From djelinski at openjdk.org Mon Oct 2 08:33:32 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Mon, 2 Oct 2023 08:33:32 GMT Subject: RFR: 8317332: Prepare security for permissive- In-Reply-To: References: Message-ID: On Sat, 30 Sep 2023 06:26:10 GMT, Julian Waters wrote: > Prepares java.security.jgss for the permissive- compiler switch by > > - Adding scopes so goto doesn't jump over unitialized locals in sspi.cpp > - Adding a static modifier to a mismatched method declaration in NativeCreds.c, as the definition is static Changes requested by djelinski (Reviewer). src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp line 39: > 37: > 38: #include > 39: #include This seems unrelated; my MSVC doesn't complain about these headers. The C form is still preferred, even in our CPP code. Can we leave this change out? src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp line 372: > 370: SEC_WCHAR* value = new SEC_WCHAR[len + 1]; > 371: > 372: { This is ugly. I'm not a fan of braces appearing in the middle of the code for no apparent reason. [This SO question](https://stackoverflow.com/questions/31513798/error-jump-to-label-foo-crosses-initialization-of-bar) states that we can fix the compilation errors by splitting inline initialization into definition + assignment. I think I'd prefer that approach. ------------- PR Review: https://git.openjdk.org/jdk/pull/15996#pullrequestreview-1652256933 PR Review Comment: https://git.openjdk.org/jdk/pull/15996#discussion_r1342380436 PR Review Comment: https://git.openjdk.org/jdk/pull/15996#discussion_r1342375351 From jwaters at openjdk.org Mon Oct 2 08:33:32 2023 From: jwaters at openjdk.org (Julian Waters) Date: Mon, 2 Oct 2023 08:33:32 GMT Subject: RFR: 8317332: Prepare security for permissive- In-Reply-To: References:

Message-ID: On Mon, 2 Oct 2023 07:57:57 GMT, Daniel Jeli?ski wrote: >> Prepares java.security.jgss for the permissive- compiler switch by >> >> - Adding scopes so goto doesn't jump over unitialized locals in sspi.cpp >> - Adding a static modifier to a mismatched method declaration in NativeCreds.c, as the definition is static > > src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp line 39: > >> 37: >> 38: #include >> 39: #include > > This seems unrelated; my MSVC doesn't complain about these headers. > The C form is still preferred, even in our CPP code. Can we leave this change out? This was just a stylistic change, I'll leave it out > src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp line 372: > >> 370: SEC_WCHAR* value = new SEC_WCHAR[len + 1]; >> 371: >> 372: { > > This is ugly. I'm not a fan of braces appearing in the middle of the code for no apparent reason. > > [This SO question](https://stackoverflow.com/questions/31513798/error-jump-to-label-foo-crosses-initialization-of-bar) states that we can fix the compilation errors by splitting inline initialization into definition + assignment. I think I'd prefer that approach. I agree that it's ugly, but at the time I couldn't think of another way to solve the issue. By any chance, why does splitting it out into separate declaration assignment work? Last I remember, it still jumps over the local even when split up like this. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15996#discussion_r1342399094 PR Review Comment: https://git.openjdk.org/jdk/pull/15996#discussion_r1342401153 From duke at openjdk.org Mon Oct 2 09:45:58 2023 From: duke at openjdk.org (Michal Sobierski) Date: Mon, 2 Oct 2023 09:45:58 GMT Subject: RFR: 8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests [v3] In-Reply-To: <2S5d4_nU-a2dcoPOhCEe6flz9q0gk3eDrCNV2vTCBuw=.7e324ab5-ea91-4474-b5d8-2261d7440cf3@github.com> References: <2S5d4_nU-a2dcoPOhCEe6flz9q0gk3eDrCNV2vTCBuw=.7e324ab5-ea91-4474-b5d8-2261d7440cf3@github.com> Message-ID: > sun/security/rsa/SignedObjectChain.java is very slow when run with C1, I suspect because some crypto intrinsics are only implemented in C2. Commit contains changes made to parallelize it. > > Comparison of before and after parallelization: > time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseParallelGC -XX:TieredStopAtLevel=1" > before: 270.72s user 4.88s system 108% cpu 4:14.43 total > after: 410.76s user 7.50s system 555% cpu 1:15.23 total > after second commit: 375.46s user 4.59s system 539% cpu 1:10.41 total > > time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseParallelGC" > before: 63.67s user 4.67s system 161% cpu 42.424 total > after: 130.36s user 7.47s system 585% cpu 23.526 total > after second commit: 67.31s user 4.48s system 417% cpu 17.183 total > > time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseShenandoahGC -XX:TieredStopAtLevel=1" > before: 281.99s user 5.54s system 108% cpu 4:24.09 total > after: 386.98s user 8.62s system 496% cpu 1:19.73 total > after second commit: 413.51s user 5.08s system 613% cpu 1:08.25 total > > time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseShenandoahGC" > before: 65.86s user 5.05s system 156% cpu 45.215 total > after: 135.90s user 7.66s system 585% cpu 24.502 total > after second commit: 83.25s user 4.82s system 469% cpu 18.741 total Michal Sobierski has updated the pull request incrementally with one additional commit since the last revision: Update test/jdk/sun/security/rsa/SignedObjectChain.java Co-authored-by: Aleksey Shipil?v ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15860/files - new: https://git.openjdk.org/jdk/pull/15860/files/0040ba31..e39c326d Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15860&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15860&range=01-02 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/15860.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15860/head:pull/15860 PR: https://git.openjdk.org/jdk/pull/15860 From duke at openjdk.org Mon Oct 2 10:02:04 2023 From: duke at openjdk.org (Michal Sobierski) Date: Mon, 2 Oct 2023 10:02:04 GMT Subject: RFR: 8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests [v4] In-Reply-To: <2S5d4_nU-a2dcoPOhCEe6flz9q0gk3eDrCNV2vTCBuw=.7e324ab5-ea91-4474-b5d8-2261d7440cf3@github.com> References: <2S5d4_nU-a2dcoPOhCEe6flz9q0gk3eDrCNV2vTCBuw=.7e324ab5-ea91-4474-b5d8-2261d7440cf3@github.com> Message-ID: > sun/security/rsa/SignedObjectChain.java is very slow when run with C1, I suspect because some crypto intrinsics are only implemented in C2. Commit contains changes made to parallelize it. > > Comparison of before and after parallelization: > time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseParallelGC -XX:TieredStopAtLevel=1" > before: 270.72s user 4.88s system 108% cpu 4:14.43 total > after: 410.76s user 7.50s system 555% cpu 1:15.23 total > after second commit: 375.46s user 4.59s system 539% cpu 1:10.41 total > > time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseParallelGC" > before: 63.67s user 4.67s system 161% cpu 42.424 total > after: 130.36s user 7.47s system 585% cpu 23.526 total > after second commit: 67.31s user 4.48s system 417% cpu 17.183 total > > time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseShenandoahGC -XX:TieredStopAtLevel=1" > before: 281.99s user 5.54s system 108% cpu 4:24.09 total > after: 386.98s user 8.62s system 496% cpu 1:19.73 total > after second commit: 413.51s user 5.08s system 613% cpu 1:08.25 total > > time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseShenandoahGC" > before: 65.86s user 5.05s system 156% cpu 45.215 total > after: 135.90s user 7.66s system 585% cpu 24.502 total > after second commit: 83.25s user 4.82s system 469% cpu 18.741 total Michal Sobierski has updated the pull request incrementally with one additional commit since the last revision: Remove additional line ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15860/files - new: https://git.openjdk.org/jdk/pull/15860/files/e39c326d..b3c885ff Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15860&range=03 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15860&range=02-03 Stats: 1 line in 1 file changed: 0 ins; 1 del; 0 mod Patch: https://git.openjdk.org/jdk/pull/15860.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15860/head:pull/15860 PR: https://git.openjdk.org/jdk/pull/15860 From duke at openjdk.org Mon Oct 2 10:02:05 2023 From: duke at openjdk.org (Michal Sobierski) Date: Mon, 2 Oct 2023 10:02:05 GMT Subject: RFR: 8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests [v4] In-Reply-To: References: <2S5d4_nU-a2dcoPOhCEe6flz9q0gk3eDrCNV2vTCBuw=.7e324ab5-ea91-4474-b5d8-2261d7440cf3@github.com> Message-ID: On Mon, 2 Oct 2023 09:56:26 GMT, Michal Sobierski wrote: >> sun/security/rsa/SignedObjectChain.java is very slow when run with C1, I suspect because some crypto intrinsics are only implemented in C2. Commit contains changes made to parallelize it. >> >> Comparison of before and after parallelization: >> time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseParallelGC -XX:TieredStopAtLevel=1" >> before: 270.72s user 4.88s system 108% cpu 4:14.43 total >> after: 410.76s user 7.50s system 555% cpu 1:15.23 total >> after second commit: 375.46s user 4.59s system 539% cpu 1:10.41 total >> >> time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseParallelGC" >> before: 63.67s user 4.67s system 161% cpu 42.424 total >> after: 130.36s user 7.47s system 585% cpu 23.526 total >> after second commit: 67.31s user 4.48s system 417% cpu 17.183 total >> >> time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseShenandoahGC -XX:TieredStopAtLevel=1" >> before: 281.99s user 5.54s system 108% cpu 4:24.09 total >> after: 386.98s user 8.62s system 496% cpu 1:19.73 total >> after second commit: 413.51s user 5.08s system 613% cpu 1:08.25 total >> >> time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseShenandoahGC" >> before: 65.86s user 5.05s system 156% cpu 45.215 total >> after: 135.90s user 7.66s system 585% cpu 24.502 total >> after second commit: 83.25s user 4.82s system 469% cpu 18.741 total > > Michal Sobierski has updated the pull request incrementally with one additional commit since the last revision: > > Remove additional line Removing unnecessary line ------------- PR Review: https://git.openjdk.org/jdk/pull/15860#pullrequestreview-1652431994 From shade at openjdk.org Mon Oct 2 10:02:07 2023 From: shade at openjdk.org (Aleksey Shipilev) Date: Mon, 2 Oct 2023 10:02:07 GMT Subject: RFR: 8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests [v4] In-Reply-To: References: <2S5d4_nU-a2dcoPOhCEe6flz9q0gk3eDrCNV2vTCBuw=.7e324ab5-ea91-4474-b5d8-2261d7440cf3@github.com> Message-ID: On Mon, 2 Oct 2023 09:56:26 GMT, Michal Sobierski wrote: >> sun/security/rsa/SignedObjectChain.java is very slow when run with C1, I suspect because some crypto intrinsics are only implemented in C2. Commit contains changes made to parallelize it. >> >> Comparison of before and after parallelization: >> time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseParallelGC -XX:TieredStopAtLevel=1" >> before: 270.72s user 4.88s system 108% cpu 4:14.43 total >> after: 410.76s user 7.50s system 555% cpu 1:15.23 total >> after second commit: 375.46s user 4.59s system 539% cpu 1:10.41 total >> >> time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseParallelGC" >> before: 63.67s user 4.67s system 161% cpu 42.424 total >> after: 130.36s user 7.47s system 585% cpu 23.526 total >> after second commit: 67.31s user 4.48s system 417% cpu 17.183 total >> >> time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseShenandoahGC -XX:TieredStopAtLevel=1" >> before: 281.99s user 5.54s system 108% cpu 4:24.09 total >> after: 386.98s user 8.62s system 496% cpu 1:19.73 total >> after second commit: 413.51s user 5.08s system 613% cpu 1:08.25 total >> >> time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseShenandoahGC" >> before: 65.86s user 5.05s system 156% cpu 45.215 total >> after: 135.90s user 7.66s system 585% cpu 24.502 total >> after second commit: 83.25s user 4.82s system 469% cpu 18.741 total > > Michal Sobierski has updated the pull request incrementally with one additional commit since the last revision: > > Remove additional line Marked as reviewed by shade (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/15860#pullrequestreview-1652432287 From duke at openjdk.org Mon Oct 2 10:02:09 2023 From: duke at openjdk.org (Michal Sobierski) Date: Mon, 2 Oct 2023 10:02:09 GMT Subject: Integrated: 8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests In-Reply-To: <2S5d4_nU-a2dcoPOhCEe6flz9q0gk3eDrCNV2vTCBuw=.7e324ab5-ea91-4474-b5d8-2261d7440cf3@github.com> References: <2S5d4_nU-a2dcoPOhCEe6flz9q0gk3eDrCNV2vTCBuw=.7e324ab5-ea91-4474-b5d8-2261d7440cf3@github.com> Message-ID: On Thu, 21 Sep 2023 12:44:36 GMT, Michal Sobierski wrote: > sun/security/rsa/SignedObjectChain.java is very slow when run with C1, I suspect because some crypto intrinsics are only implemented in C2. Commit contains changes made to parallelize it. > > Comparison of before and after parallelization: > time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseParallelGC -XX:TieredStopAtLevel=1" > before: 270.72s user 4.88s system 108% cpu 4:14.43 total > after: 410.76s user 7.50s system 555% cpu 1:15.23 total > after second commit: 375.46s user 4.59s system 539% cpu 1:10.41 total > > time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseParallelGC" > before: 63.67s user 4.67s system 161% cpu 42.424 total > after: 130.36s user 7.47s system 585% cpu 23.526 total > after second commit: 67.31s user 4.48s system 417% cpu 17.183 total > > time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseShenandoahGC -XX:TieredStopAtLevel=1" > before: 281.99s user 5.54s system 108% cpu 4:24.09 total > after: 386.98s user 8.62s system 496% cpu 1:19.73 total > after second commit: 413.51s user 5.08s system 613% cpu 1:08.25 total > > time make test TEST=jdk/sun/security/rsa/SignedObjectChain.java TEST_VM_OPTS="-XX:+UseShenandoahGC" > before: 65.86s user 5.05s system 156% cpu 45.215 total > after: 135.90s user 7.66s system 585% cpu 24.502 total > after second commit: 83.25s user 4.82s system 469% cpu 18.741 total This pull request has now been integrated. Changeset: 59847926 Author: Michal Sobierski <145339032+msobiers at users.noreply.github.com> Committer: Aleksey Shipilev URL: https://git.openjdk.org/jdk/commit/59847926b63860704bcf2967660628eaede8ee36 Stats: 7 lines in 1 file changed: 2 ins; 2 del; 3 mod 8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests Reviewed-by: shade, rhalade, valeriep ------------- PR: https://git.openjdk.org/jdk/pull/15860 From djelinski at openjdk.org Mon Oct 2 12:30:12 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Mon, 2 Oct 2023 12:30:12 GMT Subject: RFR: 8317332: Prepare security for permissive- In-Reply-To: References:

Message-ID: On Mon, 2 Oct 2023 08:19:54 GMT, Julian Waters wrote: >> src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp line 372: >> >>> 370: SEC_WCHAR* value = new SEC_WCHAR[len + 1]; >>> 371: >>> 372: { >> >> This is ugly. I'm not a fan of braces appearing in the middle of the code for no apparent reason. >> >> [This SO question](https://stackoverflow.com/questions/31513798/error-jump-to-label-foo-crosses-initialization-of-bar) states that we can fix the compilation errors by splitting inline initialization into definition + assignment. I think I'd prefer that approach. > > I agree that it's ugly, but at the time I couldn't think of another way to solve the issue. By any chance, why does splitting it out into separate declaration assignment work? Last I remember, it still jumps over the local even when split up like this. Well, SO offers a speculative answer: https://stackoverflow.com/a/14274292 the modified form is not more safe, but the standard does not forbid it. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15996#discussion_r1342622719 From mpowers at openjdk.org Mon Oct 2 15:06:12 2023 From: mpowers at openjdk.org (Mark Powers) Date: Mon, 2 Oct 2023 15:06:12 GMT Subject: RFR: JDK-8296631 NSS tests failing on OL9 linux-aarch64 hosts [v3] In-Reply-To: References:

Message-ID: On Thu, 28 Sep 2023 20:22:40 GMT, Valerie Peng wrote: >> Mark Powers has updated the pull request incrementally with one additional commit since the last revision: >> >> more sqlite conversion needed > > Thanks, changes look good to me. @valeriepeng Thanks for the review! ------------- PR Comment: https://git.openjdk.org/jdk/pull/15644#issuecomment-1743189286 From mpowers at openjdk.org Mon Oct 2 17:00:11 2023 From: mpowers at openjdk.org (Mark Powers) Date: Mon, 2 Oct 2023 17:00:11 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v3] In-Reply-To: References:

Message-ID: On Mon, 25 Sep 2023 15:29:08 GMT, Weijun Wang wrote: >> Mark Powers has updated the pull request incrementally with one additional commit since the last revision: >> >> comment from Weijun > > test/jdk/sun/security/x509/X509CRLImpl/UnexpectedNPE.java line 76: > >> 74: >> 75: System.out.println("CRLException has not been thrown"); >> 76: return false; > > I think only `generateCRLs` is enough here since neither bug is about X.509 encoding. I don't understand. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1342939114 From weijun at openjdk.org Mon Oct 2 18:07:13 2023 From: weijun at openjdk.org (Weijun Wang) Date: Mon, 2 Oct 2023 18:07:13 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v3] In-Reply-To: References:

Message-ID: On Mon, 2 Oct 2023 16:57:47 GMT, Mark Powers wrote: >> test/jdk/sun/security/x509/X509CRLImpl/UnexpectedNPE.java line 76: >> >>> 74: >>> 75: System.out.println("CRLException has not been thrown"); >>> 76: return false; >> >> I think only `generateCRLs` is enough here since neither bug is about X.509 encoding. > > I don't understand. I mean there is no need to call both `generateCRL` and `generateCRLs`. The original test cases are about basic SEQUENCE encoding, the new test case is about PKCS7 encoding. These can be tested with a single `generateCRLs` call. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1342997097 From weijun at openjdk.org Mon Oct 2 18:15:37 2023 From: weijun at openjdk.org (Weijun Wang) Date: Mon, 2 Oct 2023 18:15:37 GMT Subject: Integrated: 8309356: Read files in includedir in alphanumeric order In-Reply-To: References: Message-ID: On Fri, 22 Sep 2023 14:00:34 GMT, Weijun Wang wrote: > Read files in `includedir` in alphanumerical order. This pull request has now been integrated. Changeset: f9850061 Author: Weijun Wang URL: https://git.openjdk.org/jdk/commit/f985006142c87d563f7e69d63b206c15e7e6f135 Stats: 77 lines in 2 files changed: 73 ins; 2 del; 2 mod 8309356: Read files in includedir in alphanumeric order Reviewed-by: mullan ------------- PR: https://git.openjdk.org/jdk/pull/15889 From mullan at openjdk.org Mon Oct 2 18:46:51 2023 From: mullan at openjdk.org (Sean Mullan) Date: Mon, 2 Oct 2023 18:46:51 GMT Subject: RFR: 8316771: Krb5.java has not defined messages for all error codes In-Reply-To: References: Message-ID: <17CVM5b0E1Wt6W1_NIEjNimOxEYJDt4Ii3SzFSt0yxw=.30748f52-c3cd-47f8-b5dd-4bd153413b6d@github.com> On Fri, 22 Sep 2023 20:05:18 GMT, Weijun Wang wrote: > Added 4 missing error codes and removed 2 wrong ones. > > KRB_AP_ERR_NOREALM claims itself to be "used in setDefaultCreds() in sun.security.krb5.Credentials" but it's no more. > > KRB_AP_ERR_GEN_CRED is used in one place but it's a local error and not meant to be embedded in a message. Therefore safe to be removed. Marked as reviewed by mullan (Reviewer). src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java line 282: > 280: public static final int KRB_ERR_WRONG_REALM = 68; //Wrong realm > 281: > 282: public static final int KRB_CRYPTO_NOT_SUPPORT = 100; //Client does not support this crypto type Just wondering, and not a specific review comment, but do you know if this error code is necessary? It isn't defined in RFC 4120 and not used in the JDK AFAICT. ------------- PR Review: https://git.openjdk.org/jdk/pull/15892#pullrequestreview-1653293733 PR Review Comment: https://git.openjdk.org/jdk/pull/15892#discussion_r1343030560 From weijun at openjdk.org Mon Oct 2 19:55:06 2023 From: weijun at openjdk.org (Weijun Wang) Date: Mon, 2 Oct 2023 19:55:06 GMT Subject: RFR: 8316771: Krb5.java has not defined messages for all error codes In-Reply-To: <17CVM5b0E1Wt6W1_NIEjNimOxEYJDt4Ii3SzFSt0yxw=.30748f52-c3cd-47f8-b5dd-4bd153413b6d@github.com> References: <17CVM5b0E1Wt6W1_NIEjNimOxEYJDt4Ii3SzFSt0yxw=.30748f52-c3cd-47f8-b5dd-4bd153413b6d@github.com> Message-ID: On Mon, 2 Oct 2023 18:42:26 GMT, Sean Mullan wrote: >> Added 4 missing error codes and removed 2 wrong ones. >> >> KRB_AP_ERR_NOREALM claims itself to be "used in setDefaultCreds() in sun.security.krb5.Credentials" but it's no more. >> >> KRB_AP_ERR_GEN_CRED is used in one place but it's a local error and not meant to be embedded in a message. Therefore safe to be removed. > > src/java.security.jgss/share/classes/sun/security/krb5/internal/Krb5.java line 282: > >> 280: public static final int KRB_ERR_WRONG_REALM = 68; //Wrong realm >> 281: >> 282: public static final int KRB_CRYPTO_NOT_SUPPORT = 100; //Client does not support this crypto type > > Just wondering, and not a specific review comment, but do you know if this error code is necessary? It isn't defined in RFC 4120 and not used in the JDK AFAICT. Then it's useless. There are several other error codes that are also used nowhere (Ex: `BITSTRING_SIZE_INVALID`). Maybe they were used long time ago, or maybe the original contributor used them in some other places and they had not cleaned up. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15892#discussion_r1343092001 From mpowers at openjdk.org Mon Oct 2 20:15:47 2023 From: mpowers at openjdk.org (Mark Powers) Date: Mon, 2 Oct 2023 20:15:47 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v3] In-Reply-To: References:

Message-ID: On Mon, 25 Sep 2023 03:40:47 GMT, Mark Powers wrote: >> https://bugs.openjdk.org/browse/JDK-8315042 > > Mark Powers has updated the pull request incrementally with one additional commit since the last revision: > > comment from Weijun @wangweij Thanks for the review - many good comments. ------------- PR Comment: https://git.openjdk.org/jdk/pull/15844#issuecomment-1743680267 From mpowers at openjdk.org Mon Oct 2 20:15:48 2023 From: mpowers at openjdk.org (Mark Powers) Date: Mon, 2 Oct 2023 20:15:48 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v3] In-Reply-To: References:

Message-ID: <3GgNXLmzh9rTnNmd3eEE-I9Wh0j6jYgt6Ysar17ohv0=.82842b6f-8918-49ae-9e21-f8f68a2eda93@github.com> On Mon, 25 Sep 2023 15:29:42 GMT, Weijun Wang wrote: >> Mark Powers has updated the pull request incrementally with one additional commit since the last revision: >> >> comment from Weijun > > test/jdk/sun/security/x509/X509CRLImpl/UnexpectedNPE.java line 27: > >> 25: * @test >> 26: * @library /test/lib >> 27: * @bug 5052433 8315042 > > Usually we put `@bug` before `@library`. Fixed. > test/jdk/sun/security/x509/X509CRLImpl/UnexpectedNPE.java line 41: > >> 39: private static final String in = "MAsGCSqGSMP7TQEHAjI1Bgn///////8wCwUyAQ=="; >> 40: >> 41: public UnexpectedNPE() {} > > Useless constructor. Removed. > test/jdk/sun/security/x509/X509CRLImpl/UnexpectedNPE.java line 47: > >> 45: byte[] encoded_2 = { 0x30, 0x01, 0x00, 0x00 }; >> 46: byte[] encoded_3 = { 0x30, 0x01, 0x00 }; >> 47: byte[] decodedBytes = Base64.getDecoder().decode(in); > > Maybe rename to `encoded_4`? Done. > test/jdk/sun/security/x509/X509CRLImpl/UnexpectedNPE.java line 49: > >> 47: byte[] decodedBytes = Base64.getDecoder().decode(in); >> 48: >> 49: UnexpectedNPE unpe = new UnexpectedNPE() ; > > Just modify `run` to static. No class instance needed. Good suggestion. > test/jdk/sun/security/x509/X509CRLImpl/UnexpectedNPE.java line 60: > >> 58: if (cf == null) { >> 59: try { >> 60: cf = CertificateFactory.getInstance("X.509", "SUN"); > > Make `cf` static and move the line above to `main`. Or, make it a local variable in `main` and pass it to all `run` calls. Doing the former. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1343103788 PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1343102818 PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1343102946 PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1343102629 PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1343103415 From mpowers at openjdk.org Mon Oct 2 20:15:49 2023 From: mpowers at openjdk.org (Mark Powers) Date: Mon, 2 Oct 2023 20:15:49 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v3] In-Reply-To: References:

Message-ID: On Mon, 2 Oct 2023 18:04:30 GMT, Weijun Wang wrote: >> I don't understand. > > I mean there is no need to call both `generateCRL` and `generateCRLs`. The original test cases are about basic SEQUENCE encoding, the new test case is about PKCS7 encoding. These can be tested with a single `generateCRLs` call. Fixed. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1343103661 From mullan at openjdk.org Mon Oct 2 20:42:00 2023 From: mullan at openjdk.org (Sean Mullan) Date: Mon, 2 Oct 2023 20:42:00 GMT Subject: RFR: 8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore.engineGetEntry In-Reply-To: <7tOzLBf7ymXGAX4OtkJTXz-hYX9EZUxJNXFCpyEXrHY=.fa7771b8-dc35-4266-a4db-eff3486e8598@github.com> References: <7tOzLBf7ymXGAX4OtkJTXz-hYX9EZUxJNXFCpyEXrHY=.fa7771b8-dc35-4266-a4db-eff3486e8598@github.com> Message-ID: On Mon, 25 Sep 2023 18:12:32 GMT, Weijun Wang wrote: > A different fix after https://github.com/openjdk/jdk/pull/14506 was closed. > > Still haven't made the attributes set immutable but at least it is populated before an entry is added to `entries` and it will never be modified later. > > I tried the newly added `AttributesMultiThread.java` test hundreds of times and only observed failures before this fix (~%2 failure rate). Looks good, just one method description improvement suggestion. src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1435: > 1433: > 1434: /* > 1435: * Assemble the entry attributes Perhaps be a bit more specific here - "Populate the entry with additional attributes used by the implementation." ------------- Marked as reviewed by mullan (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/15909#pullrequestreview-1653405219 PR Review Comment: https://git.openjdk.org/jdk/pull/15909#discussion_r1343099662 From weijun at openjdk.org Mon Oct 2 20:56:54 2023 From: weijun at openjdk.org (Weijun Wang) Date: Mon, 2 Oct 2023 20:56:54 GMT Subject: Integrated: 8316771: Krb5.java has not defined messages for all error codes In-Reply-To: References: Message-ID: <_B0rQnKuSQsrQkG4eiSj08K252bPVI0LjUFDVpN1tmw=.7302f720-fd86-4a36-9799-09039a3f7b02@github.com> On Fri, 22 Sep 2023 20:05:18 GMT, Weijun Wang wrote: > Added 4 missing error codes and removed 2 wrong ones. > > KRB_AP_ERR_NOREALM claims itself to be "used in setDefaultCreds() in sun.security.krb5.Credentials" but it's no more. > > KRB_AP_ERR_GEN_CRED is used in one place but it's a local error and not meant to be embedded in a message. Therefore safe to be removed. This pull request has now been integrated. Changeset: d7d1d42b Author: Weijun Wang URL: https://git.openjdk.org/jdk/commit/d7d1d42b67bcc8e6fe98e936b10e43edfd4989a2 Stats: 79 lines in 3 files changed: 72 ins; 3 del; 4 mod 8316771: Krb5.java has not defined messages for all error codes Reviewed-by: mullan ------------- PR: https://git.openjdk.org/jdk/pull/15892 From mpowers at openjdk.org Mon Oct 2 21:06:58 2023 From: mpowers at openjdk.org (Mark Powers) Date: Mon, 2 Oct 2023 21:06:58 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v4] In-Reply-To: References: Message-ID: > https://bugs.openjdk.org/browse/JDK-8315042 Mark Powers has updated the pull request incrementally with one additional commit since the last revision: more comments from Weijun ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15844/files - new: https://git.openjdk.org/jdk/pull/15844/files/b481ec44..369c3356 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15844&range=03 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15844&range=02-03 Stats: 23 lines in 1 file changed: 5 ins; 12 del; 6 mod Patch: https://git.openjdk.org/jdk/pull/15844.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15844/head:pull/15844 PR: https://git.openjdk.org/jdk/pull/15844 From weijun at openjdk.org Mon Oct 2 21:09:27 2023 From: weijun at openjdk.org (Weijun Wang) Date: Mon, 2 Oct 2023 21:09:27 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v4] In-Reply-To: References:

Message-ID: On Mon, 2 Oct 2023 21:06:58 GMT, Mark Powers wrote: >> https://bugs.openjdk.org/browse/JDK-8315042 > > Mark Powers has updated the pull request incrementally with one additional commit since the last revision: > > more comments from Weijun test/jdk/sun/security/x509/X509CRLImpl/UnexpectedNPE.java line 27: > 25: * @test > 26: * @bug 5052433 8315042 > 27: * @summary NullPointerException for generateCRL and generateCRLs methods. I didn't notice the `@summary` mention both methods. Now I'm not sure which one is better. You can either update this summary to only mention one or revert the code to check both. test/jdk/sun/security/x509/X509CRLImpl/UnexpectedNPE.java line 47: > 45: "MAsGCSqGSMP7TQEHAjI1Bgn///////8wCwUyAQ=="); > 46: > 47: if (cf == null) { No need to check `if (cf == null)` or catch any exception. Just leave it uncaught. test/jdk/sun/security/x509/X509CRLImpl/UnexpectedNPE.java line 67: > 65: () -> cf.generateCRLs(new ByteArrayInputStream(buf)), > 66: CRLException.class); > 67: System.out.println("NPE checking passed"); No need to print any message. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1343158615 PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1343157583 PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1343159365 From weijun at openjdk.org Mon Oct 2 21:18:38 2023 From: weijun at openjdk.org (Weijun Wang) Date: Mon, 2 Oct 2023 21:18:38 GMT Subject: RFR: 8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore.engineGetEntry [v2] In-Reply-To: <7tOzLBf7ymXGAX4OtkJTXz-hYX9EZUxJNXFCpyEXrHY=.fa7771b8-dc35-4266-a4db-eff3486e8598@github.com> References: <7tOzLBf7ymXGAX4OtkJTXz-hYX9EZUxJNXFCpyEXrHY=.fa7771b8-dc35-4266-a4db-eff3486e8598@github.com> Message-ID: > A different fix after https://github.com/openjdk/jdk/pull/14506 was closed. > > Still haven't made the attributes set immutable but at least it is populated before an entry is added to `entries` and it will never be modified later. > > I tried the newly added `AttributesMultiThread.java` test hundreds of times and only observed failures before this fix (~%2 failure rate). Weijun Wang has updated the pull request incrementally with one additional commit since the last revision: rewrite method comment ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15909/files - new: https://git.openjdk.org/jdk/pull/15909/files/24be313b..71a960b4 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15909&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15909&range=00-01 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/15909.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15909/head:pull/15909 PR: https://git.openjdk.org/jdk/pull/15909 From weijun at openjdk.org Mon Oct 2 21:18:41 2023 From: weijun at openjdk.org (Weijun Wang) Date: Mon, 2 Oct 2023 21:18:41 GMT Subject: RFR: 8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore.engineGetEntry [v2] In-Reply-To: References: <7tOzLBf7ymXGAX4OtkJTXz-hYX9EZUxJNXFCpyEXrHY=.fa7771b8-dc35-4266-a4db-eff3486e8598@github.com> Message-ID: <4YCqoy855XxQQpFUR58nf0deQcIPLURh9ezH9RNoIhs=.b099fcb4-a198-4e11-89b1-beddd6635f32@github.com> On Mon, 2 Oct 2023 20:00:03 GMT, Sean Mullan wrote: >> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision: >> >> rewrite method comment > > src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1435: > >> 1433: >> 1434: /* >> 1435: * Assemble the entry attributes > > Perhaps be a bit more specific here - "Populate the entry with additional attributes used by the implementation." Will add. Thanks. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15909#discussion_r1343160611 From weijun at openjdk.org Mon Oct 2 21:56:11 2023 From: weijun at openjdk.org (Weijun Wang) Date: Mon, 2 Oct 2023 21:56:11 GMT Subject: Integrated: 8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore.engineGetEntry In-Reply-To: <7tOzLBf7ymXGAX4OtkJTXz-hYX9EZUxJNXFCpyEXrHY=.fa7771b8-dc35-4266-a4db-eff3486e8598@github.com> References: <7tOzLBf7ymXGAX4OtkJTXz-hYX9EZUxJNXFCpyEXrHY=.fa7771b8-dc35-4266-a4db-eff3486e8598@github.com> Message-ID: On Mon, 25 Sep 2023 18:12:32 GMT, Weijun Wang wrote: > A different fix after https://github.com/openjdk/jdk/pull/14506 was closed. > > Still haven't made the attributes set immutable but at least it is populated before an entry is added to `entries` and it will never be modified later. > > I tried the newly added `AttributesMultiThread.java` test hundreds of times and only observed failures before this fix (~%2 failure rate). This pull request has now been integrated. Changeset: d2e2c4ce Author: Weijun Wang URL: https://git.openjdk.org/jdk/commit/d2e2c4cef1f15a3fc7f1f619470d23ae6bb37725 Stats: 259 lines in 3 files changed: 250 ins; 2 del; 7 mod 8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore.engineGetEntry Reviewed-by: djelinski, mullan ------------- PR: https://git.openjdk.org/jdk/pull/15909 From mpowers at openjdk.org Mon Oct 2 22:15:15 2023 From: mpowers at openjdk.org (Mark Powers) Date: Mon, 2 Oct 2023 22:15:15 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v5] In-Reply-To: References: Message-ID: > https://bugs.openjdk.org/browse/JDK-8315042 Mark Powers has updated the pull request incrementally with one additional commit since the last revision: a few more comments ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15844/files - new: https://git.openjdk.org/jdk/pull/15844/files/369c3356..2fe7e47c Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15844&range=04 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15844&range=03-04 Stats: 16 lines in 1 file changed: 4 ins; 9 del; 3 mod Patch: https://git.openjdk.org/jdk/pull/15844.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15844/head:pull/15844 PR: https://git.openjdk.org/jdk/pull/15844 From mpowers at openjdk.org Mon Oct 2 22:15:19 2023 From: mpowers at openjdk.org (Mark Powers) Date: Mon, 2 Oct 2023 22:15:19 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v4] In-Reply-To: References:

Message-ID: <67p3owtlPVvWnrTNtYUDCqNR_SWE6oSxpbawu6AeqjU=.6cfd8f56-11ce-4c3f-ad1c-f1b17cd810a2@github.com> On Mon, 2 Oct 2023 20:58:39 GMT, Weijun Wang wrote: >> Mark Powers has updated the pull request incrementally with one additional commit since the last revision: >> >> more comments from Weijun > > test/jdk/sun/security/x509/X509CRLImpl/UnexpectedNPE.java line 27: > >> 25: * @test >> 26: * @bug 5052433 8315042 >> 27: * @summary NullPointerException for generateCRL and generateCRLs methods. > > I didn't notice the `@summary` mention both methods. Now I'm not sure which one is better. You can either update this summary to only mention one or revert the code to check both. I'll revert the code to check both. > test/jdk/sun/security/x509/X509CRLImpl/UnexpectedNPE.java line 47: > >> 45: "MAsGCSqGSMP7TQEHAjI1Bgn///////8wCwUyAQ=="); >> 46: >> 47: if (cf == null) { > > No need to check `if (cf == null)` or catch any exception. Just leave it uncaught. Fixed. > test/jdk/sun/security/x509/X509CRLImpl/UnexpectedNPE.java line 67: > >> 65: () -> cf.generateCRLs(new ByteArrayInputStream(buf)), >> 66: CRLException.class); >> 67: System.out.println("NPE checking passed"); > > No need to print any message. Less is better in my opinion. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1343211943 PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1343211667 PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1343212046 From valeriep at openjdk.org Mon Oct 2 22:30:24 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Mon, 2 Oct 2023 22:30:24 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v4] In-Reply-To: <67p3owtlPVvWnrTNtYUDCqNR_SWE6oSxpbawu6AeqjU=.6cfd8f56-11ce-4c3f-ad1c-f1b17cd810a2@github.com> References:

<67p3owtlPVvWnrTNtYUDCqNR_SWE6oSxpbawu6AeqjU=.6cfd8f56-11ce-4c3f-ad1c-f1b17cd810a2@github.com> Message-ID: On Mon, 2 Oct 2023 22:08:48 GMT, Mark Powers wrote: >> test/jdk/sun/security/x509/X509CRLImpl/UnexpectedNPE.java line 27: >> >>> 25: * @test >>> 26: * @bug 5052433 8315042 >>> 27: * @summary NullPointerException for generateCRL and generateCRLs methods. >> >> I didn't notice the `@summary` mention both methods. Now I'm not sure which one is better. You can either update this summary to only mention one or revert the code to check both. > > I'll revert the code to check both. If we are fixing the summary, can we also elaborate a little more so it's clear that the test is checking for CRLException? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1343223009 From valeriep at openjdk.org Mon Oct 2 22:42:46 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Mon, 2 Oct 2023 22:42:46 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v5] In-Reply-To: References:

Message-ID: On Mon, 2 Oct 2023 22:15:15 GMT, Mark Powers wrote: >> https://bugs.openjdk.org/browse/JDK-8315042 > > Mark Powers has updated the pull request incrementally with one additional commit since the last revision: > > a few more comments Marked as reviewed by valeriep (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/15844#pullrequestreview-1653617622 From mpowers at openjdk.org Mon Oct 2 22:47:12 2023 From: mpowers at openjdk.org (Mark Powers) Date: Mon, 2 Oct 2023 22:47:12 GMT Subject: Integrated: JDK-8296631 NSS tests failing on OL9 linux-aarch64 hosts In-Reply-To: References: Message-ID: On Fri, 8 Sep 2023 19:41:47 GMT, Mark Powers wrote: > https://bugs.openjdk.org/browse/JDK-8296631 This pull request has now been integrated. Changeset: 6e1aacdf Author: Mark Powers Committer: Valerie Peng URL: https://git.openjdk.org/jdk/commit/6e1aacdfba5a32f7b071eea8039888d275827e83 Stats: 43 lines in 11 files changed: 28 ins; 2 del; 13 mod 8296631: NSS tests failing on OL9 linux-aarch64 hosts Reviewed-by: valeriep ------------- PR: https://git.openjdk.org/jdk/pull/15644 From duke at openjdk.org Mon Oct 2 23:03:47 2023 From: duke at openjdk.org (Ben Perez) Date: Mon, 2 Oct 2023 23:03:47 GMT Subject: RFR: 4964430: (spec) missing IllegalStateException exception requirement for javax.crypto.Cipher.doFinal [v2] In-Reply-To: References: <4O3T6mdtagN2edIKmXTq_rHSQOho_dvg5oGtLa72oMY=.5e2e02cd-3eee-4a1e-8b5a-7334bcb888c1@github.com> <0VHfX_zAjpEHPCWuF3vV6-PaEpSFvU4tmeGo-n3bN9A=.59e15728-a118-4d9b-90b1-060f75fef5c4@github.com> Message-ID: On Mon, 25 Sep 2023 23:48:49 GMT, Valerie Peng wrote: > * Cipher.updateAAD(...) methods also calls checkCipherState(), so its javadoc should be updated as well? The current documentation for Cipher.updateAAD(...) is: "@throws IllegalStateException if this {@code Cipher} object is in a wrong state (e.g., has not been initialized), does not accept AAD, or if operating in either GCM or CCM mode and one of the {@code update} methods has already been called for the active encryption/decryption operation" This seems fairly explicit, but I could change the wording to "@throws IllegalStateException if this {@code Cipher} object is in a wrong state (e.g., has not been initialized, or is not in ENCRYPT_MODE or DECRYPT_MODE)" ------------- PR Comment: https://git.openjdk.org/jdk/pull/15727#issuecomment-1743888605 From mpowers at openjdk.org Mon Oct 2 23:14:41 2023 From: mpowers at openjdk.org (Mark Powers) Date: Mon, 2 Oct 2023 23:14:41 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v4] In-Reply-To: References:

Message-ID: On Mon, 2 Oct 2023 23:01:13 GMT, Ben Perez wrote: > > * Cipher.updateAAD(...) methods also calls checkCipherState(), so its javadoc should be updated as well? > > The current documentation for Cipher.updateAAD(...) is: > > "@throws IllegalStateException if this {@code Cipher} object is in a wrong state (e.g., has not been initialized), does not accept AAD, or if operating in either GCM or CCM mode and one of the {@code update} methods has already been called for the active encryption/decryption operation" > > This seems fairly explicit, but I could change the wording to > > "@throws IllegalStateException if this {@code Cipher} object is in a wrong state (e.g., has not been initialized, or is not in ENCRYPT_MODE or DECRYPT_MODE)" We still need the part of "does not accept AAD, or if operating in either GCM or CCM mode and one of the {@code update} methods has already been called for the active encryption/decryption operation". ------------- PR Comment: https://git.openjdk.org/jdk/pull/15727#issuecomment-1743939902 From jwaters at openjdk.org Tue Oct 3 02:29:28 2023 From: jwaters at openjdk.org (Julian Waters) Date: Tue, 3 Oct 2023 02:29:28 GMT Subject: RFR: 8317332: Prepare security for permissive- [v2] In-Reply-To: References: Message-ID: > Prepares java.security.jgss for the permissive- compiler switch by > > - Adding scopes so goto doesn't jump over unitialized locals in sspi.cpp > - Adding a static modifier to a mismatched method declaration in NativeCreds.c, as the definition is static Julian Waters has updated the pull request incrementally with one additional commit since the last revision: Leave out c prefix in sspi.cpp for now ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15996/files - new: https://git.openjdk.org/jdk/pull/15996/files/58ef97c9..f38d27a0 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15996&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15996&range=00-01 Stats: 3 lines in 1 file changed: 0 ins; 0 del; 3 mod Patch: https://git.openjdk.org/jdk/pull/15996.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15996/head:pull/15996 PR: https://git.openjdk.org/jdk/pull/15996 From jwaters at openjdk.org Tue Oct 3 02:55:09 2023 From: jwaters at openjdk.org (Julian Waters) Date: Tue, 3 Oct 2023 02:55:09 GMT Subject: RFR: 8317332: Prepare security for permissive- [v3] In-Reply-To: References: Message-ID: > Prepares java.security.jgss for the permissive- compiler switch by > > - Adding scopes so goto doesn't jump over unitialized locals in sspi.cpp > - Adding a static modifier to a mismatched method declaration in NativeCreds.c, as the definition is static Julian Waters has updated the pull request incrementally with one additional commit since the last revision: Use split declaration and assignment in sspi.cpp ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15996/files - new: https://git.openjdk.org/jdk/pull/15996/files/f38d27a0..53800fc6 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15996&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15996&range=01-02 Stats: 225 lines in 1 file changed: 67 ins; 72 del; 86 mod Patch: https://git.openjdk.org/jdk/pull/15996.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15996/head:pull/15996 PR: https://git.openjdk.org/jdk/pull/15996 From jwaters at openjdk.org Tue Oct 3 02:55:10 2023 From: jwaters at openjdk.org (Julian Waters) Date: Tue, 3 Oct 2023 02:55:10 GMT Subject: RFR: 8317332: Prepare security for permissive- [v3] In-Reply-To: References:

Message-ID: On Mon, 2 Oct 2023 12:27:17 GMT, Daniel Jeli?ski wrote: >> I agree that it's ugly, but at the time I couldn't think of another way to solve the issue. By any chance, why does splitting it out into separate declaration assignment work? Last I remember, it still jumps over the local even when split up like this. > > Well, SO offers a speculative answer: > https://stackoverflow.com/a/14274292 > the modified form is not more safe, but the standard does not forbid it. I tested the new approach on gcc, it worked, so I'll commit it here ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15996#discussion_r1343396615 From jwaters at openjdk.org Tue Oct 3 02:55:39 2023 From: jwaters at openjdk.org (Julian Waters) Date: Tue, 3 Oct 2023 02:55:39 GMT Subject: RFR: 8317332: Prepare security for permissive- [v2] In-Reply-To: References:

Message-ID: On Tue, 3 Oct 2023 02:29:28 GMT, Julian Waters wrote: >> Prepares java.security.jgss for the permissive- compiler switch by >> >> - Adding scopes so goto doesn't jump over unitialized locals in sspi.cpp >> - Adding a static modifier to a mismatched method declaration in NativeCreds.c, as the definition is static > > Julian Waters has updated the pull request incrementally with one additional commit since the last revision: > > Leave out c prefix in sspi.cpp for now @valeriepeng what's your opinion on this? ------------- PR Comment: https://git.openjdk.org/jdk/pull/15996#issuecomment-1744080646 From weijun at openjdk.org Tue Oct 3 14:15:40 2023 From: weijun at openjdk.org (Weijun Wang) Date: Tue, 3 Oct 2023 14:15:40 GMT Subject: RFR: 8317332: Prepare security for permissive- [v3] In-Reply-To: References:

Message-ID: On Tue, 3 Oct 2023 02:55:09 GMT, Julian Waters wrote: >> Prepares java.security.jgss for the permissive- compiler switch by >> >> - Adding scopes so goto doesn't jump over unitialized locals in sspi.cpp >> - Adding a static modifier to a mismatched method declaration in NativeCreds.c, as the definition is static > > Julian Waters has updated the pull request incrementally with one additional commit since the last revision: > > Use split declaration and assignment in sspi.cpp I'm OK with the fix. So separating the declaration and the assignment effectively place all the declarations at the beginning of the block and give them default values? ------------- PR Comment: https://git.openjdk.org/jdk/pull/15996#issuecomment-1745066266 From ecaspole at openjdk.org Tue Oct 3 14:17:37 2023 From: ecaspole at openjdk.org (Eric Caspole) Date: Tue, 3 Oct 2023 14:17:37 GMT Subject: RFR: 8314085: Fixing scope from benchmark to thread for JMH tests having shared state In-Reply-To: References: Message-ID: On Thu, 10 Aug 2023 15:30:19 GMT, Swati Sharma wrote: > In addition to the issue [JDK-8311178](https://bugs.openjdk.org/browse/JDK-8311178), logically fixing the scope from benchmark to thread for below benchmark files having shared state, also which fixes few of the benchmarks scalability problems. > > org/openjdk/bench/java/io/DataInputStreamTest.java > org/openjdk/bench/java/lang/ArrayClone.java > org/openjdk/bench/java/lang/StringCompareToDifferentLength.java > org/openjdk/bench/java/lang/StringCompareToIgnoreCase.java > org/openjdk/bench/java/lang/StringComparisons.java > org/openjdk/bench/java/lang/StringEquals.java > org/openjdk/bench/java/lang/StringFormat.java > org/openjdk/bench/java/lang/StringReplace.java > org/openjdk/bench/java/lang/StringSubstring.java > org/openjdk/bench/java/lang/StringTemplateFMT.java > org/openjdk/bench/java/lang/constant/MethodTypeDescFactories.java > org/openjdk/bench/java/lang/constant/ReferenceClassDescResolve.java > org/openjdk/bench/java/lang/invoke/MethodHandlesConstant.java > org/openjdk/bench/java/lang/invoke/MethodHandlesIdentity.java > org/openjdk/bench/java/lang/invoke/MethodHandlesThrowException.java > org/openjdk/bench/java/lang/invoke/MethodTypeAppendParams.java > org/openjdk/bench/java/lang/invoke/MethodTypeChangeParam.java > org/openjdk/bench/java/lang/invoke/MethodTypeChangeReturn.java > org/openjdk/bench/java/lang/invoke/MethodTypeDropParams.java > org/openjdk/bench/java/lang/invoke/MethodTypeGenerify.java > org/openjdk/bench/java/lang/invoke/MethodTypeInsertParams.java > org/openjdk/bench/java/security/CipherSuiteBench.java > org/openjdk/bench/java/time/GetYearBench.java > org/openjdk/bench/java/time/InstantBench.java > org/openjdk/bench/java/time/format/DateTimeFormatterWithPaddingBench.java > org/openjdk/bench/java/util/ListArgs.java > org/openjdk/bench/java/util/LocaleDefaults.java > org/openjdk/bench/java/util/TestAdler32.java > org/openjdk/bench/java/util/TestCRC32.java > org/openjdk/bench/java/util/TestCRC32C.java > org/openjdk/bench/java/util/regex/Exponential.java > org/openjdk/bench/java/util/regex/Primality.java > org/openjdk/bench/java/util/regex/Trim.java > org/openjdk/bench/javax/crypto/AESReinit.java > org/openjdk/bench/jdk/incubator/vector/LoadMaskedIOOBEBenchmark.java > org/openjdk/bench/vm/compiler/Rotation.java > org/openjdk/bench/vm/compiler/x86/ConvertF2I.java > org/openjdk/bench/vm/compiler/x86/BasicRules.java > > Please review and provide your feedback. > > Thanks, > Swati Looks good, thanks for finding this problem! ------------- Marked as reviewed by ecaspole (Committer). PR Review: https://git.openjdk.org/jdk/pull/15230#pullrequestreview-1655325889 From mdonovan at openjdk.org Tue Oct 3 14:50:28 2023 From: mdonovan at openjdk.org (Matthew Donovan) Date: Tue, 3 Oct 2023 14:50:28 GMT Subject: RFR: 8314283: Support for NSS tests on aarch64 platforms In-Reply-To: <08633LT4oZahJyDN9EKp_OEDOwJ6MfNRRp2TMAyp-84=.92576e72-be06-47fc-aec4-4a6c6ee7488b@github.com> References: <08633LT4oZahJyDN9EKp_OEDOwJ6MfNRRp2TMAyp-84=.92576e72-be06-47fc-aec4-4a6c6ee7488b@github.com> Message-ID: On Fri, 25 Aug 2023 13:02:39 GMT, Matthew Donovan wrote: > This PR updates the version of NSS to 3.91 and includes aarch64 platforms. > > There is a related bug in PR (https://github.com/openjdk/jdk/pull/15217) so we may want to wait for that to merge before merging this one. I updated this PR with changes from https://github.com/openjdk/jdk/pull/15644. ------------- PR Comment: https://git.openjdk.org/jdk/pull/15429#issuecomment-1745129626 From mdonovan at openjdk.org Tue Oct 3 14:50:26 2023 From: mdonovan at openjdk.org (Matthew Donovan) Date: Tue, 3 Oct 2023 14:50:26 GMT Subject: RFR: 8314283: Support for NSS tests on aarch64 platforms [v2] In-Reply-To: <08633LT4oZahJyDN9EKp_OEDOwJ6MfNRRp2TMAyp-84=.92576e72-be06-47fc-aec4-4a6c6ee7488b@github.com> References: <08633LT4oZahJyDN9EKp_OEDOwJ6MfNRRp2TMAyp-84=.92576e72-be06-47fc-aec4-4a6c6ee7488b@github.com> Message-ID: > This PR updates the version of NSS to 3.91 and includes aarch64 platforms. > > There is a related bug in PR (https://github.com/openjdk/jdk/pull/15217) so we may want to wait for that to merge before merging this one. Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains two additional commits since the last revision: - Merge branch 'master' into pkcs11-nss-upgrade - 8314283: Support for NSS tests on aarch64 platforms ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15429/files - new: https://git.openjdk.org/jdk/pull/15429/files/c462b7e7..021b23e4 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15429&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15429&range=00-01 Stats: 121145 lines in 3305 files changed: 55777 ins; 25113 del; 40255 mod Patch: https://git.openjdk.org/jdk/pull/15429.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15429/head:pull/15429 PR: https://git.openjdk.org/jdk/pull/15429 From duke at openjdk.org Tue Oct 3 16:04:04 2023 From: duke at openjdk.org (Swati Sharma) Date: Tue, 3 Oct 2023 16:04:04 GMT Subject: Integrated: 8314085: Fixing scope from benchmark to thread for JMH tests having shared state In-Reply-To: References: Message-ID: On Thu, 10 Aug 2023 15:30:19 GMT, Swati Sharma wrote: > In addition to the issue [JDK-8311178](https://bugs.openjdk.org/browse/JDK-8311178), logically fixing the scope from benchmark to thread for below benchmark files having shared state, also which fixes few of the benchmarks scalability problems. > > org/openjdk/bench/java/io/DataInputStreamTest.java > org/openjdk/bench/java/lang/ArrayClone.java > org/openjdk/bench/java/lang/StringCompareToDifferentLength.java > org/openjdk/bench/java/lang/StringCompareToIgnoreCase.java > org/openjdk/bench/java/lang/StringComparisons.java > org/openjdk/bench/java/lang/StringEquals.java > org/openjdk/bench/java/lang/StringFormat.java > org/openjdk/bench/java/lang/StringReplace.java > org/openjdk/bench/java/lang/StringSubstring.java > org/openjdk/bench/java/lang/StringTemplateFMT.java > org/openjdk/bench/java/lang/constant/MethodTypeDescFactories.java > org/openjdk/bench/java/lang/constant/ReferenceClassDescResolve.java > org/openjdk/bench/java/lang/invoke/MethodHandlesConstant.java > org/openjdk/bench/java/lang/invoke/MethodHandlesIdentity.java > org/openjdk/bench/java/lang/invoke/MethodHandlesThrowException.java > org/openjdk/bench/java/lang/invoke/MethodTypeAppendParams.java > org/openjdk/bench/java/lang/invoke/MethodTypeChangeParam.java > org/openjdk/bench/java/lang/invoke/MethodTypeChangeReturn.java > org/openjdk/bench/java/lang/invoke/MethodTypeDropParams.java > org/openjdk/bench/java/lang/invoke/MethodTypeGenerify.java > org/openjdk/bench/java/lang/invoke/MethodTypeInsertParams.java > org/openjdk/bench/java/security/CipherSuiteBench.java > org/openjdk/bench/java/time/GetYearBench.java > org/openjdk/bench/java/time/InstantBench.java > org/openjdk/bench/java/time/format/DateTimeFormatterWithPaddingBench.java > org/openjdk/bench/java/util/ListArgs.java > org/openjdk/bench/java/util/LocaleDefaults.java > org/openjdk/bench/java/util/TestAdler32.java > org/openjdk/bench/java/util/TestCRC32.java > org/openjdk/bench/java/util/TestCRC32C.java > org/openjdk/bench/java/util/regex/Exponential.java > org/openjdk/bench/java/util/regex/Primality.java > org/openjdk/bench/java/util/regex/Trim.java > org/openjdk/bench/javax/crypto/AESReinit.java > org/openjdk/bench/jdk/incubator/vector/LoadMaskedIOOBEBenchmark.java > org/openjdk/bench/vm/compiler/Rotation.java > org/openjdk/bench/vm/compiler/x86/ConvertF2I.java > org/openjdk/bench/vm/compiler/x86/BasicRules.java > > Please review and provide your feedback. > > Thanks, > Swati This pull request has now been integrated. Changeset: b438cffd Author: Swati Sharma Committer: Sandhya Viswanathan URL: https://git.openjdk.org/jdk/commit/b438cffdb9821fce86d215e452b41810b08b3e71 Stats: 46 lines in 38 files changed: 0 ins; 0 del; 46 mod 8314085: Fixing scope from benchmark to thread for JMH tests having shared state Co-authored-by: Vladimir Ivanov Reviewed-by: sviswanathan, ecaspole ------------- PR: https://git.openjdk.org/jdk/pull/15230 From duke at openjdk.org Tue Oct 3 16:31:57 2023 From: duke at openjdk.org (Ben Perez) Date: Tue, 3 Oct 2023 16:31:57 GMT Subject: RFR: 4964430: (spec) missing IllegalStateException exception requirement for javax.crypto.Cipher.doFinal [v3] In-Reply-To: <4O3T6mdtagN2edIKmXTq_rHSQOho_dvg5oGtLa72oMY=.5e2e02cd-3eee-4a1e-8b5a-7334bcb888c1@github.com> References: <4O3T6mdtagN2edIKmXTq_rHSQOho_dvg5oGtLa72oMY=.5e2e02cd-3eee-4a1e-8b5a-7334bcb888c1@github.com> Message-ID: > Updated IllegalStateException exception requirements for `update`, `doFinal`, `wrap`, and `unwrap` Ben Perez has updated the pull request incrementally with one additional commit since the last revision: Updated doc for updateAAD, fixed copywrite ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15727/files - new: https://git.openjdk.org/jdk/pull/15727/files/ce5b77ff..49c729fc Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15727&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15727&range=01-02 Stats: 9 lines in 1 file changed: 0 ins; 0 del; 9 mod Patch: https://git.openjdk.org/jdk/pull/15727.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15727/head:pull/15727 PR: https://git.openjdk.org/jdk/pull/15727 From duke at openjdk.org Tue Oct 3 16:32:49 2023 From: duke at openjdk.org (Ben Perez) Date: Tue, 3 Oct 2023 16:32:49 GMT Subject: RFR: 4964430: (spec) missing IllegalStateException exception requirement for javax.crypto.Cipher.doFinal [v2] In-Reply-To: References: <4O3T6mdtagN2edIKmXTq_rHSQOho_dvg5oGtLa72oMY=.5e2e02cd-3eee-4a1e-8b5a-7334bcb888c1@github.com> <0VHfX_zAjpEHPCWuF3vV6-PaEpSFvU4tmeGo-n3bN9A=.59e15728-a118-4d9b-90b1-060f75fef5c4@github.com> Message-ID: <9o8lDz0euvQg77ZefHF0nq-I3xYrWNLwHznw52vrKc8=.777c8c62-c3c3-4978-bcfc-0c8c259afaa2@github.com> On Mon, 25 Sep 2023 23:48:49 GMT, Valerie Peng wrote: > * Given the current checkCipherState() impl does not check for states for NullCipher objects, do we want to also update the javax.crypto.NullCipher class javadoc to mention that IllegalStateException is not thrown by various methods? Current documentation is: "The {@code NullCipher} class is a class that provides an "identity cipher" -- one that does not transform the plain text. As a consequence, the ciphertext is identical to the plaintext. All initialization methods do nothing, while the blocksize is set to 1 byte." Would it be sufficient for me to add "Unlike other ciphers, the {@code NullCipher} will not throw an {@code IllegalStateException} when in an incorrect state." ------------- PR Comment: https://git.openjdk.org/jdk/pull/15727#issuecomment-1745321824 From mpowers at openjdk.org Tue Oct 3 20:26:39 2023 From: mpowers at openjdk.org (Mark Powers) Date: Tue, 3 Oct 2023 20:26:39 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v6] In-Reply-To: References: Message-ID: > https://bugs.openjdk.org/browse/JDK-8315042 Mark Powers has updated the pull request incrementally with one additional commit since the last revision: improved @summary ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15844/files - new: https://git.openjdk.org/jdk/pull/15844/files/2fe7e47c..5def33dc Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15844&range=05 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15844&range=04-05 Stats: 2 lines in 1 file changed: 1 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/15844.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15844/head:pull/15844 PR: https://git.openjdk.org/jdk/pull/15844 From weijun at openjdk.org Tue Oct 3 20:26:39 2023 From: weijun at openjdk.org (Weijun Wang) Date: Tue, 3 Oct 2023 20:26:39 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v6] In-Reply-To: References:

Message-ID: On Tue, 3 Oct 2023 19:53:35 GMT, Mark Powers wrote: >> https://bugs.openjdk.org/browse/JDK-8315042 > > Mark Powers has updated the pull request incrementally with one additional commit since the last revision: > > improved @summary Marked as reviewed by weijun (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/15844#pullrequestreview-1655998793 From weijun at openjdk.org Tue Oct 3 20:26:41 2023 From: weijun at openjdk.org (Weijun Wang) Date: Tue, 3 Oct 2023 20:26:41 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v5] In-Reply-To: References:

Message-ID: On Mon, 2 Oct 2023 22:15:15 GMT, Mark Powers wrote: >> https://bugs.openjdk.org/browse/JDK-8315042 > > Mark Powers has updated the pull request incrementally with one additional commit since the last revision: > > a few more comments I changed the summary to be more clear. Can everyone approve again? This will be my last change for sure. ------------- PR Comment: https://git.openjdk.org/jdk/pull/15844#issuecomment-1745622382 From mpowers at openjdk.org Tue Oct 3 20:26:45 2023 From: mpowers at openjdk.org (Mark Powers) Date: Tue, 3 Oct 2023 20:26:45 GMT Subject: RFR: JDK-8315042 NPE in PKCS7.parseOldSignedData [v4] In-Reply-To: References:

<67p3owtlPVvWnrTNtYUDCqNR_SWE6oSxpbawu6AeqjU=.6cfd8f56-11ce-4c3f-ad1c-f1b17cd810a2@github.com> Message-ID: On Mon, 2 Oct 2023 22:27:41 GMT, Valerie Peng wrote: >> I'll revert the code to check both. > > If we are fixing the summary, can we also elaborate a little more so it's clear that the test is checking for CRLException or no NPE is thrown? @valeriepeng I improved the summary a bit. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15844#discussion_r1344644487 From duke at openjdk.org Tue Oct 3 21:13:53 2023 From: duke at openjdk.org (ExE Boss) Date: Tue, 3 Oct 2023 21:13:53 GMT Subject: RFR: 8316964: Security tools should not call System.exit In-Reply-To: References: Message-ID: On Wed, 27 Sep 2023 20:33:49 GMT, Weijun Wang wrote: > Remove most `System.exit()` calls in various security tools and only leave one in the `main` method. This paves the way to convert them to JSR 199 tools. src/java.base/share/classes/sun/security/tools/keytool/Main.java line 433: > 431: } > 432: } catch (ExitException ee) { > 433: throw ee; `ExitException` is?a?private inner?class, so?external?users won?t?be?able to?distinguish?it from?a?regular `Exception` to?extract the?`errorCode`. src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Klist.java line 97: > 95: } > 96: > 97: public void run(String[] args) throws ExitException { Again, leaking?a?`private` `ExitException` from a?`public` method. src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Ktab.java line 92: > 90: } > 91: > 92: public void run(String[] args) throws ExitException { Another `ExitException` leak. src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 319: > 317: return; > 318: } else { > 319: throw ee; And?another `ExitException` leak. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15951#discussion_r1344741198 PR Review Comment: https://git.openjdk.org/jdk/pull/15951#discussion_r1344742062 PR Review Comment: https://git.openjdk.org/jdk/pull/15951#discussion_r1344743018 PR Review Comment: https://git.openjdk.org/jdk/pull/15951#discussion_r1344744211 From weijun at openjdk.org Tue Oct 3 22:29:48 2023 From: weijun at openjdk.org (Weijun Wang) Date: Tue, 3 Oct 2023 22:29:48 GMT Subject: RFR: 8316964: Security tools should not call System.exit In-Reply-To: References:

Message-ID: On Tue, 3 Oct 2023 21:06:44 GMT, ExE Boss wrote: >> Remove most `System.exit()` calls in various security tools and only leave one in the `main` method. This paves the way to convert them to JSR 199 tools. > > src/java.base/share/classes/sun/security/tools/keytool/Main.java line 433: > >> 431: } >> 432: } catch (ExitException ee) { >> 433: throw ee; > > `ExitException` is?a?private inner?class, so?external?users won?t?be?able to?distinguish?it from?a?regular `Exception` to?extract the?`errorCode`. Yes, you are right. I should modify `run` to return an integer and make `ExitException` completely internal. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15951#discussion_r1344806434 From mpowers at openjdk.org Wed Oct 4 00:27:15 2023 From: mpowers at openjdk.org (Mark Powers) Date: Wed, 4 Oct 2023 00:27:15 GMT Subject: Integrated: JDK-8315042 NPE in PKCS7.parseOldSignedData In-Reply-To: References: Message-ID: On Wed, 20 Sep 2023 15:00:28 GMT, Mark Powers wrote: > https://bugs.openjdk.org/browse/JDK-8315042 This pull request has now been integrated. Changeset: 8c0d026d Author: Mark Powers Committer: Valerie Peng URL: https://git.openjdk.org/jdk/commit/8c0d026d0f508e0c896fd28d725915c52d1b689d Stats: 49 lines in 2 files changed: 11 ins; 20 del; 18 mod 8315042: NPE in PKCS7.parseOldSignedData Reviewed-by: valeriep, weijun ------------- PR: https://git.openjdk.org/jdk/pull/15844 From jwaters at openjdk.org Wed Oct 4 04:10:25 2023 From: jwaters at openjdk.org (Julian Waters) Date: Wed, 4 Oct 2023 04:10:25 GMT Subject: RFR: 8317332: Prepare security for permissive- [v3] In-Reply-To: References:

Message-ID: <-9eTgtvs06ZL1VtfNz0ULcfy-K2zVO12l1T_MbF10fg=.2c97221f-8ce3-4e29-8f2d-ed3b394f4eac@github.com> On Tue, 3 Oct 2023 14:13:14 GMT, Weijun Wang wrote: > I'm OK with the fix. So separating the declaration and the assignment effectively place all the declarations at the beginning of the block and give them default values? It doesn't place them at the start of the block, the difference is goto is allowed to jump over uninitialized locals (declaration without assignment) but not over explicitly initialized ones ------------- PR Comment: https://git.openjdk.org/jdk/pull/15996#issuecomment-1746100931 From jwaters at openjdk.org Wed Oct 4 04:10:26 2023 From: jwaters at openjdk.org (Julian Waters) Date: Wed, 4 Oct 2023 04:10:26 GMT Subject: RFR: 8317332: Prepare security for permissive- [v3] In-Reply-To: References:

Message-ID: On Tue, 3 Oct 2023 02:47:02 GMT, Julian Waters wrote: >> Well, SO offers a speculative answer: >> https://stackoverflow.com/a/14274292 >> the modified form is not more safe, but the standard does not forbid it. > > I tested the new approach on gcc, it worked, so I'll commit it here I've changed it to use the split approach, but this feels like a hack to me. I wonder if there's a better way of doing this? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15996#discussion_r1345165527 From djelinski at openjdk.org Wed Oct 4 07:15:45 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Wed, 4 Oct 2023 07:15:45 GMT Subject: RFR: 8317332: Prepare security for permissive- [v3] In-Reply-To: References:

Message-ID: On Wed, 4 Oct 2023 04:08:13 GMT, Julian Waters wrote: >> I tested the new approach on gcc, it worked, so I'll commit it here > > I've changed it to use the split approach, but this feels like a hack to me. I wonder if there's a better way of doing this? well goto was always a hack; less hacky solution would involve splitting the giant function into smaller parts, so that replacing goto with an else block doesn't increase indentation too much. But if it ain't broke... ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15996#discussion_r1345304742 From karl.scheibelhofer at gmx.net Wed Oct 4 08:21:43 2023 From: karl.scheibelhofer at gmx.net (Karl Scheibelhofer) Date: Wed, 4 Oct 2023 10:21:43 +0200 Subject: [External] : Re: PEM KeyStore Implementation In-Reply-To: References: <3b644da6-a6b9-7a0e-67c3-9ced4e39e6d8@oracle.com> <7d4fb455-d637-ecc3-7e2a-8f1b8dc6ef36@oracle.com> Message-ID: Hi All, I would like to contribute my PEM KeyStore implementation to the OpenJDK, including integration in the OpenJDK source and creating a pull request. What is the recommended way to do this? Who can create a suitable ticket in OpenJDK to document the enhancement and to track the progress? What are the requirements for a pull request to get merged? Best regards Karl Am Mi., 20. Sept. 2023 um 11:26 Uhr schrieb Karl Scheibelhofer : > > Hi Tony! > > When the PEM API implementation becomes available it would make sense > to use it inside the PEM Keystore implementation. It will reduce the > code (the internal classes PemReader und PemWriter may become > obsolete), but it does not affect the functionality of the PEM > keystore. Users of the PEM Keystore won't experience a difference. > > Let me know when there is something for the PEM API and I will see if > I can assist. > > I would suggest starting with PEM Keystore now and not wait for the > PEM API, because the time schedule for it seems vague. I would try to > refactor my current PEM Keystore implementation to integrate in the > OpenJDK sun.security.provider package. I do not expect any API changes > or other compatibility issues with existing code. Then consult this > group for feedback before creating a pull request. > > When the PEM API becomes available, rework the PEM Keystore > implementation to use it internally. > > What do you think? > > Best regards > > Karl Scheibelhofer > > Am Di., 19. Sept. 2023 um 22:31 Uhr schrieb Anthony Scarpino > : > > > > There are no doc links yet. > > > > Tony > > > > On 9/10/23 1:04 AM, Karl Scheibelhofer wrote: > > > Hi Tony, > > > > > > The motivation was mostly about reading PEM keys and certificates > > > generated somewhere else. This is common practice in enterprise > > > environments I work in. Because corporate key material is subject to > > > centralized key management, including generation, backup and rollover. > > > PEM is the format most software products can handle. For Java > > > applications, having a PEM KeyStore would reduce the often required > > > additional step of converting PEM key and certificate in a Java > > > Keystore/PKCS#12. > > > Even truststores handling is easier with individual PEM certificates > > > instead of a single PKCS#12 Truststore. Adding or deleting a single > > > file instead of replacing the complete PKCS#12 store is less error > > > prone and cleaner to track in version control. The additional benefit > > > of a MAC in PKCS#12 adds little to no security in most cases. > > > And being text based, PEM is more version control friendly than binary PKCS#12. > > > > > > But to enable sound support of PEM, I also implemented writing PEM > > > keys and certificates. This way, one can use the JDK keytool to > > > generate key and certificate signing requests in PEM format. Getting > > > the certificate from the CA in PEM, one can use PEM throughout the > > > process. > > > > > > Do you have any links or documentation on the PEM API JEP that you mentioned? > > > > > > Thank you for your feedback and best regards > > > > > > Karl > > > > > > Am Fr., 8. Sept. 2023 um 21:17 Uhr schrieb Anthony Scarpino > > > : > > >> > > >> Hi Karl > > >> > > >> The keystore is interesting and may have some value. Was your use case > > >> mostly reading PEM keys and certificates generated elsewhere for use > > >> with a particular application, maybe webservers? Did you see value in > > >> writing to this keystore from Java? > > >> > > >> On the topic of PEM, I hope before the end of the year to have a PEM API > > >> JEP. I would be interested in your API feedback from your keystore > > >> experiences. I think if this keystore contribution was accepted, it > > >> should wait so it can use that API. > > >> > > >> thanks > > >> > > >> Tony > > >> > > >> > > >> On 9/1/23 12:15 PM, Karl Scheibelhofer wrote: > > >>> Hi, > > >>> > > >>> Working with Java and the JCA KeyStore for decades, I came across > > >>> many situations where I thought it would be convenient to be > > >>> able to load private keys and certificates in PEM format directly > > >>> using the KeyStore API. Without the need to convert them to PKCS#12/JKS. > > >>> > > >>> You can find my implementation of a PEM KeyStore in > > >>> https://urldefense.com/v3/__https://github.com/KarlScheibelhofer/java-crypto-tools__;!!ACWV5N9M2RV99hQ!Oty2x6ce8fseqwbwEZ1eFN9xJCtVxU8aUXn1GXt81SA1JkTeB9GSykdwShzJKOFYUAA1oUtLGaX1kmZV984WRsO-8KQq5dw$ . > > >>> > > >>> I wondered if it would make sense to integrate such an implementation > > >>> in one of the standard providers of OpenJDK - like the SUN provider. > > >>> What do you think? > > >>> > > >>> Best regards > > >>> > > >>> Karl From sean.mullan at oracle.com Wed Oct 4 11:58:39 2023 From: sean.mullan at oracle.com (Sean Mullan) Date: Wed, 4 Oct 2023 11:58:39 +0000 Subject: [External] : Re: PEM KeyStore Implementation In-Reply-To: References: <3b644da6-a6b9-7a0e-67c3-9ced4e39e6d8@oracle.com> <7d4fb455-d637-ecc3-7e2a-8f1b8dc6ef36@oracle.com>

Message-ID: Hi Karl, The OpenJDK Developer?s Guide includes a helpful section on Contributing to an OpenJDK Project [1]. I suggest you read through that if you have not already. In particular, have you signed the OCA? I don?t want to review your code/contribution until that is done. For this particular contribution, I don?t think there has been enough discussion and evaluation from members of the Security project. This would be a fairly major contribution. Keep in mind that a contribution doesn?t mean the work ends there. There would need to be documentation, tests, and ongoing support for the foreseeable future. We need to think about these aspects every time we add a new feature, so there needs to be a strong motivation for doing it. Thanks, Sean [1] https://openjdk.org/guide/#contributing-to-an-openjdk-project > On Oct 4, 2023, at 4:21 AM, Karl Scheibelhofer wrote: > > Hi All, > > I would like to contribute my PEM KeyStore implementation to the > OpenJDK, including integration in the OpenJDK source and creating a > pull request. > What is the recommended way to do this? > Who can create a suitable ticket in OpenJDK to document the > enhancement and to track the progress? > > What are the requirements for a pull request to get merged? > > Best regards > > Karl > > Am Mi., 20. Sept. 2023 um 11:26 Uhr schrieb Karl Scheibelhofer > : >> >> Hi Tony! >> >> When the PEM API implementation becomes available it would make sense >> to use it inside the PEM Keystore implementation. It will reduce the >> code (the internal classes PemReader und PemWriter may become >> obsolete), but it does not affect the functionality of the PEM >> keystore. Users of the PEM Keystore won't experience a difference. >> >> Let me know when there is something for the PEM API and I will see if >> I can assist. >> >> I would suggest starting with PEM Keystore now and not wait for the >> PEM API, because the time schedule for it seems vague. I would try to >> refactor my current PEM Keystore implementation to integrate in the >> OpenJDK sun.security.provider package. I do not expect any API changes >> or other compatibility issues with existing code. Then consult this >> group for feedback before creating a pull request. >> >> When the PEM API becomes available, rework the PEM Keystore >> implementation to use it internally. >> >> What do you think? >> >> Best regards >> >> Karl Scheibelhofer >> >> Am Di., 19. Sept. 2023 um 22:31 Uhr schrieb Anthony Scarpino >> : >>> >>> There are no doc links yet. >>> >>> Tony >>> >>> On 9/10/23 1:04 AM, Karl Scheibelhofer wrote: >>>> Hi Tony, >>>> >>>> The motivation was mostly about reading PEM keys and certificates >>>> generated somewhere else. This is common practice in enterprise >>>> environments I work in. Because corporate key material is subject to >>>> centralized key management, including generation, backup and rollover. >>>> PEM is the format most software products can handle. For Java >>>> applications, having a PEM KeyStore would reduce the often required >>>> additional step of converting PEM key and certificate in a Java >>>> Keystore/PKCS#12. >>>> Even truststores handling is easier with individual PEM certificates >>>> instead of a single PKCS#12 Truststore. Adding or deleting a single >>>> file instead of replacing the complete PKCS#12 store is less error >>>> prone and cleaner to track in version control. The additional benefit >>>> of a MAC in PKCS#12 adds little to no security in most cases. >>>> And being text based, PEM is more version control friendly than binary PKCS#12. >>>> >>>> But to enable sound support of PEM, I also implemented writing PEM >>>> keys and certificates. This way, one can use the JDK keytool to >>>> generate key and certificate signing requests in PEM format. Getting >>>> the certificate from the CA in PEM, one can use PEM throughout the >>>> process. >>>> >>>> Do you have any links or documentation on the PEM API JEP that you mentioned? >>>> >>>> Thank you for your feedback and best regards >>>> >>>> Karl >>>> >>>> Am Fr., 8. Sept. 2023 um 21:17 Uhr schrieb Anthony Scarpino >>>> : >>>>> >>>>> Hi Karl >>>>> >>>>> The keystore is interesting and may have some value. Was your use case >>>>> mostly reading PEM keys and certificates generated elsewhere for use >>>>> with a particular application, maybe webservers? Did you see value in >>>>> writing to this keystore from Java? >>>>> >>>>> On the topic of PEM, I hope before the end of the year to have a PEM API >>>>> JEP. I would be interested in your API feedback from your keystore >>>>> experiences. I think if this keystore contribution was accepted, it >>>>> should wait so it can use that API. >>>>> >>>>> thanks >>>>> >>>>> Tony >>>>> >>>>> >>>>> On 9/1/23 12:15 PM, Karl Scheibelhofer wrote: >>>>>> Hi, >>>>>> >>>>>> Working with Java and the JCA KeyStore for decades, I came across >>>>>> many situations where I thought it would be convenient to be >>>>>> able to load private keys and certificates in PEM format directly >>>>>> using the KeyStore API. Without the need to convert them to PKCS#12/JKS. >>>>>> >>>>>> You can find my implementation of a PEM KeyStore in >>>>>> https://urldefense.com/v3/__https://github.com/KarlScheibelhofer/java-crypto-tools__;!!ACWV5N9M2RV99hQ!Oty2x6ce8fseqwbwEZ1eFN9xJCtVxU8aUXn1GXt81SA1JkTeB9GSykdwShzJKOFYUAA1oUtLGaX1kmZV984WRsO-8KQq5dw$ . >>>>>> >>>>>> I wondered if it would make sense to integrate such an implementation >>>>>> in one of the standard providers of OpenJDK - like the SUN provider. >>>>>> What do you think? >>>>>> >>>>>> Best regards >>>>>> >>>>>> Karl From weijun at openjdk.org Wed Oct 4 13:38:34 2023 From: weijun at openjdk.org (Weijun Wang) Date: Wed, 4 Oct 2023 13:38:34 GMT Subject: RFR: 8317332: Prepare security for permissive- [v3] In-Reply-To: References:

Message-ID: <1dBHeY8aTscyzalE9AD7DNCCPMd7oaEUckBcdNZuV4M=.1d8e3ce4-5406-41b4-afb7-af95b414da19@github.com> On Tue, 3 Oct 2023 02:55:09 GMT, Julian Waters wrote: >> Prepares java.security.jgss for the permissive- compiler switch by >> >> - Adding scopes so goto doesn't jump over unitialized locals in sspi.cpp >> - Adding a static modifier to a mismatched method declaration in NativeCreds.c, as the definition is static > > Julian Waters has updated the pull request incrementally with one additional commit since the last revision: > > Use split declaration and assignment in sspi.cpp Marked as reviewed by weijun (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/15996#pullrequestreview-1657555820 From valeriep at openjdk.org Wed Oct 4 17:33:33 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Wed, 4 Oct 2023 17:33:33 GMT Subject: RFR: 8317332: Prepare security for permissive- [v2] In-Reply-To: References:

Message-ID: On Tue, 3 Oct 2023 02:50:02 GMT, Julian Waters wrote: > @valeriepeng what's your opinion on this? Changes look fine to me. Although I wonder if we should add a comment to prevent future modification which re-introduces the old code... ------------- PR Comment: https://git.openjdk.org/jdk/pull/15996#issuecomment-1747346566 From duke at openjdk.org Wed Oct 4 20:45:37 2023 From: duke at openjdk.org (duke) Date: Wed, 4 Oct 2023 20:45:37 GMT Subject: Withdrawn: 8311596: Add separate system properties for TLS server and client for maximum chain length In-Reply-To: References: Message-ID: <0oARJpdrCY3Yr23FgUX4MwGmyRQS_fJbp1elEVDy8vs=.0c5cc6c5-7ed4-43cb-8ec6-8fca796c14da@github.com> On Fri, 4 Aug 2023 17:30:06 GMT, Hai-May Chao wrote: > Please review the enhancement for JDK-8311596 and its CSR JDK-8313236. Thank you. This pull request has been closed without being integrated. ------------- PR: https://git.openjdk.org/jdk/pull/15163 From valeriep at openjdk.org Wed Oct 4 20:47:12 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Wed, 4 Oct 2023 20:47:12 GMT Subject: RFR: 8317332: Prepare security for permissive- [v3] In-Reply-To: References:

Message-ID: Hi Sean, Yes, I had a look at the Contributing docs at the OpenJDK site before. I also signed the OCA. Honestly, I thought there would be some more reaction on the suggested PEM KeyStore. It would really be good to discuss the topic with others. Is there anything we can do to get others in sharing their thoughts on this? There is already a fair amount of documentation und unit tests. See https://github.com/KarlScheibelhofer/java-crypto-tools/ . Best regards, Karl On Wed, Oct 4, 2023, 13:58 Sean Mullan wrote: > Hi Karl, > > The OpenJDK Developer?s Guide includes a helpful section on Contributing > to an OpenJDK Project [1]. I suggest you read through that if you have not > already. In particular, have you signed the OCA? I don?t want to review > your code/contribution until that is done. > > For this particular contribution, I don?t think there has been enough > discussion and evaluation from members of the Security project. This would > be a fairly major contribution. Keep in mind that a contribution doesn?t > mean the work ends there. There would need to be documentation, tests, and > ongoing support for the foreseeable future. We need to think about these > aspects every time we add a new feature, so there needs to be a strong > motivation for doing it. > > Thanks, > Sean > > [1] https://openjdk.org/guide/#contributing-to-an-openjdk-project > > > On Oct 4, 2023, at 4:21 AM, Karl Scheibelhofer < > karl.scheibelhofer at gmx.net> wrote: > > > > Hi All, > > > > I would like to contribute my PEM KeyStore implementation to the > > OpenJDK, including integration in the OpenJDK source and creating a > > pull request. > > What is the recommended way to do this? > > Who can create a suitable ticket in OpenJDK to document the > > enhancement and to track the progress? > > > > What are the requirements for a pull request to get merged? > > > > Best regards > > > > Karl > > > > Am Mi., 20. Sept. 2023 um 11:26 Uhr schrieb Karl Scheibelhofer > > : > >> > >> Hi Tony! > >> > >> When the PEM API implementation becomes available it would make sense > >> to use it inside the PEM Keystore implementation. It will reduce the > >> code (the internal classes PemReader und PemWriter may become > >> obsolete), but it does not affect the functionality of the PEM > >> keystore. Users of the PEM Keystore won't experience a difference. > >> > >> Let me know when there is something for the PEM API and I will see if > >> I can assist. > >> > >> I would suggest starting with PEM Keystore now and not wait for the > >> PEM API, because the time schedule for it seems vague. I would try to > >> refactor my current PEM Keystore implementation to integrate in the > >> OpenJDK sun.security.provider package. I do not expect any API changes > >> or other compatibility issues with existing code. Then consult this > >> group for feedback before creating a pull request. > >> > >> When the PEM API becomes available, rework the PEM Keystore > >> implementation to use it internally. > >> > >> What do you think? > >> > >> Best regards > >> > >> Karl Scheibelhofer > >> > >> Am Di., 19. Sept. 2023 um 22:31 Uhr schrieb Anthony Scarpino > >> : > >>> > >>> There are no doc links yet. > >>> > >>> Tony > >>> > >>> On 9/10/23 1:04 AM, Karl Scheibelhofer wrote: > >>>> Hi Tony, > >>>> > >>>> The motivation was mostly about reading PEM keys and certificates > >>>> generated somewhere else. This is common practice in enterprise > >>>> environments I work in. Because corporate key material is subject to > >>>> centralized key management, including generation, backup and rollover. > >>>> PEM is the format most software products can handle. For Java > >>>> applications, having a PEM KeyStore would reduce the often required > >>>> additional step of converting PEM key and certificate in a Java > >>>> Keystore/PKCS#12. > >>>> Even truststores handling is easier with individual PEM certificates > >>>> instead of a single PKCS#12 Truststore. Adding or deleting a single > >>>> file instead of replacing the complete PKCS#12 store is less error > >>>> prone and cleaner to track in version control. The additional benefit > >>>> of a MAC in PKCS#12 adds little to no security in most cases. > >>>> And being text based, PEM is more version control friendly than > binary PKCS#12. > >>>> > >>>> But to enable sound support of PEM, I also implemented writing PEM > >>>> keys and certificates. This way, one can use the JDK keytool to > >>>> generate key and certificate signing requests in PEM format. Getting > >>>> the certificate from the CA in PEM, one can use PEM throughout the > >>>> process. > >>>> > >>>> Do you have any links or documentation on the PEM API JEP that you > mentioned? > >>>> > >>>> Thank you for your feedback and best regards > >>>> > >>>> Karl > >>>> > >>>> Am Fr., 8. Sept. 2023 um 21:17 Uhr schrieb Anthony Scarpino > >>>> : > >>>>> > >>>>> Hi Karl > >>>>> > >>>>> The keystore is interesting and may have some value. Was your use > case > >>>>> mostly reading PEM keys and certificates generated elsewhere for use > >>>>> with a particular application, maybe webservers? Did you see value > in > >>>>> writing to this keystore from Java? > >>>>> > >>>>> On the topic of PEM, I hope before the end of the year to have a PEM > API > >>>>> JEP. I would be interested in your API feedback from your keystore > >>>>> experiences. I think if this keystore contribution was accepted, it > >>>>> should wait so it can use that API. > >>>>> > >>>>> thanks > >>>>> > >>>>> Tony > >>>>> > >>>>> > >>>>> On 9/1/23 12:15 PM, Karl Scheibelhofer wrote: > >>>>>> Hi, > >>>>>> > >>>>>> Working with Java and the JCA KeyStore for decades, I came across > >>>>>> many situations where I thought it would be convenient to be > >>>>>> able to load private keys and certificates in PEM format directly > >>>>>> using the KeyStore API. Without the need to convert them to > PKCS#12/JKS. > >>>>>> > >>>>>> You can find my implementation of a PEM KeyStore in > >>>>>> > https://urldefense.com/v3/__https://github.com/KarlScheibelhofer/java-crypto-tools__;!!ACWV5N9M2RV99hQ!Oty2x6ce8fseqwbwEZ1eFN9xJCtVxU8aUXn1GXt81SA1JkTeB9GSykdwShzJKOFYUAA1oUtLGaX1kmZV984WRsO-8KQq5dw$ > . > >>>>>> > >>>>>> I wondered if it would make sense to integrate such an > implementation > >>>>>> in one of the standard providers of OpenJDK - like the SUN provider. > >>>>>> What do you think? > >>>>>> > >>>>>> Best regards > >>>>>> > >>>>>> Karl > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From djelinski at openjdk.org Thu Oct 5 07:15:16 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Thu, 5 Oct 2023 07:15:16 GMT Subject: RFR: JDK-8314901: AES-GCM interleaved implementation using AVX2 instructions [v3] In-Reply-To: References:

Message-ID: On Oct 5, 2023, at 2:48 AM, Karl Scheibelhofer > wrote: Hi Sean, Yes, I had a look at the Contributing docs at the OpenJDK site before. I also signed the OCA. Great, thanks. Honestly, I thought there would be some more reaction on the suggested PEM KeyStore. It would really be good to discuss the topic with others. Is there anything we can do to get others in sharing their thoughts on this? I think there is a fair amount of interest in it, but reviewing something significant like this takes a bit of time, as I mentioned in my prior email. Also, if we do decide to accept the contribution, we want to make sure it works well with the PEM API that we are working on - we hope to have a draft of a JEP for that out in the next few weeks. So I think we probably need a few weeks to review your contribution. There is already a fair amount of documentation und unit tests. See https://github.com/KarlScheibelhofer/java-crypto-tools/ . Ok. ?Sean Best regards, Karl On Wed, Oct 4, 2023, 13:58 Sean Mullan > wrote: Hi Karl, The OpenJDK Developer?s Guide includes a helpful section on Contributing to an OpenJDK Project [1]. I suggest you read through that if you have not already. In particular, have you signed the OCA? I don?t want to review your code/contribution until that is done. For this particular contribution, I don?t think there has been enough discussion and evaluation from members of the Security project. This would be a fairly major contribution. Keep in mind that a contribution doesn?t mean the work ends there. There would need to be documentation, tests, and ongoing support for the foreseeable future. We need to think about these aspects every time we add a new feature, so there needs to be a strong motivation for doing it. Thanks, Sean [1] https://openjdk.org/guide/#contributing-to-an-openjdk-project > On Oct 4, 2023, at 4:21 AM, Karl Scheibelhofer > wrote: > > Hi All, > > I would like to contribute my PEM KeyStore implementation to the > OpenJDK, including integration in the OpenJDK source and creating a > pull request. > What is the recommended way to do this? > Who can create a suitable ticket in OpenJDK to document the > enhancement and to track the progress? > > What are the requirements for a pull request to get merged? > > Best regards > > Karl > > Am Mi., 20. Sept. 2023 um 11:26 Uhr schrieb Karl Scheibelhofer > >: >> >> Hi Tony! >> >> When the PEM API implementation becomes available it would make sense >> to use it inside the PEM Keystore implementation. It will reduce the >> code (the internal classes PemReader und PemWriter may become >> obsolete), but it does not affect the functionality of the PEM >> keystore. Users of the PEM Keystore won't experience a difference. >> >> Let me know when there is something for the PEM API and I will see if >> I can assist. >> >> I would suggest starting with PEM Keystore now and not wait for the >> PEM API, because the time schedule for it seems vague. I would try to >> refactor my current PEM Keystore implementation to integrate in the >> OpenJDK sun.security.provider package. I do not expect any API changes >> or other compatibility issues with existing code. Then consult this >> group for feedback before creating a pull request. >> >> When the PEM API becomes available, rework the PEM Keystore >> implementation to use it internally. >> >> What do you think? >> >> Best regards >> >> Karl Scheibelhofer >> >> Am Di., 19. Sept. 2023 um 22:31 Uhr schrieb Anthony Scarpino >> >: >>> >>> There are no doc links yet. >>> >>> Tony >>> >>> On 9/10/23 1:04 AM, Karl Scheibelhofer wrote: >>>> Hi Tony, >>>> >>>> The motivation was mostly about reading PEM keys and certificates >>>> generated somewhere else. This is common practice in enterprise >>>> environments I work in. Because corporate key material is subject to >>>> centralized key management, including generation, backup and rollover. >>>> PEM is the format most software products can handle. For Java >>>> applications, having a PEM KeyStore would reduce the often required >>>> additional step of converting PEM key and certificate in a Java >>>> Keystore/PKCS#12. >>>> Even truststores handling is easier with individual PEM certificates >>>> instead of a single PKCS#12 Truststore. Adding or deleting a single >>>> file instead of replacing the complete PKCS#12 store is less error >>>> prone and cleaner to track in version control. The additional benefit >>>> of a MAC in PKCS#12 adds little to no security in most cases. >>>> And being text based, PEM is more version control friendly than binary PKCS#12. >>>> >>>> But to enable sound support of PEM, I also implemented writing PEM >>>> keys and certificates. This way, one can use the JDK keytool to >>>> generate key and certificate signing requests in PEM format. Getting >>>> the certificate from the CA in PEM, one can use PEM throughout the >>>> process. >>>> >>>> Do you have any links or documentation on the PEM API JEP that you mentioned? >>>> >>>> Thank you for your feedback and best regards >>>> >>>> Karl >>>> >>>> Am Fr., 8. Sept. 2023 um 21:17 Uhr schrieb Anthony Scarpino >>>> >: >>>>> >>>>> Hi Karl >>>>> >>>>> The keystore is interesting and may have some value. Was your use case >>>>> mostly reading PEM keys and certificates generated elsewhere for use >>>>> with a particular application, maybe webservers? Did you see value in >>>>> writing to this keystore from Java? >>>>> >>>>> On the topic of PEM, I hope before the end of the year to have a PEM API >>>>> JEP. I would be interested in your API feedback from your keystore >>>>> experiences. I think if this keystore contribution was accepted, it >>>>> should wait so it can use that API. >>>>> >>>>> thanks >>>>> >>>>> Tony >>>>> >>>>> >>>>> On 9/1/23 12:15 PM, Karl Scheibelhofer wrote: >>>>>> Hi, >>>>>> >>>>>> Working with Java and the JCA KeyStore for decades, I came across >>>>>> many situations where I thought it would be convenient to be >>>>>> able to load private keys and certificates in PEM format directly >>>>>> using the KeyStore API. Without the need to convert them to PKCS#12/JKS. >>>>>> >>>>>> You can find my implementation of a PEM KeyStore in >>>>>> https://urldefense.com/v3/__https://github.com/KarlScheibelhofer/java-crypto-tools__;!!ACWV5N9M2RV99hQ!Oty2x6ce8fseqwbwEZ1eFN9xJCtVxU8aUXn1GXt81SA1JkTeB9GSykdwShzJKOFYUAA1oUtLGaX1kmZV984WRsO-8KQq5dw$ . >>>>>> >>>>>> I wondered if it would make sense to integrate such an implementation >>>>>> in one of the standard providers of OpenJDK - like the SUN provider. >>>>>> What do you think? >>>>>> >>>>>> Best regards >>>>>> >>>>>> Karl -------------- next part -------------- An HTML attachment was scrubbed... URL: From mullan at openjdk.org Thu Oct 5 14:55:30 2023 From: mullan at openjdk.org (Sean Mullan) Date: Thu, 5 Oct 2023 14:55:30 GMT Subject: RFR: 4964430: (spec) missing IllegalStateException exception requirement for javax.crypto.Cipher.doFinal [v4] In-Reply-To: <2LdQp-8RYoGcfVTS1BLYfUIhJUAcnH1cmoklGwmdeYI=.ea837d58-34cd-4759-8b6d-22d9a4cebfb2@github.com> References: <4O3T6mdtagN2edIKmXTq_rHSQOho_dvg5oGtLa72oMY=.5e2e02cd-3eee-4a1e-8b5a-7334bcb888c1@github.com> <2LdQp-8RYoGcfVTS1BLYfUIhJUAcnH1cmoklGwmdeYI=.ea837d58-34cd-4759-8b6d-22d9a4cebfb2@github.com> Message-ID: On Wed, 4 Oct 2023 22:36:57 GMT, Ben Perez wrote: >> Updated IllegalStateException exception requirements for `update`, `doFinal`, `wrap`, and `unwrap` > > Ben Perez has updated the pull request incrementally with one additional commit since the last revision: > > Updated docs for NullCipher to indicate it will not throw and IllegalStateException when calling Cipher methods in bad state Changes requested by mullan (Reviewer). src/java.base/share/classes/javax/crypto/Cipher.java line 1855: > 1853: * @throws IllegalStateException if this {@code Cipher} object is in a > 1854: * wrong state (e.g., has not been initialized, or is not > 1855: * in ENCRYPT_MODE or DECRYPT_MODE) Use code format when referencing the modes, ex: change this line to: `* in {@code ENCRYPT_MODE} or {@code DECRYPT_MODE})` Same comment applies to all other applicable lines below. src/java.base/share/classes/javax/crypto/NullCipher.java line 35: > 33: * byte. Unlike other ciphers, the {@code NullCipher} will not throw an > 34: * {@code IllegalStateException} when calling {@code Cipher} methods > 35: * in an incorrect state. Suggest rewording last part as "... when {@code Cipher} methods are called in an incorrect state." I also think we should say a NullCipher has no state. So how about: "Unlike other ciphers, the {@code NullCipher} has no state, and will not throw an {@code IllegalStateException} when {@code Cipher} methods are called in an incorrect state." ------------- PR Review: https://git.openjdk.org/jdk/pull/15727#pullrequestreview-1660017070 PR Review Comment: https://git.openjdk.org/jdk/pull/15727#discussion_r1347514833 PR Review Comment: https://git.openjdk.org/jdk/pull/15727#discussion_r1347520301 From duke at openjdk.org Thu Oct 5 15:20:26 2023 From: duke at openjdk.org (Ferenc Rakoczi) Date: Thu, 5 Oct 2023 15:20:26 GMT Subject: RFR: 4964430: (spec) missing IllegalStateException exception requirement for javax.crypto.Cipher.doFinal [v4] In-Reply-To: References: <4O3T6mdtagN2edIKmXTq_rHSQOho_dvg5oGtLa72oMY=.5e2e02cd-3eee-4a1e-8b5a-7334bcb888c1@github.com> <2LdQp-8RYoGcfVTS1BLYfUIhJUAcnH1cmoklGwmdeYI=.ea837d58-34cd-4759-8b6d-22d9a4cebfb2@github.com> Message-ID: On Thu, 5 Oct 2023 14:29:35 GMT, Sean Mullan wrote: >> Ben Perez has updated the pull request incrementally with one additional commit since the last revision: >> >> Updated docs for NullCipher to indicate it will not throw and IllegalStateException when calling Cipher methods in bad state > > src/java.base/share/classes/javax/crypto/NullCipher.java line 35: > >> 33: * byte. Unlike other ciphers, the {@code NullCipher} will not throw an >> 34: * {@code IllegalStateException} when calling {@code Cipher} methods >> 35: * in an incorrect state. > > Suggest rewording last part as "... when {@code Cipher} methods are called in an incorrect state." I also think we should say a NullCipher has no state. So how about: > > "Unlike other ciphers, the {@code NullCipher} has no state, and will not throw an {@code IllegalStateException} when {@code Cipher} methods are called in an incorrect state." Well, if it has no state it cannot be in an incorrect state so the " in an incorrect state" part can be omitted. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15727#discussion_r1347596323 From mullan at openjdk.org Thu Oct 5 17:04:22 2023 From: mullan at openjdk.org (Sean Mullan) Date: Thu, 5 Oct 2023 17:04:22 GMT Subject: RFR: 4964430: (spec) missing IllegalStateException exception requirement for javax.crypto.Cipher.doFinal [v4] In-Reply-To: References: <4O3T6mdtagN2edIKmXTq_rHSQOho_dvg5oGtLa72oMY=.5e2e02cd-3eee-4a1e-8b5a-7334bcb888c1@github.com> <2LdQp-8RYoGcfVTS1BLYfUIhJUAcnH1cmoklGwmdeYI=.ea837d58-34cd-4759-8b6d-22d9a4cebfb2@github.com>

Message-ID: On Thu, 5 Oct 2023 15:17:51 GMT, Ferenc Rakoczi wrote: >> src/java.base/share/classes/javax/crypto/NullCipher.java line 35: >> >>> 33: * byte. Unlike other ciphers, the {@code NullCipher} will not throw an >>> 34: * {@code IllegalStateException} when calling {@code Cipher} methods >>> 35: * in an incorrect state. >> >> Suggest rewording last part as "... when {@code Cipher} methods are called in an incorrect state." I also think we should say a NullCipher has no state. So how about: >> >> "Unlike other ciphers, the {@code NullCipher} has no state, and will not throw an {@code IllegalStateException} when {@code Cipher} methods are called in an incorrect state." > > Well, if it has no state it cannot be in an incorrect state so the " in an incorrect state" part can be omitted. Good point! ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15727#discussion_r1347732731 From duke at openjdk.org Thu Oct 5 17:28:46 2023 From: duke at openjdk.org (Ben Perez) Date: Thu, 5 Oct 2023 17:28:46 GMT Subject: RFR: 4964430: (spec) missing IllegalStateException exception requirement for javax.crypto.Cipher.doFinal [v5] In-Reply-To: <4O3T6mdtagN2edIKmXTq_rHSQOho_dvg5oGtLa72oMY=.5e2e02cd-3eee-4a1e-8b5a-7334bcb888c1@github.com> References: <4O3T6mdtagN2edIKmXTq_rHSQOho_dvg5oGtLa72oMY=.5e2e02cd-3eee-4a1e-8b5a-7334bcb888c1@github.com> Message-ID: > Updated IllegalStateException exception requirements for `update`, `doFinal`, `wrap`, and `unwrap` Ben Perez has updated the pull request incrementally with one additional commit since the last revision: Wording change for NullCipher doc, added @code tags ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15727/files - new: https://git.openjdk.org/jdk/pull/15727/files/8955ffe5..201275d0 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15727&range=04 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15727&range=03-04 Stats: 32 lines in 2 files changed: 3 ins; 0 del; 29 mod Patch: https://git.openjdk.org/jdk/pull/15727.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15727/head:pull/15727 PR: https://git.openjdk.org/jdk/pull/15727 From mullan at openjdk.org Thu Oct 5 18:09:36 2023 From: mullan at openjdk.org (Sean Mullan) Date: Thu, 5 Oct 2023 18:09:36 GMT Subject: RFR: 4964430: (spec) missing IllegalStateException exception requirement for javax.crypto.Cipher.doFinal [v5] In-Reply-To: References: <4O3T6mdtagN2edIKmXTq_rHSQOho_dvg5oGtLa72oMY=.5e2e02cd-3eee-4a1e-8b5a-7334bcb888c1@github.com> Message-ID: On Thu, 5 Oct 2023 17:28:46 GMT, Ben Perez wrote: >> Updated IllegalStateException exception requirements for `update`, `doFinal`, `wrap`, and `unwrap` > > Ben Perez has updated the pull request incrementally with one additional commit since the last revision: > > Wording change for NullCipher doc, added @code tags Marked as reviewed by mullan (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/15727#pullrequestreview-1660441831 From valeriep at openjdk.org Thu Oct 5 19:43:01 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Thu, 5 Oct 2023 19:43:01 GMT Subject: RFR: 4964430: (spec) missing IllegalStateException exception requirement for javax.crypto.Cipher.doFinal [v5] In-Reply-To: References: <4O3T6mdtagN2edIKmXTq_rHSQOho_dvg5oGtLa72oMY=.5e2e02cd-3eee-4a1e-8b5a-7334bcb888c1@github.com> Message-ID: On Thu, 5 Oct 2023 17:28:46 GMT, Ben Perez wrote: >> Updated IllegalStateException exception requirements for `update`, `doFinal`, `wrap`, and `unwrap` > > Ben Perez has updated the pull request incrementally with one additional commit since the last revision: > > Wording change for NullCipher doc, added @code tags Marked as reviewed by valeriep (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/15727#pullrequestreview-1660586676 From duke at openjdk.org Fri Oct 6 03:10:16 2023 From: duke at openjdk.org (Ben Perez) Date: Fri, 6 Oct 2023 03:10:16 GMT Subject: Integrated: 4964430: (spec) missing IllegalStateException exception requirement for javax.crypto.Cipher.doFinal In-Reply-To: <4O3T6mdtagN2edIKmXTq_rHSQOho_dvg5oGtLa72oMY=.5e2e02cd-3eee-4a1e-8b5a-7334bcb888c1@github.com> References: <4O3T6mdtagN2edIKmXTq_rHSQOho_dvg5oGtLa72oMY=.5e2e02cd-3eee-4a1e-8b5a-7334bcb888c1@github.com> Message-ID: On Wed, 13 Sep 2023 18:08:35 GMT, Ben Perez wrote: > Updated IllegalStateException exception requirements for `update`, `doFinal`, `wrap`, and `unwrap` This pull request has now been integrated. Changeset: 991ce84e Author: Ben Perez Committer: Valerie Peng URL: https://git.openjdk.org/jdk/commit/991ce84e0984414386e2f4dcefecf8da14cc1db3 Stats: 49 lines in 2 files changed: 17 ins; 0 del; 32 mod 4964430: (spec) missing IllegalStateException exception requirement for javax.crypto.Cipher.doFinal Reviewed-by: mullan, valeriep ------------- PR: https://git.openjdk.org/jdk/pull/15727 From djelinski at openjdk.org Fri Oct 6 07:59:18 2023 From: djelinski at openjdk.org (Daniel =?UTF-8?B?SmVsacWEc2tp?=) Date: Fri, 6 Oct 2023 07:59:18 GMT Subject: RFR: JDK-8314901: AES-GCM interleaved implementation using AVX2 instructions [v3] In-Reply-To: References:

Message-ID: On Thu, 5 Oct 2023 05:13:19 GMT, Smita Kamath wrote: >> Hi All, >> I would like to submit AES-GCM optimization for x86_64 architectures using AVX2 instructions. This optimization interleaves AES and GHASH operations. >> >> Below are the performance numbers on my desktop system with -XX:UseAVX=2 option: >> >> |Benchmark | Data Size | Base version (ops/s) | Patched version (ops/s) | Speedup >> |-------------|------------|---------------|------------------|-----------| >> |full.AESGCMBench.decrypt | 8192 | 526274.678 | 670014.543 | 1.27 >> full.AESGCMBench.encrypt | 8192 | 538293.315 | 680716.207 | 1.26 >> small.AESGCMBench.decrypt | 8192 | 527854.353 |663131.48 | 1.25 >> small.AESGCMBench.encrypt | 8192 | 548193.804 | 683624.232 |1.24 >> full.AESGCMBench.decryptMultiPart | 8192 | 299865.766 | 299815.851 | 0.99 >> full.AESGCMBench.encryptMultiPart | 8192 | 534406.564 |539235.462 | 1.00 >> small.AESGCMBench.decryptMultiPart | 8192 | 299960.202 |298913.629 | 0.99 >> small.AESGCMBench.encryptMultiPart | 8192 | 542669.258 | 540552.293 | 0.99 >> ? | ? | ? | ? | ? >> full.AESGCMBench.decrypt | 16384 | 307266.364 |390397.778 | 1.27 >> full.AESGCMBench.encrypt | 16384 | 311491.901 | 397279.681 | 1.27 >> small.AESGCMBench.decrypt | 16384 | 306257.801 | 389531.665 |1.27 >> small.AESGCMBench.encrypt | 16384 | 311468.972 | 397804.753 | 1.27 >> full.AESGCMBench.decryptMultiPart | 16384 | 159634.341 | 181271.487 | 1.13 >> full.AESGCMBench.encryptMultiPart | 16384 | 308980.992 | 385606.113 | 1.24 >> small.AESGCMBench.decryptMultiPart | 16384 | 160476.064 |181019.205 | 1.12 >> small.AESGCMBench.encryptMultiPart | 16384 | 308382.656 | 391126.417 | 1.26 >> ? | ? | ? | ? | ? >> full.AESGCMBench.decrypt | 32768 | 162284.703 | 213257.481 |1.31 >> full.AESGCMBench.encrypt | 32768 | 164833.104 | 215568.639 | 1.30 >> small.AESGCMBench.decrypt | 32768 | 164416.491 | 213422.347 | 1.29 >> small.AESGCMBench.encrypt | 32768 | 166619.205 | 214584.208 |1.28 >> full.AESGCMBench.decryptMultiPart | 32768 | 83306.239 | 93762.988 |1.12 >> full.AESGCMBench.encryptMultiPart | 32768 | 166109.391 |211701.969 | 1.27 >> small.AESGCMBench.decryptMultiPart | 32768 | 83792.559 | 94530.786 | 1.12 >> small.AESGCMBench.encryptMultiPart | 32768 | 162975.904 |212085.047 | 1.30 >> ? | ? | ? | ? | ? >> full.AESGCMBench.decrypt | 65536 | 85765.835 | 112244.611 | 1.30 >> full.AESGCMBench.encrypt | 65536 | 86471.805 | 113320.536 |1.31 >> small.AESGCMBench.decrypt | 65536 | 84490.816 | 112122.358 |1.32 >> small.AESGCMBench.encrypt | 65536 | 85403.025 | 112741.811 | 1.32 >> full.AES... > > Smita Kamath has updated the pull request incrementally with one additional commit since the last revision: > > Reorganized code as per comments, added new instruction addb src/hotspot/cpu/x86/stubGenerator_x86_64_aes.cpp line 354: > 352: // Save rbp and rsp > 353: __ push(rbp); > 354: __ movq(rbp, rsp); This line breaks stack walking code, at least on Linux; rbp is supposed to be the frame pointer throughout the stub. src/hotspot/cpu/x86/stubGenerator_x86_64_aes.cpp line 362: > 360: __ vzeroupper(); > 361: __ movq(rsp, rbp); > 362: __ pop(rbp); If you remove `movq(rbp, rsp)` above, you can replace this with: Suggestion: __ lea(rsp, Address (rbp, WINDOWS_ONLY(-7) NOT_WINDOWS(-5) * wordSize)); src/hotspot/cpu/x86/stubGenerator_x86_64_aes.cpp line 3342: > 3340: __ movdqu(xmm1, xmm2); > 3341: __ vpslldq(xmm2, xmm2, 8, Assembler::AVX_128bit); > 3342: __ vpsrldq(xmm1, xmm1, 8, Assembler::AVX_128bit); You could save a few bytes here: Suggestion: __ vpsrlq(xmm1, xmm6, 63, Assembler::AVX_128bit); __ vpsllq(xmm6, xmm6, 1, Assembler::AVX_128bit); __ vpslldq(xmm2, xmm1, 8, Assembler::AVX_128bit); __ vpsrldq(xmm1, xmm1, 8, Assembler::AVX_128bit); src/hotspot/cpu/x86/stubGenerator_x86_64_aes.cpp line 3710: > 3708: > 3709: // Generate 8 constants for htbl > 3710: __ call(generate_htbl_8_blks, relocInfo::none); why didn't you inline `generateHtbl_8_block_avx2` here? This method is only used here as far as I can tell. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15410#discussion_r1348346370 PR Review Comment: https://git.openjdk.org/jdk/pull/15410#discussion_r1348347451 PR Review Comment: https://git.openjdk.org/jdk/pull/15410#discussion_r1348372462 PR Review Comment: https://git.openjdk.org/jdk/pull/15410#discussion_r1348349329 From mbalao at redhat.com Fri Oct 6 16:55:53 2023 From: mbalao at redhat.com (Martin Balao) Date: Fri, 6 Oct 2023 12:55:53 -0400 Subject: [External] : Re: RFD: Services lockdown for security providers In-Reply-To: References: <42a97a54-4301-e0f2-c746-b45d63d1b63d@redhat.com> <800238c6-56ff-a3b0-7af8-c01c3aa402a0@oracle.com> <4b159d35-ee2e-952d-8e22-c035e5ed17ea@oracle.com> <1a0ad927-2da8-c881-a80f-b4928341375f@redhat.com> <7c07a7b1-6c68-9534-59e1-1813439d7f47@redhat.com> <85e89abd-eac3-87df-9e4b-1fa2c36a6286@oracle.com>

Message-ID: <9c212429-6045-5b0a-c6b0-6370488039b1@redhat.com> Hi Tony, Thanks for having a look at our proposal. The main motivation for this enhancement is related to cryptographic policy enforcement and, in particular, the following capabilities: 1) enforcing that cryptographic services are provided by chosen security providers only, and 2) allowing or disallowing selected algorithms or service types across all Java Security APIs. None of this is entirely new. In regards to capability #1, users can install or uninstall security providers already, or rely on priorities and algorithms shadowing. However, we deem this insufficient for the purposes of policy enforcement, lacking in flexibility, and at risk of introducing dependencies on implementation details. Some more details are provided under the section "What is the current limitation?" of the 8315487 ticket [1]. As for capability #2, there is partial support currently: algorithms can be blocked from TLS or certificate paths validation uses but not across all JCA APIs. Thus, we share some of the motivations that led to existing features but intend to have a more powerful, comprehensive and flexible solution. As documented in our proposal, both solutions were combined in a multi-layer model. The FIPS case is interesting because it requires a combination of capabilities #1 and #2. However, there are other cases that could benefit from different policies. I have described some of them below, providing a summary rationale for why a user might want to adopt the given policy, a filter conforming to the proposal that would achieve the desired outcome, and a comparison with how the same outcome might be met (or potentially be hard/impossible to meet) with the status quo. See Appendix #1. As with most security properties, a specific configuration may render an application completely or partially unusable, and require a sysadmin/developer/security-expert to perform an assessment. This effect may be a desired outcome and trigger a remediation action. Other applications may react in a more resilient way and smoothly adapt to the policy enforced: use cryptography from an allowed security provider, skip the use of algorithms that are not allowed, ask the user to take action, etc. Our concern is that the lack of strong policy enforcement capabilities may lead to non-compliance issues going unnoticed. Existing security capabilities such as the one to install or uninstall security providers, or even the one that allows to select preference per algorithm, require the knowledge of what these security providers implement and what applications require to use. Our proposal allows better granularity but is not different in terms of relying on public documentation or sysadmin/developer/security-expert knowledge. While we don't necessarily share the view of the syntax as hard to use or error-prone, we concede that it leans more towards the expert UI side of all security properties. We designed the syntax with the ideas of consistency, similarity to the serialization filter ?to the extent possible?, simplicity for trivial cases and powerfulness for complex ones. We want to make sure that it's not only tailored to our needs today but generic enough for other current or future uses. We tried to explain the use cases and desirable properties underneath the proposed design, but at the same time we would like to know if there is any aspect in particular that is of your concern and if you have any improvements to suggest so it's more accessible to less experienced users. We are open to considering specification, implementation and/or documentation changes. Thanks, Martin.- -- Appendix #1 1) A policy that only authorizes the storage of certificates and keys in PKCS #11 devices, or in a specific instance managed by the CentralKeysProvider security provider: *.KeyStore.PKCS11; !*.KeyStore; * or CentralKeysProvider.KeyStore; !*.KeyStore; * In this scenario, a system administrator is concerned about how applications store sensitive cryptographic keys and intends to enforce a centralized or more restricted management. This policy aims to mitigate security risks and drawbacks associated with local file-based key storage. In the event of a key update, if centralized management is applied, applications have access to the latest key without any key population hassle. While this policy imposes restrictions on key storage, any security provider (including OpenJDK default ones) can use these keys after retrieval. This latter observation is relevant when, for example, PKCS #11 token devices with limited performance or algorithms availability are used. We deem this type of policy useful for scenarios where centralized key management is feasible and desirable, or scenarios where keys are stored in hardware devices. Enforcing this policy without the Security Provider Filter would be hard. While changing the default key store type by means of the keystore.type security property is possible, that configuration does not make other key store types unavailable. In addition, this security property lets users choose a key store algorithm but not its provider. Uninstalling security providers that offer unwanted KeyStore service types is not always an option because other service types they offer might be legitimately required. In other words, this option lacks granularity. The only way to enforce a policy such as the one described in this case is to audit the application and library sources, configurations or logs and check how keys are managed. This approach would require manual actions and rechecks after each application or library change. The Security Provider Filter makes the enforcement of this policy easy, even under the circumstances of an application or library update, or after the deployment of a new application. The policy can also be updated to include other key store algorithms, security providers or combinations of both. 2) A policy that enforces the use of PKCS #12 key stores only: *.KeyStore.PKCS12; !*.KeyStore; * In this scenario, a system administrator is concerned about applications using key stores with non-standard formats such as JKS, JCEKS, BKS (Bouncy Castle) or BCFKS (Bouncy Castle) among others. These key store algorithms may introduce interoperability issues and require unwanted file conversions at some point. Thus, the system administrator enforces a policy that only authorizes the PKCS #12 standard for key storage. As in case #1, the security property for controlling the default key store type is not enough to prevent applications from using other formats; uninstalling security providers is not always an option; and auditing application or libraries source code, configurations or logs to check how key storage is done could be inconvenient or unfeasible. The Security Provider Filter provides flexibility to change the approved key store type or authorize more than one. Third-party security providers may refer to the PKCS #12 standard by different algorithm names but that should not be a problem either. For example, the filter may authorize algorithm name variations such as PKCS12, BCPKCS12 (Bouncy Castle) and PKCS12-3DES-3DES (Bouncy Castle): "*.KeyStore.PKCS12; *.KeyStore.BCPKCS12; *.KeyStore.PKCS12-3DES-3DES; ...", or more simply "*.KeyStore.*PKCS12*; ...". 3) A policy that does not allow algorithms considered insecure: !*.*.MD5; !*.*.MD2; !*.*.SHA-1; * Security concerns are the motivation behind this type of policy. A system administrator may enforce it with a deny-list ?as done in the example? or even with a more strict allow-list one. This type of policy can be applied with algorithms considered secure today or algorithms that will be required in the future. The latter serves for the purpose of identifying potential compatibility issues and providing applications advanced notice to adapt. While the Security Provider Filter is platform-independent, Linux crypto-policies is one of the motivations related to this case. Many Linux distributions, such as RHEL [2], have system-wide crypto-policies enabled by default. Different crypto-policies profiles (LEGACY, DEFAULT, FIPS, FUTURE, etc.) define sets of algorithms authorized for different software packages, including OpenJDK. Our intention is that crypto-policies for OpenJDK define, according to each profile, the set of algorithms allowed for all security APIs. Before the Security Provider Filter, algorithms can be restricted for some uses with a deny-list type of configuration. However, not all uses are under scope and applications may use unauthorized algorithms by calling, for example, Signature.getInstance("") and using the service directly. Other approaches such as auditing application and libraries source code, configurations or logs to check which algorithms are used may not be practical, as pointed out in case #1. The Security Provider Filter allows a system administrator to keep sets of authorized algorithms updated and apply its policy widely to all JCA service types. 4) A policy in which some uses of MD5 are acceptable (e.g. MessageDigest) but others are not: !*.Signature.MD5*; !*.Mac.*MD5; !*.Cipher.*MD5*; * or *.MessageDigest.MD5; !*.*.*MD5*; * Some algorithms may be secure for some uses but not for others. In this case, a system administrator authorizes MD5 for UUIDs, redundancy-check codes or other hashes, but prohibits its use for signatures, message authentication, and for deriving encryption keys (PBE). This type of policy enforcement is possible because the Security Provider Filter lets users specify the service type, in addition to the algorithm. A system administrator can easily adjust the algorithms and service types that are allowed or disallowed. For the same reasons explained in case #3, implementing this policy without the Security Provider Filter would not be possible or practical. 5) A policy in which only algorithms implemented by the FastProvider security provider are authorized for encryption: FastProvider.Cipher; !*.Cipher; * In this case, a system administrator is concerned about performance and wants applications to only do cipher operations in FastProvider. While it is possible to insert FastProvider in the first place of the security providers list, or even use the preferred algorithms security property, an application that is using an algorithm not available in FastProvider will silently slide to a slower implementation. As described for other cases, removing slower security providers may not be an option, and auditing applications or libraries source code, configurations or logs may not be practical. 6) A policy that only allows a specific source of randomness, irrespective of the algorithm: SunPKCS11-HSM.SecureRandom; !*.SecureRandom; * A system administrator has security concerns about sources of randomness and decides to authorize only one of them, irrespective of the algorithm. In this case, the prioritized list of security providers is not enough to use SunPKCS11-HSM because applications may try to use algorithms not implemented there and silently slide into other security providers. Enforcing this type of policy without the Security Provider Filter may require actions such as uninstalling security providers or auditing source code, configurations or logs that is not always possible or practical. 7) In CRIU scenarios, it could be beneficial to enforce a policy that does not allow the use of random values or key generation before a snapshot is taken. A snapshot can be taken, for example, running the JDK with the following filter value: !*.SecureRandom; !*.KeyPairGenerator; !*.KeyGenerator; * In some cases, a system administrator might want to enforce an even more strict policy using an allow-list approach: *.MessageDigest.SHA-1; *.CertificateFactory; !* When resuming a snapshot, no filter is set. This example is based on a real case. To achieve the desired effect without the Security Providers Filter, a system administrator has to create a custom security provider that only implements authorized service types and algorithms. This security provider is the only one installed while taking the snapshot. When resuming snapshots, all security providers are enabled. This solution is hard to implement and not easily extensible to other service types and algorithms. With the Security Providers Filter it is easy to decide what is available while taking a snapshot, and what is available while resuming it. This type of policy falls into the category of those that may benefit the security of a deployment. The reuse of random seeds or keys in different executions of the same snapshot may weaken or compromise the security of a system. 8) A policy that allows the use of a 3rd party security provider for a specific purpose but not for anything else: 3rdPartyProvider.AllowedService; !3rdPartyProvider; * In this case, a system administrator has concerns of applications depending on a specific security provider for more service types or algorithms than what is authorized (AllowedService). This type of policy is difficult to implement without the Security Provider Filter because there is no granularity when installing a security provider: it's an all or nothing decision. Thus, the only way around to enforce compliance is to check applications or libraries source code, configurations or logs and understand what they are depending on. Examples Summary Throughout the previous scenarios, we have discussed security, interoperability and performance concerns that may be addressed by the Security Providers Filter. What all these cases have in common is policy enforcement at provider, service type or algorithm level. We think that the existing providers or algorithms preference configurations miss the partial or total closure that the Filter offers. In addition, the lack of granularity makes the installation of a security provider an all or nothing decision. Thus, policy enforcement can only be applied by auditing applications or libraries source code, configuration or logs. This type of enforcement is not always possible or practical: a new deployment or update of an existing one requires a check. The existing functionality to block the use of algorithms does not extend to all security APIs and it's, thus, not enough from a policy enforcement and compliance perspective. While we have showcased fabricated system administration scenarios in some cases, others are of general interest, can be used more widely or represent real cases. On a final note, we have intentionally left the FIPS use-case out of this Appendix as it has been discussed in previous comments. -- [1] - https://bugs.openjdk.org/browse/JDK-8315487 [2] - https://access.redhat.com/articles/3666211 On 9/19/23 16:42, Anthony Scarpino wrote: > Hi Martin, > > Thanks for the proposal. Your documents mostly describe the solution. > Can you provide more of the motivations and use-cases for the change? Do > you see non FIPS-140 applications using this feature? > > The feature does provide a comprehensive filtering system for JCA. The > syntax, while powerful, seems like it would be somewhat error-prone and > hard to use. We are also concerned that using the filter requires the > sysadmin or developer to know about the service and algorithm details of > every provider and which is required and which is not, all of which is > not easily determined. > > thanks > > Tony From mbalao at openjdk.org Fri Oct 6 17:09:09 2023 From: mbalao at openjdk.org (Martin Balao) Date: Fri, 6 Oct 2023 17:09:09 GMT Subject: RFR: 8315487: Security Providers Filter In-Reply-To: References: Message-ID: On Fri, 1 Sep 2023 15:13:46 GMT, Martin Balao wrote: > In addition to the goals, scope, motivation, specification and requirement notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we would like to describe the most relevant decisions taken during the implementation of this enhancement. These notes are organized by feature, may encompass more than one file or code segment, and are aimed to provide a high-level view of this PR. > > ## ProvidersFilter > > ### Filter construction (parser) > > The providers filter is constructed from a string value, taken from either a system or a security property with name "jdk.security.providers.filter". This process occurs at sun.security.jca.ProvidersFilter class ?simply referred as ProvidersFilter onward? static initialization. Thus, changes to the filter's overridable property are not effective afterwards and no assumptions should be made regarding when this class gets initialized. > > The filter's string value is processed with a custom parser of order 'n', being 'n' the number of characters. The parser, represented by the ProvidersFilter.Parser class, can be characterized as a Deterministic Finite Automaton (DFA). The ProvidersFilter.Parser::parse method is the starting point to get characters from the filter's string value and generate state transitions in the parser's internal state-machine. See ProvidersFilter.Parser::nextState for more details about the parser's states and both valid and invalid transitions. The ParsingState enum defines valid parser states and Transition the reasons to move between states. If a filter string cannot be parsed, a ProvidersFilter.ParserException exception is thrown, and turned into an unchecked IllegalArgumentException in the ProvidersFilter.Filter constructor. > > While we analyzed ?and even tried, at early stages of the development? the use of regular expressions for filter parsing, we discarded the approach in order to get maximum performance, support a more advanced syntax and have flexibility for further extensions in the future. > > ### Filter (structure and behavior) > > A filter is represented by the ProvidersFilter.Filter class. It consists of an ordered list of rules, returned by the parser, that represents filter patterns from left to right (see the filter syntax for reference). At the end of this list, a match-all and deny rule is added for default behavior. When a service is evaluated against the filter, each filter rule is checked in the ProvidersFilter.Filter::apply method. The rule makes an allow or deny decision if the ser... I wish we could keep this PR open. This is the latest comment in the ongoing discussion: https://mail.openjdk.org/pipermail/security-dev/2023-October/037479.html ------------- PR Comment: https://git.openjdk.org/jdk/pull/15539#issuecomment-1751120024 From svkamath at openjdk.org Mon Oct 9 04:58:10 2023 From: svkamath at openjdk.org (Smita Kamath) Date: Mon, 9 Oct 2023 04:58:10 GMT Subject: RFR: JDK-8314901: AES-GCM interleaved implementation using AVX2 instructions [v4] In-Reply-To: References: Message-ID: > Hi All, > I would like to submit AES-GCM optimization for x86_64 architectures using AVX2 instructions. This optimization interleaves AES and GHASH operations. > > Below are the performance numbers on my desktop system with -XX:UseAVX=2 option: > > |Benchmark | Data Size | Base version (ops/s) | Patched version (ops/s) | Speedup > |-------------|------------|---------------|------------------|-----------| > |full.AESGCMBench.decrypt | 8192 | 526274.678 | 670014.543 | 1.27 > full.AESGCMBench.encrypt | 8192 | 538293.315 | 680716.207 | 1.26 > small.AESGCMBench.decrypt | 8192 | 527854.353 |663131.48 | 1.25 > small.AESGCMBench.encrypt | 8192 | 548193.804 | 683624.232 |1.24 > full.AESGCMBench.decryptMultiPart | 8192 | 299865.766 | 299815.851 | 0.99 > full.AESGCMBench.encryptMultiPart | 8192 | 534406.564 |539235.462 | 1.00 > small.AESGCMBench.decryptMultiPart | 8192 | 299960.202 |298913.629 | 0.99 > small.AESGCMBench.encryptMultiPart | 8192 | 542669.258 | 540552.293 | 0.99 > ? | ? | ? | ? | ? > full.AESGCMBench.decrypt | 16384 | 307266.364 |390397.778 | 1.27 > full.AESGCMBench.encrypt | 16384 | 311491.901 | 397279.681 | 1.27 > small.AESGCMBench.decrypt | 16384 | 306257.801 | 389531.665 |1.27 > small.AESGCMBench.encrypt | 16384 | 311468.972 | 397804.753 | 1.27 > full.AESGCMBench.decryptMultiPart | 16384 | 159634.341 | 181271.487 | 1.13 > full.AESGCMBench.encryptMultiPart | 16384 | 308980.992 | 385606.113 | 1.24 > small.AESGCMBench.decryptMultiPart | 16384 | 160476.064 |181019.205 | 1.12 > small.AESGCMBench.encryptMultiPart | 16384 | 308382.656 | 391126.417 | 1.26 > ? | ? | ? | ? | ? > full.AESGCMBench.decrypt | 32768 | 162284.703 | 213257.481 |1.31 > full.AESGCMBench.encrypt | 32768 | 164833.104 | 215568.639 | 1.30 > small.AESGCMBench.decrypt | 32768 | 164416.491 | 213422.347 | 1.29 > small.AESGCMBench.encrypt | 32768 | 166619.205 | 214584.208 |1.28 > full.AESGCMBench.decryptMultiPart | 32768 | 83306.239 | 93762.988 |1.12 > full.AESGCMBench.encryptMultiPart | 32768 | 166109.391 |211701.969 | 1.27 > small.AESGCMBench.decryptMultiPart | 32768 | 83792.559 | 94530.786 | 1.12 > small.AESGCMBench.encryptMultiPart | 32768 | 162975.904 |212085.047 | 1.30 > ? | ? | ? | ? | ? > full.AESGCMBench.decrypt | 65536 | 85765.835 | 112244.611 | 1.30 > full.AESGCMBench.encrypt | 65536 | 86471.805 | 113320.536 |1.31 > small.AESGCMBench.decrypt | 65536 | 84490.816 | 112122.358 |1.32 > small.AESGCMBench.encrypt | 65536 | 85403.025 | 112741.811 | 1.32 > full.AESGCMBench.decryptMultiPart | 65536 | 42649.816 | 47591.587 |1.11 > full.AESGCMBe... Smita Kamath has updated the pull request incrementally with one additional commit since the last revision: Updated code as per review comments, added new comments for every method ------------- Changes: - all: https://git.openjdk.org/jdk/pull/15410/files - new: https://git.openjdk.org/jdk/pull/15410/files/c92f98ab..77fd61b9 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=15410&range=03 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=15410&range=02-03 Stats: 132 lines in 2 files changed: 68 ins; 26 del; 38 mod Patch: https://git.openjdk.org/jdk/pull/15410.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/15410/head:pull/15410 PR: https://git.openjdk.org/jdk/pull/15410 From svkamath at openjdk.org Mon Oct 9 05:01:18 2023 From: svkamath at openjdk.org (Smita Kamath) Date: Mon, 9 Oct 2023 05:01:18 GMT Subject: RFR: JDK-8314901: AES-GCM interleaved implementation using AVX2 instructions [v4] In-Reply-To: References:

Message-ID: On Mon, 9 Oct 2023 04:58:10 GMT, Smita Kamath wrote: >> Hi All, >> I would like to submit AES-GCM optimization for x86_64 architectures using AVX2 instructions. This optimization interleaves AES and GHASH operations. >> >> Below are the performance numbers on my desktop system with -XX:UseAVX=2 option: >> >> |Benchmark | Data Size | Base version (ops/s) | Patched version (ops/s) | Speedup >> |-------------|------------|---------------|------------------|-----------| >> |full.AESGCMBench.decrypt | 8192 | 526274.678 | 670014.543 | 1.27 >> full.AESGCMBench.encrypt | 8192 | 538293.315 | 680716.207 | 1.26 >> small.AESGCMBench.decrypt | 8192 | 527854.353 |663131.48 | 1.25 >> small.AESGCMBench.encrypt | 8192 | 548193.804 | 683624.232 |1.24 >> full.AESGCMBench.decryptMultiPart | 8192 | 299865.766 | 299815.851 | 0.99 >> full.AESGCMBench.encryptMultiPart | 8192 | 534406.564 |539235.462 | 1.00 >> small.AESGCMBench.decryptMultiPart | 8192 | 299960.202 |298913.629 | 0.99 >> small.AESGCMBench.encryptMultiPart | 8192 | 542669.258 | 540552.293 | 0.99 >> ? | ? | ? | ? | ? >> full.AESGCMBench.decrypt | 16384 | 307266.364 |390397.778 | 1.27 >> full.AESGCMBench.encrypt | 16384 | 311491.901 | 397279.681 | 1.27 >> small.AESGCMBench.decrypt | 16384 | 306257.801 | 389531.665 |1.27 >> small.AESGCMBench.encrypt | 16384 | 311468.972 | 397804.753 | 1.27 >> full.AESGCMBench.decryptMultiPart | 16384 | 159634.341 | 181271.487 | 1.13 >> full.AESGCMBench.encryptMultiPart | 16384 | 308980.992 | 385606.113 | 1.24 >> small.AESGCMBench.decryptMultiPart | 16384 | 160476.064 |181019.205 | 1.12 >> small.AESGCMBench.encryptMultiPart | 16384 | 308382.656 | 391126.417 | 1.26 >> ? | ? | ? | ? | ? >> full.AESGCMBench.decrypt | 32768 | 162284.703 | 213257.481 |1.31 >> full.AESGCMBench.encrypt | 32768 | 164833.104 | 215568.639 | 1.30 >> small.AESGCMBench.decrypt | 32768 | 164416.491 | 213422.347 | 1.29 >> small.AESGCMBench.encrypt | 32768 | 166619.205 | 214584.208 |1.28 >> full.AESGCMBench.decryptMultiPart | 32768 | 83306.239 | 93762.988 |1.12 >> full.AESGCMBench.encryptMultiPart | 32768 | 166109.391 |211701.969 | 1.27 >> small.AESGCMBench.decryptMultiPart | 32768 | 83792.559 | 94530.786 | 1.12 >> small.AESGCMBench.encryptMultiPart | 32768 | 162975.904 |212085.047 | 1.30 >> ? | ? | ? | ? | ? >> full.AESGCMBench.decrypt | 65536 | 85765.835 | 112244.611 | 1.30 >> full.AESGCMBench.encrypt | 65536 | 86471.805 | 113320.536 |1.31 >> small.AESGCMBench.decrypt | 65536 | 84490.816 | 112122.358 |1.32 >> small.AESGCMBench.encrypt | 65536 | 85403.025 | 112741.811 | 1.32 >> full.AES... > > Smita Kamath has updated the pull request incrementally with one additional commit since the last revision: > > Updated code as per review comments, added new comments for every method @djelinski, @sviswa7, Thanks for your comments. I have addressed them in the latest commits. Kindly take a look and let me know your thoughts. Thank you. ------------- PR Comment: https://git.openjdk.org/jdk/pull/15410#issuecomment-1752347949 From kdriver at openjdk.org Mon Oct 9 16:43:29 2023 From: kdriver at openjdk.org (Kevin Driver) Date: Mon, 9 Oct 2023 16:43:29 GMT Subject: RFR: 8314199: Initial size PBEKeyFactory#validTypes is not up-to-date Message-ID: fixes [JDK-8314199](https://bugs.openjdk.org/browse/JDK-8314199) by initializing the HashSet with a more accurate number ------------- Commit messages: - fixes JDK-8314199 by initializing the HashSet with a more accurate number Changes: https://git.openjdk.org/jdk/pull/16103/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=16103&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8314199 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/16103.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/16103/head:pull/16103 PR: https://git.openjdk.org/jdk/pull/16103 From jnimeh at openjdk.org Mon Oct 9 17:03:58 2023 From: jnimeh at openjdk.org (Jamil Nimeh) Date: Mon, 9 Oct 2023 17:03:58 GMT Subject: RFR: 8314199: Initial size PBEKeyFactory#validTypes is not up-to-date In-Reply-To: References: Message-ID: <90nqGqpQxUgPT8akjabkO-gZSCEkHXVUj5J9EAh6Kus=.ef3edc75-7e8c-424c-82ca-5b8ba055e3aa@github.com> On Mon, 9 Oct 2023 16:36:06 GMT, Kevin Driver wrote: > fixes [JDK-8314199](https://bugs.openjdk.org/browse/JDK-8314199) by initializing the HashSet with a more accurate number src/java.base/share/classes/com/sun/crypto/provider/PBEKeyFactory.java line 59: > 57: > 58: static { > 59: validTypes = HashSet.newHashSet(21); Rather than having to change the initial size and keep it synchronized with all the subsequent adds, could we just change the type of `validTypes` to `Set` and initialize it using `Set.of(E...)`? It seems like that would allow you to set all the values directly in the declaration up on line 49, would remove the need for the static block and I think you could even declare validTypes final, couldn't you? And any new additions to the set could simply be added and not worry about setting an accurate count in the constructor. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/16103#discussion_r1350563277 From bpb at openjdk.org Mon Oct 9 19:02:19 2023 From: bpb at openjdk.org (Brian Burkhalter) Date: Mon, 9 Oct 2023 19:02:19 GMT Subject: RFR: 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available [v5] In-Reply-To: References: Message-ID: > Limit native memory allocation and move write loop from the native layer into Java. This change should make the OOME reported in the issue much less likely. Brian Burkhalter has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains seven additional commits since the last revision: - Merge - 6478546: do-while -> while-do in writeBytes; remove NULL and bounds checks in native - 6478546: Move buffer clamping up to Java layer; correct read behavior to match legacy - 6478546: Decrease malloc limit to 1.5 MB - 6478546: Minor refactoring - 6478546: Prevent short read - 6478546: FileInputStream.read() throws OutOfMemoryError when there is plenty available ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14981/files - new: https://git.openjdk.org/jdk/pull/14981/files/cdb8455c..3a016a72 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14981&range=04 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14981&range=03-04 Stats: 200415 lines in 4979 files changed: 96645 ins; 49069 del; 54701 mod Patch: https://git.openjdk.org/jdk/pull/14981.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14981/head:pull/14981 PR: https://git.openjdk.org/jdk/pull/14981 From kdriver at openjdk.org Mon Oct 9 19:03:01 2023 From: kdriver at openjdk.org (Kevin Driver) Date: Mon, 9 Oct 2023 19:03:01 GMT Subject: RFR: 8314199: Initial size PBEKeyFactory#validTypes is not up-to-date In-Reply-To: <90nqGqpQxUgPT8akjabkO-gZSCEkHXVUj5J9EAh6Kus=.ef3edc75-7e8c-424c-82ca-5b8ba055e3aa@github.com> References: <90nqGqpQxUgPT8akjabkO-gZSCEkHXVUj5J9EAh6Kus=.ef3edc75-7e8c-424c-82ca-5b8ba055e3aa@github.com> Message-ID: On Mon, 9 Oct 2023 17:00:45 GMT, Jamil Nimeh wrote: >> fixes [JDK-8314199](https://bugs.openjdk.org/browse/JDK-8314199) by initializing the HashSet with a more accurate number > > src/java.base/share/classes/com/sun/crypto/provider/PBEKeyFactory.java line 59: > >> 57: >> 58: static { >> 59: validTypes = HashSet.newHashSet(21); > > Rather than having to change the initial size and keep it synchronized with all the subsequent adds, could we just change the type of `validTypes` to `Set` and initialize it using `Set.of(E...)`? It seems like that would allow you to set all the values directly in the declaration up on line 49, would remove the need for the static block and I think you could even declare validTypes final, couldn't you? And any new additions to the set could simply be added and not worry about setting an accurate count in the constructor. I wondered about an approach like this. I'll push another commit with these changes. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/16103#discussion_r1350703267 From kdriver at openjdk.org Mon Oct 9 19:22:56 2023 From: kdriver at openjdk.org (Kevin Driver) Date: Mon, 9 Oct 2023 19:22:56 GMT Subject: RFR: 8314199: Initial size PBEKeyFactory#validTypes is not up-to-date In-Reply-To: References: <90nqGqpQxUgPT8akjabkO-gZSCEkHXVUj5J9EAh6Kus=.ef3edc75-7e8c-424c-82ca-5b8ba055e3aa@github.com> Message-ID: On Mon, 9 Oct 2023 18:59:43 GMT, Kevin Driver wrote: >> src/java.base/share/classes/com/sun/crypto/provider/PBEKeyFactory.java line 59: >> >>> 57: >>> 58: static { >>> 59: validTypes = HashSet.newHashSet(21); >> >> Rather than having to change the initial size and keep it synchronized with all the subsequent adds, could we just change the type of `validTypes` to `Set` and initialize it using `Set.of(E...)`? It seems like that would allow you to set all the values directly in the declaration up on line 49, would remove the need for the static block and I think you could even declare validTypes final, couldn't you? And any new additions to the set could simply be added and not worry about setting an accurate count in the constructor. > > I wondered about an approach like this. I'll push another commit with these changes. Do you think we'll lose performance in a meaningful way? One of the guarantees of HashSet is constant-time operations. There is no such guarantee for Set. The number of members is probably small enough, relatively speaking, to not affect things much at creation time (and we only do this once); however, lookup time (in `engineGetKeySpec` and `engineTranslateKey`) might take a small hit if these methods are called repeatedly. Let me know whether you think this is a valid concern. Thanks! ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/16103#discussion_r1350717600 From jnimeh at openjdk.org Mon Oct 9 20:16:57 2023 From: jnimeh at openjdk.org (Jamil Nimeh) Date: Mon, 9 Oct 2023 20:16:57 GMT Subject: RFR: 8314199: Initial size PBEKeyFactory#validTypes is not up-to-date In-Reply-To: References: <90nqGqpQxUgPT8akjabkO-gZSCEkHXVUj5J9EAh6Kus=.ef3edc75-7e8c-424c-82ca-5b8ba055e3aa@github.com>

Message-ID: <6en8Vy4pjj6jIGkfgPkaJnvlc6azQpBBdivXJDQW54Y=.a95f9a0c-dad9-4586-b361-5b0ccba18075@github.com> On Mon, 9 Oct 2023 19:19:49 GMT, Kevin Driver wrote: >> I wondered about an approach like this. I'll push another commit with these changes. > > Do you think we'll lose performance in a meaningful way? One of the guarantees of HashSet is constant-time operations. > > There is no such guarantee for Set. The number of members is probably small enough, relatively speaking, to not affect things much at creation time (and we only do this once); however, lookup time (in `engineGetKeySpec` and `engineTranslateKey`) might take a small hit if these methods are called repeatedly. > > Let me know whether you think this is a valid concern. Thanks! I think there could be sight timing variations between `HashSet` and whatever Set implementation is returned by `Set.of()` but creation only happens once as you stated, and iterations over 20-ish elements just seems like the variance would be negligible in any real-world use cases. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/16103#discussion_r1350752518 From valeriep at openjdk.org Mon Oct 9 20:25:56 2023 From: valeriep at openjdk.org (Valerie Peng) Date: Mon, 9 Oct 2023 20:25:56 GMT Subject: RFR: 8314199: Initial size PBEKeyFactory#validTypes is not up-to-date In-Reply-To: <6en8Vy4pjj6jIGkfgPkaJnvlc6azQpBBdivXJDQW54Y=.a95f9a0c-dad9-4586-b361-5b0ccba18075@github.com> References: <90nqGqpQxUgPT8akjabkO-gZSCEkHXVUj5J9EAh6Kus=.ef3edc75-7e8c-424c-82ca-5b8ba055e3aa@github.com>

<6en8Vy4pjj6jIGkfgPkaJnvlc6azQpBBdivXJDQW54Y=.a95f9a0c-dad9-4586-b361-5b0ccba18075@github.com> Message-ID: On Mon, 9 Oct 2023 20:13:48 GMT, Jamil Nimeh wrote: >> Do you think we'll lose performance in a meaningful way? One of the guarantees of HashSet is constant-time operations. >> >> There is no such guarantee for Set. The number of members is probably small enough, relatively speaking, to not affect things much at creation time (and we only do this once); however, lookup time (in `engineGetKeySpec` and `engineTranslateKey`) might take a small hit if these methods are called repeatedly. >> >> Let me know whether you think this is a valid concern. Thanks! > > I think there could be sight timing variations between `HashSet` and whatever Set implementation is returned by `Set.of()` but creation only happens once as you stated, and iterations over 20-ish elements just seems like the variance would be negligible in any real-world use cases. How about changing to use the `HashSet(Collection c)` constructor? First construct a collection with the various algorithms and then construct `validType` w/ this collection. `validType` can be made unmodifiable also since it's read only. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/16103#discussion_r1350759168 From kdriver at openjdk.org Mon Oct 9 20:42:39 2023 From: kdriver at openjdk.org (Kevin Driver) Date: Mon, 9 Oct 2023 20:42:39 GMT Subject: RFR: 8314199: Initial size PBEKeyFactory#validTypes is not up-to-date [v2] In-Reply-To: References: Message-ID: <5YuDJ0aF-y7Z3Lj7GkRJdur6-rHtx-0EF9rwx6EGHIA=.7f2c02ca-12be-4a83-9d88-25248aca0c88@github.com> > fixes [JDK-8314199](https://bugs.openjdk.org/browse/JDK-8314199) by initializing the HashSet with a more accurate number Kevin Driver has updated the pull request incrementally with one additional commit since the last revision: use a Set per code review comments ------------- Changes: - all: https://git.openjdk.org/jdk/pull/16103/files - new: https://git.openjdk.org/jdk/pull/16103/files/96bdb279..a8521b6b Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=16103&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=16103&range=00-01 Stats: 26 lines in 1 file changed: 1 ins; 2 del; 23 mod Patch: https://git.openjdk.org/jdk/pull/16103.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/16103/head:pull/16103 PR: https://git.openjdk.org/jdk/pull/16103 From kdriver at openjdk.org Mon Oct 9 20:48:47 2023 From: kdriver at openjdk.org (Kevin Driver) Date: Mon, 9 Oct 2023 20:48:47 GMT Subject: RFR: 8314199: Initial size PBEKeyFactory#validTypes is not up-to-date [v3] In-Reply-To: References: Message-ID: