/hg/release/icedtea6-1.13: 3 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Fri Jan 22 17:53:47 UTC 2016
changeset 680136982d3c in /hg/release/icedtea6-1.13
details: http://icedtea.classpath.org/hg/release/icedtea6-1.13?cmd=changeset;node=680136982d3c
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Thu Jan 21 02:39:18 2016 +0000
Update to build against the b38 tarball & January 2016 security fixes.
Upstream changes:
- OPENJDK6-69: Windows build broken after b37 changes
- OPENJDK6-70: Allow versions of ALSA >= 1.1.0
- S4898461: Support for ECB and CBC/PKCS5Padding
- S6720721: CRL check with circular depency support needed
- S6852744: PIT b61: PKI test suite fails because self signed certificates are being rejected [Tests only]
- S6867345: Turkish regional options cause NPE in sun.security.x509.AlgorithmId.algOID
- S7166570: JSSE certificate validation has started to fail for certificate chains
- S7167988: PKIX CertPathBuilder in reverse mode doesn't work if more than one trust anchor is specified
- S7171223: Building ExtensionSubtables.cpp should use -fno-strict-aliasing
- S8059054: Better URL processing
- S8068761: [TEST_BUG] java/nio/channels/ServerSocketChannel/AdaptServerSocket.java failed with SocketTimeoutException
- S8074068: Cleanup in src/share/classes/sun/security/x509/
- S8075773: jps running as root fails after the fix of JDK-8050807
- S8081297: SSL Problem with Tomcat
- S8130710: Better attributes processing
- S8133962: More general limits
- S8134605: Partial rework of the fix for 8081297
- S8135307: CompletionFailure thrown when calling FieldDoc.type, if the field's type is missing
- S8137060: JMX memory management improvements
- S8138716: (tz) Support tzdata2015g
- S8139012: Better font substitutions
- S8139017: More stable image decoding
- S8140543: Arrange font actions
- S8141213: [Parfait]Potentially blocking function GetArrayLength called in JNI critical region at line 239 of jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c in function GET_ARRAYS
- S8141287: Add MD5 to jdk.certpath.disabledAlgorithms - Take 2
- S8142928: [TEST_BUG] sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java 8u71 failure
- S8143185: Cleanup for handling proxies
- S8143941: Update splashscreen displays
- S8144955: Wrong changes were pushed with 8143942
- S8145551: Test failed with Crash for Improved font lookups
- S8147466: Add -fno-strict-overflow to IndicRearrangementProcessor{,2}.cpp
2016-01-20 Andrew John Hughes <gnu.andrew at redhat.com>
* Makefile.am:
(OPENJDK_DATE): Bump to b38 creation date;
20th of January, 2016.
(OPENJDK_SHA256SUM): Update for b38 tarball.
2016-01-19 Andrew John Hughes <gnu.andrew at redhat.com>
* patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch,
* patches/openjdk/p11cipher-6867345-turkish_regional_options_cause_npe_in_algoid.patch:
Removed; added upstream in OpenJDK 6 b38.
* Makefile.am:
(ICEDTEA_PATCHES): Remove above patches.
* NEWS: Updated.
* patches/openjdk/6799141-split_out_versions.patch:
Regenerated following OPENJDK6-70.
2015-11-26 Andrew John Hughes <gnu.andrew at redhat.com>
* Makefile.am:
(OPENJDK_VERSION): Bump to next release, b38.
changeset 81c995c33252 in /hg/release/icedtea6-1.13
details: http://icedtea.classpath.org/hg/release/icedtea6-1.13?cmd=changeset;node=81c995c33252
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Tue Oct 27 18:58:03 2015 +0000
Prepare for 1.13.10 release.
2016-01-20 Andrew John Hughes <gnu.andrew at redhat.com>
* NEWS: Set release date to this Friday.
* configure.ac: Bump to 1.13.10.
changeset c5d3e1cd26c2 in /hg/release/icedtea6-1.13
details: http://icedtea.classpath.org/hg/release/icedtea6-1.13?cmd=changeset;node=c5d3e1cd26c2
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Fri Jan 22 17:53:18 2016 +0000
Added tag icedtea6-1.13.10 for changeset 81c995c33252
diffstat:
.hgtags | 1 +
ChangeLog | 28 +
Makefile.am | 8 +-
NEWS | 35 +-
configure.ac | 2 +-
patches/openjdk/6799141-split_out_versions.patch | 2 +-
patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch | 1169 ----------
patches/openjdk/p11cipher-6867345-turkish_regional_options_cause_npe_in_algoid.patch | 328 --
8 files changed, 67 insertions(+), 1506 deletions(-)
diffs (truncated from 1641 to 500 lines):
diff -r 8554f062d23d -r c5d3e1cd26c2 .hgtags
--- a/.hgtags Thu Jan 21 01:22:57 2016 +0000
+++ b/.hgtags Fri Jan 22 17:53:18 2016 +0000
@@ -36,3 +36,4 @@
69d82d8f85f926ca35e610d01727d223519c1c98 icedtea6-1.13.7
6d96a13066ecea305dc0dcb97396c8d8fb5af49e icedtea6-1.13.8
16ccd05e93d3ead8ecbac25c7fcb9a3e46a93dbf icedtea6-1.13.9
+81c995c33252575ce57cebbdac561b072cf97cf9 icedtea6-1.13.10
diff -r 8554f062d23d -r c5d3e1cd26c2 ChangeLog
--- a/ChangeLog Thu Jan 21 01:22:57 2016 +0000
+++ b/ChangeLog Fri Jan 22 17:53:18 2016 +0000
@@ -1,3 +1,31 @@
+2016-01-20 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * NEWS: Set release date to this Friday.
+ * configure.ac: Bump to 1.13.10.
+
+2016-01-20 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * Makefile.am:
+ (OPENJDK_DATE): Bump to b38 creation date;
+ 20th of January, 2016.
+ (OPENJDK_SHA256SUM): Update for b38 tarball.
+
+2016-01-19 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch,
+ * patches/openjdk/p11cipher-6867345-turkish_regional_options_cause_npe_in_algoid.patch:
+ Removed; added upstream in OpenJDK 6 b38.
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Remove above patches.
+ * NEWS: Updated.
+ * patches/openjdk/6799141-split_out_versions.patch:
+ Fixed to apply against OPENJDK6-70.
+
+2015-11-26 Andrew John Hughes <gnu.andrew at redhat.com>
+
+ * Makefile.am:
+ (OPENJDK_VERSION): Bump to next release, b38.
+
2016-01-19 Andrew John Hughes <gnu.andrew at redhat.com>
* Makefile.am:
diff -r 8554f062d23d -r c5d3e1cd26c2 Makefile.am
--- a/Makefile.am Thu Jan 21 01:22:57 2016 +0000
+++ b/Makefile.am Fri Jan 22 17:53:18 2016 +0000
@@ -1,8 +1,8 @@
# Dependencies
-OPENJDK_DATE = 11_nov_2015
-OPENJDK_SHA256SUM = 462ac2c28f6dbfb4a18eb46efca232b907d6027f7618715cbc4de5dd73b89e8d
-OPENJDK_VERSION = b37
+OPENJDK_DATE = 20_jan_2016
+OPENJDK_SHA256SUM = ff88dbcbda6c3c7d80b7cbd28065a455cdb009de9874fcf9ff9ca8205d38a257
+OPENJDK_VERSION = b38
OPENJDK_URL = https://java.net/downloads/openjdk6/
CACAO_VERSION = 68fe50ac34ec
@@ -463,11 +463,9 @@
patches/remove-gcm-test.patch \
patches/skip_wrap_mode.patch \
patches/remove_multicatch_in_testrsa.patch \
- patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch \
patches/openjdk/p11cipher-6682411-fix_indexoutofboundsexception.patch \
patches/openjdk/p11cipher-6682417-fix_decrypted_data_not_multiple_of_blocks.patch \
patches/openjdk/p11cipher-6812738-native_cleanup.patch \
- patches/openjdk/p11cipher-6867345-turkish_regional_options_cause_npe_in_algoid.patch \
patches/openjdk/p11cipher-6687725-throw_illegalblocksizeexception.patch \
patches/openjdk/p11cipher-6924489-ckr_operation_not_initialized.patch \
patches/openjdk/p11cipher-6604496-support_ckm_aes_ctr.patch \
diff -r 8554f062d23d -r c5d3e1cd26c2 NEWS
--- a/NEWS Thu Jan 21 01:22:57 2016 +0000
+++ b/NEWS Fri Jan 22 17:53:18 2016 +0000
@@ -12,8 +12,39 @@
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-New in release 1.13.10 (2016-01-XX):
-
+New in release 1.13.10 (2016-01-22):
+
+* Security fixes
+ - S8059054, CVE-2016-0402: Better URL processing
+ - S8130710, CVE-2016-0448: Better attributes processing
+ - S8133962, CVE-2016-0466: More general limits
+ - S8137060: JMX memory management improvements
+ - S8139012: Better font substitutions
+ - S8139017, CVE-2016-0483: More stable image decoding
+ - S8140543, CVE-2016-0494: Arrange font actions
+ - S8143185: Cleanup for handling proxies
+ - S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays
+* Import of OpenJDK6 b38
+ - OJ69: Windows build broken after b37 changes
+ - OJ70: Allow versions of ALSA >= 1.1.0
+ - S6720721: CRL check with circular depency support needed
+ - S6852744: PIT b61: PKI test suite fails because self signed certificates are being rejected [Tests only]
+ - S7166570: JSSE certificate validation has started to fail for certificate chains
+ - S7167988: PKIX CertPathBuilder in reverse mode doesn't work if more than one trust anchor is specified
+ - S7171223: Building ExtensionSubtables.cpp should use -fno-strict-aliasing
+ - S8068761: [TEST_BUG] java/nio/channels/ServerSocketChannel/AdaptServerSocket.java failed with SocketTimeoutException
+ - S8074068: Cleanup in src/share/classes/sun/security/x509/
+ - S8075773: jps running as root fails after the fix of JDK-8050807
+ - S8081297: SSL Problem with Tomcat
+ - S8134605: Partial rework of the fix for 8081297
+ - S8135307: CompletionFailure thrown when calling FieldDoc.type, if the field's type is missing
+ - S8138716: (tz) Support tzdata2015g
+ - S8141213: [Parfait]Potentially blocking function GetArrayLength called in JNI critical region at line 239 of jdk/src/share/native/sun/awt/image/jpeg/jpegdecoder.c in function GET_ARRAYS
+ - S8141287: Add MD5 to jdk.certpath.disabledAlgorithms - Take 2
+ - S8142928: [TEST_BUG] sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java 8u71 failure
+ - S8144955: Wrong changes were pushed with 8143942
+ - S8145551: Test failed with Crash for Improved font lookups
+ - S8147466: Add -fno-strict-overflow to IndicRearrangementProcessor{,2}.cpp
* Backports
- S7169111, PR2757: Unreadable menu bar with Ambiance theme in GTK L&F
- S8140620, PR2711: Find and load default.sf2 as the default soundbank on Linux
diff -r 8554f062d23d -r c5d3e1cd26c2 configure.ac
--- a/configure.ac Thu Jan 21 01:22:57 2016 +0000
+++ b/configure.ac Fri Jan 22 17:53:18 2016 +0000
@@ -1,4 +1,4 @@
-AC_INIT([icedtea6],[1.13.10pre],[distro-pkg-dev at openjdk.java.net])
+AC_INIT([icedtea6],[1.13.10],[distro-pkg-dev at openjdk.java.net])
AC_CANONICAL_HOST
AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
diff -r 8554f062d23d -r c5d3e1cd26c2 patches/openjdk/6799141-split_out_versions.patch
--- a/patches/openjdk/6799141-split_out_versions.patch Thu Jan 21 01:22:57 2016 +0000
+++ b/patches/openjdk/6799141-split_out_versions.patch Fri Jan 22 17:53:18 2016 +0000
@@ -447,7 +447,7 @@
- endif
- ifneq ($(ARCH), ia64)
- # ALSA 0.9.1 and above
-- REQUIRED_ALSA_VERSION = ^((0[.]9[.][1-9])|(1[.]0[.][0-9]))[0-9]*
+- REQUIRED_ALSA_VERSION = ^((0[.]9[.][1-9])|(1[.][0-9][.][0-9]))[0-9]*
- endif
# How much RAM does this machine have:
MB_OF_MEMORY := $(shell free -m | fgrep Mem: | sed -e 's@\ \ *@ @g' | cut -d' ' -f2)
diff -r 8554f062d23d -r c5d3e1cd26c2 patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch
--- a/patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch Thu Jan 21 01:22:57 2016 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1169 +0,0 @@
-diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java
---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java 2012-10-23 18:00:58.332289584 +0100
-+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java 2012-10-23 18:10:13.013034333 +0100
-@@ -22,10 +22,10 @@
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
--
- package sun.security.pkcs11;
-
- import java.nio.ByteBuffer;
-+import java.util.Arrays;
-
- import java.security.*;
- import java.security.spec.*;
-@@ -34,7 +34,6 @@
- import javax.crypto.spec.*;
-
- import sun.nio.ch.DirectBuffer;
--
- import sun.security.pkcs11.wrapper.*;
- import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
-
-@@ -43,8 +42,8 @@
- * DES, DESede, AES, ARCFOUR, and Blowfish.
- *
- * This class is designed to support ECB and CBC with NoPadding and
-- * PKCS5Padding for both. However, currently only CBC/NoPadding (and
-- * ECB/NoPadding for stream ciphers) is functional.
-+ * PKCS5Padding for both. It will use its own padding impl if the
-+ * native mechanism does not support padding.
- *
- * Note that PKCS#11 current only supports ECB and CBC. There are no
- * provisions for other modes such as CFB, OFB, PCBC, or CTR mode.
-@@ -62,10 +61,56 @@
- private final static int MODE_CBC = 4;
-
- // padding constant for NoPadding
-- private final static int PAD_NONE = 5;
-+ private final static int PAD_NONE = 5;
- // padding constant for PKCS5Padding
- private final static int PAD_PKCS5 = 6;
-
-+ private static interface Padding {
-+ // ENC: format the specified buffer with padding bytes and return the
-+ // actual padding length
-+ int setPaddingBytes(byte[] paddingBuffer, int padLen);
-+
-+ // DEC: return the length of trailing padding bytes given the specified
-+ // padded data
-+ int unpad(byte[] paddedData, int ofs, int len)
-+ throws BadPaddingException;
-+ }
-+
-+ private static class PKCS5Padding implements Padding {
-+
-+ private final int blockSize;
-+
-+ PKCS5Padding(int blockSize)
-+ throws NoSuchPaddingException {
-+ if (blockSize == 0) {
-+ throw new NoSuchPaddingException
-+ ("PKCS#5 padding not supported with stream ciphers");
-+ }
-+ this.blockSize = blockSize;
-+ }
-+
-+ public int setPaddingBytes(byte[] paddingBuffer, int padLen) {
-+ Arrays.fill(paddingBuffer, 0, padLen, (byte) (padLen & 0x007f));
-+ return padLen;
-+ }
-+
-+ public int unpad(byte[] paddedData, int ofs, int len)
-+ throws BadPaddingException {
-+ byte padValue = paddedData[ofs + len - 1];
-+ if (padValue < 1 || padValue > blockSize) {
-+ throw new BadPaddingException("Invalid pad value!");
-+ }
-+ // sanity check padding bytes
-+ int padStartIndex = ofs + len - padValue;
-+ for (int i = padStartIndex; i < len; i++) {
-+ if (paddedData[i] != padValue) {
-+ throw new BadPaddingException("Invalid pad bytes!");
-+ }
-+ }
-+ return padValue;
-+ }
-+ }
-+
- // token instance
- private final Token token;
-
-@@ -99,64 +144,92 @@
- // padding type, on of PAD_* above (PAD_NONE for stream ciphers)
- private int paddingType;
-
-+ // when the padding is requested but unsupported by the native mechanism,
-+ // we use the following to do padding and necessary data buffering.
-+ // padding object which generate padding and unpad the decrypted data
-+ private Padding paddingObj;
-+ // buffer for holding back the block which contains padding bytes
-+ private byte[] padBuffer;
-+ private int padBufferLen;
-+
- // original IV, if in MODE_CBC
- private byte[] iv;
-
-- // total number of bytes processed
-- private int bytesProcessed;
-+ // number of bytes buffered internally by the native mechanism and padBuffer
-+ // if we do the padding
-+ private int bytesBuffered;
-
- P11Cipher(Token token, String algorithm, long mechanism)
-- throws PKCS11Exception {
-+ throws PKCS11Exception, NoSuchAlgorithmException {
- super();
- this.token = token;
- this.algorithm = algorithm;
- this.mechanism = mechanism;
-- keyAlgorithm = algorithm.split("/")[0];
-+
-+ String algoParts[] = algorithm.split("/");
-+ keyAlgorithm = algoParts[0];
-+
- if (keyAlgorithm.equals("AES")) {
- blockSize = 16;
-- blockMode = MODE_CBC;
-- // XXX change default to PKCS5Padding
-- paddingType = PAD_NONE;
-- } else if (keyAlgorithm.equals("RC4") || keyAlgorithm.equals("ARCFOUR")) {
-+ } else if (keyAlgorithm.equals("RC4") ||
-+ keyAlgorithm.equals("ARCFOUR")) {
- blockSize = 0;
-- blockMode = MODE_ECB;
-- paddingType = PAD_NONE;
- } else { // DES, DESede, Blowfish
- blockSize = 8;
-- blockMode = MODE_CBC;
-- // XXX change default to PKCS5Padding
-- paddingType = PAD_NONE;
-+ }
-+ this.blockMode =
-+ (algoParts.length > 1 ? parseMode(algoParts[1]) : MODE_ECB);
-+
-+ String defPadding = (blockSize == 0 ? "NoPadding" : "PKCS5Padding");
-+ String paddingStr =
-+ (algoParts.length > 2 ? algoParts[2] : defPadding);
-+ try {
-+ engineSetPadding(paddingStr);
-+ } catch (NoSuchPaddingException nspe) {
-+ // should not happen
-+ throw new ProviderException(nspe);
- }
- }
-
- protected void engineSetMode(String mode) throws NoSuchAlgorithmException {
-+ // Disallow change of mode for now since currently it's explicitly
-+ // defined in transformation strings
-+ throw new NoSuchAlgorithmException("Unsupported mode " + mode);
-+ }
-+
-+ private int parseMode(String mode) throws NoSuchAlgorithmException {
- mode = mode.toUpperCase();
-+ int result;
- if (mode.equals("ECB")) {
-- this.blockMode = MODE_ECB;
-+ result = MODE_ECB;
- } else if (mode.equals("CBC")) {
- if (blockSize == 0) {
- throw new NoSuchAlgorithmException
- ("CBC mode not supported with stream ciphers");
- }
-- this.blockMode = MODE_CBC;
-+ result = MODE_CBC;
- } else {
- throw new NoSuchAlgorithmException("Unsupported mode " + mode);
- }
-+ return result;
- }
-
- // see JCE spec
- protected void engineSetPadding(String padding)
- throws NoSuchPaddingException {
-- if (padding.equalsIgnoreCase("NoPadding")) {
-+ paddingObj = null;
-+ padBuffer = null;
-+ padding = padding.toUpperCase();
-+ if (padding.equals("NOPADDING")) {
- paddingType = PAD_NONE;
-- } else if (padding.equalsIgnoreCase("PKCS5Padding")) {
-- if (blockSize == 0) {
-- throw new NoSuchPaddingException
-- ("PKCS#5 padding not supported with stream ciphers");
-- }
-+ } else if (padding.equals("PKCS5PADDING")) {
- paddingType = PAD_PKCS5;
-- // XXX PKCS#5 not yet implemented
-- throw new NoSuchPaddingException("pkcs5");
-+ if (mechanism != CKM_DES_CBC_PAD && mechanism != CKM_DES3_CBC_PAD &&
-+ mechanism != CKM_AES_CBC_PAD) {
-+ // no native padding support; use our own padding impl
-+ paddingObj = new PKCS5Padding(blockSize);
-+ padBuffer = new byte[blockSize];
-+ }
- } else {
- throw new NoSuchPaddingException("Unsupported padding " + padding);
- }
-@@ -174,7 +247,7 @@
-
- // see JCE spec
- protected byte[] engineGetIV() {
-- return (iv == null) ? null : (byte[])iv.clone();
-+ return (iv == null) ? null : (byte[]) iv.clone();
- }
-
- // see JCE spec
-@@ -184,8 +257,9 @@
- }
- IvParameterSpec ivSpec = new IvParameterSpec(iv);
- try {
-- AlgorithmParameters params = AlgorithmParameters.getInstance
-- (keyAlgorithm, P11Util.getSunJceProvider());
-+ AlgorithmParameters params =
-+ AlgorithmParameters.getInstance(keyAlgorithm,
-+ P11Util.getSunJceProvider());
- params.init(ivSpec);
- return params;
- } catch (GeneralSecurityException e) {
-@@ -209,38 +283,38 @@
- protected void engineInit(int opmode, Key key,
- AlgorithmParameterSpec params, SecureRandom random)
- throws InvalidKeyException, InvalidAlgorithmParameterException {
-- byte[] iv;
-+ byte[] ivValue;
- if (params != null) {
- if (params instanceof IvParameterSpec == false) {
- throw new InvalidAlgorithmParameterException
- ("Only IvParameterSpec supported");
- }
-- IvParameterSpec ivSpec = (IvParameterSpec)params;
-- iv = ivSpec.getIV();
-+ IvParameterSpec ivSpec = (IvParameterSpec) params;
-+ ivValue = ivSpec.getIV();
- } else {
-- iv = null;
-+ ivValue = null;
- }
-- implInit(opmode, key, iv, random);
-+ implInit(opmode, key, ivValue, random);
- }
-
- // see JCE spec
- protected void engineInit(int opmode, Key key, AlgorithmParameters params,
- SecureRandom random)
- throws InvalidKeyException, InvalidAlgorithmParameterException {
-- byte[] iv;
-+ byte[] ivValue;
- if (params != null) {
- try {
- IvParameterSpec ivSpec = (IvParameterSpec)
- params.getParameterSpec(IvParameterSpec.class);
-- iv = ivSpec.getIV();
-+ ivValue = ivSpec.getIV();
- } catch (InvalidParameterSpecException e) {
- throw new InvalidAlgorithmParameterException
- ("Could not decode IV", e);
- }
- } else {
-- iv = null;
-+ ivValue = null;
- }
-- implInit(opmode, key, iv, random);
-+ implInit(opmode, key, ivValue, random);
- }
-
- // actual init() implementation
-@@ -249,31 +323,31 @@
- throws InvalidKeyException, InvalidAlgorithmParameterException {
- cancelOperation();
- switch (opmode) {
-- case Cipher.ENCRYPT_MODE:
-- encrypt = true;
-- break;
-- case Cipher.DECRYPT_MODE:
-- encrypt = false;
-- break;
-- default:
-- throw new InvalidAlgorithmParameterException
-- ("Unsupported mode: " + opmode);
-+ case Cipher.ENCRYPT_MODE:
-+ encrypt = true;
-+ break;
-+ case Cipher.DECRYPT_MODE:
-+ encrypt = false;
-+ break;
-+ default:
-+ throw new InvalidAlgorithmParameterException
-+ ("Unsupported mode: " + opmode);
- }
- if (blockMode == MODE_ECB) { // ECB or stream cipher
- if (iv != null) {
- if (blockSize == 0) {
- throw new InvalidAlgorithmParameterException
-- ("IV not used with stream ciphers");
-+ ("IV not used with stream ciphers");
- } else {
- throw new InvalidAlgorithmParameterException
-- ("IV not used in ECB mode");
-+ ("IV not used in ECB mode");
- }
- }
- } else { // MODE_CBC
- if (iv == null) {
- if (encrypt == false) {
- throw new InvalidAlgorithmParameterException
-- ("IV must be specified for decryption in CBC mode");
-+ ("IV must be specified for decryption in CBC mode");
- }
- // generate random IV
- if (random == null) {
-@@ -284,7 +358,7 @@
- } else {
- if (iv.length != blockSize) {
- throw new InvalidAlgorithmParameterException
-- ("IV length must match block size");
-+ ("IV length must match block size");
- }
- }
- }
-@@ -330,63 +404,43 @@
- session = token.getOpSession();
- }
- if (encrypt) {
-- token.p11.C_EncryptInit
-- (session.id(), new CK_MECHANISM(mechanism, iv), p11Key.keyID);
-+ token.p11.C_EncryptInit(session.id(),
-+ new CK_MECHANISM(mechanism, iv), p11Key.keyID);
- } else {
-- token.p11.C_DecryptInit
-- (session.id(), new CK_MECHANISM(mechanism, iv), p11Key.keyID);
-+ token.p11.C_DecryptInit(session.id(),
-+ new CK_MECHANISM(mechanism, iv), p11Key.keyID);
- }
-- bytesProcessed = 0;
-+ bytesBuffered = 0;
-+ padBufferLen = 0;
- initialized = true;
- }
-
-- // XXX the calculations below assume the PKCS#11 implementation is smart.
-- // conceivably, not all implementations are and we may need to estimate
-- // more conservatively
--
-- private int bytesBuffered(int totalLen) {
-- if (paddingType == PAD_NONE) {
-- // with NoPadding, buffer only the current unfinished block
-- return totalLen & (blockSize - 1);
-- } else { // PKCS5
-- // with PKCS5Padding in decrypt mode, the buffer must never
More information about the distro-pkg-dev
mailing list