/hg/icedtea6: 2 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Wed Oct 8 23:56:02 UTC 2014
changeset 7e07169a1831 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=7e07169a1831
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Wed Oct 08 23:10:14 2014 +0100
Disable annotation race condition backport temporarily as causes crashes during bootstrap.
2014-10-08 Andrew John Hughes <gnu.andrew at redhat.com>
* Makefile.am:
(ICEDTEA_PATCHES): Disable annotation race
condition backport temporarily as causes
crashes during bootstrap.
changeset c125344ef224 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=c125344ef224
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Thu Oct 09 00:55:41 2014 +0100
Improve cryptography support.
S4963723: Implement SHA-224
S6578658: Request for raw RSA (NONEwithRSA) Signature support in SunMSCAPI
S6753664: Support SHA256 (and higher) in SunMSCAPI
S7033170: Cipher.getMaxAllowedKeyLength(String) throws NoSuchAlgorithmException
S7044060: Need to support NSA Suite B Cryptography algorithms
S7106773: 512 bits RSA key cannot work with SHA384 and SHA512
S7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
S8006935: Need to take care of long secret keys in HMAC/PRF compuation
S8049480: Current versions of Java can't verify jars signed and timestamped with Java 9
2014-10-08 Andrew John Hughes <gnu.andrew at redhat.com>
* Makefile.am:
(ICEDTEA_PATCHES): Add new patches.
* NEWS: Updated.
* patches/openjdk/4963723-implement_sha-224.patch,
* patches/openjdk/6578658-sunmscapi_nonewithrsa.patch,
* patches/openjdk/6753664-sunmscapi_sha-256.patch,
* patches/openjdk/7033170-getmaxallowedkeylength_throws_exception.patch,
* patches/openjdk/7044060-support_nsa_suite_b.patch,
* patches/openjdk/7106773-512_bits_rsa.patch,
* patches/openjdk/7180907-jarsigner_sha-256.patch,
* patches/openjdk/8006935-long_keys_in_hmac_prf.patch,
* patches/openjdk/8049480-jarsigner_openjdk_9.patch:
Backports to improve cryptography support.
diffstat:
ChangeLog | 23 +
Makefile.am | 13 +-
NEWS | 9 +
patches/openjdk/4963723-implement_sha-224.patch | 2334 +++++++
patches/openjdk/6578658-sunmscapi_nonewithrsa.patch | 602 +
patches/openjdk/6753664-sunmscapi_sha-256.patch | 640 +
patches/openjdk/7033170-getmaxallowedkeylength_throws_exception.patch | 117 +
patches/openjdk/7044060-support_nsa_suite_b.patch | 3223 ++++++++++
patches/openjdk/7106773-512_bits_rsa.patch | 1336 ++++
patches/openjdk/7180907-jarsigner_sha-256.patch | 142 +
patches/openjdk/8006935-long_keys_in_hmac_prf.patch | 41 +
patches/openjdk/8049480-jarsigner_openjdk_9.patch | 295 +
12 files changed, 8774 insertions(+), 1 deletions(-)
diffs (truncated from 8846 to 500 lines):
diff -r 251d55dd9268 -r c125344ef224 ChangeLog
--- a/ChangeLog Thu Oct 02 22:50:54 2014 +0100
+++ b/ChangeLog Thu Oct 09 00:55:41 2014 +0100
@@ -1,3 +1,26 @@
+2014-10-08 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Add new patches.
+ * NEWS: Updated.
+ * patches/openjdk/4963723-implement_sha-224.patch,
+ * patches/openjdk/6578658-sunmscapi_nonewithrsa.patch,
+ * patches/openjdk/6753664-sunmscapi_sha-256.patch,
+ * patches/openjdk/7033170-getmaxallowedkeylength_throws_exception.patch,
+ * patches/openjdk/7044060-support_nsa_suite_b.patch,
+ * patches/openjdk/7106773-512_bits_rsa.patch,
+ * patches/openjdk/7180907-jarsigner_sha-256.patch,
+ * patches/openjdk/8006935-long_keys_in_hmac_prf.patch,
+ * patches/openjdk/8049480-jarsigner_openjdk_9.patch:
+ Backports to improve cryptography support.
+
+2014-10-08 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Disable annotation race
+ condition backport temporarily as causes
+ crashes during bootstrap.
+
2014-10-02 Andrew John Hughes <gnu.andrew at redhat.com>
* Makefile.am:
diff -r 251d55dd9268 -r c125344ef224 Makefile.am
--- a/Makefile.am Thu Oct 02 22:50:54 2014 +0100
+++ b/Makefile.am Thu Oct 09 00:55:41 2014 +0100
@@ -618,7 +618,18 @@
patches/openjdk/6727719-performance_of_textlayout_getbounds.patch \
patches/openjdk/6745225-memory_leak_in_attributed_string.patch \
patches/openjdk/oj639-handle_fonts_with_no_canon_flag_set.patch \
- patches/openjdk/7122142-annotation_race_condition.patch
+ patches/openjdk/4963723-implement_sha-224.patch \
+ patches/openjdk/7180907-jarsigner_sha-256.patch \
+ patches/openjdk/8049480-jarsigner_openjdk_9.patch \
+ patches/openjdk/6753664-sunmscapi_sha-256.patch \
+ patches/openjdk/6578658-sunmscapi_nonewithrsa.patch \
+ patches/openjdk/7033170-getmaxallowedkeylength_throws_exception.patch \
+ patches/openjdk/7044060-support_nsa_suite_b.patch \
+ patches/openjdk/8006935-long_keys_in_hmac_prf.patch \
+ patches/openjdk/7106773-512_bits_rsa.patch
+
+# Temporarily disabled as causes crashes
+# patches/openjdk/7122142-annotation_race_condition.patch
if WITH_RHINO
ICEDTEA_PATCHES += \
diff -r 251d55dd9268 -r c125344ef224 NEWS
--- a/NEWS Thu Oct 02 22:50:54 2014 +0100
+++ b/NEWS Thu Oct 09 00:55:41 2014 +0100
@@ -15,14 +15,23 @@
New in release 1.14.0 (201X-XX-XX):
* Backports
+ - S4963723: Implement SHA-224
+ - S6578658: Request for raw RSA (NONEwithRSA) Signature support in SunMSCAPI
- S6611637: NullPointerException in sun.font.GlyphLayout$EngineRecord.init
- S6727719: Performance of TextLayout.getBounds()
- S6745225: Memory leak while drawing Attributed String
+ - S6753664: Support SHA256 (and higher) in SunMSCAPI
- S6904962: GlyphVector.getVisualBounds should not be affected by leading or trailing white space.
+ - S7033170: Cipher.getMaxAllowedKeyLength(String) throws NoSuchAlgorithmException
+ - S7044060: Need to support NSA Suite B Cryptography algorithms
+ - S7106773: 512 bits RSA key cannot work with SHA384 and SHA512
- S7122142: (ann) Race condition between isAnnotationPresent and getAnnotations
- S7151089: PS NUMA: NUMA allocator should not attempt to free pages when using SHM large pages
+ - S7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
+ - S8006935: Need to take care of long secret keys in HMAC/PRF compuation
- S8013057: Detect mmap() commit failures in Linux and Solaris os::commit_memory() impls and call vm_exit_out_of_memory()
- S8026887: Make issues due to failed large pages allocations easier to debug
+ - S8049480: Current versions of Java can't verify jars signed and timestamped with Java 9
- OJ39: Handle fonts with the non-canonical processing flag set
* Bug fixes
- PR1886: IcedTea does not checksum supplied tarballs
diff -r 251d55dd9268 -r c125344ef224 patches/openjdk/4963723-implement_sha-224.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/openjdk/4963723-implement_sha-224.patch Thu Oct 09 00:55:41 2014 +0100
@@ -0,0 +1,2334 @@
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java 2014-07-14 04:24:43.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java 2014-10-08 23:26:07.127607311 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -38,16 +38,16 @@
+ * This class constitutes the core of HMAC-<MD> algorithms, where
+ * <MD> can be SHA1 or MD5, etc.
+ *
+- * It also contains the implementation classes for the SHA-256,
++ * It also contains the implementation classes for SHA-224, SHA-256,
+ * SHA-384, and SHA-512 HMACs.
+ *
+ * @author Jan Luehe
+ */
+-final class HmacCore implements Cloneable {
++abstract class HmacCore extends MacSpi implements Cloneable {
+
+- private final MessageDigest md;
+- private final byte[] k_ipad; // inner padding - key XORd with ipad
+- private final byte[] k_opad; // outer padding - key XORd with opad
++ private MessageDigest md;
++ private byte[] k_ipad; // inner padding - key XORd with ipad
++ private byte[] k_opad; // outer padding - key XORd with opad
+ private boolean first; // Is this the first data to be processed?
+
+ private final int blockLen;
+@@ -73,22 +73,11 @@
+ }
+
+ /**
+- * Constructor used for cloning.
+- */
+- private HmacCore(HmacCore other) throws CloneNotSupportedException {
+- this.md = (MessageDigest)other.md.clone();
+- this.blockLen = other.blockLen;
+- this.k_ipad = (byte[])other.k_ipad.clone();
+- this.k_opad = (byte[])other.k_opad.clone();
+- this.first = other.first;
+- }
+-
+- /**
+ * Returns the length of the HMAC in bytes.
+ *
+ * @return the HMAC length in bytes.
+ */
+- int getDigestLength() {
++ protected int engineGetMacLength() {
+ return this.md.getDigestLength();
+ }
+
+@@ -103,9 +92,8 @@
+ * @exception InvalidAlgorithmParameterException if the given algorithm
+ * parameters are inappropriate for this MAC.
+ */
+- void init(Key key, AlgorithmParameterSpec params)
++ protected void engineInit(Key key, AlgorithmParameterSpec params)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+-
+ if (params != null) {
+ throw new InvalidAlgorithmParameterException
+ ("HMAC does not use parameters");
+@@ -140,7 +128,7 @@
+ Arrays.fill(secret, (byte)0);
+ secret = null;
+
+- reset();
++ engineReset();
+ }
+
+ /**
+@@ -148,7 +136,7 @@
+ *
+ * @param input the input byte to be processed.
+ */
+- void update(byte input) {
++ protected void engineUpdate(byte input) {
+ if (first == true) {
+ // compute digest for 1st pass; start with inner pad
+ md.update(k_ipad);
+@@ -167,7 +155,7 @@
+ * @param offset the offset in <code>input</code> where the input starts.
+ * @param len the number of bytes to process.
+ */
+- void update(byte input[], int offset, int len) {
++ protected void engineUpdate(byte input[], int offset, int len) {
+ if (first == true) {
+ // compute digest for 1st pass; start with inner pad
+ md.update(k_ipad);
+@@ -178,7 +166,13 @@
+ md.update(input, offset, len);
+ }
+
+- void update(ByteBuffer input) {
++ /**
++ * Processes the <code>input.remaining()</code> bytes in the ByteBuffer
++ * <code>input</code>.
++ *
++ * @param input the input byte buffer.
++ */
++ protected void engineUpdate(ByteBuffer input) {
+ if (first == true) {
+ // compute digest for 1st pass; start with inner pad
+ md.update(k_ipad);
+@@ -194,7 +188,7 @@
+ *
+ * @return the HMAC result.
+ */
+- byte[] doFinal() {
++ protected byte[] engineDoFinal() {
+ if (first == true) {
+ // compute digest for 1st pass; start with inner pad
+ md.update(k_ipad);
+@@ -223,7 +217,7 @@
+ * Resets the HMAC for further use, maintaining the secret key that the
+ * HMAC was initialized with.
+ */
+- void reset() {
++ protected void engineReset() {
+ if (first == false) {
+ md.reset();
+ first = true;
+@@ -234,118 +228,38 @@
+ * Clones this object.
+ */
+ public Object clone() throws CloneNotSupportedException {
+- return new HmacCore(this);
++ HmacCore copy = (HmacCore) super.clone();
++ copy.md = (MessageDigest) md.clone();
++ copy.k_ipad = k_ipad.clone();
++ copy.k_opad = k_opad.clone();
++ return copy;
++ }
++
++ // nested static class for the HmacSHA224 implementation
++ public static final class HmacSHA224 extends HmacCore {
++ public HmacSHA224() throws NoSuchAlgorithmException {
++ super("SHA-224", 64);
++ }
+ }
+
+ // nested static class for the HmacSHA256 implementation
+- public static final class HmacSHA256 extends MacSpi implements Cloneable {
+- private final HmacCore core;
++ public static final class HmacSHA256 extends HmacCore {
+ public HmacSHA256() throws NoSuchAlgorithmException {
+- SunJCE.ensureIntegrity(getClass());
+- core = new HmacCore("SHA-256", 64);
+- }
+- private HmacSHA256(HmacSHA256 base) throws CloneNotSupportedException {
+- core = (HmacCore)base.core.clone();
+- }
+- protected int engineGetMacLength() {
+- return core.getDigestLength();
+- }
+- protected void engineInit(Key key, AlgorithmParameterSpec params)
+- throws InvalidKeyException, InvalidAlgorithmParameterException {
+- core.init(key, params);
+- }
+- protected void engineUpdate(byte input) {
+- core.update(input);
+- }
+- protected void engineUpdate(byte input[], int offset, int len) {
+- core.update(input, offset, len);
+- }
+- protected void engineUpdate(ByteBuffer input) {
+- core.update(input);
+- }
+- protected byte[] engineDoFinal() {
+- return core.doFinal();
+- }
+- protected void engineReset() {
+- core.reset();
+- }
+- public Object clone() throws CloneNotSupportedException {
+- return new HmacSHA256(this);
++ super("SHA-256", 64);
+ }
+ }
+
+ // nested static class for the HmacSHA384 implementation
+- public static final class HmacSHA384 extends MacSpi implements Cloneable {
+- private final HmacCore core;
++ public static final class HmacSHA384 extends HmacCore {
+ public HmacSHA384() throws NoSuchAlgorithmException {
+- SunJCE.ensureIntegrity(getClass());
+- core = new HmacCore("SHA-384", 128);
+- }
+- private HmacSHA384(HmacSHA384 base) throws CloneNotSupportedException {
+- core = (HmacCore)base.core.clone();
+- }
+- protected int engineGetMacLength() {
+- return core.getDigestLength();
+- }
+- protected void engineInit(Key key, AlgorithmParameterSpec params)
+- throws InvalidKeyException, InvalidAlgorithmParameterException {
+- core.init(key, params);
+- }
+- protected void engineUpdate(byte input) {
+- core.update(input);
+- }
+- protected void engineUpdate(byte input[], int offset, int len) {
+- core.update(input, offset, len);
+- }
+- protected void engineUpdate(ByteBuffer input) {
+- core.update(input);
+- }
+- protected byte[] engineDoFinal() {
+- return core.doFinal();
+- }
+- protected void engineReset() {
+- core.reset();
+- }
+- public Object clone() throws CloneNotSupportedException {
+- return new HmacSHA384(this);
++ super("SHA-384", 128);
+ }
+ }
+
+ // nested static class for the HmacSHA512 implementation
+- public static final class HmacSHA512 extends MacSpi implements Cloneable {
+- private final HmacCore core;
++ public static final class HmacSHA512 extends HmacCore {
+ public HmacSHA512() throws NoSuchAlgorithmException {
+- SunJCE.ensureIntegrity(getClass());
+- core = new HmacCore("SHA-512", 128);
+- }
+- private HmacSHA512(HmacSHA512 base) throws CloneNotSupportedException {
+- core = (HmacCore)base.core.clone();
+- }
+- protected int engineGetMacLength() {
+- return core.getDigestLength();
+- }
+- protected void engineInit(Key key, AlgorithmParameterSpec params)
+- throws InvalidKeyException, InvalidAlgorithmParameterException {
+- core.init(key, params);
+- }
+- protected void engineUpdate(byte input) {
+- core.update(input);
+- }
+- protected void engineUpdate(byte input[], int offset, int len) {
+- core.update(input, offset, len);
+- }
+- protected void engineUpdate(ByteBuffer input) {
+- core.update(input);
+- }
+- protected byte[] engineDoFinal() {
+- return core.doFinal();
+- }
+- protected void engineReset() {
+- core.reset();
+- }
+- public Object clone() throws CloneNotSupportedException {
+- return new HmacSHA512(this);
++ super("SHA-512", 128);
+ }
+ }
+-
+ }
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java 2014-07-14 04:24:43.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java 2014-10-08 23:26:07.127607311 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -37,11 +37,7 @@
+ *
+ * @author Jan Luehe
+ */
+-public final class HmacMD5 extends MacSpi implements Cloneable {
+-
+- private HmacCore hmac;
+- private static final int MD5_BLOCK_LENGTH = 64;
+-
++public final class HmacMD5 extends HmacCore {
+ /**
+ * Standard constructor, creates a new HmacMD5 instance.
+ * Verify the SunJCE provider in the constructor.
+@@ -50,92 +46,6 @@
+ * its own integrity
+ */
+ public HmacMD5() throws NoSuchAlgorithmException {
+- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
+- throw new SecurityException("The SunJCE provider may have " +
+- "been tampered.");
+- }
+- hmac = new HmacCore(MessageDigest.getInstance("MD5"),
+- MD5_BLOCK_LENGTH);
+- }
+-
+- /**
+- * Returns the length of the HMAC in bytes.
+- *
+- * @return the HMAC length in bytes.
+- */
+- protected int engineGetMacLength() {
+- return hmac.getDigestLength();
+- }
+-
+- /**
+- * Initializes the HMAC with the given secret key and algorithm parameters.
+- *
+- * @param key the secret key.
+- * @param params the algorithm parameters.
+- *
+- * @exception InvalidKeyException if the given key is inappropriate for
+- * initializing this MAC.
+- * @exception InvalidAlgorithmParameterException if the given algorithm
+- * parameters are inappropriate for this MAC.
+- */
+- protected void engineInit(Key key, AlgorithmParameterSpec params)
+- throws InvalidKeyException, InvalidAlgorithmParameterException {
+- hmac.init(key, params);
+- }
+-
+- /**
+- * Processes the given byte.
+- *
+- * @param input the input byte to be processed.
+- */
+- protected void engineUpdate(byte input) {
+- hmac.update(input);
+- }
+-
+- /**
+- * Processes the first <code>len</code> bytes in <code>input</code>,
+- * starting at <code>offset</code>.
+- *
+- * @param input the input buffer.
+- * @param offset the offset in <code>input</code> where the input starts.
+- * @param len the number of bytes to process.
+- */
+- protected void engineUpdate(byte input[], int offset, int len) {
+- hmac.update(input, offset, len);
+- }
+-
+- protected void engineUpdate(ByteBuffer input) {
+- hmac.update(input);
+- }
+-
+- /**
+- * Completes the HMAC computation and resets the HMAC for further use,
+- * maintaining the secret key that the HMAC was initialized with.
+- *
+- * @return the HMAC result.
+- */
+- protected byte[] engineDoFinal() {
+- return hmac.doFinal();
+- }
+-
+- /**
+- * Resets the HMAC for further use, maintaining the secret key that the
+- * HMAC was initialized with.
+- */
+- protected void engineReset() {
+- hmac.reset();
+- }
+-
+- /*
+- * Clones this object.
+- */
+- public Object clone() {
+- HmacMD5 that = null;
+- try {
+- that = (HmacMD5) super.clone();
+- that.hmac = (HmacCore) this.hmac.clone();
+- } catch (CloneNotSupportedException e) {
+- }
+- return that;
++ super("MD5", 64);
+ }
+ }
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java 2014-07-14 04:24:43.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java 2014-10-08 23:26:07.127607311 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -41,10 +41,7 @@
+ *
+ * @author Valerie Peng
+ */
+-public final class HmacPKCS12PBESHA1 extends MacSpi implements Cloneable {
+-
+- private HmacCore hmac = null;
+- private static final int SHA1_BLOCK_LENGTH = 64;
++public final class HmacPKCS12PBESHA1 extends HmacCore {
+
+ /**
+ * Standard constructor, creates a new HmacSHA1 instance.
+@@ -54,18 +51,7 @@
+ * its own integrity
+ */
+ public HmacPKCS12PBESHA1() throws NoSuchAlgorithmException {
+- SunJCE.ensureIntegrity(this.getClass());
+- this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"),
+- SHA1_BLOCK_LENGTH);
+- }
+-
+- /**
+- * Returns the length of the HMAC in bytes.
+- *
+- * @return the HMAC length in bytes.
More information about the distro-pkg-dev
mailing list