Weijun Wang
Weijun Wang
Change `Krb5LoginModule` debugging to use `sun.security.util.Debug`. --------- ### Progress - [x] Change must be properly reviewed (1 review required, with at least 1 [Reviewer](https://openjdk.org/bylaws#reviewer)) - [x] Change must not contain...
This code change adds an alternative implementation of user-based authorization `Subject` APIs that doesn't depend on Security Manager APIs. Depending on if the Security Manager is allowed, the methods store...
The `src` change is identical to the one in JDK 17u MR1 at https://github.com/openjdk/jdk17u-ri/commit/e9d2641a14407380264b50fa2fe299980fe5f214. There `RSA_KEM.java` test is also identical. There is no `Proc.java` related change here since it was...
Add a new system property to control the name comparison in keytab and ccache entry lookup. --------- ### Progress - [ ] Change must be properly reviewed (1 review required,...
Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/.  --------- ### Progress - [ ] Change must be properly reviewed (1 review required, with at least 1...
I know IKM is the source of entropy and it's not safe to use an empty IKM. However, in my opinion it should still be legal. Including empty IKMs in...
``` var g = KeyPairGenerator.getInstance("HashMLDSA65-Ed25519-SHA512"); var sk = g.generateKeyPair().getPrivate(); var f = KeyFactory.getInstance("HashMLDSA65-Ed25519-SHA512"); System.out.println(sk.getFormat()); // it is "PKCS#8" f.generatePrivate(new PKCS8EncodedKeySpec(sk.getEncoded())); ``` The last line failed with ``` Exception in thread...
Add `Cipher::exportKey` API. --------- ### Progress - [ ] Change must be properly reviewed (1 review required, with at least 1 [Reviewer](https://openjdk.org/bylaws#reviewer)) - [x] Change must not contain extraneous whitespace...
The private key encoding formats of ML-KEM and ML-DSA are updated to match the latest IETF drafts at: https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-11 and https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-certificates-10. New security/system properties are introduced to determine which CHOICE...
When multiple `addIKM` methods have been called, the final IKM [should be the concatenation of them](https://github.com/openjdk/jdk/blob/079fccfa9a03b890e698c52c689dea0f19f8fbee/src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java#L315-L317). However, at https://github.com/bcgit/bc-java/blob/bdc97032f09c95c1d78ad71e19b6cc2ae712fa99/prov/src/main/jdk25/org/bouncycastle/jcajce/provider/kdf/hkdf/HKDFSpi.java#L97, only the 1st one is used. Same with salts.