Update to shenandoah-jdk8u382-b01 (EA)
Update release notes for shenandoah-8u382-b01. Switch to EA mode. Remove JDK-8271199 patch which is now upstream. Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update) Introduce 'prelease' for the portable release versioning, to handle EA builds Sync the copy of the portable specfile with the latest update Related: rhbz#2217711
This commit is contained in:
parent
345ac01c22
commit
9d450e0c4c
1
.gitignore
vendored
1
.gitignore
vendored
@ -283,3 +283,4 @@
|
|||||||
/java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.s390x.tar.xz
|
/java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.s390x.tar.xz
|
||||||
/java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.x86_64.tar.xz
|
/java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.x86_64.tar.xz
|
||||||
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
|
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
|
||||||
|
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b01-4curve.tar.xz
|
||||||
|
27
NEWS
27
NEWS
@ -3,6 +3,33 @@ Key:
|
|||||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||||
|
|
||||||
|
New in release OpenJDK 8u382 (2023-07-18):
|
||||||
|
===========================================
|
||||||
|
Live versions of these release notes can be found at:
|
||||||
|
* https://bit.ly/openjdk8u382
|
||||||
|
|
||||||
|
* Other changes
|
||||||
|
- JDK-8151460: Metaspace counters can have inconsistent values
|
||||||
|
- JDK-8152432: Implement setting jtreg @requires properties vm.flavor, vm.bits, vm.compMode
|
||||||
|
- JDK-8185736: missing default exception handler in calls to rethrow_Stub
|
||||||
|
- JDK-8215105: java/awt/Robot/HiDPIScreenCapture/ScreenCaptureTest.java: Wrong Pixel Color
|
||||||
|
- JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert
|
||||||
|
- JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec
|
||||||
|
- JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
||||||
|
- JDK-8276841: Add support for Visual Studio 2022
|
||||||
|
- JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode
|
||||||
|
- JDK-8278851: Correct signer logic for jars signed with multiple digest algorithms
|
||||||
|
- JDK-8282345: handle latest VS2022 in abstract_vm_version
|
||||||
|
- JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary
|
||||||
|
- JDK-8289301: P11Cipher should not throw out of bounds exception during padding
|
||||||
|
- JDK-8293232: Fix race condition in pkcs11 SessionManager
|
||||||
|
- JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation
|
||||||
|
- JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13
|
||||||
|
- JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message
|
||||||
|
- JDK-8303462: Bump update version of OpenJDK: 8u382
|
||||||
|
- JDK-8305113: (tz) Update Timezone Data to 2023c
|
||||||
|
- JDK-8305165: [8u] ServiceThread::nmethods_do is not called to keep nmethods from being zombied while in the queue
|
||||||
|
|
||||||
New in release OpenJDK 8u372 (2023-04-18):
|
New in release OpenJDK 8u372 (2023-04-18):
|
||||||
===========================================
|
===========================================
|
||||||
Live versions of these release notes can be found at:
|
Live versions of these release notes can be found at:
|
||||||
|
@ -298,7 +298,7 @@
|
|||||||
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
|
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
|
||||||
%global shenandoah_project openjdk
|
%global shenandoah_project openjdk
|
||||||
%global shenandoah_repo shenandoah-jdk8u
|
%global shenandoah_repo shenandoah-jdk8u
|
||||||
%global openjdk_revision jdk8u372-b07
|
%global openjdk_revision jdk8u382-b01
|
||||||
%global shenandoah_revision shenandoah-%{openjdk_revision}
|
%global shenandoah_revision shenandoah-%{openjdk_revision}
|
||||||
# Define old aarch64/jdk8u tree variables for compatibility
|
# Define old aarch64/jdk8u tree variables for compatibility
|
||||||
%global project %{shenandoah_project}
|
%global project %{shenandoah_project}
|
||||||
@ -319,12 +319,12 @@
|
|||||||
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
|
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
|
||||||
# eg jdk8u60-b27 -> b27
|
# eg jdk8u60-b27 -> b27
|
||||||
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
|
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
|
||||||
%global rpmrelease 2
|
%global rpmrelease 1
|
||||||
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
|
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
|
||||||
# Release will be (where N is usually a number starting at 1):
|
# Release will be (where N is usually a number starting at 1):
|
||||||
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
||||||
# - N%%{?extraver}{?dist} for GA releases
|
# - N%%{?extraver}{?dist} for GA releases
|
||||||
%global is_ga 1
|
%global is_ga 0
|
||||||
%if %{is_ga}
|
%if %{is_ga}
|
||||||
%global milestone fcs
|
%global milestone fcs
|
||||||
%global milestone_version %{nil}
|
%global milestone_version %{nil}
|
||||||
@ -628,8 +628,6 @@ Patch12: jdk8186464-rh1433262-zip64_failure.patch
|
|||||||
# able to be removed once that release is out
|
# able to be removed once that release is out
|
||||||
# and used by this RPM.
|
# and used by this RPM.
|
||||||
#############################################
|
#############################################
|
||||||
# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
|
||||||
Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
|
|
||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
#
|
#
|
||||||
@ -718,6 +716,8 @@ BuildRequires: lcms2-devel
|
|||||||
BuildRequires: libjpeg-devel
|
BuildRequires: libjpeg-devel
|
||||||
BuildRequires: libpng-devel
|
BuildRequires: libpng-devel
|
||||||
%else
|
%else
|
||||||
|
# Version in jdk/src/share/native/java/util/zip/zlib/zlib.h
|
||||||
|
Provides: bundled(zlib) = 1.2.13
|
||||||
# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h
|
# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h
|
||||||
Provides: bundled(giflib) = 5.2.1
|
Provides: bundled(giflib) = 5.2.1
|
||||||
# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h
|
# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h
|
||||||
@ -887,8 +887,6 @@ pushd %{top_level_dir_name}
|
|||||||
%patch1000 -p1
|
%patch1000 -p1
|
||||||
# system cacerts support
|
# system cacerts support
|
||||||
%patch539 -p1
|
%patch539 -p1
|
||||||
# 8u382 fix
|
|
||||||
%patch2001 -p1
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# RPM-only fixes
|
# RPM-only fixes
|
||||||
@ -1524,6 +1522,13 @@ done
|
|||||||
%{_jvmdir}/%{miscportablearchive}.sha256sum
|
%{_jvmdir}/%{miscportablearchive}.sha256sum
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jun 28 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b01-0.1.ea
|
||||||
|
- Update to shenandoah-jdk8u382-b01 (EA)
|
||||||
|
- Update release notes for shenandoah-8u382-b01.
|
||||||
|
- Switch to EA mode.
|
||||||
|
- Remove JDK-8271199 patch which is now upstream.
|
||||||
|
- Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update)
|
||||||
|
|
||||||
* Thu Apr 27 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-2
|
* Thu Apr 27 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-2
|
||||||
- Sync with existing RHEL 8 build, in order to start building portables on RHEL 8
|
- Sync with existing RHEL 8 build, in order to start building portables on RHEL 8
|
||||||
- Fix debug symbols flag to newboot and package naming
|
- Fix debug symbols flag to newboot and package naming
|
||||||
|
@ -338,7 +338,7 @@
|
|||||||
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
|
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
|
||||||
%global shenandoah_project openjdk
|
%global shenandoah_project openjdk
|
||||||
%global shenandoah_repo shenandoah-jdk8u
|
%global shenandoah_repo shenandoah-jdk8u
|
||||||
%global openjdk_revision jdk8u372-b07
|
%global openjdk_revision jdk8u382-b01
|
||||||
%global shenandoah_revision shenandoah-%{openjdk_revision}
|
%global shenandoah_revision shenandoah-%{openjdk_revision}
|
||||||
# Define old aarch64/jdk8u tree variables for compatibility
|
# Define old aarch64/jdk8u tree variables for compatibility
|
||||||
%global project %{shenandoah_project}
|
%global project %{shenandoah_project}
|
||||||
@ -354,9 +354,9 @@
|
|||||||
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
|
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
|
||||||
# eg jdk8u60-b27 -> b27
|
# eg jdk8u60-b27 -> b27
|
||||||
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
|
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
|
||||||
%global rpmrelease 2
|
%global rpmrelease 1
|
||||||
# Settings used by the portable build
|
# Settings used by the portable build
|
||||||
%global portablerelease 2
|
%global portablerelease 1
|
||||||
%global portablesuffix el8
|
%global portablesuffix el8
|
||||||
%global portablebuilddir /builddir/build/BUILD
|
%global portablebuilddir /builddir/build/BUILD
|
||||||
|
|
||||||
@ -364,7 +364,7 @@
|
|||||||
# Release will be (where N is usually a number starting at 1):
|
# Release will be (where N is usually a number starting at 1):
|
||||||
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
||||||
# - N%%{?extraver}{?dist} for GA releases
|
# - N%%{?extraver}{?dist} for GA releases
|
||||||
%global is_ga 1
|
%global is_ga 0
|
||||||
%if %{is_ga}
|
%if %{is_ga}
|
||||||
%global milestone fcs
|
%global milestone fcs
|
||||||
%global milestone_version %{nil}
|
%global milestone_version %{nil}
|
||||||
@ -1365,6 +1365,8 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
|
|||||||
Name: java-%{javaver}-%{origin}
|
Name: java-%{javaver}-%{origin}
|
||||||
Version: %{javaver}.%{updatever}.%{buildver}
|
Version: %{javaver}.%{updatever}.%{buildver}
|
||||||
Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
|
Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
|
||||||
|
# Equivalent for the portable build
|
||||||
|
%global prelease %{?eaprefix}%{rpmrelease}%{?extraver}
|
||||||
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
|
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
|
||||||
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
|
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
|
||||||
# also included the epoch in their virtual provides. This created a
|
# also included the epoch in their virtual provides. This created a
|
||||||
@ -1448,11 +1450,11 @@ Source19: README.md
|
|||||||
Source20: java-1.%{majorver}.0-openjdk-portable.specfile
|
Source20: java-1.%{majorver}.0-openjdk-portable.specfile
|
||||||
|
|
||||||
# Setup variables to reference correct sources
|
# Setup variables to reference correct sources
|
||||||
%global releasezip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.unstripped.jdk.%{_arch}.tar.xz
|
%global releasezip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.unstripped.jdk.%{_arch}.tar.xz
|
||||||
%global docszip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.docs.%{_arch}.tar.xz
|
%global docszip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.docs.%{_arch}.tar.xz
|
||||||
%global misczip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.misc.%{_arch}.tar.xz
|
%global misczip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.misc.%{_arch}.tar.xz
|
||||||
%global slowdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.slowdebug.jdk.%{_arch}.tar.xz
|
%global slowdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.slowdebug.jdk.%{_arch}.tar.xz
|
||||||
%global fastdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.fastdebug.jdk.%{_arch}.tar.xz
|
%global fastdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.fastdebug.jdk.%{_arch}.tar.xz
|
||||||
|
|
||||||
############################################
|
############################################
|
||||||
#
|
#
|
||||||
@ -1575,8 +1577,7 @@ Patch581: jdk8257794-remove_broken_assert.patch
|
|||||||
# able to be removed once that release is out
|
# able to be removed once that release is out
|
||||||
# and used by this RPM.
|
# and used by this RPM.
|
||||||
#############################################
|
#############################################
|
||||||
# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
|
||||||
Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
|
|
||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
#
|
#
|
||||||
@ -1644,16 +1645,16 @@ BuildRequires: unzip
|
|||||||
BuildRequires: javapackages-filesystem
|
BuildRequires: javapackages-filesystem
|
||||||
%ifarch %{portable_build_arches}
|
%ifarch %{portable_build_arches}
|
||||||
%if %{include_normal_build}
|
%if %{include_normal_build}
|
||||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
|
||||||
%endif
|
%endif
|
||||||
%if %{include_fastdebug_build}
|
%if %{include_fastdebug_build}
|
||||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
|
||||||
%endif
|
%endif
|
||||||
%if %{include_debug_build}
|
%if %{include_debug_build}
|
||||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
|
||||||
%endif
|
%endif
|
||||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
|
||||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
|
||||||
%else
|
%else
|
||||||
# Require a boot JDK which doesn't fail due to RH1482244
|
# Require a boot JDK which doesn't fail due to RH1482244
|
||||||
BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
|
BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
|
||||||
@ -1678,6 +1679,8 @@ BuildRequires: lcms2-devel
|
|||||||
BuildRequires: libjpeg-devel
|
BuildRequires: libjpeg-devel
|
||||||
BuildRequires: libpng-devel
|
BuildRequires: libpng-devel
|
||||||
%else
|
%else
|
||||||
|
# Version in jdk/src/share/native/java/util/zip/zlib/zlib.h
|
||||||
|
Provides: bundled(zlib) = 1.2.13
|
||||||
# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h
|
# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h
|
||||||
Provides: bundled(giflib) = 5.2.1
|
Provides: bundled(giflib) = 5.2.1
|
||||||
# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h
|
# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h
|
||||||
@ -1985,8 +1988,6 @@ pushd %{top_level_dir_name}
|
|||||||
%patch1000 -p1
|
%patch1000 -p1
|
||||||
# cacerts patch; must follow FIPS patch as it also alters java.security
|
# cacerts patch; must follow FIPS patch as it also alters java.security
|
||||||
%patch539 -p1
|
%patch539 -p1
|
||||||
# 8u382 fix
|
|
||||||
%patch2001 -p1
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# RPM-only fixes
|
# RPM-only fixes
|
||||||
@ -2272,7 +2273,7 @@ for suffix in %{build_loop} ; do
|
|||||||
mkdir -p $(dirname ${installdir})
|
mkdir -p $(dirname ${installdir})
|
||||||
mv %{name}* ${installdir}
|
mv %{name}* ${installdir}
|
||||||
# Fix build paths in ELF files so it looks like we built them
|
# Fix build paths in ELF files so it looks like we built them
|
||||||
portablenvr="%{name}-portable-%{version}-%{portablerelease}.%{portablesuffix}.%{_arch}"
|
portablenvr="%{name}-portable-%{version}-%{prelease}.%{portablesuffix}.%{_arch}"
|
||||||
for file in $(find ${installdir} -type f) ; do
|
for file in $(find ${installdir} -type f) ; do
|
||||||
if file ${file} | grep -q 'ELF'; then
|
if file ${file} | grep -q 'ELF'; then
|
||||||
%{debugedit} -b %{portablebuilddir}/${portablenvr} -d $(pwd) -n ${file}
|
%{debugedit} -b %{portablebuilddir}/${portablenvr} -d $(pwd) -n ${file}
|
||||||
@ -2850,6 +2851,19 @@ cjc.mainProgram(args)
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jul 05 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b01-0.1.ea
|
||||||
|
- Introduce 'prelease' for the portable release versioning, to handle EA builds
|
||||||
|
- Sync the copy of the portable specfile with the latest update
|
||||||
|
- Related: rhbz#2217711
|
||||||
|
|
||||||
|
* Wed Jun 28 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b01-0.1.ea
|
||||||
|
- Update to shenandoah-jdk8u382-b01 (EA)
|
||||||
|
- Update release notes for shenandoah-8u382-b01.
|
||||||
|
- Switch to EA mode.
|
||||||
|
- Remove JDK-8271199 patch which is now upstream.
|
||||||
|
- Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update)
|
||||||
|
- Related: rhbz#2217711
|
||||||
|
|
||||||
* Tue Apr 18 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-2
|
* Tue Apr 18 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-2
|
||||||
- Update to shenandoah-jdk8u372-b07 (GA)
|
- Update to shenandoah-jdk8u372-b07 (GA)
|
||||||
- Update release notes for shenandoah-8u372-b07.
|
- Update release notes for shenandoah-8u372-b07.
|
||||||
|
@ -1,167 +0,0 @@
|
|||||||
commit d41618f34f1d2f5416ec3c035f33dcb15cf5ab99
|
|
||||||
Author: Alexey Bakhtin <abakhtin@openjdk.org>
|
|
||||||
Date: Tue Apr 4 10:29:11 2023 +0000
|
|
||||||
|
|
||||||
8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
|
||||||
|
|
||||||
Reviewed-by: andrew, mbalao
|
|
||||||
Backport-of: f6232982b91cb2314e96ddbde3984836a810a556
|
|
||||||
|
|
||||||
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
|
||||||
index a79e97d7c74..5378446b97b 100644
|
|
||||||
--- a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
|
||||||
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
|
||||||
@@ -127,12 +127,15 @@ public class RSAPSSSignature extends SignatureSpi {
|
|
||||||
@Override
|
|
||||||
protected void engineInitVerify(PublicKey publicKey)
|
|
||||||
throws InvalidKeyException {
|
|
||||||
- if (!(publicKey instanceof RSAPublicKey)) {
|
|
||||||
+ if (publicKey instanceof RSAPublicKey) {
|
|
||||||
+ RSAPublicKey rsaPubKey = (RSAPublicKey)publicKey;
|
|
||||||
+ isPublicKeyValid(rsaPubKey);
|
|
||||||
+ this.pubKey = rsaPubKey;
|
|
||||||
+ this.privKey = null;
|
|
||||||
+ resetDigest();
|
|
||||||
+ } else {
|
|
||||||
throw new InvalidKeyException("key must be RSAPublicKey");
|
|
||||||
}
|
|
||||||
- this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey);
|
|
||||||
- this.privKey = null;
|
|
||||||
- resetDigest();
|
|
||||||
}
|
|
||||||
|
|
||||||
// initialize for signing. See JCA doc
|
|
||||||
@@ -146,14 +149,17 @@ public class RSAPSSSignature extends SignatureSpi {
|
|
||||||
@Override
|
|
||||||
protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
|
|
||||||
throws InvalidKeyException {
|
|
||||||
- if (!(privateKey instanceof RSAPrivateKey)) {
|
|
||||||
+ if (privateKey instanceof RSAPrivateKey) {
|
|
||||||
+ RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey;
|
|
||||||
+ isPrivateKeyValid(rsaPrivateKey);
|
|
||||||
+ this.privKey = rsaPrivateKey;
|
|
||||||
+ this.pubKey = null;
|
|
||||||
+ this.random =
|
|
||||||
+ (random == null ? JCAUtil.getSecureRandom() : random);
|
|
||||||
+ resetDigest();
|
|
||||||
+ } else {
|
|
||||||
throw new InvalidKeyException("key must be RSAPrivateKey");
|
|
||||||
}
|
|
||||||
- this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey);
|
|
||||||
- this.pubKey = null;
|
|
||||||
- this.random =
|
|
||||||
- (random == null? JCAUtil.getSecureRandom() : random);
|
|
||||||
- resetDigest();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
@@ -205,11 +211,57 @@ public class RSAPSSSignature extends SignatureSpi {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /**
|
|
||||||
+ * Validate the specified RSAPrivateKey
|
|
||||||
+ */
|
|
||||||
+ private void isPrivateKeyValid(RSAPrivateKey prKey) throws InvalidKeyException {
|
|
||||||
+ try {
|
|
||||||
+ if (prKey instanceof RSAPrivateCrtKey) {
|
|
||||||
+ RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)prKey;
|
|
||||||
+ if (RSAPrivateCrtKeyImpl.checkComponents(crtKey)) {
|
|
||||||
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
|
||||||
+ crtKey.getModulus().bitLength(),
|
|
||||||
+ crtKey.getPublicExponent());
|
|
||||||
+ } else {
|
|
||||||
+ throw new InvalidKeyException(
|
|
||||||
+ "Some of the CRT-specific components are not available");
|
|
||||||
+ }
|
|
||||||
+ } else {
|
|
||||||
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
|
||||||
+ prKey.getModulus().bitLength(),
|
|
||||||
+ null);
|
|
||||||
+ }
|
|
||||||
+ } catch (InvalidKeyException ikEx) {
|
|
||||||
+ throw ikEx;
|
|
||||||
+ } catch (Exception e) {
|
|
||||||
+ throw new InvalidKeyException(
|
|
||||||
+ "Can not access private key components", e);
|
|
||||||
+ }
|
|
||||||
+ isValid(prKey);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /**
|
|
||||||
+ * Validate the specified RSAPublicKey
|
|
||||||
+ */
|
|
||||||
+ private void isPublicKeyValid(RSAPublicKey pKey) throws InvalidKeyException {
|
|
||||||
+ try {
|
|
||||||
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
|
||||||
+ pKey.getModulus().bitLength(),
|
|
||||||
+ pKey.getPublicExponent());
|
|
||||||
+ } catch (InvalidKeyException ikEx) {
|
|
||||||
+ throw ikEx;
|
|
||||||
+ } catch (Exception e) {
|
|
||||||
+ throw new InvalidKeyException(
|
|
||||||
+ "Can not access public key components", e);
|
|
||||||
+ }
|
|
||||||
+ isValid(pKey);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/**
|
|
||||||
* Validate the specified RSAKey and its associated parameters against
|
|
||||||
* internal signature parameters.
|
|
||||||
*/
|
|
||||||
- private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException {
|
|
||||||
+ private void isValid(RSAKey rsaKey) throws InvalidKeyException {
|
|
||||||
try {
|
|
||||||
AlgorithmParameterSpec keyParams = rsaKey.getParams();
|
|
||||||
// validate key parameters
|
|
||||||
@@ -227,7 +279,6 @@ public class RSAPSSSignature extends SignatureSpi {
|
|
||||||
}
|
|
||||||
checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength());
|
|
||||||
}
|
|
||||||
- return rsaKey;
|
|
||||||
} catch (SignatureException e) {
|
|
||||||
throw new InvalidKeyException(e);
|
|
||||||
}
|
|
||||||
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
|
||||||
index 6b219937981..b3c1fae9672 100644
|
|
||||||
--- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
|
||||||
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
|
||||||
@@ -80,22 +80,28 @@ public final class RSAPrivateCrtKeyImpl
|
|
||||||
RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded);
|
|
||||||
// check all CRT-specific components are available, if any one
|
|
||||||
// missing, return a non-CRT key instead
|
|
||||||
- if ((key.getPublicExponent().signum() == 0) ||
|
|
||||||
- (key.getPrimeExponentP().signum() == 0) ||
|
|
||||||
- (key.getPrimeExponentQ().signum() == 0) ||
|
|
||||||
- (key.getPrimeP().signum() == 0) ||
|
|
||||||
- (key.getPrimeQ().signum() == 0) ||
|
|
||||||
- (key.getCrtCoefficient().signum() == 0)) {
|
|
||||||
+ if (checkComponents(key)) {
|
|
||||||
+ return key;
|
|
||||||
+ } else {
|
|
||||||
return new RSAPrivateKeyImpl(
|
|
||||||
key.algid,
|
|
||||||
key.getModulus(),
|
|
||||||
- key.getPrivateExponent()
|
|
||||||
- );
|
|
||||||
- } else {
|
|
||||||
- return key;
|
|
||||||
+ key.getPrivateExponent());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /**
|
|
||||||
+ * Validate if all CRT-specific components are available.
|
|
||||||
+ */
|
|
||||||
+ static boolean checkComponents(RSAPrivateCrtKey key) {
|
|
||||||
+ return !((key.getPublicExponent().signum() == 0) ||
|
|
||||||
+ (key.getPrimeExponentP().signum() == 0) ||
|
|
||||||
+ (key.getPrimeExponentQ().signum() == 0) ||
|
|
||||||
+ (key.getPrimeP().signum() == 0) ||
|
|
||||||
+ (key.getPrimeQ().signum() == 0) ||
|
|
||||||
+ (key.getCrtCoefficient().signum() == 0));
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/**
|
|
||||||
* Generate a new key from the specified type and components.
|
|
||||||
* Returns a CRT key if possible and a non-CRT key otherwise.
|
|
2
sources
2
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
|
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
|
||||||
SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz) = afc1324463883404f22cea3c37177d7b6164fc4cf285d958e7ec21aba976dc306045296eadaa296a31795be6b543ca0b742e0ba074689c3e5a50b9956383934b
|
SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b01-4curve.tar.xz) = e6219684046922a4fcfc577fe3457d28a48e79f3bb57b575b0195273b559293a8a8990197d5a37ca63d6a9d9c50ebf41b7d7630b1b16841df6396eb58b72f404
|
||||||
|
Loading…
Reference in New Issue
Block a user