short read ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14981/files - new: https://git.openjdk.org/jdk/pull/14981/files/8d7b3478..69941de4 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14981&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14981&range=00-01 Stats: 99 lines in 6 files changed: 57 ins; 28 del; 14 mod Patch: https://git.openjdk.org/jdk/pull/14981.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14981/head:pull/14981 PR: https://git.openjdk.org/jdk/pull/14981 From bpb at openjdk.org Tue Jul 25 23:50:07 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Tue, 25 Jul 2023 23:50:07 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: References: Message-ID: On Tue, 25 Jul 2023 02:05:52 GMT, Brian Burkhalter wrote: >> src/java.base/share/classes/java/io/FileOutputStream.java line 366: >> >>> 364: int n = writeBytes(b, off, len, append); >>> 365: if (n == -1) >>> 366: break; >> >> Checking if n is -1 doesn't look right here. Isn't return -1 just to keep the compiler happy when an exception is thrown. > > This is a copy-paste vestige; will remove. Removed in 973e848a84113f8d6eb65702a148138f2edca1ee. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1274219972 From bpb at openjdk.org Wed Jul 26 00:03:41 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Wed, 26 Jul 2023 00:03:41 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: References: <6XShzHu2amAup0TTtPTFTkZMdVVjU1Pr4N2RefUgYmw=.ed3432c4-7376-4295-b9bf-f4709eecd986@github.com> Message-ID: On Tue, 25 Jul 2023 05:51:26 GMT, Alan Bateman wrote: >> It's based on micro-benchmarks. Having the loops in Java reduces throughput but allocating memory using `malloc(len)` also reduces throughput as `len` gets larger and this threshold appears to balance the two. > >> It's based on micro-benchmarks. Having the loops in Java reduces throughput but allocating memory using `malloc(len)` also reduces throughput as `len` gets larger and this threshold appears to balance the two. > > Are these micro benchmarks dropping the file system cache so there is real file I/O? I wasn't expecting to see a buffer larger than 1Mb so curious what the benchmarks say. There was no dropping of the file system cache. I would think this would have more of an effect on measuring the throughput of writing than reading. I since modified the benchmark to invoke `FileChannel::force` in a `@TearDown` at the invocation level. That is not really copacetic but appears to give more believable results. New runs show that if the malloc limit is 1Mb, then the revised code underperforms the current code until the size of array surpasses 1.5Mb. If the limit is 1.5Mb however, the new code improved throughput for all sizes tested. Based on this I reduced the malloc limit to 1572864. These results are for macOS only thus far. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1274227677 From jjiang at openjdk.org Wed Jul 26 04:09:13 2023 From: jjiang at openjdk.org (John Jiang) Date: Wed, 26 Jul 2023 04:09:13 GMT Subject: RFR: 8313087: DerValue::toString should output the values in byte array Message-ID: DerValue::toString may be better to output the hex view of the byte array variable `buffer`. ------------- Commit messages: - 8313087: DerValue::toString should output the values in byte array Changes: https://git.openjdk.org/jdk/pull/15029/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=15029&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8313087 Stats: 2 lines in 1 file changed: 1 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/15029.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15029/head:pull/15029 PR: https://git.openjdk.org/jdk/pull/15029 From vtewari at openjdk.org Wed Jul 26 05:29:54 2023 From: vtewari at openjdk.org (Vyom Tewari) Date: Wed, 26 Jul 2023 05:29:54 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> Message-ID: <2MM-OcX_oc5491kksCMjJhXE3c0eYCYLwBdj-9MZ2cA=.9b082e4f-1df7-4e29-8176-722cd86d349c@github.com> On Tue, 25 Jul 2023 23:50:07 GMT, Brian Burkhalter wrote: >> Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. > > Brian Burkhalter has updated the pull request incrementally with three additional commits since the last revision: > > - 6478546: Decrease malloc limit to 1.5 MB > - 6478546: Minor refactoring > - 6478546: Prevent short read src/java.base/share/native/libjava/io_util.c line 163: > 161: } > 162: > 163: if (outOfBounds(env, off, len, bytes)) { we are already performing this check at Java level, do we need the perform this check again ? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1274390203 From vtewari at openjdk.org Wed Jul 26 05:35:04 2023 From: vtewari at openjdk.org (Vyom Tewari) Date: Wed, 26 Jul 2023 05:35:04 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> Message-ID: <7jYPsgbYJLiMIA-ZhtlS-jZKatNX58pVD9mcMFw2Jzc=.4fd7dfb6-44be-4b58-9ba3-ff3f58e372a8@github.com> On Tue, 25 Jul 2023 23:50:07 GMT, Brian Burkhalter wrote: >> Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. > > Brian Burkhalter has updated the pull request incrementally with three additional commits since the last revision: > > - 6478546: Decrease malloc limit to 1.5 MB > - 6478546: Minor refactoring > - 6478546: Prevent short read src/java.base/share/native/libjava/io_util.c line 173: > 171: if (len > MAX_MALLOC_SIZE) > 172: len = MAX_MALLOC_SIZE; > 173: buf = (char*)malloc(len*sizeof(char)); please reformat line 173 ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1274392919 From xuelei at openjdk.org Wed Jul 26 06:15:39 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Wed, 26 Jul 2023 06:15:39 GMT Subject: RFR: 8312630: java/security should not create unmodifiable collections with redundant wrapping In-Reply-To: References: Message-ID: On Tue, 25 Jul 2023 06:27:25 GMT, John Jiang wrote: > Some java/security classes apply the below coding style, > > Set set = ...; > Set unmodifiableSet = Collections.unmodifiableSet(new HashSet<>(set)); > > It may be unnecessary to wrap that `set` with HashSet before creating `unmodifiableSet`. > Some usages on `Collections.unmodifiableList` and `Collections.unmodifiableMap` have the same issue. Marked as reviewed by xuelei (Reviewer). Note: Please don't backport this update unless [JDK-6323374](https://bugs.openjdk.org/browse/JDK-6323374) is backport as well. ------------- PR Review: https://git.openjdk.org/jdk/pull/15008#pullrequestreview-1546896379 PR Comment: https://git.openjdk.org/jdk/pull/15008#issuecomment-1651039887 From vtewari at openjdk.org Wed Jul 26 06:19:54 2023 From: vtewari at openjdk.org (Vyom Tewari) Date: Wed, 26 Jul 2023 06:19:54 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> Message-ID: <1AElBiUU7l0pjIFxEOrjkUkmkLiGGD8VMxLe9R4vUME=.ddf56e86-8b8a-4db9-abd2-1e7c5d722584@github.com> On Tue, 25 Jul 2023 23:50:07 GMT, Brian Burkhalter wrote: >> Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. > > Brian Burkhalter has updated the pull request incrementally with three additional commits since the last revision: > > - 6478546: Decrease malloc limit to 1.5 MB > - 6478546: Minor refactoring > - 6478546: Prevent short read src/java.base/share/classes/java/io/FileInputStream.java line 266: > 264: } catch (IOException e) { > 265: // Throw only if no bytes have been read > 266: if (off == start) If i am reading code correctly then with the new implementation, until client issue the next "FIS.read" he may or may not know if there was exception pending in previous 'read' call ?. I am not sure in case of partial read we have suppress the exception. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1274424360 From alanb at openjdk.org Wed Jul 26 06:36:42 2023 From: alanb at openjdk.org (Alan Bateman) Date: Wed, 26 Jul 2023 06:36:42 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: <1AElBiUU7l0pjIFxEOrjkUkmkLiGGD8VMxLe9R4vUME=.ddf56e86-8b8a-4db9-abd2-1e7c5d722584@github.com> References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> <1AElBiUU7l0pjIFxEOrjkUkmkLiGGD8VMxLe9R4vUME=.ddf56e86-8b8a-4db9-abd2-1e7c5d722584@github.com> Message-ID: On Wed, 26 Jul 2023 06:17:13 GMT, Vyom Tewari wrote: > If i am reading code correctly then with the new implementation, until client issue the next "FIS.read" he may or may not know if there was exception pending in previous 'read' call ?. > I am not sure in case of partial read we have suppress the exception. It's a forced move because bytes have already been copied into user's byte[]. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1274438315 From jjiang at openjdk.org Wed Jul 26 09:28:46 2023 From: jjiang at openjdk.org (John Jiang) Date: Wed, 26 Jul 2023 09:28:46 GMT Subject: RFR: 8312630: java/security should not create unmodifiable collections with redundant wrapping [v2] In-Reply-To: References: Message-ID: > Some java/security classes apply the below coding style, > > Set set = ...; > Set unmodifiableSet = Collections.unmodifiableSet(new HashSet<>(set)); > > It may be unnecessary to wrap that `set` with HashSet before creating `unmodifiableSet`. > Some usages on `Collections.unmodifiableList` and `Collections.unmodifiableMap` have the same issue. John Jiang has updated the pull request incrementally with one additional commit since the last revision: use copyOf instead of modifiableXXX ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15008/files - new: https://git.openjdk.org/jdk/pull/15008/files/64f607da..b8f2d9e0 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15008&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15008&range=00-01 Stats: 11 lines in 4 files changed: 0 ins; 2 del; 9 mod Patch: https://git.openjdk.org/jdk/pull/15008.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15008/head:pull/15008 PR: https://git.openjdk.org/jdk/pull/15008 From alanb at openjdk.org Wed Jul 26 09:32:43 2023 From: alanb at openjdk.org (Alan Bateman) Date: Wed, 26 Jul 2023 09:32:43 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> Message-ID: <8i_NF3xA4t8bZnYAJAHVoqNnZGipNqHyvWJJNzY2yC0=.99bd097d-30de-418a-85d0-f212b8b2e842@github.com> On Tue, 25 Jul 2023 23:50:07 GMT, Brian Burkhalter wrote: >> Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. > > Brian Burkhalter has updated the pull request incrementally with three additional commits since the last revision: > > - 6478546: Decrease malloc limit to 1.5 MB > - 6478546: Minor refactoring > - 6478546: Prevent short read I looked through the latest version (69941de4). I think the main issue with this version is that it changes behavior of the read methods to work like "read fully", I don't think we should do that. To preserve long standing behavior it should attempt a second/subsequent read when the clamped buffer is filled. I think this is close to what you want here: private int readBytes(byte[] b, final int off, int len) throws IOException { Objects.checkFromIndexSize(off, len, b.length); int nread = 0; int pos = off; int remaining = len; do { int size = Math.min(remaining, 64 * 1024); try { int n = readBytes0(b, pos, size); if (n < 0) { // EOF break; } nread += n; if (n < size) { // buffer not filled break; } pos += n; remaining -= n; } catch (IOException ioe) { if (nread > 0) { break; } throw ioe; } } while (remaining > 0); return nread; } The changes in 69941de4 are also using nested blockers, this is benign, but if this code is change then they can be dropped from the callers. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14981#issuecomment-1651352313 From alanb at openjdk.org Wed Jul 26 09:32:45 2023 From: alanb at openjdk.org (Alan Bateman) Date: Wed, 26 Jul 2023 09:32:45 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: References: <6XShzHu2amAup0TTtPTFTkZMdVVjU1Pr4N2RefUgYmw=.ed3432c4-7376-4295-b9bf-f4709eecd986@github.com> Message-ID: On Wed, 26 Jul 2023 00:00:33 GMT, Brian Burkhalter wrote: > There was no dropping of the file system cache. I would think this would have more of an effect on measuring the throughput of writing than reading. In that case, I assume the benchmarks are just reading from the file system cache so there isn't any actual file I/O. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1274666144 From jjiang at openjdk.org Wed Jul 26 09:48:50 2023 From: jjiang at openjdk.org (John Jiang) Date: Wed, 26 Jul 2023 09:48:50 GMT Subject: RFR: 8312630: java/security should not create unmodifiable collections with redundant wrapping In-Reply-To: References: Message-ID: <67OabTcr8Uw_5CiPV-RHNG4_c6m0v-Kn3oxmttGN7vo=.72119cb3-9b96-499b-add2-6ef7f888587d@github.com> On Wed, 26 Jul 2023 06:11:56 GMT, Xue-Lei Andrew Fan wrote: >> Some java/security classes apply the below coding style, >> >> Set set = ...; >> Set unmodifiableSet = Collections.unmodifiableSet(new HashSet<>(set)); >> >> It may be unnecessary to wrap that `set` with HashSet before creating `unmodifiableSet`. >> Some usages on `Collections.unmodifiableList` and `Collections.unmodifiableMap` have the same issue. > > Note: Please don't backport this update unless [JDK-6323374](https://bugs.openjdk.org/browse/JDK-6323374) is backport as well. @XueleiFan Thanks for your review and more infos! I just dug a bit history and found [JDK-8258514] applied `List::copyOf` instead of `Collections::unmodifiableList`. Now, I also follow this way and use `List/Set/Map::copyOf`. [JDK-8258514]: ------------- PR Comment: https://git.openjdk.org/jdk/pull/15008#issuecomment-1651391963 From mullan at openjdk.org Wed Jul 26 13:52:41 2023 From: mullan at openjdk.org (Sean Mullan) Date: Wed, 26 Jul 2023 13:52:41 GMT Subject: RFR: 8313087: DerValue::toString should output the values in byte array In-Reply-To: References: Message-ID: On Wed, 26 Jul 2023 04:02:04 GMT, John Jiang wrote: > DerValue::toString may be better to output the hex view of the byte array variable `buffer`. Please change the title of the bug to be "DerValue::toString should output a hex view of the values in byte array". Otherwise, LGTM. ------------- Marked as reviewed by mullan (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/15029#pullrequestreview-1547785664 From jjiang at openjdk.org Wed Jul 26 14:36:39 2023 From: jjiang at openjdk.org (John Jiang) Date: Wed, 26 Jul 2023 14:36:39 GMT Subject: RFR: 8313087: DerValue::toString should output a hex view of the values in byte array In-Reply-To: References: Message-ID: On Wed, 26 Jul 2023 13:49:49 GMT, Sean Mullan wrote: >> DerValue::toString may be better to output the hex view of the byte array variable `buffer`. > > Please change the title of the bug to be "DerValue::toString should output a hex view of the values in byte array". > > Otherwise, LGTM. @seanjmullan Thanks for your review! > Please change the title of the bug to be "DerValue::toString should output a hex view of the values in byte array". Done. ------------- PR Comment: https://git.openjdk.org/jdk/pull/15029#issuecomment-1651932667 From mullan at openjdk.org Wed Jul 26 14:45:44 2023 From: mullan at openjdk.org (Sean Mullan) Date: Wed, 26 Jul 2023 14:45:44 GMT Subject: RFR: 8312630: java/security should not create unmodifiable collections with redundant wrapping [v2] In-Reply-To: References: Message-ID: On Wed, 26 Jul 2023 09:28:46 GMT, John Jiang wrote: >> Some java/security classes apply the below coding style, >> >> Set set = ...; >> Set unmodifiableSet = Collections.unmodifiableSet(new HashSet<>(set)); >> >> It may be unnecessary to wrap that `set` with HashSet before creating `unmodifiableSet`. >> Some usages on `Collections.unmodifiableList` and `Collections.unmodifiableMap` have the same issue. > > John Jiang has updated the pull request incrementally with one additional commit since the last revision: > > use copyOf instead of modifiableXXX src/java.base/share/classes/java/security/DomainLoadStoreParameter.java line 137: > 135: } > 136: this.configuration = configuration; > 137: this.protectionParams = Map.copyOf(protectionParams); This change is no longer strictly compliant with the specification. On line 126, it says "It is cloned to prevent subsequent modification." Now, if the set passed in is unmodifiable, that is no longer true. It also will now throw NPE if any of the keys or values are null, whereas before it did not, and the specification does not specify that in the @throws clause. So, this change would require specification changes and a CSR. Can you provide more details on whether this is a real performance issue in practice? I would tend to avoid changes like this that affect the API specification unless there is a very strong compelling case where it improves performance for a real use case. src/java.base/share/classes/java/security/KeyStore.java line 569: > 567: } > 568: > 569: this.attributes = Set.copyOf(attributes); Similar comments and concerns as noted above in DomainLoadStoreParameter. src/java.base/share/classes/java/security/KeyStore.java line 687: > 685: } > 686: this.sKey = secretKey; > 687: this.attributes = Set.copyOf(attributes); Similar comments again. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15008#discussion_r1275080672 PR Review Comment: https://git.openjdk.org/jdk/pull/15008#discussion_r1275082327 PR Review Comment: https://git.openjdk.org/jdk/pull/15008#discussion_r1275082978 From bpb at openjdk.org Wed Jul 26 15:11:51 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Wed, 26 Jul 2023 15:11:51 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: <2MM-OcX_oc5491kksCMjJhXE3c0eYCYLwBdj-9MZ2cA=.9b082e4f-1df7-4e29-8176-722cd86d349c@github.com> References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> <2MM-OcX_oc5491kksCMjJhXE3c0eYCYLwBdj-9MZ2cA=.9b082e4f-1df7-4e29-8176-722cd86d349c@github.com> Message-ID: <991lmzFzxd6btX7s6rCSyaCPL6Bh0J_KwBUIshFwT10=.4100e3a0-40a5-4fa9-920b-0343582dbd22@github.com> On Wed, 26 Jul 2023 05:26:52 GMT, Vyom Tewari wrote: >> Brian Burkhalter has updated the pull request incrementally with three additional commits since the last revision: >> >> - 6478546: Decrease malloc limit to 1.5 MB >> - 6478546: Minor refactoring >> - 6478546: Prevent short read > > src/java.base/share/native/libjava/io_util.c line 163: > >> 161: } >> 162: >> 163: if (outOfBounds(env, off, len, bytes)) { > > we are already performing this check at Java level, do we need the perform this check again ? Please refer to my prior [comment](https://github.com/openjdk/jdk/pull/14981#issuecomment-1646312987). ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1275120710 From jjiang at openjdk.org Wed Jul 26 15:19:50 2023 From: jjiang at openjdk.org (John Jiang) Date: Wed, 26 Jul 2023 15:19:50 GMT Subject: Integrated: 8313087: DerValue::toString should output a hex view of the values in byte array In-Reply-To: References: Message-ID: <5zqoKQLBbwvlkoUbecjKnzjxzeopGaIlHAfs1-H8mM0=.8001fb85-15d3-4214-8b01-6399e1859dc7@github.com> On Wed, 26 Jul 2023 04:02:04 GMT, John Jiang wrote: > DerValue::toString may be better to output the hex view of the byte array variable `buffer`. This pull request has now been integrated. Changeset: 830413f1 Author: John Jiang URL: https://git.openjdk.org/jdk/commit/830413f19a6d998ff6c899c05e8fa93b6b2b0644 Stats: 2 lines in 1 file changed: 1 ins; 0 del; 1 mod 8313087: DerValue::toString should output a hex view of the values in byte array Reviewed-by: mullan ------------- PR: https://git.openjdk.org/jdk/pull/15029 From mullan at openjdk.org Wed Jul 26 15:41:40 2023 From: mullan at openjdk.org (Sean Mullan) Date: Wed, 26 Jul 2023 15:41:40 GMT Subject: RFR: 8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails In-Reply-To: References: Message-ID: On Mon, 24 Jul 2023 15:13:42 GMT, Rajan Halade wrote: > This is an update to test certificates issued by Amazon root CA. The new EE certificates have CRLDP so I have enabled CRL check on those. This test is updated to cover the failure while we wait for [JDK-8308592](https://bugs.openjdk.org/browse/JDK-8308592) Marked as reviewed by mullan (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/15000#pullrequestreview-1548060463 From bpb at openjdk.org Wed Jul 26 15:48:53 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Wed, 26 Jul 2023 15:48:53 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: <8i_NF3xA4t8bZnYAJAHVoqNnZGipNqHyvWJJNzY2yC0=.99bd097d-30de-418a-85d0-f212b8b2e842@github.com> References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> <8i_NF3xA4t8bZnYAJAHVoqNnZGipNqHyvWJJNzY2yC0=.99bd097d-30de-418a-85d0-f212b8b2e842@github.com> Message-ID: On Wed, 26 Jul 2023 09:29:18 GMT, Alan Bateman wrote: > I think the main issue with this version is that it changes behavior of the read methods to work like "read fully", I don't think we should do that. To me it looks more like `readNBytes`. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14981#issuecomment-1652080776 From bpb at openjdk.org Wed Jul 26 15:52:54 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Wed, 26 Jul 2023 15:52:54 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: <7jYPsgbYJLiMIA-ZhtlS-jZKatNX58pVD9mcMFw2Jzc=.4fd7dfb6-44be-4b58-9ba3-ff3f58e372a8@github.com> References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> <7jYPsgbYJLiMIA-ZhtlS-jZKatNX58pVD9mcMFw2Jzc=.4fd7dfb6-44be-4b58-9ba3-ff3f58e372a8@github.com> Message-ID: On Wed, 26 Jul 2023 05:31:57 GMT, Vyom Tewari wrote: > please reformat line 173 Why? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1275174632 From vtewari at openjdk.org Wed Jul 26 16:00:52 2023 From: vtewari at openjdk.org (Vyom Tewari) Date: Wed, 26 Jul 2023 16:00:52 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> <7jYPsgbYJLiMIA-ZhtlS-jZKatNX58pVD9mcMFw2Jzc=.4fd7dfb6-44be-4b58-9ba3-ff3f58e372a8@github.com> Message-ID: <6OemrpkFaGPYsX6Bftibu3choJWoR3tJCx0lNkLMX0s=.b4d313fc-a245-400d-a2f9-1c84df7a205e@github.com> On Wed, 26 Jul 2023 15:49:38 GMT, Brian Burkhalter wrote: >> src/java.base/share/native/libjava/io_util.c line 173: >> >>> 171: if (len > MAX_MALLOC_SIZE) >>> 172: len = MAX_MALLOC_SIZE; >>> 173: buf = (char*)malloc(len*sizeof(char)); >> >> please reformat line 173 > >> please reformat line 173 > > Why? "buf = (char*)malloc(len*sizeof(char));" --> "buf = (char*)malloc(len * sizeof(char));" ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1275185140 From jjiang at openjdk.org Wed Jul 26 16:06:54 2023 From: jjiang at openjdk.org (John Jiang) Date: Wed, 26 Jul 2023 16:06:54 GMT Subject: RFR: 8312630: java/security should not create unmodifiable collections with redundant wrapping [v2] In-Reply-To: References: Message-ID: On Wed, 26 Jul 2023 14:41:16 GMT, Sean Mullan wrote: > it says "It is cloned to prevent subsequent modification." > Now, if the set passed in is unmodifiable, that is no longer true. My understanding: The parameter `protectionParams` is cloned as `this.protectionParams`, and `this.protectionParams` should be prevented from subsequent modification. `Map::copyOf` looks meet this requirement, no matter the parameter `protectionParams` is modifiable or not. > It also will now throw NPE if any of the keys or values are null, whereas before it did not, > and the specification does not specify that in the @throws clause. Yes, this is a problem. I don't want to change any behavior. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15008#discussion_r1275191302 From bpb at openjdk.org Wed Jul 26 16:08:56 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Wed, 26 Jul 2023 16:08:56 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: <6OemrpkFaGPYsX6Bftibu3choJWoR3tJCx0lNkLMX0s=.b4d313fc-a245-400d-a2f9-1c84df7a205e@github.com> References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> <7jYPsgbYJLiMIA-ZhtlS-jZKatNX58pVD9mcMFw2Jzc=.4fd7dfb6-44be-4b58-9ba3-ff3f58e372a8@github.com> <6OemrpkFaGPYsX6Bftibu3choJWoR3tJCx0lNkLMX0s=.b4d313fc-a245-400d-a2f9-1c84df7a205e@github.com> Message-ID: On Wed, 26 Jul 2023 15:58:15 GMT, Vyom Tewari wrote: >>> please reformat line 173 >> >> Why? > > "buf = (char*)malloc(len*sizeof(char));" --> "buf = (char*)malloc(len * sizeof(char));" > "buf = (char*)malloc(len_sizeof(char));" --> "buf = (char_)malloc(len * sizeof(char));" Both sides of this are wrong. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1275193937 From rhalade at openjdk.org Wed Jul 26 16:58:52 2023 From: rhalade at openjdk.org (Rajan Halade) Date: Wed, 26 Jul 2023 16:58:52 GMT Subject: Integrated: 8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails In-Reply-To: References: Message-ID: <3vIo223mFaFsaziU1G8Z4Zh_okdU9zvowuIKmJg1pe0=.5bf2c618-a2ba-4be0-81f8-14160a9ed2b7@github.com> On Mon, 24 Jul 2023 15:13:42 GMT, Rajan Halade wrote: > This is an update to test certificates issued by Amazon root CA. The new EE certificates have CRLDP so I have enabled CRL check on those. This test is updated to cover the failure while we wait for [JDK-8308592](https://bugs.openjdk.org/browse/JDK-8308592) This pull request has now been integrated. Changeset: 4c2e54fb Author: Rajan Halade URL: https://git.openjdk.org/jdk/commit/4c2e54fb055bee0af5cd838fdd32a0f7902d51e3 Stats: 491 lines in 1 file changed: 142 ins; 30 del; 319 mod 8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails Reviewed-by: mullan ------------- PR: https://git.openjdk.org/jdk/pull/15000 From bpb at openjdk.org Wed Jul 26 17:30:51 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Wed, 26 Jul 2023 17:30:51 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> Message-ID: On Tue, 25 Jul 2023 23:50:07 GMT, Brian Burkhalter wrote: >> Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. > > Brian Burkhalter has updated the pull request incrementally with three additional commits since the last revision: > > - 6478546: Decrease malloc limit to 1.5 MB > - 6478546: Minor refactoring > - 6478546: Prevent short read > The changes in [69941de](https://github.com/openjdk/jdk/commit/69941de4aa27ee34d957621d73c77942237c33cd) are also using nested blockers, this is benign, but if this code is change then they can be dropped from the callers. I don't see where this is happening. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14981#issuecomment-1652223466 From bpb at openjdk.org Wed Jul 26 17:44:55 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Wed, 26 Jul 2023 17:44:55 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> Message-ID: On Tue, 25 Jul 2023 23:50:07 GMT, Brian Burkhalter wrote: >> Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. > > Brian Burkhalter has updated the pull request incrementally with three additional commits since the last revision: > > - 6478546: Decrease malloc limit to 1.5 MB > - 6478546: Minor refactoring > - 6478546: Prevent short read The EOF handling in the above should be if (n < 0) { // EOF if (nread == 0) return -1; break; } or zero will be returned if EOF is encountered on the first read (I made the same mistake in code that was not checked in). ------------- PR Comment: https://git.openjdk.org/jdk/pull/14981#issuecomment-1652242356 From mullan at openjdk.org Wed Jul 26 19:12:51 2023 From: mullan at openjdk.org (Sean Mullan) Date: Wed, 26 Jul 2023 19:12:51 GMT Subject: RFR: 8312630: java/security should not create unmodifiable collections with redundant wrapping [v2] In-Reply-To: References: Message-ID: <7Sn6FqY1N0LfqKQLMToNnT0hXqdn-UmrrQOrLMFyWR4=.3257cd05-8491-4de8-ad82-5d176e439964@github.com> On Wed, 26 Jul 2023 16:03:31 GMT, John Jiang wrote: > > it says "It is cloned to prevent subsequent modification." > > Now, if the set passed in is unmodifiable, that is no longer true. > > My understanding: The parameter `protectionParams` is cloned as `this.protectionParams`, and `this.protectionParams` should be prevented from subsequent modification. The latter part is true (prevented from subsequent modification) but, unless I am mistaken, the former (making a clone/copy) is not. For example, before your change, this assert would pass: Map m = Collections.unmodifiableMap(map); DomainLoadStoreParameters params = new DomainLoadStoreParameters(uri, m); assert m != params.getProtectionParams(); After your change, I think it fails (can you check?). Even though the protection in both cases should be adequate, it is a subtle behavior change that I don't think the current specification covers. > > `Map::copyOf` looks meet this requirement, no matter the parameter `protectionParams` is modifiable or not. > > > It also will now throw NPE if any of the keys or values are null, whereas before it did not, > > and the specification does not specify that in the @throws clause. > > Yes, this is a problem. I don't want to change any behavior. As mentioned, I don't think this change is critical unless you have a stronger case. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15008#discussion_r1275244650 From mullan at openjdk.org Wed Jul 26 19:12:55 2023 From: mullan at openjdk.org (Sean Mullan) Date: Wed, 26 Jul 2023 19:12:55 GMT Subject: RFR: 8312630: java/security should not create unmodifiable collections with redundant wrapping [v2] In-Reply-To: References: Message-ID: On Wed, 26 Jul 2023 09:28:46 GMT, John Jiang wrote: >> Some java/security classes apply the below coding style, >> >> Set set = ...; >> Set unmodifiableSet = Collections.unmodifiableSet(new HashSet<>(set)); >> >> It may be unnecessary to wrap that `set` with HashSet before creating `unmodifiableSet`. >> Some usages on `Collections.unmodifiableList` and `Collections.unmodifiableMap` have the same issue. > > John Jiang has updated the pull request incrementally with one additional commit since the last revision: > > use copyOf instead of modifiableXXX src/java.base/share/classes/java/security/KeyStore.java line 769: > 767: } > 768: this.cert = trustedCert; > 769: this.attributes = Set.copyOf(attributes); Similar comments. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15008#discussion_r1275083599 From xuelei at openjdk.org Wed Jul 26 19:35:49 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Wed, 26 Jul 2023 19:35:49 GMT Subject: RFR: 8312630: java/security should not create unmodifiable collections with redundant wrapping In-Reply-To: References: Message-ID: On Wed, 26 Jul 2023 06:11:56 GMT, Xue-Lei Andrew Fan wrote: >> Some java/security classes apply the below coding style, >> >> Set set = ...; >> Set unmodifiableSet = Collections.unmodifiableSet(new HashSet<>(set)); >> >> It may be unnecessary to wrap that `set` with HashSet before creating `unmodifiableSet`. >> Some usages on `Collections.unmodifiableList` and `Collections.unmodifiableMap` have the same issue. > > Note: Please don't backport this update unless [JDK-6323374](https://bugs.openjdk.org/browse/JDK-6323374) is backport as well. > @XueleiFan Thanks for your review and more infos! > > I just dug a bit history and found [JDK-8258514](https://bugs.openjdk.org/browse/JDK-8258514) applied `List::copyOf` instead of `Collections::unmodifiableList`. Now, I also follow this way and use `List/Set/Map::copyOf`. The use of copyOf for the update is mainly because the Collections::unmodifiableList was not updated yet at that time. It could be simpler to keep the behavior consistent by using Collections::unmodifiableList in this update. Otherwise, more effect may be required to check if the use of copyOf could change the behaviors. ------------- PR Comment: https://git.openjdk.org/jdk/pull/15008#issuecomment-1652370187 From jjiang at openjdk.org Wed Jul 26 23:38:49 2023 From: jjiang at openjdk.org (John Jiang) Date: Wed, 26 Jul 2023 23:38:49 GMT Subject: RFR: 8312630: java/security should not create unmodifiable collections with redundant wrapping [v2] In-Reply-To: <7Sn6FqY1N0LfqKQLMToNnT0hXqdn-UmrrQOrLMFyWR4=.3257cd05-8491-4de8-ad82-5d176e439964@github.com> References: <7Sn6FqY1N0LfqKQLMToNnT0hXqdn-UmrrQOrLMFyWR4=.3257cd05-8491-4de8-ad82-5d176e439964@github.com> Message-ID: On Wed, 26 Jul 2023 16:52:20 GMT, Sean Mullan wrote: > The latter part is true (prevented from subsequent modification) but, unless I am mistaken, the former (making a clone/copy) is not. For example, before your change, this assert would pass: > > ``` > Map m = Collections.unmodifiableMap(map); > DomainLoadStoreParameters params = new DomainLoadStoreParameters(uri, m); > assert m != params.getProtectionParams(); > ``` > > After your change, I think it fails (can you check?). Even though the protection in both cases should be adequate, it is a subtle behavior change that I don't think the current specification covers. I get the point now. > As mentioned, I don't think this change is critical unless you have a stronger case. I'll withdraw this PR. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15008#discussion_r1275577482 From jjiang at openjdk.org Wed Jul 26 23:38:51 2023 From: jjiang at openjdk.org (John Jiang) Date: Wed, 26 Jul 2023 23:38:51 GMT Subject: Withdrawn: 8312630: java/security should not create unmodifiable collections with redundant wrapping In-Reply-To: References: Message-ID: On Tue, 25 Jul 2023 06:27:25 GMT, John Jiang wrote: > Some java/security classes apply the below coding style, > > Set set = ...; > Set unmodifiableSet = Collections.unmodifiableSet(new HashSet<>(set)); > > It may be unnecessary to wrap that `set` with HashSet before creating `unmodifiableSet`. > Some usages on `Collections.unmodifiableList` and `Collections.unmodifiableMap` have the same issue. This pull request has been closed without being integrated. ------------- PR: https://git.openjdk.org/jdk/pull/15008 From jjiang at openjdk.org Thu Jul 27 04:08:06 2023 From: jjiang at openjdk.org (John Jiang) Date: Thu, 27 Jul 2023 04:08:06 GMT Subject: RFR: 8313226: Redundant condition test in X509CRLImpl Message-ID: <1TmXdiiXJPVCo6rNtzNj0-l_LqTYDZtoSQAj0ZEbmbQ=.50fe27bd-7cba-4bad-80a1-138a4c468061@github.com> if ((nextByte == DerValue.tag_SequenceOf) && (! ((nextByte & 0x0c0) == 0x080))) { ... ... } If `nextByte` is `DerValue.tag_SequenceOf`, exactly `0x30`, then the test after `&&` should always be true. ------------- Commit messages: - 8313226: Redundant condition test in X509CRLImpl Changes: https://git.openjdk.org/jdk/pull/15051/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=15051&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8313226 Stats: 3 lines in 1 file changed: 0 ins; 1 del; 2 mod Patch: https://git.openjdk.org/jdk/pull/15051.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15051/head:pull/15051 PR: https://git.openjdk.org/jdk/pull/15051 From stsypanov at openjdk.org Thu Jul 27 13:45:54 2023 From: stsypanov at openjdk.org (Sergey Tsypanov) Date: Thu, 27 Jul 2023 13:45:54 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> Message-ID: On Tue, 25 Jul 2023 23:50:07 GMT, Brian Burkhalter wrote: >> Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. > > Brian Burkhalter has updated the pull request incrementally with three additional commits since the last revision: > > - 6478546: Decrease malloc limit to 1.5 MB > - 6478546: Minor refactoring > - 6478546: Prevent short read src/java.base/share/native/libjava/io_util.c line 199: > 197: } > 198: > 199: if (buf != stackBuf) Wouldn't this cause a leak when if-condition is not met and `free(buf)` is not called? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1276302042 From bpb at openjdk.org Thu Jul 27 15:57:56 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Thu, 27 Jul 2023 15:57:56 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> Message-ID: On Thu, 27 Jul 2023 13:42:43 GMT, Sergey Tsypanov wrote: >> Brian Burkhalter has updated the pull request incrementally with three additional commits since the last revision: >> >> - 6478546: Decrease malloc limit to 1.5 MB >> - 6478546: Minor refactoring >> - 6478546: Prevent short read > > src/java.base/share/native/libjava/io_util.c line 199: > >> 197: } >> 198: >> 199: if (buf != stackBuf) > > Wouldn't this cause a leak when if-condition is not met and `free(buf)` is not called? I don't see how this is possible. The value of `buf` is either `stackBuf` or a value returned by `malloc()`. In any case, this code will be superseded. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1276493893 From stsypanov at openjdk.org Thu Jul 27 16:37:52 2023 From: stsypanov at openjdk.org (Sergey Tsypanov) Date: Thu, 27 Jul 2023 16:37:52 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> Message-ID: On Thu, 27 Jul 2023 15:54:30 GMT, Brian Burkhalter wrote: >> src/java.base/share/native/libjava/io_util.c line 199: >> >>> 197: } >>> 198: >>> 199: if (buf != stackBuf) >> >> Wouldn't this cause a leak when if-condition is not met and `free(buf)` is not called? > > I don't see how this is possible. The value of `buf` is either `stackBuf` or a value returned by `malloc()`. In any case, this code will be superseded. Then I guess we don't need this `if`-clause ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1276544537 From bpb at openjdk.org Thu Jul 27 17:02:57 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Thu, 27 Jul 2023 17:02:57 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> Message-ID: On Thu, 27 Jul 2023 16:35:05 GMT, Sergey Tsypanov wrote: >> I don't see how this is possible. The value of `buf` is either `stackBuf` or a value returned by `malloc()`. In any case, this code will be superseded. > > Then I guess we don't need this `if`-clause Then I think one gets an error if `0 < len < BUF_SIZE`: $ cat free.c #include int main(int argc, char** argv) { char stackBuf[8]; char* buf; buf = stackBuf; free(buf); } bpb:test{175}$ ./free free(14365,0x10e6a1600) malloc: *** error for object 0x7ff7b7d38280: pointer being freed was not allocated free(14365,0x10e6a1600) malloc: *** set a breakpoint in malloc_error_break to debug Abort trap: 6 This is on macOS. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1276573889 From stsypanov at openjdk.org Thu Jul 27 19:44:40 2023 From: stsypanov at openjdk.org (Sergey Tsypanov) Date: Thu, 27 Jul 2023 19:44:40 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> Message-ID: <7tlSYFjj4Pox7sG9GFRpGGUwrRT42TgNPXMARSh4Efo=.6b16c15c-85a7-499c-b838-a04294482e73@github.com> On Thu, 27 Jul 2023 16:59:58 GMT, Brian Burkhalter wrote: >> Then I guess we don't need this `if`-clause > > Then I think one gets an error if `0 < len < BUF_SIZE`: > > > $ cat free.c > #include > > int main(int argc, char** argv) > { > char stackBuf[8]; > char* buf; > > buf = stackBuf; > free(buf); > } > bpb:test{175}$ ./free > free(14365,0x10e6a1600) malloc: *** error for object 0x7ff7b7d38280: pointer being freed was not allocated > free(14365,0x10e6a1600) malloc: *** set a breakpoint in malloc_error_break to debug > Abort trap: 6 > > This is on macOS. Right! ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1276747895 From valeriep at openjdk.org Thu Jul 27 20:42:37 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Thu, 27 Jul 2023 20:42:37 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v4] In-Reply-To: References: Message-ID: > This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. > > Thanks in advance for review~ > Valerie Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: Remove the changes for the null-omission fallback. ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14839/files - new: https://git.openjdk.org/jdk/pull/14839/files/3426b38d..fae3a23e Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14839&range=03 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14839&range=02-03 Stats: 41 lines in 3 files changed: 0 ins; 37 del; 4 mod Patch: https://git.openjdk.org/jdk/pull/14839.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14839/head:pull/14839 PR: https://git.openjdk.org/jdk/pull/14839 From valeriep at openjdk.org Thu Jul 27 20:42:37 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Thu, 27 Jul 2023 20:42:37 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v3] In-Reply-To: References: Message-ID: On Tue, 25 Jul 2023 05:29:41 GMT, Xue-Lei Andrew Fan wrote: >> Max is on vacation and may not see your question for a while... >> IIRC, the inconsistency (NULL vs omission) goes way back. As time goes on, this may no longer be an issue as spec is clarified and vendors update their implementation. > > I checked back the specification back to RFC 2437, released on October 1998, which requires to encode NULL parameters as well. As the update to keep the consistency is not trivial, I may just remove it and see if it could be a real problem in practice. Yes, let's try it and see. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1276793982 From xuelei at openjdk.org Thu Jul 27 20:58:47 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Thu, 27 Jul 2023 20:58:47 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v3] In-Reply-To: References: Message-ID: On Thu, 27 Jul 2023 20:35:42 GMT, Valerie Peng wrote: >> I checked back the specification back to RFC 2437, released on October 1998, which requires to encode NULL parameters as well. As the update to keep the consistency is not trivial, I may just remove it and see if it could be a real problem in practice. > > Yes, let's try it and see. Thank you. I have no more comments. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14839#discussion_r1276811563 From xuelei at openjdk.org Thu Jul 27 20:58:45 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Thu, 27 Jul 2023 20:58:45 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v4] In-Reply-To: References: Message-ID: <4Side85PocpvNaDpgZXKlMBZaHGWgK5xHMG3SH1Uaqc=.d82abe94-d948-47d6-bec7-9525e4cce5e5@github.com> On Thu, 27 Jul 2023 20:42:37 GMT, Valerie Peng wrote: >> This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. >> >> Thanks in advance for review~ >> Valerie > > Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: > > Remove the changes for the null-omission fallback. Marked as reviewed by xuelei (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/14839#pullrequestreview-1550760599 From valeriep at openjdk.org Thu Jul 27 21:26:56 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Thu, 27 Jul 2023 21:26:56 GMT Subject: RFR: 8302017: Allocate BadPaddingException only if it will be thrown [v4] In-Reply-To: References: Message-ID: <7hGl3sv0ETDF8LzinT7vNHc9N2ZWKVsSLuspWj2VZm0=.a6fba118-8f30-4b65-a972-6b2700fa5e2e@github.com> On Thu, 27 Jul 2023 20:42:37 GMT, Valerie Peng wrote: >> This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. >> >> Thanks in advance for review~ >> Valerie > > Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: > > Remove the changes for the null-omission fallback. Thanks all for the review and feedbacks! ------------- PR Comment: https://git.openjdk.org/jdk/pull/14839#issuecomment-1654604750 From valeriep at openjdk.org Thu Jul 27 21:26:58 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Thu, 27 Jul 2023 21:26:58 GMT Subject: Integrated: 8302017: Allocate BadPaddingException only if it will be thrown In-Reply-To: References: Message-ID: <1umugQuI0JQ9mPFtKhNjBescM5HqqqSALnY4KBFI67s=.20cb3d01-7958-4de7-8883-99f2a0d9d58e@github.com> On Tue, 11 Jul 2023 23:19:40 GMT, Valerie Peng wrote: > This change refactors the RSAPadding class to return an output record containing the status instead of relying on exception object to indicate a failure. > > Thanks in advance for review~ > Valerie This pull request has now been integrated. Changeset: c27c8778 Author: Valerie Peng URL: https://git.openjdk.org/jdk/commit/c27c87786a612501e080222dd8647f94b3b261e6 Stats: 157 lines in 5 files changed: 91 ins; 27 del; 39 mod 8302017: Allocate BadPaddingException only if it will be thrown Reviewed-by: xuelei ------------- PR: https://git.openjdk.org/jdk/pull/14839 From duke at openjdk.org Fri Jul 28 02:15:01 2023 From: duke at openjdk.org (duke) Date: Fri, 28 Jul 2023 02:15:01 GMT Subject: Withdrawn: 8306688: Support Windows serialized keystores (SST files) In-Reply-To: References: Message-ID: <4lzPe693XKXub_lSrmynjpiAMUZtWpLBfnvNJlqexGQ=.211348d6-d39f-4e3f-9847-f34612b57502@github.com> On Fri, 26 May 2023 21:09:35 GMT, Mat Carter wrote: > Added ability to load keystores from SST files on Windows. Example usage: > > KeyStore keyStore = KeyStore.getInstance("Windows-SST"); > try (FileInputStream fis = new FileInputStream("mykeystore.sst")) { > keyStore.load(fis, null); > } > > Note that its not limited to file streams, it can be any stream. > > The feature is behind a runtime flag ("sun.security.mscapi.keyStoreSSTSupport") as the KeyStore must have an input stream, but the JCK tests assume an input stream is optional > > tier1 tests for linux/macos/Windows for x86_64 This pull request has been closed without being integrated. ------------- PR: https://git.openjdk.org/jdk/pull/14187 From mullan at openjdk.org Fri Jul 28 14:34:49 2023 From: mullan at openjdk.org (Sean Mullan) Date: Fri, 28 Jul 2023 14:34:49 GMT Subject: RFR: JDK-8311892: TrustManagerFactory loading an invalid keystore yield vague exception In-Reply-To: References: Message-ID: <7uz-UfvDnaaWWe01kscTrz7k6KJT2Zqvc50U2RRWzbA=.705cbba6-1a19-4d85-a652-a9743e88b67e@github.com> On Tue, 11 Jul 2023 18:09:26 GMT, Craig Andrews wrote: > When loading the default JVM trust store, if the JVM trust store contains an invalid certificate, the exception contains insufficient information to determine which certificate is invalid, making it very difficult to fix the problem. > > To reproduce the issue: > 1. Modify the default JVM trust store to contain invalid information. A very easy way to do this on openjdk / red hat systems is to edit /etc/pki/ca-trust/extracted/java/cacerts and add garbage text to the file. > 2. Run this code: > > TrustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); > // initializing the trust store with a null KeyStore will load the default JVM trust store > tmf.init((KeyStore) null); > > > This stack trace results: > > Caused by: java.security.KeyStoreException: problem accessing trust store > at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73) > at java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:282) > ... 81 common frames omitted > Caused by: java.io.IOException: toDerInputStream rejects tag type 97 > at java.base/sun.security.util.DerValue.toDerInputStream(DerValue.java:1155) > at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2013) > at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221) > at java.base/java.security.KeyStore.load(KeyStore.java:1473) > at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:390) > at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:336) > at java.base/sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:57) > at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49) > ... 83 common frames omitted > > > Throwing an exception with a more detailed error message facilitates debugging and ultimately fixing such problems. > Excellent point, thank you for your thoughtful review and for linking the documentation :) > > It would be really nice to give the user some information to help them along without requiring a JVM argument, though... What if we just included the file name (but not the path) in the exception message, something like: > > ```java > throw new KeyStoreException("Failed to load key store with file name: " + descriptor.storeFile.getName(), e); > ``` > > Would that be acceptable? Or is there something else we could do to provide a little more helpful of a message? It would be more acceptable, but it also may be more confusing if for example "cacerts" was emitted, and there were more than one truststore with a filename of "cacerts" in the system. There are really only a couple of different ways a truststore can be set. See https://docs.oracle.com/en/java/javase/20/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-32CF3420-56E8-4BC5-8D3B-1F6B4692A290 for more info. I think in most cases, you should be able to figure out which truststore has the problem. Can you explain or give a scenario where that would be difficult to determine? However, what might be acceptable to me is an exception that gives a hint as to what truststore is being used, w/o giving away the full path. For example, one of the following, depending on how it was configured: "Problem accessing truststore specified in javax.net.ssl.trustStore system property" "Problem accessing truststore with file name: ${java.home}/lib/security/jssecacerts" "Problem accessing truststore with file name: ${java.home}/lib/security/cacerts" This change would probably require enhancing TrustStoreManager and TrustStoreDescriptor to cache additional info about what type of truststore was used. But it is not really clear to me that the effort is justified. If you are able to re-run the application with debugging, you can obtain this information. Also, with JFR you can get a dump of the system properties used by an application, which also would be helpful if it is setting the javax.net.ssl.trustStore system property. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14834#issuecomment-1655789320 From duke at openjdk.org Fri Jul 28 15:35:50 2023 From: duke at openjdk.org (Bernd) Date: Fri, 28 Jul 2023 15:35:50 GMT Subject: RFR: JDK-8311892: TrustManagerFactory loading an invalid keystore yield vague exception In-Reply-To: References: Message-ID: On Tue, 11 Jul 2023 18:09:26 GMT, Craig Andrews wrote: > When loading the default JVM trust store, if the JVM trust store contains an invalid certificate, the exception contains insufficient information to determine which certificate is invalid, making it very difficult to fix the problem. > > To reproduce the issue: > 1. Modify the default JVM trust store to contain invalid information. A very easy way to do this on openjdk / red hat systems is to edit /etc/pki/ca-trust/extracted/java/cacerts and add garbage text to the file. > 2. Run this code: > > TrustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); > // initializing the trust store with a null KeyStore will load the default JVM trust store > tmf.init((KeyStore) null); > > > This stack trace results: > > Caused by: java.security.KeyStoreException: problem accessing trust store > at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73) > at java.base/javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:282) > ... 81 common frames omitted > Caused by: java.io.IOException: toDerInputStream rejects tag type 97 > at java.base/sun.security.util.DerValue.toDerInputStream(DerValue.java:1155) > at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2013) > at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221) > at java.base/java.security.KeyStore.load(KeyStore.java:1473) > at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:390) > at java.base/sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:336) > at java.base/sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:57) > at java.base/sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49) > ... 83 common frames omitted > > > Throwing an exception with a more detailed error message facilitates debugging and ultimately fixing such problems. Btw: the initial issue ?which certificate? would suggest the byte position beeing more important than the file name - especially if there can only be so many ways to specify one. Maybe instead of throwing the details just error log the path? ------------- PR Comment: https://git.openjdk.org/jdk/pull/14834#issuecomment-1655893075 From hchao at openjdk.org Fri Jul 28 15:44:03 2023 From: hchao at openjdk.org (Hai-May Chao) Date: Fri, 28 Jul 2023 15:44:03 GMT Subject: RFR: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar Message-ID: JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar ------------- Commit messages: - 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar Changes: https://git.openjdk.org/jdk/pull/15072/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=15072&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8312489 Stats: 6 lines in 2 files changed: 2 ins; 0 del; 4 mod Patch: https://git.openjdk.org/jdk/pull/15072.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15072/head:pull/15072 PR: https://git.openjdk.org/jdk/pull/15072 From mpowers at openjdk.org Fri Jul 28 16:51:41 2023 From: mpowers at openjdk.org (Mark Powers) Date: Fri, 28 Jul 2023 16:51:41 GMT Subject: RFR: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar In-Reply-To: References: Message-ID: <18nopLAK5O_v5pCM2xvfveq-1BzGb4i10GtwVNR_pUE=.f9d83b02-beba-45c6-a3d8-7b86ba1b305e@github.com> On Fri, 28 Jul 2023 15:34:47 GMT, Hai-May Chao wrote: > JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java line 852: > 850: Integer tmp = GetIntegerAction.privilegedGetProperty( > 851: "jdk.jar.maxSignatureFileSize", 16000000); > 852: if (tmp < 0 || tmp > MAX_ARRAY_SIZE) { Can't `tmp` be `null`? After all, it is an `Integer` object. The rest of your code changes look fine to me. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15072#discussion_r1277783838 From mullan at openjdk.org Fri Jul 28 17:44:52 2023 From: mullan at openjdk.org (Sean Mullan) Date: Fri, 28 Jul 2023 17:44:52 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v10] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: On Mon, 17 Jul 2023 23:03:45 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request incrementally with one additional commit since the last revision: > > Feedback src/java.base/share/classes/sun/security/x509/URIName.java line 280: > 278: * {@return the hash code value for this object} > 279: */ > 280: @Override You could also add `@Override` to `equals`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1277905613 From mullan at openjdk.org Fri Jul 28 19:07:49 2023 From: mullan at openjdk.org (Sean Mullan) Date: Fri, 28 Jul 2023 19:07:49 GMT Subject: RFR: JDK-8311892: TrustManagerFactory loading an invalid keystore yield vague exception In-Reply-To: References: Message-ID: <1hR5MAXi3UpjaXVT2uIBm-c_0_NcA45m6iDsnsNuPOM=.45e21c2d-d809-4124-b9e1-e418f6ec77b3@github.com> On Fri, 28 Jul 2023 15:32:47 GMT, Bernd wrote: > Btw: the initial issue ?which certificate? would suggest the byte position beeing more important than the file name - especially if there can only be so many ways to specify one. Maybe instead of throwing the details just error log the path? You can already get the truststore path name if you turn on debugging by specifying -Djavax.net.debug=ssl:trustmanager on the command-line. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14834#issuecomment-1656194201 From hchao at openjdk.org Fri Jul 28 19:16:51 2023 From: hchao at openjdk.org (Hai-May Chao) Date: Fri, 28 Jul 2023 19:16:51 GMT Subject: RFR: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar In-Reply-To: <18nopLAK5O_v5pCM2xvfveq-1BzGb4i10GtwVNR_pUE=.f9d83b02-beba-45c6-a3d8-7b86ba1b305e@github.com> References: <18nopLAK5O_v5pCM2xvfveq-1BzGb4i10GtwVNR_pUE=.f9d83b02-beba-45c6-a3d8-7b86ba1b305e@github.com> Message-ID: On Fri, 28 Jul 2023 16:48:36 GMT, Mark Powers wrote: >> JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar > > src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java line 852: > >> 850: Integer tmp = GetIntegerAction.privilegedGetProperty( >> 851: "jdk.jar.maxSignatureFileSize", 16000000); >> 852: if (tmp < 0 || tmp > MAX_ARRAY_SIZE) { > > Can't `tmp` be `null`? After all, it is an `Integer` object. The rest of your code changes look fine to me. `tmp` will not be null. `GetIntegerAction.privilegedGetProperty()` will return the default value when jdk.jar.maxSignatureFileSize=null ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15072#discussion_r1277995474 From mpowers at openjdk.org Fri Jul 28 19:26:52 2023 From: mpowers at openjdk.org (Mark Powers) Date: Fri, 28 Jul 2023 19:26:52 GMT Subject: RFR: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar In-Reply-To: References: <18nopLAK5O_v5pCM2xvfveq-1BzGb4i10GtwVNR_pUE=.f9d83b02-beba-45c6-a3d8-7b86ba1b305e@github.com> Message-ID: On Fri, 28 Jul 2023 19:14:09 GMT, Hai-May Chao wrote: >> src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java line 852: >> >>> 850: Integer tmp = GetIntegerAction.privilegedGetProperty( >>> 851: "jdk.jar.maxSignatureFileSize", 16000000); >>> 852: if (tmp < 0 || tmp > MAX_ARRAY_SIZE) { >> >> Can't `tmp` be `null`? After all, it is an `Integer` object. The rest of your code changes look fine to me. > > `tmp` will not be null. `GetIntegerAction.privilegedGetProperty()` will return the default value when jdk.jar.maxSignatureFileSize=null You're right. Didn't look close enough. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15072#discussion_r1278003455 From mullan at openjdk.org Fri Jul 28 19:56:53 2023 From: mullan at openjdk.org (Sean Mullan) Date: Fri, 28 Jul 2023 19:56:53 GMT Subject: RFR: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar In-Reply-To: References: Message-ID: On Fri, 28 Jul 2023 15:34:47 GMT, Hai-May Chao wrote: > JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar Changes requested by mullan (Reviewer). src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java line 857: > 855: "is used as the specified size for the " + > 856: "jdk.jar.maxSignatureFileSize system property " + > 857: "is out of range: " + tmp); The wording of the message is a bit hard to understand. I suggest rewording slightly as: debug.println("The default signature file size of 16000000 bytes " + "will be used as the specified size for the " + "jdk.jar.maxSignatureFileSize system property " + "since the value is out of range: " + tmp); ------------- PR Review: https://git.openjdk.org/jdk/pull/15072#pullrequestreview-1552842236 PR Review Comment: https://git.openjdk.org/jdk/pull/15072#discussion_r1278018761 From redestad at openjdk.org Fri Jul 28 19:56:55 2023 From: redestad at openjdk.org (Claes Redestad) Date: Fri, 28 Jul 2023 19:56:55 GMT Subject: RFR: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar In-Reply-To: References: <18nopLAK5O_v5pCM2xvfveq-1BzGb4i10GtwVNR_pUE=.f9d83b02-beba-45c6-a3d8-7b86ba1b305e@github.com> Message-ID: On Fri, 28 Jul 2023 19:23:26 GMT, Mark Powers wrote: >> `tmp` will not be null. `GetIntegerAction.privilegedGetProperty()` will return the default value when jdk.jar.maxSignatureFileSize=null > > You're right. Didn't look close enough. Might make sense to declare `tmp` as an `int` to avoid future confusion and save a few bytecode on repeated implicit unboxing every time `tmp` is used. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15072#discussion_r1278027326 From bpb at openjdk.org Fri Jul 28 19:59:15 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Fri, 28 Jul 2023 19:59:15 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v3] In-Reply-To: References: Message-ID: > Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. Brian Burkhalter has updated the pull request incrementally with one additional commit since the last revision: 6478546: Move buffer clamping up to Java layer; correct read behavior to match legacy ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14981/files - new: https://git.openjdk.org/jdk/pull/14981/files/69941de4..92649751 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14981&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14981&range=01-02 Stats: 102 lines in 4 files changed: 48 ins; 20 del; 34 mod Patch: https://git.openjdk.org/jdk/pull/14981.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14981/head:pull/14981 PR: https://git.openjdk.org/jdk/pull/14981 From bpb at openjdk.org Fri Jul 28 19:59:34 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Fri, 28 Jul 2023 19:59:34 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v2] In-Reply-To: <8i_NF3xA4t8bZnYAJAHVoqNnZGipNqHyvWJJNzY2yC0=.99bd097d-30de-418a-85d0-f212b8b2e842@github.com> References: <2Tev3UK-0UjhG8UZE0_bCj1wYf1eHKxGSRdYYZTmWN4=.e5979796-1956-4b46-b2a3-1da85ea862f7@github.com> <8i_NF3xA4t8bZnYAJAHVoqNnZGipNqHyvWJJNzY2yC0=.99bd097d-30de-418a-85d0-f212b8b2e842@github.com> Message-ID: On Wed, 26 Jul 2023 09:29:18 GMT, Alan Bateman wrote: > I think this is close to what you want Modified as suggested in 9264975. The limit is increased to 1.5 Mb where it was in native malloc clamping. This appears to prevent any throughput degradation. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14981#issuecomment-1656245009 From hchao at openjdk.org Fri Jul 28 21:44:13 2023 From: hchao at openjdk.org (Hai-May Chao) Date: Fri, 28 Jul 2023 21:44:13 GMT Subject: RFR: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar [v2] In-Reply-To: References: Message-ID: > JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision: Variable tmp declaration update ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15072/files - new: https://git.openjdk.org/jdk/pull/15072/files/f99a79fc..03f0d31c Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15072&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15072&range=00-01 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/15072.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15072/head:pull/15072 PR: https://git.openjdk.org/jdk/pull/15072 From hchao at openjdk.org Fri Jul 28 21:44:13 2023 From: hchao at openjdk.org (Hai-May Chao) Date: Fri, 28 Jul 2023 21:44:13 GMT Subject: RFR: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar [v2] In-Reply-To: References: <18nopLAK5O_v5pCM2xvfveq-1BzGb4i10GtwVNR_pUE=.f9d83b02-beba-45c6-a3d8-7b86ba1b305e@github.com> Message-ID: On Fri, 28 Jul 2023 19:54:13 GMT, Claes Redestad wrote: >> You're right. Didn't look close enough. > > Might make sense to declare `tmp` as an `int` to avoid future confusion and save a few bytecode on repeated implicit unboxing every time `tmp` is used. Done as suggested. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15072#discussion_r1278103350 From prappo at openjdk.org Fri Jul 28 22:14:09 2023 From: prappo at openjdk.org (Pavel Rappo) Date: Fri, 28 Jul 2023 22:14:09 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v11] In-Reply-To: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: > Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. > > I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. > > * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. > > * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. > > * BitArray could be a topic of its own, but I'll do my best to be concise. > > * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. > * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). > > * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: > > // check certs > if (this.certs == null && that.certs != null || > this.certs != null && that.certs == null || > this.certs != null && > this.certs.length != that.certs.length) { > return false; > } > > int i,j; > boolean match; > > for (i = 0; this.certs != nu... Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 20 commits: - Merge branch 'master' into 8311170 # Conflicts: # src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java - Feedback - Feedback - Feedback: avoid intermediate assignments - More previously missed cases - Fix: log hashCode as an unsigned long If they don't match, this test fails: test/jdk/jdk/security/logging/TestX509ValidationLog.java - Fix: match hashCode implementations hashCode in the included classes must match that of javax.crypto.spec.SecretKeySpec.hashCode. If they don't match, this test fails: test/jdk/javax/crypto/KeyGenerator/CompareKeys.java - Fix: revert short-circuiting when destroyed That change caused this test to fail: test/jdk/javax/security/auth/kerberos/KerberosHashEqualsTest.java - Much more cases: apologies for extra review work - Merge branch 'master' into 8311170 - ... and 10 more: https://git.openjdk.org/jdk/compare/d6245b68...821f617f ------------- Changes: https://git.openjdk.org/jdk/pull/14738/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14738&range=10 Stats: 1109 lines in 96 files changed: 169 ins; 542 del; 398 mod Patch: https://git.openjdk.org/jdk/pull/14738.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14738/head:pull/14738 PR: https://git.openjdk.org/jdk/pull/14738 From hchao at openjdk.org Fri Jul 28 22:49:04 2023 From: hchao at openjdk.org (Hai-May Chao) Date: Fri, 28 Jul 2023 22:49:04 GMT Subject: RFR: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar [v3] In-Reply-To: References: Message-ID: > JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision: debug message update ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15072/files - new: https://git.openjdk.org/jdk/pull/15072/files/03f0d31c..fa805f2b Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15072&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15072&range=01-02 Stats: 3 lines in 1 file changed: 0 ins; 0 del; 3 mod Patch: https://git.openjdk.org/jdk/pull/15072.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15072/head:pull/15072 PR: https://git.openjdk.org/jdk/pull/15072 From hchao at openjdk.org Fri Jul 28 22:49:04 2023 From: hchao at openjdk.org (Hai-May Chao) Date: Fri, 28 Jul 2023 22:49:04 GMT Subject: RFR: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar [v3] In-Reply-To: References: Message-ID: On Fri, 28 Jul 2023 19:43:17 GMT, Sean Mullan wrote: >> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision: >> >> debug message update > > src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java line 857: > >> 855: "is used as the specified size for the " + >> 856: "jdk.jar.maxSignatureFileSize system property " + >> 857: "is out of range: " + tmp); > > The wording of the message is a bit hard to understand. I suggest rewording slightly as: > > debug.println("The default signature file size of 16000000 bytes " + > "will be used as the specified size for the " + > "jdk.jar.maxSignatureFileSize system property " + > "since the value is out of range: " + tmp); Reworded the debug message. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15072#discussion_r1278142837 From vtewari at openjdk.org Sun Jul 30 04:58:03 2023 From: vtewari at openjdk.org (Vyom Tewari) Date: Sun, 30 Jul 2023 04:58:03 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v3] In-Reply-To: References: Message-ID: On Fri, 28 Jul 2023 19:59:15 GMT, Brian Burkhalter wrote: >> Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. > > Brian Burkhalter has updated the pull request incrementally with one additional commit since the last revision: > > 6478546: Move buffer clamping up to Java layer; correct read behavior to match legacy src/java.base/share/native/libjava/io_util.c line 171: > 169: if (buf == NULL) { > 170: JNU_ThrowOutOfMemoryError(env, NULL); > 171: return 0; why we are returning '0' here ? I can see, it is consistence with 'readBytes' in case of OOM error we are returning 0 and other exceptions we are returning -1. Can you please help me understand if there is any specific reason for returning 0 in case of OOM ?. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1278508600 From alanb at openjdk.org Sun Jul 30 12:51:03 2023 From: alanb at openjdk.org (Alan Bateman) Date: Sun, 30 Jul 2023 12:51:03 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v3] In-Reply-To: References: Message-ID: On Sun, 30 Jul 2023 04:54:32 GMT, Vyom Tewari wrote: >> Brian Burkhalter has updated the pull request incrementally with one additional commit since the last revision: >> >> 6478546: Move buffer clamping up to Java layer; correct read behavior to match legacy > > src/java.base/share/native/libjava/io_util.c line 171: > >> 169: if (buf == NULL) { >> 170: JNU_ThrowOutOfMemoryError(env, NULL); >> 171: return 0; > > why we are returning '0' here ? I can see, it is consistence with 'readBytes' in case of OOM error we are returning 0 and other exceptions we are returning -1. Can you please help me understand if there is any specific reason for returning 0 in case of OOM ?. This a JNI function returning with a pending exception so the return value doesn't matter. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1278562919 From alanb at openjdk.org Sun Jul 30 13:11:57 2023 From: alanb at openjdk.org (Alan Bateman) Date: Sun, 30 Jul 2023 13:11:57 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v3] In-Reply-To: References: Message-ID: <5k4VFVI74A2cbypxW01WHS1-jRPs0LCCmnT8sfQEomM=.1f19c199-0531-46f4-9b44-3ddccb053d69@github.com> On Fri, 28 Jul 2023 19:59:15 GMT, Brian Burkhalter wrote: >> Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. > > Brian Burkhalter has updated the pull request incrementally with one additional commit since the last revision: > > 6478546: Move buffer clamping up to Java layer; correct read behavior to match legacy src/java.base/share/classes/java/io/FileInputStream.java line 257: > 255: try { > 256: do { > 257: int size = Math.min(remaining, 1572864); 1.5Mb seems high, I think we really need micro that do real file I/O to help tune this. src/java.base/share/classes/java/io/FileOutputStream.java line 347: > 345: pos += n; > 346: remaining -= n; > 347: } while (remaining > 0); Long standing behavior is that write is a no-open with len is 0, meaning you can do while here (no need to change it to do-while). Same thing in RAF. src/java.base/share/native/libjava/io_util.c line 160: > 158: } > 159: > 160: if (outOfBounds(env, off, len, bytes)) { I assume the IS_NULL and outOfBounds checking in both readBytes and writeBytes are redundant now. src/java.base/share/native/libjava/io_util.c line 183: > 181: if (fd == -1) { > 182: JNU_ThrowIOException(env, "Stream Closed"); > 183: nwritten = -1; nwritten is initialized to -1. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1278565903 PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1278565565 PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1278563940 PR Review Comment: https://git.openjdk.org/jdk/pull/14981#discussion_r1278564255 From mbaesken at openjdk.org Mon Jul 31 08:24:54 2023 From: mbaesken at openjdk.org (Matthias Baesken) Date: Mon, 31 Jul 2023 08:24:54 GMT Subject: RFR: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar [v3] In-Reply-To: References: Message-ID: <4K3N6aAIgso6kCzcc6T58WU36hX4JC3yVlaCSfEfWEk=.c28fdce0-4116-4c26-b8f2-5a7adb84c776@github.com> On Fri, 28 Jul 2023 22:49:04 GMT, Hai-May Chao wrote: >> JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar > > Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision: > > debug message update Thanks for the adjustment. Looks good to me. ------------- Marked as reviewed by mbaesken (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/15072#pullrequestreview-1554209992 From dholmes at openjdk.org Mon Jul 31 08:39:02 2023 From: dholmes at openjdk.org (David Holmes) Date: Mon, 31 Jul 2023 08:39:02 GMT Subject: [jdk21] RFR: 8300937: Update nroff pages in JDK 21 before RC Message-ID: Main changes are to use 21 instead of 21-ea. In addition the following files contain additional updates from the closed sources: - src/java.base/share/man/java.1 [JDK-8273131](https://bugs.openjdk.org/browse/JDK-8273131): Update the java manpage markdown source for JFR filename expansion [JDK-8221633](https://bugs.openjdk.org/browse/JDK-8221633): StartFlightRecording: consider moving mention of multiple comma-separated parameters to the front There are also some formatting differences related to: [JDK-8309670](https://bugs.openjdk.org/browse/JDK-8309670): java -help output for --module-path / -p is incomplete Likely a different version of pandoc was used. - src/java.base/share/man/keytool.1 [JDK-8290626](https://bugs.openjdk.org/browse/JDK-8290626): keytool manpage contains a special character - src/jdk.compiler/share/man/javac.1 [JDK-8308456](https://bugs.openjdk.org/browse/JDK-8308456): Update javac tool page for -proc:full also some formatting differences. - src/jdk.jartool/share/man/jarsigner.1 [JDK-8303928](https://bugs.openjdk.org/browse/JDK-8303928): Update jarsigner man page after [JDK-8303410](https://bugs.openjdk.org/browse/JDK-8303410) - src/jdk.jcmd/share/man/jcmd.1 [JDK-8273131](https://bugs.openjdk.org/browse/JDK-8273131): Update the java manpage markdown source for JFR filename expansion - src/jdk.jdeps/share/man/jdeps.1 [JDK-8301207](https://bugs.openjdk.org/browse/JDK-8301207): (jdeps) Deprecate jdeps -profile option - src/jdk.jfr/share/man/jfr.1 Formatting changes. - src/jdk.jshell/share/man/jshell.1 [JDK-8308988](https://bugs.openjdk.org/browse/JDK-8308988): Update JShell manpage to include TOOLING description ------------- Commit messages: - 8300937: Update nroff pages in JDK 21 before RC Changes: https://git.openjdk.org/jdk21/pull/151/files Webrev: https://webrevs.openjdk.org/?repo=jdk21&pr=151&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8300937 Stats: 163 lines in 28 files changed: 37 ins; 60 del; 66 mod Patch: https://git.openjdk.org/jdk21/pull/151.diff Fetch: git fetch https://git.openjdk.org/jdk21.git pull/151/head:pull/151 PR: https://git.openjdk.org/jdk21/pull/151 From dfuchs at openjdk.org Mon Jul 31 14:24:57 2023 From: dfuchs at openjdk.org (Daniel Fuchs) Date: Mon, 31 Jul 2023 14:24:57 GMT Subject: [jdk21] RFR: 8300937: Update nroff pages in JDK 21 before RC In-Reply-To: References: Message-ID: On Mon, 31 Jul 2023 08:33:07 GMT, David Holmes wrote: > Main changes are to use 21 instead of 21-ea. In addition the following files contain additional updates from the closed sources: > > - src/java.base/share/man/java.1 > > [JDK-8273131](https://bugs.openjdk.org/browse/JDK-8273131): Update the java manpage markdown source for JFR filename expansion > [JDK-8221633](https://bugs.openjdk.org/browse/JDK-8221633): StartFlightRecording: consider moving mention of multiple comma-separated parameters to the front > > There are also some formatting differences related to: > > [JDK-8309670](https://bugs.openjdk.org/browse/JDK-8309670): java -help output for --module-path / -p is incomplete > > Likely a different version of pandoc was used. > > - src/java.base/share/man/keytool.1 > > [JDK-8290626](https://bugs.openjdk.org/browse/JDK-8290626): keytool manpage contains a special character > > - src/jdk.compiler/share/man/javac.1 > > [JDK-8308456](https://bugs.openjdk.org/browse/JDK-8308456): Update javac tool page for -proc:full > > also some formatting differences. > > - src/jdk.jartool/share/man/jarsigner.1 > > [JDK-8303928](https://bugs.openjdk.org/browse/JDK-8303928): Update jarsigner man page after [JDK-8303410](https://bugs.openjdk.org/browse/JDK-8303410) > > - src/jdk.jcmd/share/man/jcmd.1 > > [JDK-8273131](https://bugs.openjdk.org/browse/JDK-8273131): Update the java manpage markdown source for JFR filename expansion > > - src/jdk.jdeps/share/man/jdeps.1 > > [JDK-8301207](https://bugs.openjdk.org/browse/JDK-8301207): (jdeps) Deprecate jdeps -profile option > > - src/jdk.jfr/share/man/jfr.1 > > Formatting changes. > > - src/jdk.jshell/share/man/jshell.1 > > [JDK-8308988](https://bugs.openjdk.org/browse/JDK-8308988): Update JShell manpage to include TOOLING description Changes to jwebserver.1 look good to me. ------------- PR Comment: https://git.openjdk.org/jdk21/pull/151#issuecomment-1658469731 From mullan at openjdk.org Mon Jul 31 14:48:44 2023 From: mullan at openjdk.org (Sean Mullan) Date: Mon, 31 Jul 2023 14:48:44 GMT Subject: RFR: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar [v3] In-Reply-To: References: Message-ID: On Fri, 28 Jul 2023 22:49:04 GMT, Hai-May Chao wrote: >> JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar > > Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision: > > debug message update Marked as reviewed by mullan (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/15072#pullrequestreview-1554964878 From hchao at openjdk.org Mon Jul 31 15:22:08 2023 From: hchao at openjdk.org (Hai-May Chao) Date: Mon, 31 Jul 2023 15:22:08 GMT Subject: Integrated: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar In-Reply-To: References: Message-ID: <_VP3RyvhJmipeylNJQrORnJCVYSULsJlN1oTQwR4kLA=.a405382e-b420-4b27-9a09-761a3f20c030@github.com> On Fri, 28 Jul 2023 15:34:47 GMT, Hai-May Chao wrote: > JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar This pull request has now been integrated. Changeset: e47a84f2 Author: Hai-May Chao URL: https://git.openjdk.org/jdk/commit/e47a84f23dd2608c6f5748093eefe301fb5bf750 Stats: 9 lines in 2 files changed: 2 ins; 0 del; 7 mod 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar Reviewed-by: mullan, mbaesken ------------- PR: https://git.openjdk.org/jdk/pull/15072 From hchao at openjdk.org Mon Jul 31 15:22:07 2023 From: hchao at openjdk.org (Hai-May Chao) Date: Mon, 31 Jul 2023 15:22:07 GMT Subject: RFR: 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar [v3] In-Reply-To: References: Message-ID: On Fri, 28 Jul 2023 22:49:04 GMT, Hai-May Chao wrote: >> JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar > > Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision: > > debug message update Thanks for the review. ------------- PR Comment: https://git.openjdk.org/jdk/pull/15072#issuecomment-1658581622 From xuelei at openjdk.org Mon Jul 31 15:59:42 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Mon, 31 Jul 2023 15:59:42 GMT Subject: RFR: 8312259: StatusResponseManager unused code clean up [v3] In-Reply-To: References: Message-ID: On Wed, 19 Jul 2023 04:35:56 GMT, Xue-Lei Andrew Fan wrote: >> Hi, >> >> May I have the code cleanup update reviewed? With this update, the unused code in StatusResponseManager.java will be removed. >> >> Thanks, >> Xuelei > > Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision: > > revise test case ping ... ------------- PR Comment: https://git.openjdk.org/jdk/pull/14924#issuecomment-1658662392 From mpowers at openjdk.org Mon Jul 31 16:11:49 2023 From: mpowers at openjdk.org (Mark Powers) Date: Mon, 31 Jul 2023 16:11:49 GMT Subject: RFR: 8312259: StatusResponseManager unused code clean up [v3] In-Reply-To: References: Message-ID: <4O7UlFT0wDZEPFeTptd1kQ17q9kQ5MTy2NhiWsp8P7Y=.2d6159b4-8a97-4c17-8a33-527592e75f58@github.com> On Wed, 19 Jul 2023 04:35:56 GMT, Xue-Lei Andrew Fan wrote: >> Hi, >> >> May I have the code cleanup update reviewed? With this update, the unused code in StatusResponseManager.java will be removed. >> >> Thanks, >> Xuelei > > Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision: > > revise test case I'll look at it again. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14924#issuecomment-1658696636 From mchung at openjdk.org Mon Jul 31 16:48:58 2023 From: mchung at openjdk.org (Mandy Chung) Date: Mon, 31 Jul 2023 16:48:58 GMT Subject: [jdk21] RFR: 8300937: Update nroff pages in JDK 21 before RC In-Reply-To: References: Message-ID: On Mon, 31 Jul 2023 08:33:07 GMT, David Holmes wrote: > Main changes are to use 21 instead of 21-ea. In addition the following files contain additional updates from the closed sources: > > - src/java.base/share/man/java.1 > > [JDK-8273131](https://bugs.openjdk.org/browse/JDK-8273131): Update the java manpage markdown source for JFR filename expansion > [JDK-8221633](https://bugs.openjdk.org/browse/JDK-8221633): StartFlightRecording: consider moving mention of multiple comma-separated parameters to the front > > There are also some formatting differences related to: > > [JDK-8309670](https://bugs.openjdk.org/browse/JDK-8309670): java -help output for --module-path / -p is incomplete > > Likely a different version of pandoc was used. > > - src/java.base/share/man/keytool.1 > > [JDK-8290626](https://bugs.openjdk.org/browse/JDK-8290626): keytool manpage contains a special character > > - src/jdk.compiler/share/man/javac.1 > > [JDK-8308456](https://bugs.openjdk.org/browse/JDK-8308456): Update javac tool page for -proc:full > > also some formatting differences. > > - src/jdk.jartool/share/man/jarsigner.1 > > [JDK-8303928](https://bugs.openjdk.org/browse/JDK-8303928): Update jarsigner man page after [JDK-8303410](https://bugs.openjdk.org/browse/JDK-8303410) > > - src/jdk.jcmd/share/man/jcmd.1 > > [JDK-8273131](https://bugs.openjdk.org/browse/JDK-8273131): Update the java manpage markdown source for JFR filename expansion > > - src/jdk.jdeps/share/man/jdeps.1 > > [JDK-8301207](https://bugs.openjdk.org/browse/JDK-8301207): (jdeps) Deprecate jdeps -profile option > > - src/jdk.jfr/share/man/jfr.1 > > Formatting changes. > > - src/jdk.jshell/share/man/jshell.1 > > [JDK-8308988](https://bugs.openjdk.org/browse/JDK-8308988): Update JShell manpage to include TOOLING description Changes in java and jdeps are good. ------------- Marked as reviewed by mchung (Reviewer). PR Review: https://git.openjdk.org/jdk21/pull/151#pullrequestreview-1555334390 From bpb at openjdk.org Mon Jul 31 17:02:15 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Mon, 31 Jul 2023 17:02:15 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v4] In-Reply-To: References: Message-ID: > Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. Brian Burkhalter has updated the pull request incrementally with one additional commit since the last revision: 6478546: do-while -> while-do in writeBytes; remove NULL and bounds checks in native ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14981/files - new: https://git.openjdk.org/jdk/pull/14981/files/92649751..cdb8455c Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14981&range=03 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14981&range=02-03 Stats: 39 lines in 3 files changed: 1 ins; 33 del; 5 mod Patch: https://git.openjdk.org/jdk/pull/14981.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14981/head:pull/14981 PR: https://git.openjdk.org/jdk/pull/14981 From iris at openjdk.org Mon Jul 31 17:02:58 2023 From: iris at openjdk.org (Iris Clark) Date: Mon, 31 Jul 2023 17:02:58 GMT Subject: [jdk21] RFR: 8300937: Update nroff pages in JDK 21 before RC In-Reply-To: References: Message-ID: On Mon, 31 Jul 2023 08:33:07 GMT, David Holmes wrote: > Main changes are to use 21 instead of 21-ea. In addition the following files contain additional updates from the closed sources: > > - src/java.base/share/man/java.1 > > [JDK-8273131](https://bugs.openjdk.org/browse/JDK-8273131): Update the java manpage markdown source for JFR filename expansion > [JDK-8221633](https://bugs.openjdk.org/browse/JDK-8221633): StartFlightRecording: consider moving mention of multiple comma-separated parameters to the front > > There are also some formatting differences related to: > > [JDK-8309670](https://bugs.openjdk.org/browse/JDK-8309670): java -help output for --module-path / -p is incomplete > > Likely a different version of pandoc was used. > > - src/java.base/share/man/keytool.1 > > [JDK-8290626](https://bugs.openjdk.org/browse/JDK-8290626): keytool manpage contains a special character > > - src/jdk.compiler/share/man/javac.1 > > [JDK-8308456](https://bugs.openjdk.org/browse/JDK-8308456): Update javac tool page for -proc:full > > also some formatting differences. > > - src/jdk.jartool/share/man/jarsigner.1 > > [JDK-8303928](https://bugs.openjdk.org/browse/JDK-8303928): Update jarsigner man page after [JDK-8303410](https://bugs.openjdk.org/browse/JDK-8303410) > > - src/jdk.jcmd/share/man/jcmd.1 > > [JDK-8273131](https://bugs.openjdk.org/browse/JDK-8273131): Update the java manpage markdown source for JFR filename expansion > > - src/jdk.jdeps/share/man/jdeps.1 > > [JDK-8301207](https://bugs.openjdk.org/browse/JDK-8301207): (jdeps) Deprecate jdeps -profile option > > - src/jdk.jfr/share/man/jfr.1 > > Formatting changes. > > - src/jdk.jshell/share/man/jshell.1 > > [JDK-8308988](https://bugs.openjdk.org/browse/JDK-8308988): Update JShell manpage to include TOOLING description Looks good. The flow changes are unfortunate, but a tool update has the potential to have far more wide-spread changes. I'm happy that's all there was. ------------- Marked as reviewed by iris (Reviewer). PR Review: https://git.openjdk.org/jdk21/pull/151#pullrequestreview-1555365638 From mpowers at openjdk.org Mon Jul 31 17:56:52 2023 From: mpowers at openjdk.org (Mark Powers) Date: Mon, 31 Jul 2023 17:56:52 GMT Subject: RFR: 8312259: StatusResponseManager unused code clean up [v3] In-Reply-To: References: Message-ID: <12fI8stxI1qmYfau3_c0lpdrf3vazfUY19dnNptRu0M=.333149e5-98ce-46d4-a207-58aeb2f4c0e5@github.com> On Wed, 19 Jul 2023 04:35:56 GMT, Xue-Lei Andrew Fan wrote: >> Hi, >> >> May I have the code cleanup update reviewed? With this update, the unused code in StatusResponseManager.java will be removed. >> >> Thanks, >> Xuelei > > Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision: > > revise test case I'm not sure I would have gone to the trouble to remove methods used by tests, but I understand your motivation. StatusResponseManager is definitely improved. test/jdk/sun/security/ssl/Stapling/java.base/sun/security/ssl/StatusResponseManagerTests.java line 105: > 103: } > 104: > 105: Nit: added space ------------- Marked as reviewed by mpowers (Author). PR Review: https://git.openjdk.org/jdk/pull/14924#pullrequestreview-1555445177 PR Review Comment: https://git.openjdk.org/jdk/pull/14924#discussion_r1279679556 From mullan at openjdk.org Mon Jul 31 18:05:54 2023 From: mullan at openjdk.org (Sean Mullan) Date: Mon, 31 Jul 2023 18:05:54 GMT Subject: RFR: 8312259: StatusResponseManager unused code clean up [v3] In-Reply-To: References: Message-ID: On Wed, 19 Jul 2023 04:35:56 GMT, Xue-Lei Andrew Fan wrote: >> Hi, >> >> May I have the code cleanup update reviewed? With this update, the unused code in StatusResponseManager.java will be removed. >> >> Thanks, >> Xuelei > > Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision: > > revise test case I think @jnimeh should review this, as I think these methods were added when implementing OCSP Stapling, and it would be good for him to make sure they are no longer needed.. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14924#issuecomment-1658897468 From egahlin at openjdk.org Mon Jul 31 18:51:50 2023 From: egahlin at openjdk.org (Erik Gahlin) Date: Mon, 31 Jul 2023 18:51:50 GMT Subject: [jdk21] RFR: 8300937: Update nroff pages in JDK 21 before RC In-Reply-To: References: Message-ID: <9NqTSNFI28Ew52fVBR40-QdAioWNizm9lnuMHr8hVoo=.0f709ec1-8ec2-4e6e-a30c-f69f2026200b@github.com> On Mon, 31 Jul 2023 08:33:07 GMT, David Holmes wrote: > Main changes are to use 21 instead of 21-ea. In addition the following files contain additional updates from the closed sources: > > - src/java.base/share/man/java.1 > > [JDK-8273131](https://bugs.openjdk.org/browse/JDK-8273131): Update the java manpage markdown source for JFR filename expansion > [JDK-8221633](https://bugs.openjdk.org/browse/JDK-8221633): StartFlightRecording: consider moving mention of multiple comma-separated parameters to the front > > There are also some formatting differences related to: > > [JDK-8309670](https://bugs.openjdk.org/browse/JDK-8309670): java -help output for --module-path / -p is incomplete > > Likely a different version of pandoc was used. > > - src/java.base/share/man/keytool.1 > > [JDK-8290626](https://bugs.openjdk.org/browse/JDK-8290626): keytool manpage contains a special character > > - src/jdk.compiler/share/man/javac.1 > > [JDK-8308456](https://bugs.openjdk.org/browse/JDK-8308456): Update javac tool page for -proc:full > > also some formatting differences. > > - src/jdk.jartool/share/man/jarsigner.1 > > [JDK-8303928](https://bugs.openjdk.org/browse/JDK-8303928): Update jarsigner man page after [JDK-8303410](https://bugs.openjdk.org/browse/JDK-8303410) > > - src/jdk.jcmd/share/man/jcmd.1 > > [JDK-8273131](https://bugs.openjdk.org/browse/JDK-8273131): Update the java manpage markdown source for JFR filename expansion > > - src/jdk.jdeps/share/man/jdeps.1 > > [JDK-8301207](https://bugs.openjdk.org/browse/JDK-8301207): (jdeps) Deprecate jdeps -profile option > > - src/jdk.jfr/share/man/jfr.1 > > Formatting changes. > > - src/jdk.jshell/share/man/jshell.1 > > [JDK-8308988](https://bugs.openjdk.org/browse/JDK-8308988): Update JShell manpage to include TOOLING description Marked as reviewed by egahlin (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk21/pull/151#pullrequestreview-1555541442 From xuelei at openjdk.org Mon Jul 31 19:09:53 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Mon, 31 Jul 2023 19:09:53 GMT Subject: RFR: 8312259: StatusResponseManager unused code clean up [v4] In-Reply-To: References: Message-ID: > Hi, > > May I have the code cleanup update reviewed? With this update, the unused code in StatusResponseManager.java will be removed. > > Thanks, > Xuelei Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision: remove unintended blank line ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14924/files - new: https://git.openjdk.org/jdk/pull/14924/files/cf894899..8a885e0b Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14924&range=03 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14924&range=02-03 Stats: 1 line in 1 file changed: 0 ins; 1 del; 0 mod Patch: https://git.openjdk.org/jdk/pull/14924.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14924/head:pull/14924 PR: https://git.openjdk.org/jdk/pull/14924 From xuelei at openjdk.org Mon Jul 31 19:09:56 2023 From: xuelei at openjdk.org (Xue-Lei Andrew Fan) Date: Mon, 31 Jul 2023 19:09:56 GMT Subject: RFR: 8312259: StatusResponseManager unused code clean up [v3] In-Reply-To: <12fI8stxI1qmYfau3_c0lpdrf3vazfUY19dnNptRu0M=.333149e5-98ce-46d4-a207-58aeb2f4c0e5@github.com> References: <12fI8stxI1qmYfau3_c0lpdrf3vazfUY19dnNptRu0M=.333149e5-98ce-46d4-a207-58aeb2f4c0e5@github.com> Message-ID: On Mon, 31 Jul 2023 17:46:22 GMT, Mark Powers wrote: >> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision: >> >> revise test case > > test/jdk/sun/security/ssl/Stapling/java.base/sun/security/ssl/StatusResponseManagerTests.java line 105: > >> 103: } >> 104: >> 105: > > Nit: added space Thanks for the review. I just removed the space. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14924#discussion_r1279753160 From dholmes at openjdk.org Mon Jul 31 21:13:03 2023 From: dholmes at openjdk.org (David Holmes) Date: Mon, 31 Jul 2023 21:13:03 GMT Subject: [jdk21] RFR: 8300937: Update nroff pages in JDK 21 before RC In-Reply-To: References: Message-ID: On Mon, 31 Jul 2023 08:33:07 GMT, David Holmes wrote: > Main changes are to use 21 instead of 21-ea. In addition the following files contain additional updates from the closed sources: > > - src/java.base/share/man/java.1 > > [JDK-8273131](https://bugs.openjdk.org/browse/JDK-8273131): Update the java manpage markdown source for JFR filename expansion > [JDK-8221633](https://bugs.openjdk.org/browse/JDK-8221633): StartFlightRecording: consider moving mention of multiple comma-separated parameters to the front > > There are also some formatting differences related to: > > [JDK-8309670](https://bugs.openjdk.org/browse/JDK-8309670): java -help output for --module-path / -p is incomplete > > Likely a different version of pandoc was used. > > - src/java.base/share/man/keytool.1 > > [JDK-8290626](https://bugs.openjdk.org/browse/JDK-8290626): keytool manpage contains a special character > > - src/jdk.compiler/share/man/javac.1 > > [JDK-8308456](https://bugs.openjdk.org/browse/JDK-8308456): Update javac tool page for -proc:full > > also some formatting differences. > > - src/jdk.jartool/share/man/jarsigner.1 > > [JDK-8303928](https://bugs.openjdk.org/browse/JDK-8303928): Update jarsigner man page after [JDK-8303410](https://bugs.openjdk.org/browse/JDK-8303410) > > - src/jdk.jcmd/share/man/jcmd.1 > > [JDK-8273131](https://bugs.openjdk.org/browse/JDK-8273131): Update the java manpage markdown source for JFR filename expansion > > - src/jdk.jdeps/share/man/jdeps.1 > > [JDK-8301207](https://bugs.openjdk.org/browse/JDK-8301207): (jdeps) Deprecate jdeps -profile option > > - src/jdk.jfr/share/man/jfr.1 > > Formatting changes. > > - src/jdk.jshell/share/man/jshell.1 > > [JDK-8308988](https://bugs.openjdk.org/browse/JDK-8308988): Update JShell manpage to include TOOLING description Thanks for the reviews everyone. ------------- PR Comment: https://git.openjdk.org/jdk21/pull/151#issuecomment-1659164663 From dholmes at openjdk.org Mon Jul 31 21:13:04 2023 From: dholmes at openjdk.org (David Holmes) Date: Mon, 31 Jul 2023 21:13:04 GMT Subject: [jdk21] Integrated: 8300937: Update nroff pages in JDK 21 before RC In-Reply-To: References: Message-ID: On Mon, 31 Jul 2023 08:33:07 GMT, David Holmes wrote: > Main changes are to use 21 instead of 21-ea. In addition the following files contain additional updates from the closed sources: > > - src/java.base/share/man/java.1 > > [JDK-8273131](https://bugs.openjdk.org/browse/JDK-8273131): Update the java manpage markdown source for JFR filename expansion > [JDK-8221633](https://bugs.openjdk.org/browse/JDK-8221633): StartFlightRecording: consider moving mention of multiple comma-separated parameters to the front > > There are also some formatting differences related to: > > [JDK-8309670](https://bugs.openjdk.org/browse/JDK-8309670): java -help output for --module-path / -p is incomplete > > Likely a different version of pandoc was used. > > - src/java.base/share/man/keytool.1 > > [JDK-8290626](https://bugs.openjdk.org/browse/JDK-8290626): keytool manpage contains a special character > > - src/jdk.compiler/share/man/javac.1 > > [JDK-8308456](https://bugs.openjdk.org/browse/JDK-8308456): Update javac tool page for -proc:full > > also some formatting differences. > > - src/jdk.jartool/share/man/jarsigner.1 > > [JDK-8303928](https://bugs.openjdk.org/browse/JDK-8303928): Update jarsigner man page after [JDK-8303410](https://bugs.openjdk.org/browse/JDK-8303410) > > - src/jdk.jcmd/share/man/jcmd.1 > > [JDK-8273131](https://bugs.openjdk.org/browse/JDK-8273131): Update the java manpage markdown source for JFR filename expansion > > - src/jdk.jdeps/share/man/jdeps.1 > > [JDK-8301207](https://bugs.openjdk.org/browse/JDK-8301207): (jdeps) Deprecate jdeps -profile option > > - src/jdk.jfr/share/man/jfr.1 > > Formatting changes. > > - src/jdk.jshell/share/man/jshell.1 > > [JDK-8308988](https://bugs.openjdk.org/browse/JDK-8308988): Update JShell manpage to include TOOLING description This pull request has now been integrated. Changeset: 0439d584 Author: David Holmes URL: https://git.openjdk.org/jdk21/commit/0439d584221f4d92fd1f4097a331f83dcdb2c12c Stats: 163 lines in 28 files changed: 37 ins; 60 del; 66 mod 8300937: Update nroff pages in JDK 21 before RC Reviewed-by: mchung, iris, egahlin ------------- PR: https://git.openjdk.org/jdk21/pull/151 From mullan at openjdk.org Mon Jul 31 21:44:01 2023 From: mullan at openjdk.org (Sean Mullan) Date: Mon, 31 Jul 2023 21:44:01 GMT Subject: RFR: 8311170: Simplify and modernize equals and hashCode in security area [v11] In-Reply-To: References: <26J4DxGERYIGa_G5PQDHzsE_axYce-hsOxfwYGK7OBw=.86332f20-6a8f-420b-be93-3cb0cf0089d1@github.com> Message-ID: On Fri, 28 Jul 2023 22:14:09 GMT, Pavel Rappo wrote: >> Please review this PR to use modern APIs and language features to simplify `equals` and `hashCode` in security area. >> >> I understand that security area is sensitive and a non-expert, such as myself, should tread carefully; so below are my notes to assist the review. >> >> * Unlike `hashCode`, non-secure `equals` implementations are typically short-circuit. But because of "timing attacks", we seem to have specialized implementations, such as `java.security.MessageDigest.isEqual(byte[], byte[])` and a more general `sun.security.util.ByteArrays.isEqual(byte[], int, int, byte[], int, int)`. So while reviewing this PR, take an opportunity to audit the affected `equals` implementations: perhaps some of them need to become secure, not modern. I have no domain knowledge to tell those cases apart, I only note that those cases exist. >> >> * This PR sacrifices compatibility for pragmatism: it changes some `hashCode` implementations to produce different values than before to allow more utilization of methods from `Objects` and `Arrays`. To my mind, those changes are **benign**. If you disagree, I'd be happy to discuss that and/or retract the concerning part of the change. >> >> * BitArray could be a topic of its own, but I'll do my best to be concise. >> >> * Truth to be told, BitArray's `equals` and `hashCode` are not used anywhere in source, and `equals` is only used in one test. For that reason, I refrained from reimplementing internals of `BitArray` using more general `java.util.BitSet`: too much effort and risk for almost nothing. >> * Speaking of `BitSet`-powered `BitArray`. Such an implementation is not for the faint of heart: there's too much impedance mismatch between data structures that those classes use to store bits. That said, for the sake of testing that it is possible and that I understand the `BitArray` correctly, I actually implemented it using `BitSet`. While that implementation is **NOT** part of this PR, you can have a look at it [here](https://cr.openjdk.org/~prappo/8311170/BitArray.java). >> >> * One suggestion to consider is to change this somewhat arcane piece in java.security.UnresolvedPermission.equals: >> >> // check certs >> if (this.certs == null && that.certs != null || >> this.certs != null && that.certs == null || >> this.certs != null && >> this.certs.length != that.certs.length) { >> return false; >> } >> >> int i,j; >> boolea... > > Pavel Rappo has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 20 commits: > > - Merge branch 'master' into 8311170 > > # Conflicts: > # src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java > - Feedback > - Feedback > - Feedback: avoid intermediate assignments > - More previously missed cases > - Fix: log hashCode as an unsigned long > > If they don't match, this test fails: > test/jdk/jdk/security/logging/TestX509ValidationLog.java > - Fix: match hashCode implementations > > hashCode in the included classes must match that of > javax.crypto.spec.SecretKeySpec.hashCode. > > If they don't match, this test fails: > test/jdk/javax/crypto/KeyGenerator/CompareKeys.java > - Fix: revert short-circuiting when destroyed > > That change caused this test to fail: > test/jdk/javax/security/auth/kerberos/KerberosHashEqualsTest.java > - Much more cases: apologies for extra review work > - Merge branch 'master' into 8311170 > - ... and 10 more: https://git.openjdk.org/jdk/compare/d6245b68...821f617f src/java.base/share/classes/java/security/AccessControlContext.java line 1: > 1: /* Missing `@Override` on `equals`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14738#discussion_r1279910006