/hg/release/icedtea6-1.13: 8 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Oct 14 20:43:05 UTC 2014
changeset 436ae6447fa2 in /hg/release/icedtea6-1.13
details: http://icedtea.classpath.org/hg/release/icedtea6-1.13?cmd=changeset;node=436ae6447fa2
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Wed Oct 08 17:23:59 2014 +0100
Bump to next version, b33.
2014-07-30 Andrew John Hughes <gnu.andrew at redhat.com>
* Makefile.am:
(OPENJDK_VERSION): Bump to next release, b33.
changeset 04c718dce7b6 in /hg/release/icedtea6-1.13
details: http://icedtea.classpath.org/hg/release/icedtea6-1.13?cmd=changeset;node=04c718dce7b6
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Wed Jul 30 16:17:30 2014 +0100
Drop upstreamed patch.
2014-07-30 Andrew John Hughes <gnu.andrew at redhat.com>
* patches/openjdk/8010213-set_socketoptions_windows.patch:
Remove upstreamed patch.
* Makefile.am:
(ICEDTEA_PATCHES): Drop upstreamed patch.
changeset 34ab3ceed7cb in /hg/release/icedtea6-1.13
details: http://icedtea.classpath.org/hg/release/icedtea6-1.13?cmd=changeset;node=34ab3ceed7cb
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Wed Oct 08 19:38:54 2014 +0100
Update to b33.
2014-10-08 Andrew John Hughes <gnu.andrew at redhat.com>
* patches/openjdk/7027300-unsync_hashmap_causes_endless_loop.patch,
* patches/openjdk/7183251-netbeans_renders_text_wrong.patch,
* patches/openjdk/oj639-handle_fonts_with_no_canon_flag_set.patch:
Remove upstreamed patches.
* Makefile.am:
(OPENJDK_DATE): Bump to security update release date, 14th of October.
(OPENJDK_SHA256SUM): Update for b33 tarball.
(ICEDTEA_PATCHES): Drop above patches.
* NEWS: Add fixes from b33.
* patches/openjdk/6816311-compiler_name.patch:
Remove windows.h fragments added in OPENJDK6-41.
* patches/openjdk/p11cipher-6812738-native_cleanup.patch:
Remove fragment added by security update.
changeset 42669b895e22 in /hg/release/icedtea6-1.13
details: http://icedtea.classpath.org/hg/release/icedtea6-1.13?cmd=changeset;node=42669b895e22
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Thu Oct 09 02:25:23 2014 +0100
Improve cryptography support.
S4963723: Implement SHA-224
S6578658: Request for raw RSA (NONEwithRSA) Signature support in SunMSCAPI
S6753664: Support SHA256 (and higher) in SunMSCAPI
S7033170: Cipher.getMaxAllowedKeyLength(String) throws NoSuchAlgorithmException
S7044060: Need to support NSA Suite B Cryptography algorithms
S7106773: 512 bits RSA key cannot work with SHA384 and SHA512
S7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
S8006935: Need to take care of long secret keys in HMAC/PRF compuation
S8049480: Current versions of Java can't verify jars signed and timestamped with Java 9
2014-10-08 Andrew John Hughes <gnu.andrew at redhat.com>
* Makefile.am:
(ICEDTEA_PATCHES): Add new patches.
* NEWS: Updated.
* patches/openjdk/4963723-implement_sha-224.patch,
* patches/openjdk/6578658-sunmscapi_nonewithrsa.patch,
* patches/openjdk/6753664-sunmscapi_sha-256.patch,
* patches/openjdk/7033170-getmaxallowedkeylength_throws_exception.patch,
* patches/openjdk/7044060-support_nsa_suite_b.patch,
* patches/openjdk/7106773-512_bits_rsa.patch,
* patches/openjdk/7180907-jarsigner_sha-256.patch,
* patches/openjdk/8006935-long_keys_in_hmac_prf.patch,
* patches/openjdk/8049480-jarsigner_openjdk_9.patch:
Backports to improve cryptography support.
changeset 47eca861f17f in /hg/release/icedtea6-1.13
details: http://icedtea.classpath.org/hg/release/icedtea6-1.13?cmd=changeset;node=47eca861f17f
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Thu Oct 09 02:28:51 2014 +0100
PR1904: [REGRESSION] Bug reports now lack IcedTea version & distribution packaging information
2014-10-09 Andrew John Hughes <gnu.andrew at redhat.com>
* Makefile.am:
(ICEDTEA_PATCHES): Add new patch.
* NEWS: Updated.
* patches/pr1904-icedtea_and_distro_versioning.patch:
Backport of versioning fix from IcedTea 2.x.
changeset a934b804b555 in /hg/release/icedtea6-1.13
details: http://icedtea.classpath.org/hg/release/icedtea6-1.13?cmd=changeset;node=a934b804b555
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Thu Oct 09 02:30:41 2014 +0100
S8017173, PR1688: XMLCipher with RSA_OAEP Key Transport algorithm can't be instantiated
2014-10-09 Andrew John Hughes <gnu.andrew at redhat.com>
* Makefile.am:
(ICEDTEA_PATCHES): Add new patch.
* NEWS: Updated.
* patches/openjdk/8017173-xml_cipher_rsa_oaep_cant_be_instantiated.patch:
Backport of regression fix from 7u for PR1688.
changeset 97f32768dcad in /hg/release/icedtea6-1.13
details: http://icedtea.classpath.org/hg/release/icedtea6-1.13?cmd=changeset;node=97f32768dcad
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Thu Oct 09 01:42:05 2014 +0100
PR1967: Move to new OpenJDK bug URL format
2014-08-29 Andrew John Hughes <gnu.andrew at member.fsf.org>
* NEWS: Update OpenJDK bug URL.
changeset b2b4346dbdf5 in /hg/release/icedtea6-1.13
details: http://icedtea.classpath.org/hg/release/icedtea6-1.13?cmd=changeset;node=b2b4346dbdf5
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Thu Oct 09 03:06:40 2014 +0100
Prepare for 1.13.5 release.
2014-10-09 Andrew John Hughes <gnu.andrew at redhat.com>
* configure.ac: Bump to 1.13.5.
diffstat:
ChangeLog | 68 +
Makefile.am | 21 +-
NEWS | 58 +-
configure.ac | 2 +-
patches/openjdk/4963723-implement_sha-224.patch | 2334 +++++++
patches/openjdk/6578658-sunmscapi_nonewithrsa.patch | 602 +
patches/openjdk/6753664-sunmscapi_sha-256.patch | 640 +
patches/openjdk/6816311-compiler_name.patch | 49 +-
patches/openjdk/7027300-unsync_hashmap_causes_endless_loop.patch | 33 -
patches/openjdk/7033170-getmaxallowedkeylength_throws_exception.patch | 117 +
patches/openjdk/7044060-support_nsa_suite_b.patch | 3223 ++++++++++
patches/openjdk/7106773-512_bits_rsa.patch | 1336 ++++
patches/openjdk/7180907-jarsigner_sha-256.patch | 142 +
patches/openjdk/7183251-netbeans_renders_text_wrong.patch | 24 -
patches/openjdk/8006935-long_keys_in_hmac_prf.patch | 41 +
patches/openjdk/8010213-set_socketoptions_windows.patch | 29 -
patches/openjdk/8017173-xml_cipher_rsa_oaep_cant_be_instantiated.patch | 69 +
patches/openjdk/8049480-jarsigner_openjdk_9.patch | 295 +
patches/openjdk/oj639-handle_fonts_with_no_canon_flag_set.patch | 347 -
patches/openjdk/p11cipher-6812738-native_cleanup.patch | 62 +-
patches/pr1904-icedtea_and_distro_versioning.patch | 65 +
21 files changed, 9040 insertions(+), 517 deletions(-)
diffs (truncated from 9812 to 500 lines):
diff -r b50966a1ef00 -r b2b4346dbdf5 ChangeLog
--- a/ChangeLog Wed Jul 30 20:16:29 2014 +0100
+++ b/ChangeLog Thu Oct 09 03:06:40 2014 +0100
@@ -1,3 +1,71 @@
+2014-10-09 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * configure.ac: Bump to 1.13.5.
+
+2014-08-29 Andrew John Hughes <gnu.andrew at member.fsf.org>
+
+ * NEWS: Update OpenJDK bug URL.
+
+2014-10-09 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Add new patch.
+ * NEWS: Updated.
+ * patches/openjdk/8017173-xml_cipher_rsa_oaep_cant_be_instantiated.patch:
+ Backport of regression fix from 7u for PR1688.
+
+2014-10-09 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Add new patch.
+ * NEWS: Updated.
+ * patches/pr1904-icedtea_and_distro_versioning.patch:
+ Backport of versioning fix from IcedTea 2.x.
+
+2014-10-08 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Add new patches.
+ * NEWS: Updated.
+ * patches/openjdk/4963723-implement_sha-224.patch,
+ * patches/openjdk/6578658-sunmscapi_nonewithrsa.patch,
+ * patches/openjdk/6753664-sunmscapi_sha-256.patch,
+ * patches/openjdk/7033170-getmaxallowedkeylength_throws_exception.patch,
+ * patches/openjdk/7044060-support_nsa_suite_b.patch,
+ * patches/openjdk/7106773-512_bits_rsa.patch,
+ * patches/openjdk/7180907-jarsigner_sha-256.patch,
+ * patches/openjdk/8006935-long_keys_in_hmac_prf.patch,
+ * patches/openjdk/8049480-jarsigner_openjdk_9.patch:
+ Backports to improve cryptography support.
+
+2014-10-08 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * patches/openjdk/7027300-unsync_hashmap_causes_endless_loop.patch,
+ * patches/openjdk/7183251-netbeans_renders_text_wrong.patch,
+ * patches/openjdk/oj639-handle_fonts_with_no_canon_flag_set.patch:
+ Remove upstreamed patches.
+ * Makefile.am:
+ (OPENJDK_DATE): Bump to security update release date, 14th of October.
+ (OPENJDK_SHA256SUM): Update for b33 tarball.
+ (ICEDTEA_PATCHES): Drop above patches.
+ * NEWS: Add fixes from b33.
+ * patches/openjdk/6816311-compiler_name.patch:
+ Remove windows.h fragments added in OPENJDK6-41.
+ * patches/openjdk/p11cipher-6812738-native_cleanup.patch:
+ Remove fragment added by security update.
+
+2014-07-30 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * patches/openjdk/8010213-set_socketoptions_windows.patch:
+ Remove upstreamed patch.
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Drop upstreamed patch.
+
+2014-07-30 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * Makefile.am:
+ (OPENJDK_VERSION): Bump to next release, b33.
+
2014-07-28 Andrew John Hughes <gnu.andrew at redhat.com>
OJ39: Handle fonts with the non-canonical
diff -r b50966a1ef00 -r b2b4346dbdf5 Makefile.am
--- a/Makefile.am Wed Jul 30 20:16:29 2014 +0100
+++ b/Makefile.am Thu Oct 09 03:06:40 2014 +0100
@@ -1,8 +1,8 @@
# Dependencies
-OPENJDK_DATE = 15_jul_2014
-OPENJDK_SHA256SUM = 9a5ad1b599953baac1b6b34189b9487ac5dcdb367aac5cc0aa5aa49700e73871
-OPENJDK_VERSION = b32
+OPENJDK_DATE = 14_oct_2014
+OPENJDK_SHA256SUM = cabc35587a90fa81edd8ba8537c0454348c37456de27e407bbb66d52031a1293
+OPENJDK_VERSION = b33
OPENJDK_URL = https://java.net/downloads/openjdk6/
CACAO_VERSION = 68fe50ac34ec
@@ -496,7 +496,6 @@
patches/openjdk/8009165-inappropriate_method_in_reflectutil.patch \
patches/openjdk/8009217-fix_test_compile.patch \
patches/openjdk/8009610-blacklist_malware_certificate.patch \
- patches/openjdk/8010213-set_socketoptions_windows.patch \
patches/openjdk/8010714-xml_dsig_retrievalmethod.patch \
patches/openjdk/8011154-awt_regression.patch \
patches/openjdk/8011313-OCSP_timeout_wrong_value.patch \
@@ -608,9 +607,17 @@
patches/shark_fixes_from_8003868.patch \
patches/8003992_support_6.patch \
patches/shark-drop_compile_method_arg_following_7083786.patch \
- patches/openjdk/7027300-unsync_hashmap_causes_endless_loop.patch \
- patches/openjdk/7183251-netbeans_renders_text_wrong.patch \
- patches/openjdk/oj639-handle_fonts_with_no_canon_flag_set.patch
+ patches/openjdk/4963723-implement_sha-224.patch \
+ patches/openjdk/7180907-jarsigner_sha-256.patch \
+ patches/openjdk/8049480-jarsigner_openjdk_9.patch \
+ patches/openjdk/6753664-sunmscapi_sha-256.patch \
+ patches/openjdk/6578658-sunmscapi_nonewithrsa.patch \
+ patches/openjdk/7033170-getmaxallowedkeylength_throws_exception.patch \
+ patches/openjdk/7044060-support_nsa_suite_b.patch \
+ patches/openjdk/8006935-long_keys_in_hmac_prf.patch \
+ patches/openjdk/7106773-512_bits_rsa.patch \
+ patches/pr1904-icedtea_and_distro_versioning.patch \
+ patches/openjdk/8017173-xml_cipher_rsa_oaep_cant_be_instantiated.patch
if WITH_RHINO
ICEDTEA_PATCHES += \
diff -r b50966a1ef00 -r b2b4346dbdf5 NEWS
--- a/NEWS Wed Jul 30 20:16:29 2014 +0100
+++ b/NEWS Thu Oct 09 03:06:40 2014 +0100
@@ -1,6 +1,6 @@
Key:
-SX - http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=X
+SX - https://bugs.openjdk.java.net/browse/JDK-X
PRX - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=X
RHX - https://bugzilla.redhat.com/show_bug.cgi?id=X
DX - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=X
@@ -12,10 +12,62 @@
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-New in release 1.13.5 (2014-10-YY):
+New in release 1.13.5 (2014-10-14):
-* Backports
+* Security fixes
+ - S8015256: Better class accessibility
+ - S8022783, CVE-2014-6504: Optimize C2 optimizations
+ - S8035162: Service printing service
+ - S8035781: Improve equality for annotations
+ - S8036805: Correct linker method lookup.
+ - S8036810: Correct linker field lookup
+ - S8037066, CVE-2014-6457: Secure transport layer
+ - S8037846, CVE-2014-6558: Ensure streaming of input cipher streams
+ - S8038899: Safer safepoints
+ - S8038903: More native monitor monitoring
+ - S8038908: Make Signature more robust
+ - S8038913: Bolster XML support
+ - S8039509, CVE-2014-6512: Wrap sockets more thoroughly
+ - S8039533, CVE-2014-6517: Higher resolution resolvers
+ - S8041540, CVE-2014-6511: Better use of pages in font processing
+ - S8041545: Better validation of generated rasters
+ - S8041564, CVE-2014-6506: Improved management of logger resources
+ - S8041717, CVE-2014-6519: Issue with class file parser
+ - S8042609, CVE-2014-6513: Limit splashiness of splash images
+ - S8042797, CVE-2014-6502: Avoid strawberries in LogRecord
+ - S8044274, CVE-2014-6531: Proper property processing
+* Import of OpenJDK6 b33
+ - OJ37: OpenJDK6-b32 cannot be built on Windows
- OJ39: Handle fonts with the non-canonical processing flag set
+ - OJ41: OpenJDK6 should be compatible with Windows SDK 7.1
+ - OJ42: Remove @Override annotation on interfaces added by 2014/10/14 security fixes.
+ - S6967684: httpserver using a non thread-safe SimpleDateFormat
+ - S7033534: Two tests fail just against jdk7 b136
+ - S7160837: DigestOutputStream does not turn off digest calculation when "close()" is called
+ - S7172149: ArrayIndexOutOfBoundsException from Signature.verify
+ - S8010213: Some api/javax_net/SocketFactory tests fail in 7u25 nightly build
+ - S8012637: Adjust CipherInputStream class to work in AEAD/GCM mode
+ - S8028192: Use of PKCS11-NSS provider in FIPS mode broken
+ - S8038000: java.awt.image.RasterFormatException: Incorrect scanline stride
+ - S8039396: NPE when writing a class descriptor object to a custom ObjectOutputStream
+ - S8042603: 'SafepointPollOffset' was not declared in static member function 'static bool Arguments::check_vm_args_consistency()'
+ - S8042850: Extra unused entries in ICU ScriptCodes enum
+ - S8052162: REGRESSION: sun/java2d/cmm/ColorConvertOp tests fail since 7u71 b01
+ - S8053963: (dc) Use DatagramChannel.receive() instead of read() in connect()
+ * Backports
+ - S4963723: Implement SHA-224
+ - S6578658: Request for raw RSA (NONEwithRSA) Signature support in SunMSCAPI
+ - S6753664: Support SHA256 (and higher) in SunMSCAPI
+ - S7033170: Cipher.getMaxAllowedKeyLength(String) throws NoSuchAlgorithmException
+ - S7044060: Need to support NSA Suite B Cryptography algorithms
+ - S7106773: 512 bits RSA key cannot work with SHA384 and SHA512
+ - S7180907: Jarsigner -verify fails if rsa file used sha-256 with authenticated attributes
+ - S8006935: Need to take care of long secret keys in HMAC/PRF compuation
+ - S8017173, PR1688: XMLCipher with RSA_OAEP Key Transport algorithm can't be instantiated
+ - S8049480: Current versions of Java can't verify jars signed and timestamped with Java 9
+* Bug fixes
+ - PR1904: [REGRESSION] Bug reports now lack IcedTea version & distribution packaging information
+ - PR1967: Move to new OpenJDK bug URL format
New in release 1.13.4 (2014-07-15):
diff -r b50966a1ef00 -r b2b4346dbdf5 configure.ac
--- a/configure.ac Wed Jul 30 20:16:29 2014 +0100
+++ b/configure.ac Thu Oct 09 03:06:40 2014 +0100
@@ -1,4 +1,4 @@
-AC_INIT([icedtea6],[1.13.5pre],[distro-pkg-dev at openjdk.java.net])
+AC_INIT([icedtea6],[1.13.5],[distro-pkg-dev at openjdk.java.net])
AC_CANONICAL_HOST
AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
diff -r b50966a1ef00 -r b2b4346dbdf5 patches/openjdk/4963723-implement_sha-224.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/openjdk/4963723-implement_sha-224.patch Thu Oct 09 03:06:40 2014 +0100
@@ -0,0 +1,2334 @@
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java 2014-07-14 04:24:43.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java 2014-10-08 23:26:07.127607311 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -38,16 +38,16 @@
+ * This class constitutes the core of HMAC-<MD> algorithms, where
+ * <MD> can be SHA1 or MD5, etc.
+ *
+- * It also contains the implementation classes for the SHA-256,
++ * It also contains the implementation classes for SHA-224, SHA-256,
+ * SHA-384, and SHA-512 HMACs.
+ *
+ * @author Jan Luehe
+ */
+-final class HmacCore implements Cloneable {
++abstract class HmacCore extends MacSpi implements Cloneable {
+
+- private final MessageDigest md;
+- private final byte[] k_ipad; // inner padding - key XORd with ipad
+- private final byte[] k_opad; // outer padding - key XORd with opad
++ private MessageDigest md;
++ private byte[] k_ipad; // inner padding - key XORd with ipad
++ private byte[] k_opad; // outer padding - key XORd with opad
+ private boolean first; // Is this the first data to be processed?
+
+ private final int blockLen;
+@@ -73,22 +73,11 @@
+ }
+
+ /**
+- * Constructor used for cloning.
+- */
+- private HmacCore(HmacCore other) throws CloneNotSupportedException {
+- this.md = (MessageDigest)other.md.clone();
+- this.blockLen = other.blockLen;
+- this.k_ipad = (byte[])other.k_ipad.clone();
+- this.k_opad = (byte[])other.k_opad.clone();
+- this.first = other.first;
+- }
+-
+- /**
+ * Returns the length of the HMAC in bytes.
+ *
+ * @return the HMAC length in bytes.
+ */
+- int getDigestLength() {
++ protected int engineGetMacLength() {
+ return this.md.getDigestLength();
+ }
+
+@@ -103,9 +92,8 @@
+ * @exception InvalidAlgorithmParameterException if the given algorithm
+ * parameters are inappropriate for this MAC.
+ */
+- void init(Key key, AlgorithmParameterSpec params)
++ protected void engineInit(Key key, AlgorithmParameterSpec params)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+-
+ if (params != null) {
+ throw new InvalidAlgorithmParameterException
+ ("HMAC does not use parameters");
+@@ -140,7 +128,7 @@
+ Arrays.fill(secret, (byte)0);
+ secret = null;
+
+- reset();
++ engineReset();
+ }
+
+ /**
+@@ -148,7 +136,7 @@
+ *
+ * @param input the input byte to be processed.
+ */
+- void update(byte input) {
++ protected void engineUpdate(byte input) {
+ if (first == true) {
+ // compute digest for 1st pass; start with inner pad
+ md.update(k_ipad);
+@@ -167,7 +155,7 @@
+ * @param offset the offset in <code>input</code> where the input starts.
+ * @param len the number of bytes to process.
+ */
+- void update(byte input[], int offset, int len) {
++ protected void engineUpdate(byte input[], int offset, int len) {
+ if (first == true) {
+ // compute digest for 1st pass; start with inner pad
+ md.update(k_ipad);
+@@ -178,7 +166,13 @@
+ md.update(input, offset, len);
+ }
+
+- void update(ByteBuffer input) {
++ /**
++ * Processes the <code>input.remaining()</code> bytes in the ByteBuffer
++ * <code>input</code>.
++ *
++ * @param input the input byte buffer.
++ */
++ protected void engineUpdate(ByteBuffer input) {
+ if (first == true) {
+ // compute digest for 1st pass; start with inner pad
+ md.update(k_ipad);
+@@ -194,7 +188,7 @@
+ *
+ * @return the HMAC result.
+ */
+- byte[] doFinal() {
++ protected byte[] engineDoFinal() {
+ if (first == true) {
+ // compute digest for 1st pass; start with inner pad
+ md.update(k_ipad);
+@@ -223,7 +217,7 @@
+ * Resets the HMAC for further use, maintaining the secret key that the
+ * HMAC was initialized with.
+ */
+- void reset() {
++ protected void engineReset() {
+ if (first == false) {
+ md.reset();
+ first = true;
+@@ -234,118 +228,38 @@
+ * Clones this object.
+ */
+ public Object clone() throws CloneNotSupportedException {
+- return new HmacCore(this);
++ HmacCore copy = (HmacCore) super.clone();
++ copy.md = (MessageDigest) md.clone();
++ copy.k_ipad = k_ipad.clone();
++ copy.k_opad = k_opad.clone();
++ return copy;
++ }
++
++ // nested static class for the HmacSHA224 implementation
++ public static final class HmacSHA224 extends HmacCore {
++ public HmacSHA224() throws NoSuchAlgorithmException {
++ super("SHA-224", 64);
++ }
+ }
+
+ // nested static class for the HmacSHA256 implementation
+- public static final class HmacSHA256 extends MacSpi implements Cloneable {
+- private final HmacCore core;
++ public static final class HmacSHA256 extends HmacCore {
+ public HmacSHA256() throws NoSuchAlgorithmException {
+- SunJCE.ensureIntegrity(getClass());
+- core = new HmacCore("SHA-256", 64);
+- }
+- private HmacSHA256(HmacSHA256 base) throws CloneNotSupportedException {
+- core = (HmacCore)base.core.clone();
+- }
+- protected int engineGetMacLength() {
+- return core.getDigestLength();
+- }
+- protected void engineInit(Key key, AlgorithmParameterSpec params)
+- throws InvalidKeyException, InvalidAlgorithmParameterException {
+- core.init(key, params);
+- }
+- protected void engineUpdate(byte input) {
+- core.update(input);
+- }
+- protected void engineUpdate(byte input[], int offset, int len) {
+- core.update(input, offset, len);
+- }
+- protected void engineUpdate(ByteBuffer input) {
+- core.update(input);
+- }
+- protected byte[] engineDoFinal() {
+- return core.doFinal();
+- }
+- protected void engineReset() {
+- core.reset();
+- }
+- public Object clone() throws CloneNotSupportedException {
+- return new HmacSHA256(this);
++ super("SHA-256", 64);
+ }
+ }
+
+ // nested static class for the HmacSHA384 implementation
+- public static final class HmacSHA384 extends MacSpi implements Cloneable {
+- private final HmacCore core;
++ public static final class HmacSHA384 extends HmacCore {
+ public HmacSHA384() throws NoSuchAlgorithmException {
+- SunJCE.ensureIntegrity(getClass());
+- core = new HmacCore("SHA-384", 128);
+- }
+- private HmacSHA384(HmacSHA384 base) throws CloneNotSupportedException {
+- core = (HmacCore)base.core.clone();
+- }
+- protected int engineGetMacLength() {
+- return core.getDigestLength();
+- }
+- protected void engineInit(Key key, AlgorithmParameterSpec params)
+- throws InvalidKeyException, InvalidAlgorithmParameterException {
+- core.init(key, params);
+- }
+- protected void engineUpdate(byte input) {
+- core.update(input);
+- }
+- protected void engineUpdate(byte input[], int offset, int len) {
+- core.update(input, offset, len);
+- }
+- protected void engineUpdate(ByteBuffer input) {
+- core.update(input);
+- }
+- protected byte[] engineDoFinal() {
+- return core.doFinal();
+- }
+- protected void engineReset() {
+- core.reset();
+- }
+- public Object clone() throws CloneNotSupportedException {
+- return new HmacSHA384(this);
++ super("SHA-384", 128);
+ }
+ }
+
+ // nested static class for the HmacSHA512 implementation
+- public static final class HmacSHA512 extends MacSpi implements Cloneable {
+- private final HmacCore core;
++ public static final class HmacSHA512 extends HmacCore {
+ public HmacSHA512() throws NoSuchAlgorithmException {
+- SunJCE.ensureIntegrity(getClass());
+- core = new HmacCore("SHA-512", 128);
+- }
+- private HmacSHA512(HmacSHA512 base) throws CloneNotSupportedException {
+- core = (HmacCore)base.core.clone();
+- }
+- protected int engineGetMacLength() {
+- return core.getDigestLength();
+- }
+- protected void engineInit(Key key, AlgorithmParameterSpec params)
+- throws InvalidKeyException, InvalidAlgorithmParameterException {
+- core.init(key, params);
+- }
+- protected void engineUpdate(byte input) {
+- core.update(input);
+- }
+- protected void engineUpdate(byte input[], int offset, int len) {
+- core.update(input, offset, len);
+- }
+- protected void engineUpdate(ByteBuffer input) {
+- core.update(input);
+- }
+- protected byte[] engineDoFinal() {
+- return core.doFinal();
+- }
+- protected void engineReset() {
+- core.reset();
+- }
+- public Object clone() throws CloneNotSupportedException {
+- return new HmacSHA512(this);
++ super("SHA-512", 128);
+ }
+ }
+-
+ }
+diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java
+--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java 2014-07-14 04:24:43.000000000 +0100
++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java 2014-10-08 23:26:07.127607311 +0100
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -37,11 +37,7 @@
+ *
+ * @author Jan Luehe
+ */
+-public final class HmacMD5 extends MacSpi implements Cloneable {
+-
+- private HmacCore hmac;
+- private static final int MD5_BLOCK_LENGTH = 64;
+-
++public final class HmacMD5 extends HmacCore {
+ /**
+ * Standard constructor, creates a new HmacMD5 instance.
+ * Verify the SunJCE provider in the constructor.
+@@ -50,92 +46,6 @@
+ * its own integrity
+ */
+ public HmacMD5() throws NoSuchAlgorithmException {
+- if (!SunJCE.verifySelfIntegrity(this.getClass())) {
More information about the distro-pkg-dev
mailing list