diff --git a/8223940-Private-key-not-supported-by-chosen-signature.patch b/8223940-Private-key-not-supported-by-chosen-signature.patch new file mode 100755 index 0000000000000000000000000000000000000000..313d3baa6e978a07a7ed8de5e634a2d16b00b8d6 --- /dev/null +++ b/8223940-Private-key-not-supported-by-chosen-signature.patch @@ -0,0 +1,376 @@ +From 0e369d21e25a6de07a5fb54b78dab0012add60c0 Mon Sep 17 00:00:00 2001 +Date: Thu, 5 Nov 2020 19:36:14 +0800 +Subject: [PATCH] 8223940: Private key not supported by chosen signature + algorithm + +Summary: TLS1.3: If a client prefers RSA-PSS, but the provider does not support it, it will fail as above rather than falling back on other providers. +LLT: N/A +Bug url: https://bugs.openjdk.java.net/browse/JDK-8223940 +--- + .../sun/security/ssl/CertificateVerify.java | 54 +++++++++--------- + .../sun/security/ssl/DHServerKeyExchange.java | 30 +++++----- + .../sun/security/ssl/ECDHServerKeyExchange.java | 28 ++++------ + .../classes/sun/security/ssl/SignatureScheme.java | 64 +++++++++++++++++----- + 4 files changed, 102 insertions(+), 74 deletions(-) + +diff --git a/jdk/src/share/classes/sun/security/ssl/CertificateVerify.java b/jdk/src/share/classes/sun/security/ssl/CertificateVerify.java +index 323a7d995..409119c09 100644 +--- a/jdk/src/share/classes/sun/security/ssl/CertificateVerify.java ++++ b/jdk/src/share/classes/sun/security/ssl/CertificateVerify.java +@@ -31,6 +31,7 @@ import java.security.*; + import java.text.MessageFormat; + import java.util.Arrays; + import java.util.Locale; ++import java.util.Map; + import sun.security.ssl.SSLHandshake.HandshakeMessage; + import sun.security.ssl.X509Authentication.X509Credentials; + import sun.security.ssl.X509Authentication.X509Possession; +@@ -585,30 +586,27 @@ final class CertificateVerify { + + // This happens in client side only. + ClientHandshakeContext chc = (ClientHandshakeContext)context; +- this.signatureScheme = SignatureScheme.getPreferableAlgorithm( ++ Map.Entry schemeAndSigner = ++ SignatureScheme.getSignerOfPreferableAlgorithm( + chc.peerRequestedSignatureSchemes, + x509Possession, + chc.negotiatedProtocol); +- if (signatureScheme == null) { ++ if (schemeAndSigner == null) { + // Unlikely, the credentials generator should have + // selected the preferable signature algorithm properly. + throw chc.conContext.fatal(Alert.INTERNAL_ERROR, +- "No preferred signature algorithm for CertificateVerify"); ++ "No supported CertificateVerify signature algorithm for " + ++ x509Possession.popPrivateKey.getAlgorithm() + ++ " key"); + } + ++ this.signatureScheme = schemeAndSigner.getKey(); + byte[] temproary = null; + try { +- Signature signer = +- signatureScheme.getSignature(x509Possession.popPrivateKey); ++ Signature signer = schemeAndSigner.getValue(); + signer.update(chc.handshakeHash.archived()); + temproary = signer.sign(); +- } catch (NoSuchAlgorithmException | +- InvalidAlgorithmParameterException nsae) { +- throw chc.conContext.fatal(Alert.INTERNAL_ERROR, +- "Unsupported signature algorithm (" + +- signatureScheme.name + +- ") used in CertificateVerify handshake message", nsae); +- } catch (InvalidKeyException | SignatureException ikse) { ++ } catch (SignatureException ikse) { + throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE, + "Cannot produce CertificateVerify signature", ikse); + } +@@ -668,7 +666,7 @@ final class CertificateVerify { + this.signature = Record.getBytes16(m); + try { + Signature signer = +- signatureScheme.getSignature(x509Credentials.popPublicKey); ++ signatureScheme.getVerifier(x509Credentials.popPublicKey); + signer.update(shc.handshakeHash.archived()); + if (!signer.verify(signature)) { + throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, +@@ -897,17 +895,22 @@ final class CertificateVerify { + X509Possession x509Possession) throws IOException { + super(context); + +- this.signatureScheme = SignatureScheme.getPreferableAlgorithm( +- context.peerRequestedSignatureSchemes, +- x509Possession, +- context.negotiatedProtocol); +- if (signatureScheme == null) { ++ Map.Entry schemeAndSigner = ++ SignatureScheme.getSignerOfPreferableAlgorithm( ++ context.peerRequestedSignatureSchemes, ++ x509Possession, ++ context.negotiatedProtocol); ++ if (schemeAndSigner == null) { + // Unlikely, the credentials generator should have + // selected the preferable signature algorithm properly. + throw context.conContext.fatal(Alert.INTERNAL_ERROR, +- "No preferred signature algorithm for CertificateVerify"); ++ "No supported CertificateVerify signature algorithm for " + ++ x509Possession.popPrivateKey.getAlgorithm() + ++ " key"); + } + ++ this.signatureScheme = schemeAndSigner.getKey(); ++ + byte[] hashValue = context.handshakeHash.digest(); + byte[] contentCovered; + if (context.sslConfig.isClientMode) { +@@ -924,17 +927,10 @@ final class CertificateVerify { + + byte[] temproary = null; + try { +- Signature signer = +- signatureScheme.getSignature(x509Possession.popPrivateKey); ++ Signature signer = schemeAndSigner.getValue(); + signer.update(contentCovered); + temproary = signer.sign(); +- } catch (NoSuchAlgorithmException | +- InvalidAlgorithmParameterException nsae) { +- throw context.conContext.fatal(Alert.INTERNAL_ERROR, +- "Unsupported signature algorithm (" + +- signatureScheme.name + +- ") used in CertificateVerify handshake message", nsae); +- } catch (InvalidKeyException | SignatureException ikse) { ++ } catch (SignatureException ikse) { + throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE, + "Cannot produce CertificateVerify signature", ikse); + } +@@ -1005,7 +1001,7 @@ final class CertificateVerify { + + try { + Signature signer = +- signatureScheme.getSignature(x509Credentials.popPublicKey); ++ signatureScheme.getVerifier(x509Credentials.popPublicKey); + signer.update(contentCovered); + if (!signer.verify(signature)) { + throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE, +diff --git a/jdk/src/share/classes/sun/security/ssl/DHServerKeyExchange.java b/jdk/src/share/classes/sun/security/ssl/DHServerKeyExchange.java +index 48ca870ed..3245482d7 100644 +--- a/jdk/src/share/classes/sun/security/ssl/DHServerKeyExchange.java ++++ b/jdk/src/share/classes/sun/security/ssl/DHServerKeyExchange.java +@@ -42,6 +42,7 @@ import java.security.SignatureException; + import java.text.MessageFormat; + import java.util.EnumSet; + import java.util.Locale; ++import java.util.Map; + import javax.crypto.interfaces.DHPublicKey; + import javax.crypto.spec.DHParameterSpec; + import javax.crypto.spec.DHPublicKeySpec; +@@ -125,24 +126,21 @@ final class DHServerKeyExchange { + shc.negotiatedProtocol.useTLS12PlusSpec(); + Signature signer = null; + if (useExplicitSigAlgorithm) { +- signatureScheme = SignatureScheme.getPreferableAlgorithm( +- shc.peerRequestedSignatureSchemes, +- x509Possession, +- shc.negotiatedProtocol); +- if (signatureScheme == null) { ++ Map.Entry schemeAndSigner = ++ SignatureScheme.getSignerOfPreferableAlgorithm( ++ shc.peerRequestedSignatureSchemes, ++ x509Possession, ++ shc.negotiatedProtocol); ++ if (schemeAndSigner == null) { + // Unlikely, the credentials generator should have + // selected the preferable signature algorithm properly. + throw shc.conContext.fatal(Alert.INTERNAL_ERROR, +- "No preferred signature algorithm"); +- } +- try { +- signer = signatureScheme.getSignature( +- x509Possession.popPrivateKey); +- } catch (NoSuchAlgorithmException | InvalidKeyException | +- InvalidAlgorithmParameterException nsae) { +- throw shc.conContext.fatal(Alert.INTERNAL_ERROR, +- "Unsupported signature algorithm: " + +- signatureScheme.name, nsae); ++ "No supported signature algorithm for " + ++ x509Possession.popPrivateKey.getAlgorithm() + ++ " key"); ++ } else { ++ signatureScheme = schemeAndSigner.getKey(); ++ signer = schemeAndSigner.getValue(); + } + } else { + signatureScheme = null; +@@ -241,7 +239,7 @@ final class DHServerKeyExchange { + Signature signer; + if (useExplicitSigAlgorithm) { + try { +- signer = signatureScheme.getSignature( ++ signer = signatureScheme.getVerifier( + x509Credentials.popPublicKey); + } catch (NoSuchAlgorithmException | InvalidKeyException | + InvalidAlgorithmParameterException nsae) { +diff --git a/jdk/src/share/classes/sun/security/ssl/ECDHServerKeyExchange.java b/jdk/src/share/classes/sun/security/ssl/ECDHServerKeyExchange.java +index 8c23e3546..2e1cc02c9 100644 +--- a/jdk/src/share/classes/sun/security/ssl/ECDHServerKeyExchange.java ++++ b/jdk/src/share/classes/sun/security/ssl/ECDHServerKeyExchange.java +@@ -45,6 +45,7 @@ import java.security.spec.InvalidKeySpecException; + import java.text.MessageFormat; + import java.util.EnumSet; + import java.util.Locale; ++import java.util.Map; + import sun.security.ssl.ECDHKeyExchange.ECDHECredentials; + import sun.security.ssl.ECDHKeyExchange.ECDHEPossession; + import sun.security.ssl.SSLHandshake.HandshakeMessage; +@@ -139,26 +140,21 @@ final class ECDHServerKeyExchange { + shc.negotiatedProtocol.useTLS12PlusSpec(); + Signature signer = null; + if (useExplicitSigAlgorithm) { +- signatureScheme = SignatureScheme.getPreferableAlgorithm( +- shc.peerRequestedSignatureSchemes, +- x509Possession, +- shc.negotiatedProtocol); +- if (signatureScheme == null) { ++ Map.Entry schemeAndSigner = ++ SignatureScheme.getSignerOfPreferableAlgorithm( ++ shc.peerRequestedSignatureSchemes, ++ x509Possession, ++ shc.negotiatedProtocol); ++ if (schemeAndSigner == null) { + // Unlikely, the credentials generator should have + // selected the preferable signature algorithm properly. + throw shc.conContext.fatal(Alert.INTERNAL_ERROR, +- "No preferred signature algorithm for " + ++ "No supported signature algorithm for " + + x509Possession.popPrivateKey.getAlgorithm() + + " key"); +- } +- try { +- signer = signatureScheme.getSignature( +- x509Possession.popPrivateKey); +- } catch (NoSuchAlgorithmException | InvalidKeyException | +- InvalidAlgorithmParameterException nsae) { +- throw shc.conContext.fatal(Alert.INTERNAL_ERROR, +- "Unsupported signature algorithm: " + +- signatureScheme.name, nsae); ++ } else { ++ signatureScheme = schemeAndSigner.getKey(); ++ signer = schemeAndSigner.getValue(); + } + } else { + signatureScheme = null; +@@ -295,7 +291,7 @@ final class ECDHServerKeyExchange { + Signature signer; + if (useExplicitSigAlgorithm) { + try { +- signer = signatureScheme.getSignature( ++ signer = signatureScheme.getVerifier( + x509Credentials.popPublicKey); + } catch (NoSuchAlgorithmException | InvalidKeyException | + InvalidAlgorithmParameterException nsae) { +diff --git a/jdk/src/share/classes/sun/security/ssl/SignatureScheme.java b/jdk/src/share/classes/sun/security/ssl/SignatureScheme.java +index 93f5473da..9fd9707ba 100644 +--- a/jdk/src/share/classes/sun/security/ssl/SignatureScheme.java ++++ b/jdk/src/share/classes/sun/security/ssl/SignatureScheme.java +@@ -31,6 +31,7 @@ import java.security.spec.AlgorithmParameterSpec; + import java.security.spec.ECParameterSpec; + import java.security.spec.MGF1ParameterSpec; + import java.security.spec.PSSParameterSpec; ++import java.util.AbstractMap.SimpleImmutableEntry; + import java.util.ArrayList; + import java.util.Arrays; + import java.util.Collection; +@@ -38,6 +39,7 @@ import java.util.Collections; + import java.util.EnumSet; + import java.util.LinkedList; + import java.util.List; ++import java.util.Map; + import java.util.Set; + import sun.security.ssl.SupportedGroupsExtension.NamedGroup; + import sun.security.ssl.SupportedGroupsExtension.NamedGroupType; +@@ -427,7 +429,7 @@ enum SignatureScheme { + return null; + } + +- static SignatureScheme getPreferableAlgorithm( ++ static Map.Entry getSignerOfPreferableAlgorithm( + List schemes, + X509Possession x509Possession, + ProtocolVersion version) { +@@ -452,7 +454,10 @@ enum SignatureScheme { + x509Possession.getECParameterSpec(); + if (params != null && + ss.namedGroup == NamedGroup.valueOf(params)) { +- return ss; ++ Signature signer = ss.getSigner(signingKey); ++ if (signer != null) { ++ return new SimpleImmutableEntry<>(ss, signer); ++ } + } + + if (SSLLogger.isOn && +@@ -477,7 +482,10 @@ enum SignatureScheme { + NamedGroup keyGroup = NamedGroup.valueOf(params); + if (keyGroup != null && + SupportedGroups.isSupported(keyGroup)) { +- return ss; ++ Signature signer = ss.getSigner(signingKey); ++ if (signer != null) { ++ return new SimpleImmutableEntry<>(ss, signer); ++ } + } + } + +@@ -488,7 +496,10 @@ enum SignatureScheme { + "), unsupported EC parameter spec: " + params); + } + } else { +- return ss; ++ Signature signer = ss.getSigner(signingKey); ++ if (signer != null) { ++ return new SimpleImmutableEntry<>(ss, signer); ++ } + } + } + } +@@ -509,21 +520,48 @@ enum SignatureScheme { + return new String[0]; + } + +- Signature getSignature(Key key) throws NoSuchAlgorithmException, ++ // This method is used to get the signature instance of this signature ++ // scheme for the specific public key. Unlike getSigner(), the exception ++ // is bubbled up. If the public key does not support this signature ++ // scheme, it normally means the TLS handshaking cannot continue and ++ // the connection should be terminated. ++ Signature getVerifier(PublicKey publicKey) throws NoSuchAlgorithmException, + InvalidAlgorithmParameterException, InvalidKeyException { + if (!isAvailable) { + return null; + } + +- Signature signer = JsseJce.getSignature(algorithm); +- if (key instanceof PublicKey) { +- SignatureUtil.initVerifyWithParam(signer, (PublicKey)key, +- signAlgParameter); +- } else { +- SignatureUtil.initSignWithParam(signer, (PrivateKey)key, +- signAlgParameter, null); ++ Signature verifier = Signature.getInstance(algorithm); ++ SignatureUtil.initVerifyWithParam(verifier, publicKey, signAlgParameter); ++ ++ return verifier; ++ } ++ ++ // This method is also used to choose preferable signature scheme for the ++ // specific private key. If the private key does not support the signature ++ // scheme, {@code null} is returned, and the caller may fail back to next ++ // available signature scheme. ++ private Signature getSigner(PrivateKey privateKey) { ++ if (!isAvailable) { ++ return null; + } + +- return signer; ++ try { ++ Signature signer = Signature.getInstance(algorithm); ++ SignatureUtil.initSignWithParam(signer, privateKey, ++ signAlgParameter, ++ null); ++ return signer; ++ } catch (NoSuchAlgorithmException | InvalidKeyException | ++ InvalidAlgorithmParameterException nsae) { ++ if (SSLLogger.isOn && ++ SSLLogger.isOn("ssl,handshake,verbose")) { ++ SSLLogger.finest( ++ "Ignore unsupported signature algorithm (" + ++ this.name + ")", nsae); ++ } ++ } ++ ++ return null; + } + } +-- +2.12.3 + diff --git a/8236512-PKCS11-Connection-closed-after-Cipher.doFinal-and-NoPadding.patch b/8236512-PKCS11-Connection-closed-after-Cipher.doFinal-and-NoPadding.patch new file mode 100755 index 0000000000000000000000000000000000000000..51564d151d1a447106e42879697caea5843f1b36 --- /dev/null +++ b/8236512-PKCS11-Connection-closed-after-Cipher.doFinal-and-NoPadding.patch @@ -0,0 +1,489 @@ +From 67c2c66d6befca1236a92c68ed9a0ba55c3a3eb6 Mon Sep 17 00:00:00 2001 +Date: Thu, 5 Nov 2020 22:28:14 +0800 +Subject: [PATCH] 8236512: PKCS11 Connection closed after Cipher.doFinal and + NoPadding + +Summary: security-libs : Removed killSession() calls in certain impl classes when cancelling operations +LLT: N/A +Bug url: https://bugs.openjdk.java.net/browse/JDK-8236512 +--- + .../classes/sun/security/pkcs11/P11AEADCipher.java | 38 +++++----- + .../classes/sun/security/pkcs11/P11Cipher.java | 31 ++++---- + .../share/classes/sun/security/pkcs11/P11Mac.java | 20 +++--- + .../sun/security/pkcs11/P11PSSSignature.java | 30 ++++---- + .../classes/sun/security/pkcs11/P11RSACipher.java | 60 ++++++++-------- + .../classes/sun/security/pkcs11/P11Signature.java | 82 ++++++++++------------ + 6 files changed, 127 insertions(+), 134 deletions(-) + +diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11AEADCipher.java b/jdk/src/share/classes/sun/security/pkcs11/P11AEADCipher.java +index bfd00046c..5af9c8aef 100644 +--- a/jdk/src/share/classes/sun/security/pkcs11/P11AEADCipher.java ++++ b/jdk/src/share/classes/sun/security/pkcs11/P11AEADCipher.java +@@ -1,4 +1,5 @@ +-/* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. ++/* ++ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -331,25 +332,25 @@ final class P11AEADCipher extends CipherSpi { + } + + private void cancelOperation() { ++ // cancel operation by finishing it; avoid killSession as some ++ // hardware vendors may require re-login ++ int bufLen = doFinalLength(0); ++ byte[] buffer = new byte[bufLen]; ++ byte[] in = dataBuffer.toByteArray(); ++ int inLen = in.length; + try { +- if (session.hasObjects() == false) { +- session = token.killSession(session); +- return; ++ if (encrypt) { ++ token.p11.C_Encrypt(session.id(), 0, in, 0, inLen, ++ 0, buffer, 0, bufLen); + } else { +- // cancel operation by finishing it +- int bufLen = doFinalLength(0); +- byte[] buffer = new byte[bufLen]; +- +- if (encrypt) { +- token.p11.C_Encrypt(session.id(), 0, buffer, 0, bufLen, +- 0, buffer, 0, bufLen); +- } else { +- token.p11.C_Decrypt(session.id(), 0, buffer, 0, bufLen, +- 0, buffer, 0, bufLen); +- } ++ token.p11.C_Decrypt(session.id(), 0, in, 0, inLen, ++ 0, buffer, 0, bufLen); + } + } catch (PKCS11Exception e) { +- throw new ProviderException("Cancel failed", e); ++ if (encrypt) { ++ throw new ProviderException("Cancel failed", e); ++ } ++ // ignore failure for decryption + } + } + +@@ -432,18 +433,21 @@ final class P11AEADCipher extends CipherSpi { + if (!initialized) { + return; + } ++ initialized = false; ++ + try { + if (session == null) { + return; + } ++ + if (doCancel && token.explicitCancel) { + cancelOperation(); + } + } finally { + p11Key.releaseKeyID(); + session = token.releaseSession(session); ++ dataBuffer.reset(); + } +- initialized = false; + } + + // see JCE spec +diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java b/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java +index 9837f12a5..8f2620e13 100644 +--- a/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java ++++ b/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -409,10 +409,12 @@ final class P11Cipher extends CipherSpi { + return; + } + initialized = false; ++ + try { + if (session == null) { + return; + } ++ + if (doCancel && token.explicitCancel) { + cancelOperation(); + } +@@ -426,22 +428,21 @@ final class P11Cipher extends CipherSpi { + + private void cancelOperation() { + token.ensureValid(); +- if (session.hasObjects() == false) { +- session = token.killSession(session); +- return; +- } else { +- try { +- // cancel operation by finishing it +- int bufLen = doFinalLength(0); +- byte[] buffer = new byte[bufLen]; +- if (encrypt) { +- token.p11.C_EncryptFinal(session.id(), 0, buffer, 0, bufLen); +- } else { +- token.p11.C_DecryptFinal(session.id(), 0, buffer, 0, bufLen); +- } +- } catch (PKCS11Exception e) { ++ // cancel operation by finishing it; avoid killSession as some ++ // hardware vendors may require re-login ++ try { ++ int bufLen = doFinalLength(0); ++ byte[] buffer = new byte[bufLen]; ++ if (encrypt) { ++ token.p11.C_EncryptFinal(session.id(), 0, buffer, 0, bufLen); ++ } else { ++ token.p11.C_DecryptFinal(session.id(), 0, buffer, 0, bufLen); ++ } ++ } catch (PKCS11Exception e) { ++ if (encrypt) { + throw new ProviderException("Cancel failed", e); + } ++ // ignore failure for decryption + } + } + +diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java b/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java +index 56d0b1c70..7d80bcb90 100644 +--- a/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java ++++ b/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -122,10 +122,12 @@ final class P11Mac extends MacSpi { + return; + } + initialized = false; ++ + try { + if (session == null) { + return; + } ++ + if (doCancel && token.explicitCancel) { + cancelOperation(); + } +@@ -137,15 +139,12 @@ final class P11Mac extends MacSpi { + + private void cancelOperation() { + token.ensureValid(); +- if (session.hasObjects() == false) { +- session = token.killSession(session); +- return; +- } else { +- try { +- token.p11.C_SignFinal(session.id(), 0); +- } catch (PKCS11Exception e) { +- throw new ProviderException("Cancel failed", e); +- } ++ // cancel operation by finishing it; avoid killSession as some ++ // hardware vendors may require re-login ++ try { ++ token.p11.C_SignFinal(session.id(), 0); ++ } catch (PKCS11Exception e) { ++ throw new ProviderException("Cancel failed", e); + } + } + +@@ -207,7 +206,6 @@ final class P11Mac extends MacSpi { + ensureInitialized(); + return token.p11.C_SignFinal(session.id(), 0); + } catch (PKCS11Exception e) { +- reset(true); + throw new ProviderException("doFinal() failed", e); + } finally { + reset(false); +diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11PSSSignature.java b/jdk/src/share/classes/sun/security/pkcs11/P11PSSSignature.java +index c0f48715d..d172108fc 100644 +--- a/jdk/src/share/classes/sun/security/pkcs11/P11PSSSignature.java ++++ b/jdk/src/share/classes/sun/security/pkcs11/P11PSSSignature.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -223,10 +223,12 @@ final class P11PSSSignature extends SignatureSpi { + return; + } + initialized = false; ++ + try { + if (session == null) { + return; + } ++ + if (doCancel && token.explicitCancel) { + cancelOperation(); + } +@@ -242,14 +244,10 @@ final class P11PSSSignature extends SignatureSpi { + token.ensureValid(); + if (DEBUG) System.out.print("Cancelling operation"); + +- if (session.hasObjects() == false) { +- if (DEBUG) System.out.println(" by killing session"); +- session = token.killSession(session); +- return; +- } +- // "cancel" operation by finishing it +- if (mode == M_SIGN) { +- try { ++ // cancel operation by finishing it; avoid killSession as some ++ // hardware vendors may require re-login ++ try { ++ if (mode == M_SIGN) { + if (type == T_UPDATE) { + if (DEBUG) System.out.println(" by C_SignFinal"); + token.p11.C_SignFinal(session.id(), 0); +@@ -259,11 +257,7 @@ final class P11PSSSignature extends SignatureSpi { + if (DEBUG) System.out.println(" by C_Sign"); + token.p11.C_Sign(session.id(), digest); + } +- } catch (PKCS11Exception e) { +- throw new ProviderException("cancel failed", e); +- } +- } else { // M_VERIFY +- try { ++ } else { // M_VERIFY + byte[] signature = + new byte[(p11Key.length() + 7) >> 3]; + if (type == T_UPDATE) { +@@ -275,10 +269,12 @@ final class P11PSSSignature extends SignatureSpi { + if (DEBUG) System.out.println(" by C_Verify"); + token.p11.C_Verify(session.id(), digest, signature); + } +- } catch (PKCS11Exception e) { +- // will fail since the signature is incorrect +- // XXX check error code + } ++ } catch (PKCS11Exception e) { ++ if (mode == M_SIGN) { ++ throw new ProviderException("cancel failed", e); ++ } ++ // ignore failure for verification + } + } + +diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11RSACipher.java b/jdk/src/share/classes/sun/security/pkcs11/P11RSACipher.java +index 421a16285..4bb629dbf 100644 +--- a/jdk/src/share/classes/sun/security/pkcs11/P11RSACipher.java ++++ b/jdk/src/share/classes/sun/security/pkcs11/P11RSACipher.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -246,10 +246,12 @@ final class P11RSACipher extends CipherSpi { + return; + } + initialized = false; ++ + try { + if (session == null) { + return; + } ++ + if (doCancel && token.explicitCancel) { + cancelOperation(); + } +@@ -263,36 +265,33 @@ final class P11RSACipher extends CipherSpi { + // state variables such as "initialized" + private void cancelOperation() { + token.ensureValid(); +- if (session.hasObjects() == false) { +- session = token.killSession(session); +- return; +- } else { +- try { +- PKCS11 p11 = token.p11; +- int inLen = maxInputSize; +- int outLen = buffer.length; +- long sessId = session.id(); +- switch (mode) { +- case MODE_ENCRYPT: +- p11.C_Encrypt(sessId, 0, buffer, 0, inLen, 0, buffer, 0, outLen); +- break; +- case MODE_DECRYPT: +- p11.C_Decrypt(sessId, 0, buffer, 0, inLen, 0, buffer, 0, outLen); +- break; +- case MODE_SIGN: +- byte[] tmpBuffer = new byte[maxInputSize]; +- p11.C_Sign(sessId, tmpBuffer); +- break; +- case MODE_VERIFY: +- p11.C_VerifyRecover(sessId, buffer, 0, inLen, buffer, +- 0, outLen); +- break; +- default: +- throw new ProviderException("internal error"); +- } +- } catch (PKCS11Exception e) { +- // XXX ensure this always works, ignore error ++ // cancel operation by finishing it; avoid killSession as some ++ // hardware vendors may require re-login ++ try { ++ PKCS11 p11 = token.p11; ++ int inLen = maxInputSize; ++ int outLen = buffer.length; ++ long sessId = session.id(); ++ switch (mode) { ++ case MODE_ENCRYPT: ++ p11.C_Encrypt(sessId, 0, buffer, 0, inLen, 0, buffer, 0, outLen); ++ break; ++ case MODE_DECRYPT: ++ p11.C_Decrypt(sessId, 0, buffer, 0, inLen, 0, buffer, 0, outLen); ++ break; ++ case MODE_SIGN: ++ byte[] tmpBuffer = new byte[maxInputSize]; ++ p11.C_Sign(sessId, tmpBuffer); ++ break; ++ case MODE_VERIFY: ++ p11.C_VerifyRecover(sessId, buffer, 0, inLen, buffer, ++ 0, outLen); ++ break; ++ default: ++ throw new ProviderException("internal error"); + } ++ } catch (PKCS11Exception e) { ++ // XXX ensure this always works, ignore error + } + } + +@@ -361,6 +360,7 @@ final class P11RSACipher extends CipherSpi { + private int implDoFinal(byte[] out, int outOfs, int outLen) + throws BadPaddingException, IllegalBlockSizeException { + if (bufOfs > maxInputSize) { ++ reset(true); + throw new IllegalBlockSizeException("Data must not be longer " + + "than " + maxInputSize + " bytes"); + } +diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java b/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java +index 48a49f66b..844a23d1a 100644 +--- a/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java ++++ b/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java +@@ -245,10 +245,12 @@ final class P11Signature extends SignatureSpi { + return; + } + initialized = false; ++ + try { + if (session == null) { + return; + } ++ + if (doCancel && token.explicitCancel) { + cancelOperation(); + } +@@ -259,59 +261,51 @@ final class P11Signature extends SignatureSpi { + } + + private void cancelOperation() { +- + token.ensureValid(); +- if (session.hasObjects() == false) { +- session = token.killSession(session); +- return; +- } else { +- // "cancel" operation by finishing it +- // XXX make sure all this always works correctly ++ // cancel operation by finishing it; avoid killSession as some ++ // hardware vendors may require re-login ++ try { + if (mode == M_SIGN) { +- try { +- if (type == T_UPDATE) { +- token.p11.C_SignFinal(session.id(), 0); +- } else { +- byte[] digest; +- if (type == T_DIGEST) { +- digest = md.digest(); +- } else { // T_RAW +- digest = buffer; +- } +- token.p11.C_Sign(session.id(), digest); ++ if (type == T_UPDATE) { ++ token.p11.C_SignFinal(session.id(), 0); ++ } else { ++ byte[] digest; ++ if (type == T_DIGEST) { ++ digest = md.digest(); ++ } else { // T_RAW ++ digest = buffer; + } +- } catch (PKCS11Exception e) { +- throw new ProviderException("cancel failed", e); ++ token.p11.C_Sign(session.id(), digest); + } + } else { // M_VERIFY + byte[] signature; +- try { +- if (keyAlgorithm.equals("DSA")) { +- signature = new byte[40]; +- } else { +- signature = new byte[(p11Key.length() + 7) >> 3]; +- } +- if (type == T_UPDATE) { +- token.p11.C_VerifyFinal(session.id(), signature); +- } else { +- byte[] digest; +- if (type == T_DIGEST) { +- digest = md.digest(); +- } else { // T_RAW +- digest = buffer; +- } +- token.p11.C_Verify(session.id(), digest, signature); +- } +- } catch (PKCS11Exception e) { +- long errorCode = e.getErrorCode(); +- if ((errorCode == CKR_SIGNATURE_INVALID) || +- (errorCode == CKR_SIGNATURE_LEN_RANGE)) { +- // expected since signature is incorrect +- return; ++ if (keyAlgorithm.equals("DSA")) { ++ signature = new byte[40]; ++ } else { ++ signature = new byte[(p11Key.length() + 7) >> 3]; ++ } ++ if (type == T_UPDATE) { ++ token.p11.C_VerifyFinal(session.id(), signature); ++ } else { ++ byte[] digest; ++ if (type == T_DIGEST) { ++ digest = md.digest(); ++ } else { // T_RAW ++ digest = buffer; + } +- throw new ProviderException("cancel failed", e); ++ token.p11.C_Verify(session.id(), digest, signature); ++ } ++ } ++ } catch (PKCS11Exception e) { ++ if (mode == M_VERIFY) { ++ long errorCode = e.getErrorCode(); ++ if ((errorCode == CKR_SIGNATURE_INVALID) || ++ (errorCode == CKR_SIGNATURE_LEN_RANGE)) { ++ // expected since signature is incorrect ++ return; + } + } ++ throw new ProviderException("cancel failed", e); + } + } + +-- +2.12.3 + diff --git a/8250861-Crash-in-MinINode-Ideal-PhaseGVN-bool.patch b/8250861-Crash-in-MinINode-Ideal-PhaseGVN-bool.patch new file mode 100755 index 0000000000000000000000000000000000000000..5338e790992d3b6827126adeb7d17ff178e8b613 --- /dev/null +++ b/8250861-Crash-in-MinINode-Ideal-PhaseGVN-bool.patch @@ -0,0 +1,36 @@ +From 32271b8bfd2325ebb0d7fd338f3454be7dd1f998 Mon Sep 17 00:00:00 2001 +Date: Fri, 30 Oct 2020 18:15:32 +0800 +Subject: [PATCH] 8250861: Crash in MinINode::Ideal(PhaseGVN*, bool) + +Summary: C2: Added missing NULL checks. +LLT: N/A +Bug url: https://bugs.openjdk.java.net/browse/JDK-8250861 +--- + hotspot/src/share/vm/opto/addnode.cpp | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hotspot/src/share/vm/opto/addnode.cpp b/hotspot/src/share/vm/opto/addnode.cpp +index 7bfa6e404..61b376e9b 100644 +--- a/hotspot/src/share/vm/opto/addnode.cpp ++++ b/hotspot/src/share/vm/opto/addnode.cpp +@@ -921,7 +921,7 @@ Node *MinINode::Ideal(PhaseGVN *phase, bool can_reshape) { + + // Transform MIN2(x + c0, MIN2(x + c1, z)) into MIN2(x + MIN2(c0, c1), z) + // if x == y and the additions can't overflow. +- if (phase->eqv(x,y) && ++ if (phase->eqv(x,y) && tx != NULL && + !can_overflow(tx, x_off) && + !can_overflow(tx, y_off)) { + return new (phase->C) MinINode(phase->transform(new (phase->C) AddINode(x, phase->intcon(MIN2(x_off, y_off)))), r->in(2)); +@@ -929,7 +929,7 @@ Node *MinINode::Ideal(PhaseGVN *phase, bool can_reshape) { + } else { + // Transform MIN2(x + c0, y + c1) into x + MIN2(c0, c1) + // if x == y and the additions can't overflow. +- if (phase->eqv(x,y) && ++ if (phase->eqv(x,y) && tx != NULL && + !can_overflow(tx, x_off) && + !can_overflow(tx, y_off)) { + return new (phase->C) AddINode(x,phase->intcon(MIN2(x_off,y_off))); +-- +2.12.3 + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000000000000000000000000000000000000..8b400c7ab81b7b18baff3f81d597f5e511883134 --- /dev/null +++ b/LICENSE @@ -0,0 +1,347 @@ +The GNU General Public License (GPL) + +Version 2, June 1991 + +Copyright (C) 1989, 1991 Free Software Foundation, Inc. +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +Everyone is permitted to copy and distribute verbatim copies of this license +document, but changing it is not allowed. + +Preamble + +The licenses for most software are designed to take away your freedom to share +and change it. By contrast, the GNU General Public License is intended to +guarantee your freedom to share and change free software--to make sure the +software is free for all its users. This General Public License applies to +most of the Free Software Foundation's software and to any other program whose +authors commit to using it. (Some other Free Software Foundation software is +covered by the GNU Library General Public License instead.) You can apply it to +your programs, too. + +When we speak of free software, we are referring to freedom, not price. Our +General Public Licenses are designed to make sure that you have the freedom to +distribute copies of free software (and charge for this service if you wish), +that you receive source code or can get it if you want it, that you can change +the software or use pieces of it in new free programs; and that you know you +can do these things. + +To protect your rights, we need to make restrictions that forbid anyone to deny +you these rights or to ask you to surrender the rights. These restrictions +translate to certain responsibilities for you if you distribute copies of the +software, or if you modify it. + +For example, if you distribute copies of such a program, whether gratis or for +a fee, you must give the recipients all the rights that you have. You must +make sure that they, too, receive or can get the source code. And you must +show them these terms so they know their rights. + +We protect your rights with two steps: (1) copyright the software, and (2) +offer you this license which gives you legal permission to copy, distribute +and/or modify the software. + +Also, for each author's protection and ours, we want to make certain that +everyone understands that there is no warranty for this free software. If the +software is modified by someone else and passed on, we want its recipients to +know that what they have is not the original, so that any problems introduced +by others will not reflect on the original authors' reputations. + +Finally, any free program is threatened constantly by software patents. We +wish to avoid the danger that redistributors of a free program will +individually obtain patent licenses, in effect making the program proprietary. +To prevent this, we have made it clear that any patent must be licensed for +everyone's free use or not licensed at all. + +The precise terms and conditions for copying, distribution and modification +follow. + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +0. This License applies to any program or other work which contains a notice +placed by the copyright holder saying it may be distributed under the terms of +this General Public License. The "Program", below, refers to any such program +or work, and a "work based on the Program" means either the Program or any +derivative work under copyright law: that is to say, a work containing the +Program or a portion of it, either verbatim or with modifications and/or +translated into another language. (Hereinafter, translation is included +without limitation in the term "modification".) Each licensee is addressed as +"you". + +Activities other than copying, distribution and modification are not covered by +this License; they are outside its scope. The act of running the Program is +not restricted, and the output from the Program is covered only if its contents +constitute a work based on the Program (independent of having been made by +running the Program). Whether that is true depends on what the Program does. + +1. You may copy and distribute verbatim copies of the Program's source code as +you receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice and +disclaimer of warranty; keep intact all the notices that refer to this License +and to the absence of any warranty; and give any other recipients of the +Program a copy of this License along with the Program. + +You may charge a fee for the physical act of transferring a copy, and you may +at your option offer warranty protection in exchange for a fee. + +2. You may modify your copy or copies of the Program or any portion of it, thus +forming a work based on the Program, and copy and distribute such modifications +or work under the terms of Section 1 above, provided that you also meet all of +these conditions: + + a) You must cause the modified files to carry prominent notices stating + that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in whole or + in part contains or is derived from the Program or any part thereof, to be + licensed as a whole at no charge to all third parties under the terms of + this License. + + c) If the modified program normally reads commands interactively when run, + you must cause it, when started running for such interactive use in the + most ordinary way, to print or display an announcement including an + appropriate copyright notice and a notice that there is no warranty (or + else, saying that you provide a warranty) and that users may redistribute + the program under these conditions, and telling the user how to view a copy + of this License. (Exception: if the Program itself is interactive but does + not normally print such an announcement, your work based on the Program is + not required to print an announcement.) + +These requirements apply to the modified work as a whole. If identifiable +sections of that work are not derived from the Program, and can be reasonably +considered independent and separate works in themselves, then this License, and +its terms, do not apply to those sections when you distribute them as separate +works. But when you distribute the same sections as part of a whole which is a +work based on the Program, the distribution of the whole must be on the terms +of this License, whose permissions for other licensees extend to the entire +whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest your +rights to work written entirely by you; rather, the intent is to exercise the +right to control the distribution of derivative or collective works based on +the Program. + +In addition, mere aggregation of another work not based on the Program with the +Program (or with a work based on the Program) on a volume of a storage or +distribution medium does not bring the other work under the scope of this +License. + +3. You may copy and distribute the Program (or a work based on it, under +Section 2) in object code or executable form under the terms of Sections 1 and +2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable source + code, which must be distributed under the terms of Sections 1 and 2 above + on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three years, to + give any third party, for a charge no more than your cost of physically + performing source distribution, a complete machine-readable copy of the + corresponding source code, to be distributed under the terms of Sections 1 + and 2 above on a medium customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer to + distribute corresponding source code. (This alternative is allowed only + for noncommercial distribution and only if you received the program in + object code or executable form with such an offer, in accord with + Subsection b above.) + +The source code for a work means the preferred form of the work for making +modifications to it. For an executable work, complete source code means all +the source code for all modules it contains, plus any associated interface +definition files, plus the scripts used to control compilation and installation +of the executable. However, as a special exception, the source code +distributed need not include anything that is normally distributed (in either +source or binary form) with the major components (compiler, kernel, and so on) +of the operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering access to copy +from a designated place, then offering equivalent access to copy the source +code from the same place counts as distribution of the source code, even though +third parties are not compelled to copy the source along with the object code. + +4. You may not copy, modify, sublicense, or distribute the Program except as +expressly provided under this License. Any attempt otherwise to copy, modify, +sublicense or distribute the Program is void, and will automatically terminate +your rights under this License. However, parties who have received copies, or +rights, from you under this License will not have their licenses terminated so +long as such parties remain in full compliance. + +5. You are not required to accept this License, since you have not signed it. +However, nothing else grants you permission to modify or distribute the Program +or its derivative works. These actions are prohibited by law if you do not +accept this License. Therefore, by modifying or distributing the Program (or +any work based on the Program), you indicate your acceptance of this License to +do so, and all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + +6. Each time you redistribute the Program (or any work based on the Program), +the recipient automatically receives a license from the original licensor to +copy, distribute or modify the Program subject to these terms and conditions. +You may not impose any further restrictions on the recipients' exercise of the +rights granted herein. You are not responsible for enforcing compliance by +third parties to this License. + +7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), conditions +are imposed on you (whether by court order, agreement or otherwise) that +contradict the conditions of this License, they do not excuse you from the +conditions of this License. If you cannot distribute so as to satisfy +simultaneously your obligations under this License and any other pertinent +obligations, then as a consequence you may not distribute the Program at all. +For example, if a patent license would not permit royalty-free redistribution +of the Program by all those who receive copies directly or indirectly through +you, then the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under any +particular circumstance, the balance of the section is intended to apply and +the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any patents or +other property right claims or to contest validity of any such claims; this +section has the sole purpose of protecting the integrity of the free software +distribution system, which is implemented by public license practices. Many +people have made generous contributions to the wide range of software +distributed through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing to +distribute software through any other system and a licensee cannot impose that +choice. + +This section is intended to make thoroughly clear what is believed to be a +consequence of the rest of this License. + +8. If the distribution and/or use of the Program is restricted in certain +countries either by patents or by copyrighted interfaces, the original +copyright holder who places the Program under this License may add an explicit +geographical distribution limitation excluding those countries, so that +distribution is permitted only in or among countries not thus excluded. In +such case, this License incorporates the limitation as if written in the body +of this License. + +9. The Free Software Foundation may publish revised and/or new versions of the +General Public License from time to time. Such new versions will be similar in +spirit to the present version, but may differ in detail to address new problems +or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any later +version", you have the option of following the terms and conditions either of +that version or of any later version published by the Free Software Foundation. +If the Program does not specify a version number of this License, you may +choose any version ever published by the Free Software Foundation. + +10. If you wish to incorporate parts of the Program into other free programs +whose distribution conditions are different, write to the author to ask for +permission. For software which is copyrighted by the Free Software Foundation, +write to the Free Software Foundation; we sometimes make exceptions for this. +Our decision will be guided by the two goals of preserving the free status of +all derivatives of our free software and of promoting the sharing and reuse of +software generally. + +NO WARRANTY + +11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR +THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE +STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE +PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND +PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, +YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL +ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE +PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR +INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA +BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A +FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER +OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible +use to the public, the best way to achieve this is to make it free software +which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach +them to the start of each source file to most effectively convey the exclusion +of warranty; and each file should have at least the "copyright" line and a +pointer to where the full notice is found. + + One line to give the program's name and a brief idea of what it does. + + Copyright (C) + + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this when it +starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author Gnomovision comes + with ABSOLUTELY NO WARRANTY; for details type 'show w'. This is free + software, and you are welcome to redistribute it under certain conditions; + type 'show c' for details. + +The hypothetical commands 'show w' and 'show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may be +called something other than 'show w' and 'show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your school, +if any, to sign a "copyright disclaimer" for the program, if necessary. Here +is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + 'Gnomovision' (which makes passes at compilers) written by James Hacker. + + signature of Ty Coon, 1 April 1989 + + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General Public +License instead of this License. + + +"CLASSPATH" EXCEPTION TO THE GPL + +Certain source files distributed by Oracle America and/or its affiliates are +subject to the following clarification and special exception to the GPL, but +only where Oracle has expressly included in the particular source file's header +the words "Oracle designates this particular file as subject to the "Classpath" +exception as provided by Oracle in the LICENSE file that accompanied this code." + + Linking this library statically or dynamically with other modules is making + a combined work based on this library. Thus, the terms and conditions of + the GNU General Public License cover the whole combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent modules, + and to copy and distribute the resulting executable under terms of your + choice, provided that you also meet, for each linked independent module, + the terms and conditions of the license of that module. An independent + module is a module which is not derived from or based on this library. If + you modify this library, you may extend this exception to your version of + the library, but you are not obligated to do so. If you do not wish to do + so, delete this exception statement from your version. diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index a496787c3c4e985edc0936a214d6288662bedd83..c69aaeaff4e9d873b959a3d0dc006ed62727369d 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -915,7 +915,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever}.%{buildver} -Release: 4 +Release: 7 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -1060,6 +1060,9 @@ Patch131: 8166583-Add-oopDesc-klass_or_null_acquire.patch Patch132: 8166862-CMS-needs-klass_or_null_acquire.patch Patch133: 8160369.patch Patch134: PS-GC-adding-acquire_size-method-for-PSParallelCompa.patch +Patch135: 8223940-Private-key-not-supported-by-chosen-signature.patch +Patch136: 8236512-PKCS11-Connection-closed-after-Cipher.doFinal-and-NoPadding.patch +Patch137: 8250861-Crash-in-MinINode-Ideal-PhaseGVN-bool.patch ############################################# # @@ -1475,6 +1478,9 @@ pushd %{top_level_dir_name} %patch132 -p1 %patch133 -p1 %patch134 -p1 +%patch135 -p1 +%patch136 -p1 +%patch137 -p1 popd @@ -2091,6 +2097,16 @@ require "copy_jdk_configs.lua" %endif %changelog +* Mon Dec 21 2020 noah - 1:1.8.0.272-b10.7 +- add a license to this repo + +* Tue Nov 10 2020 ow_wo - 1:1.8.0.272-b10.6 +- add 8236512-PKCS11-Connection-closed-after-Cipher.doFinal-and-NoPadding.patch +- add 8250861-Crash-in-MinINode-Ideal-PhaseGVN-bool.patch + +* Mon Nov 09 2020 ow_wo - 1:1.8.0.272-b10.5 +- add 8223940-Private-key-not-supported-by-chosen-signature.patch + * Fri Nov 06 2020 jdkboy - 1:1.8.0.272-b10.4 - add 8165808-Add-release-barriers-when-allocating-objects-with-concurrent-collection.patch - add 8166583-Add-oopDesc-klass_or_null_acquire.patch