/hg/icedtea6: 2 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Wed May 9 20:11:36 PDT 2012
changeset fe14de44c8a8 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=fe14de44c8a8
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed May 09 23:31:43 2012 +0100
Allow builds where the memory limit of the VM needs to be increased to run javac.
2012-05-09 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am:
(MEMORY_LIMIT): Always set this.
* javac.in:
Split out '-J' prefixed options and pass them
to the VM rather than ecj. Filter out
'-J-Xbootclasspath/p:', which makes no sense
as there's nothing to prepend, and confuses
the VM.
changeset 6ae19889a9e0 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=6ae19889a9e0
author: Andrew John Hughes <ahughes at redhat.com>
date: Thu May 10 04:11:15 2012 +0100
Backport patches from OpenJDK7 to improve NSS/PKCS11 provider.
2012-05-10 Andrew John Hughes <ahughes at redhat.com>
* Makefile.am: Add new patches.
* patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch,
* patches/openjdk/p11cipher-6604496-support_ckm_aes_ctr.patch,
* patches/openjdk/p11cipher-6682411-fix_indexoutofboundsexception.patch,
* patches/openjdk/p11cipher-6682417-fix_decrypted_data_not_multiple_of_blocks.patch,
* patches/openjdk/p11cipher-6687725-throw_illegalblocksizeexception.patch,
* patches/openjdk/p11cipher-6812738-native_cleanup.patch,
* patches/openjdk/p11cipher-6867345-turkish_regional_options_cause_npe_in_algoid.patch,
* patches/openjdk/p11cipher-6924489-ckr_operation_not_initialized.patch:
Backports from 7 to improve P11Cipher.
diffstat:
ChangeLog | 24 +
Makefile.am | 20 +-
javac.in | 26 +-
patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch | 1176 ++
patches/openjdk/p11cipher-6604496-support_ckm_aes_ctr.patch | 615 +
patches/openjdk/p11cipher-6682411-fix_indexoutofboundsexception.patch | 60 +
patches/openjdk/p11cipher-6682417-fix_decrypted_data_not_multiple_of_blocks.patch | 22 +
patches/openjdk/p11cipher-6687725-throw_illegalblocksizeexception.patch | 172 +
patches/openjdk/p11cipher-6812738-native_cleanup.patch | 4849 ++++++++++
patches/openjdk/p11cipher-6867345-turkish_regional_options_cause_npe_in_algoid.patch | 328 +
patches/openjdk/p11cipher-6924489-ckr_operation_not_initialized.patch | 102 +
11 files changed, 7376 insertions(+), 18 deletions(-)
diffs (truncated from 7485 to 500 lines):
diff -r 643fb6254e80 -r 6ae19889a9e0 ChangeLog
--- a/ChangeLog Wed May 09 18:39:35 2012 +0200
+++ b/ChangeLog Thu May 10 04:11:15 2012 +0100
@@ -1,3 +1,27 @@
+2012-05-10 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am: Add new patches.
+ * patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch,
+ * patches/openjdk/p11cipher-6604496-support_ckm_aes_ctr.patch,
+ * patches/openjdk/p11cipher-6682411-fix_indexoutofboundsexception.patch,
+ * patches/openjdk/p11cipher-6682417-fix_decrypted_data_not_multiple_of_blocks.patch,
+ * patches/openjdk/p11cipher-6687725-throw_illegalblocksizeexception.patch,
+ * patches/openjdk/p11cipher-6812738-native_cleanup.patch,
+ * patches/openjdk/p11cipher-6867345-turkish_regional_options_cause_npe_in_algoid.patch,
+ * patches/openjdk/p11cipher-6924489-ckr_operation_not_initialized.patch:
+ Backports from 7 to improve P11Cipher.
+
+2012-05-09 Andrew John Hughes <ahughes at redhat.com>
+
+ * Makefile.am:
+ (MEMORY_LIMIT): Always set this.
+ * javac.in:
+ Split out '-J' prefixed options and pass them
+ to the VM rather than ecj. Filter out
+ '-J-Xbootclasspath/p:', which makes no sense
+ as there's nothing to prepend, and confuses
+ the VM.
+
2012-05-09 Pavel Tisnovsky <ptisnovs at redhat.com>
* patches/remove_multicatch_in_testrsa.patch:
diff -r 643fb6254e80 -r 6ae19889a9e0 Makefile.am
--- a/Makefile.am Wed May 09 18:39:35 2012 +0200
+++ b/Makefile.am Thu May 10 04:11:15 2012 +0100
@@ -89,6 +89,7 @@
$(SHARE)/com/sun/java/swing/plaf/nimbus/NimbusLookAndFeel.java
# Flags
+MEMORY_LIMIT = -J-Xmx1024m
IT_CFLAGS=$(CFLAGS) $(ARCHFLAG)
IT_JAVAC_SETTINGS=-g -encoding utf-8 $(JAVACFLAGS) $(MEMORY_LIMIT) $(PREFER_SOURCE)
IT_LANGUAGE_SOURCE_VERSION=6
@@ -120,15 +121,6 @@
PULSE_JAVA_CLEAN_TARGET = clean-pulse-java
endif
-# FIXME: This should not depend on bootstrapping
-# but on whether MEMORY_LIMIT is accepted
-# as an argument to javac
-if BOOTSTRAPPING
- MEMORY_LIMIT =
-else
- MEMORY_LIMIT = -J-Xmx1024m
-endif
-
if ENABLE_CACAO
ICEDTEA_BUILD_TARGET=jdk_only
ICEDTEA_DEBUG_BUILD_TARGET = jdk_fastdebug_only
@@ -429,7 +421,15 @@
patches/generalise_crypto_tests.patch \
patches/remove-gcm-test.patch \
patches/skip_wrap_mode.patch \
- patches/remove_multicatch_in_testrsa.patch
+ patches/remove_multicatch_in_testrsa.patch \
+ patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch \
+ patches/openjdk/p11cipher-6682411-fix_indexoutofboundsexception.patch \
+ patches/openjdk/p11cipher-6682417-fix_decrypted_data_not_multiple_of_blocks.patch \
+ patches/openjdk/p11cipher-6812738-native_cleanup.patch \
+ patches/openjdk/p11cipher-6867345-turkish_regional_options_cause_npe_in_algoid.patch \
+ patches/openjdk/p11cipher-6687725-throw_illegalblocksizeexception.patch \
+ patches/openjdk/p11cipher-6924489-ckr_operation_not_initialized.patch \
+ patches/openjdk/p11cipher-6604496-support_ckm_aes_ctr.patch
if WITH_RHINO
ICEDTEA_PATCHES += \
diff -r 643fb6254e80 -r 6ae19889a9e0 javac.in
--- a/javac.in Wed May 09 18:39:35 2012 +0200
+++ b/javac.in Thu May 10 04:11:15 2012 +0100
@@ -1,7 +1,7 @@
#!/usr/bin/perl -w
use strict;
use constant NO_DUP_ARGS => qw(-source -target -d -encoding);
-use constant STRIP_ARGS => qw(-Werror -implicit:none);
+use constant STRIP_ARGS => qw(-Werror -implicit:none -J-Xbootclasspath/p:);
my $ECJ_WARNINGS="-nowarn";
@@ -31,24 +31,34 @@
splice @new_args, $_, 1 for @indices;
}
- return @new_args;
+ return \@new_args;
+}
+
+sub split_vm_args
+{
+ my @new_args = @{$_[0]};
+
+ my @vm_args = map { substr $_, 2 } grep $_ =~ /^-J/, @new_args;
+ my @javac_args = grep $_ !~ /^-J/, @new_args;
+
+ return (\@vm_args, \@javac_args);
}
if ( -e "@abs_top_builddir@/native-ecj" )
{
- my @ecj_args = gen_ecj_opts( \@ARGV );
- exec '@abs_top_builddir@/native-ecj', @ecj_parms, @ecj_args ;
+ my $ecj_args = gen_ecj_opts( \@ARGV );
+ exec '@abs_top_builddir@/native-ecj', @ecj_parms, @$ecj_args ;
}
elsif ( -e "@ECJ_JAR@" )
{
- my @ecj_args = gen_ecj_opts( \@ARGV );
+ my ($vm_args, $javac_args) = split_vm_args (gen_ecj_opts( \@ARGV ));
my @CLASSPATH = ('@ECJ_JAR@');
push @CLASSPATH, split /:/, $ENV{"CLASSPATH"} if exists $ENV{"CLASSPATH"};
$ENV{"CLASSPATH"} = join ':', @CLASSPATH;
- exec '@JAVA@', 'org.eclipse.jdt.internal.compiler.batch.Main', @ecj_parms, @ecj_args;
+ exec '@JAVA@', @$vm_args, 'org.eclipse.jdt.internal.compiler.batch.Main', @ecj_parms, @$javac_args;
}
else
{
- my @ecj_args = gen_ecj_opts( \@ARGV );
- exec '@ECJ@', @ecj_parms, @ecj_args ;
+ my $ecj_args = gen_ecj_opts( \@ARGV );
+ exec '@ECJ@', @ecj_parms, @$ecj_args ;
}
diff -r 643fb6254e80 -r 6ae19889a9e0 patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch Thu May 10 04:11:15 2012 +0100
@@ -0,0 +1,1176 @@
+diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java 2011-11-14 22:12:05.000000000 +0000
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java 2012-05-09 23:50:29.255993679 +0100
+@@ -22,10 +22,10 @@
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+-
+ package sun.security.pkcs11;
+
+ import java.nio.ByteBuffer;
++import java.util.Arrays;
+
+ import java.security.*;
+ import java.security.spec.*;
+@@ -34,7 +34,6 @@
+ import javax.crypto.spec.*;
+
+ import sun.nio.ch.DirectBuffer;
+-
+ import sun.security.pkcs11.wrapper.*;
+ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
+
+@@ -43,8 +42,8 @@
+ * DES, DESede, AES, ARCFOUR, and Blowfish.
+ *
+ * This class is designed to support ECB and CBC with NoPadding and
+- * PKCS5Padding for both. However, currently only CBC/NoPadding (and
+- * ECB/NoPadding for stream ciphers) is functional.
++ * PKCS5Padding for both. It will use its own padding impl if the
++ * native mechanism does not support padding.
+ *
+ * Note that PKCS#11 current only supports ECB and CBC. There are no
+ * provisions for other modes such as CFB, OFB, PCBC, or CTR mode.
+@@ -62,10 +61,56 @@
+ private final static int MODE_CBC = 4;
+
+ // padding constant for NoPadding
+- private final static int PAD_NONE = 5;
++ private final static int PAD_NONE = 5;
+ // padding constant for PKCS5Padding
+ private final static int PAD_PKCS5 = 6;
+
++ private static interface Padding {
++ // ENC: format the specified buffer with padding bytes and return the
++ // actual padding length
++ int setPaddingBytes(byte[] paddingBuffer, int padLen);
++
++ // DEC: return the length of trailing padding bytes given the specified
++ // padded data
++ int unpad(byte[] paddedData, int ofs, int len)
++ throws BadPaddingException;
++ }
++
++ private static class PKCS5Padding implements Padding {
++
++ private final int blockSize;
++
++ PKCS5Padding(int blockSize)
++ throws NoSuchPaddingException {
++ if (blockSize == 0) {
++ throw new NoSuchPaddingException
++ ("PKCS#5 padding not supported with stream ciphers");
++ }
++ this.blockSize = blockSize;
++ }
++
++ public int setPaddingBytes(byte[] paddingBuffer, int padLen) {
++ Arrays.fill(paddingBuffer, 0, padLen, (byte) (padLen & 0x007f));
++ return padLen;
++ }
++
++ public int unpad(byte[] paddedData, int ofs, int len)
++ throws BadPaddingException {
++ byte padValue = paddedData[ofs + len - 1];
++ if (padValue < 1 || padValue > blockSize) {
++ throw new BadPaddingException("Invalid pad value!");
++ }
++ // sanity check padding bytes
++ int padStartIndex = ofs + len - padValue;
++ for (int i = padStartIndex; i < len; i++) {
++ if (paddedData[i] != padValue) {
++ throw new BadPaddingException("Invalid pad bytes!");
++ }
++ }
++ return padValue;
++ }
++ }
++
+ // token instance
+ private final Token token;
+
+@@ -99,64 +144,92 @@
+ // padding type, on of PAD_* above (PAD_NONE for stream ciphers)
+ private int paddingType;
+
++ // when the padding is requested but unsupported by the native mechanism,
++ // we use the following to do padding and necessary data buffering.
++ // padding object which generate padding and unpad the decrypted data
++ private Padding paddingObj;
++ // buffer for holding back the block which contains padding bytes
++ private byte[] padBuffer;
++ private int padBufferLen;
++
+ // original IV, if in MODE_CBC
+ private byte[] iv;
+
+- // total number of bytes processed
+- private int bytesProcessed;
++ // number of bytes buffered internally by the native mechanism and padBuffer
++ // if we do the padding
++ private int bytesBuffered;
+
+ P11Cipher(Token token, String algorithm, long mechanism)
+- throws PKCS11Exception {
++ throws PKCS11Exception, NoSuchAlgorithmException {
+ super();
+ this.token = token;
+ this.algorithm = algorithm;
+ this.mechanism = mechanism;
+- keyAlgorithm = algorithm.split("/")[0];
++
++ String algoParts[] = algorithm.split("/");
++ keyAlgorithm = algoParts[0];
++
+ if (keyAlgorithm.equals("AES")) {
+ blockSize = 16;
+- blockMode = MODE_CBC;
+- // XXX change default to PKCS5Padding
+- paddingType = PAD_NONE;
+- } else if (keyAlgorithm.equals("RC4") || keyAlgorithm.equals("ARCFOUR")) {
++ } else if (keyAlgorithm.equals("RC4") ||
++ keyAlgorithm.equals("ARCFOUR")) {
+ blockSize = 0;
+- blockMode = MODE_ECB;
+- paddingType = PAD_NONE;
+ } else { // DES, DESede, Blowfish
+ blockSize = 8;
+- blockMode = MODE_CBC;
+- // XXX change default to PKCS5Padding
+- paddingType = PAD_NONE;
++ }
++ this.blockMode =
++ (algoParts.length > 1 ? parseMode(algoParts[1]) : MODE_ECB);
++
++ String defPadding = (blockSize == 0 ? "NoPadding" : "PKCS5Padding");
++ String paddingStr =
++ (algoParts.length > 2 ? algoParts[2] : defPadding);
++ try {
++ engineSetPadding(paddingStr);
++ } catch (NoSuchPaddingException nspe) {
++ // should not happen
++ throw new ProviderException(nspe);
+ }
+ }
+
+ protected void engineSetMode(String mode) throws NoSuchAlgorithmException {
++ // Disallow change of mode for now since currently it's explicitly
++ // defined in transformation strings
++ throw new NoSuchAlgorithmException("Unsupported mode " + mode);
++ }
++
++ private int parseMode(String mode) throws NoSuchAlgorithmException {
+ mode = mode.toUpperCase();
++ int result;
+ if (mode.equals("ECB")) {
+- this.blockMode = MODE_ECB;
++ result = MODE_ECB;
+ } else if (mode.equals("CBC")) {
+ if (blockSize == 0) {
+ throw new NoSuchAlgorithmException
+ ("CBC mode not supported with stream ciphers");
+ }
+- this.blockMode = MODE_CBC;
++ result = MODE_CBC;
+ } else {
+ throw new NoSuchAlgorithmException("Unsupported mode " + mode);
+ }
++ return result;
+ }
+
+ // see JCE spec
+ protected void engineSetPadding(String padding)
+ throws NoSuchPaddingException {
+- if (padding.equalsIgnoreCase("NoPadding")) {
++ paddingObj = null;
++ padBuffer = null;
++ padding = padding.toUpperCase();
++ if (padding.equals("NOPADDING")) {
+ paddingType = PAD_NONE;
+- } else if (padding.equalsIgnoreCase("PKCS5Padding")) {
+- if (blockSize == 0) {
+- throw new NoSuchPaddingException
+- ("PKCS#5 padding not supported with stream ciphers");
+- }
++ } else if (padding.equals("PKCS5PADDING")) {
+ paddingType = PAD_PKCS5;
+- // XXX PKCS#5 not yet implemented
+- throw new NoSuchPaddingException("pkcs5");
++ if (mechanism != CKM_DES_CBC_PAD && mechanism != CKM_DES3_CBC_PAD &&
++ mechanism != CKM_AES_CBC_PAD) {
++ // no native padding support; use our own padding impl
++ paddingObj = new PKCS5Padding(blockSize);
++ padBuffer = new byte[blockSize];
++ }
+ } else {
+ throw new NoSuchPaddingException("Unsupported padding " + padding);
+ }
+@@ -174,7 +246,7 @@
+
+ // see JCE spec
+ protected byte[] engineGetIV() {
+- return (iv == null) ? null : (byte[])iv.clone();
++ return (iv == null) ? null : (byte[]) iv.clone();
+ }
+
+ // see JCE spec
+@@ -184,8 +256,9 @@
+ }
+ IvParameterSpec ivSpec = new IvParameterSpec(iv);
+ try {
+- AlgorithmParameters params = AlgorithmParameters.getInstance
+- (keyAlgorithm, P11Util.getSunJceProvider());
++ AlgorithmParameters params =
++ AlgorithmParameters.getInstance(keyAlgorithm,
++ P11Util.getSunJceProvider());
+ params.init(ivSpec);
+ return params;
+ } catch (GeneralSecurityException e) {
+@@ -209,38 +282,38 @@
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameterSpec params, SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+- byte[] iv;
++ byte[] ivValue;
+ if (params != null) {
+ if (params instanceof IvParameterSpec == false) {
+ throw new InvalidAlgorithmParameterException
+ ("Only IvParameterSpec supported");
+ }
+- IvParameterSpec ivSpec = (IvParameterSpec)params;
+- iv = ivSpec.getIV();
++ IvParameterSpec ivSpec = (IvParameterSpec) params;
++ ivValue = ivSpec.getIV();
+ } else {
+- iv = null;
++ ivValue = null;
+ }
+- implInit(opmode, key, iv, random);
++ implInit(opmode, key, ivValue, random);
+ }
+
+ // see JCE spec
+ protected void engineInit(int opmode, Key key, AlgorithmParameters params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+- byte[] iv;
++ byte[] ivValue;
+ if (params != null) {
+ try {
+ IvParameterSpec ivSpec = (IvParameterSpec)
+ params.getParameterSpec(IvParameterSpec.class);
+- iv = ivSpec.getIV();
++ ivValue = ivSpec.getIV();
+ } catch (InvalidParameterSpecException e) {
+ throw new InvalidAlgorithmParameterException
+ ("Could not decode IV", e);
+ }
+ } else {
+- iv = null;
++ ivValue = null;
+ }
+- implInit(opmode, key, iv, random);
++ implInit(opmode, key, ivValue, random);
+ }
+
+ // actual init() implementation
+@@ -249,31 +322,31 @@
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ cancelOperation();
+ switch (opmode) {
+- case Cipher.ENCRYPT_MODE:
+- encrypt = true;
+- break;
+- case Cipher.DECRYPT_MODE:
+- encrypt = false;
+- break;
+- default:
+- throw new InvalidAlgorithmParameterException
+- ("Unsupported mode: " + opmode);
++ case Cipher.ENCRYPT_MODE:
++ encrypt = true;
++ break;
++ case Cipher.DECRYPT_MODE:
++ encrypt = false;
++ break;
++ default:
++ throw new InvalidAlgorithmParameterException
++ ("Unsupported mode: " + opmode);
+ }
+ if (blockMode == MODE_ECB) { // ECB or stream cipher
+ if (iv != null) {
+ if (blockSize == 0) {
+ throw new InvalidAlgorithmParameterException
+- ("IV not used with stream ciphers");
++ ("IV not used with stream ciphers");
+ } else {
+ throw new InvalidAlgorithmParameterException
+- ("IV not used in ECB mode");
++ ("IV not used in ECB mode");
+ }
+ }
+ } else { // MODE_CBC
+ if (iv == null) {
+ if (encrypt == false) {
+ throw new InvalidAlgorithmParameterException
+- ("IV must be specified for decryption in CBC mode");
++ ("IV must be specified for decryption in CBC mode");
+ }
+ // generate random IV
+ if (random == null) {
+@@ -284,7 +357,7 @@
+ } else {
+ if (iv.length != blockSize) {
+ throw new InvalidAlgorithmParameterException
+- ("IV length must match block size");
++ ("IV length must match block size");
+ }
+ }
+ }
+@@ -330,63 +403,43 @@
+ session = token.getOpSession();
+ }
+ if (encrypt) {
+- token.p11.C_EncryptInit
+- (session.id(), new CK_MECHANISM(mechanism, iv), p11Key.keyID);
++ token.p11.C_EncryptInit(session.id(),
++ new CK_MECHANISM(mechanism, iv), p11Key.keyID);
+ } else {
+- token.p11.C_DecryptInit
+- (session.id(), new CK_MECHANISM(mechanism, iv), p11Key.keyID);
++ token.p11.C_DecryptInit(session.id(),
++ new CK_MECHANISM(mechanism, iv), p11Key.keyID);
+ }
+- bytesProcessed = 0;
++ bytesBuffered = 0;
++ padBufferLen = 0;
+ initialized = true;
+ }
+
+- // XXX the calculations below assume the PKCS#11 implementation is smart.
+- // conceivably, not all implementations are and we may need to estimate
+- // more conservatively
+-
+- private int bytesBuffered(int totalLen) {
+- if (paddingType == PAD_NONE) {
+- // with NoPadding, buffer only the current unfinished block
+- return totalLen & (blockSize - 1);
+- } else { // PKCS5
+- // with PKCS5Padding in decrypt mode, the buffer must never
+- // be empty. Buffer a full block instead of nothing.
+- int buffered = totalLen & (blockSize - 1);
+- if ((buffered == 0) && (encrypt == false)) {
+- buffered = blockSize;
+- }
+- return buffered;
+- }
More information about the distro-pkg-dev
mailing list