From c7048023e9e1b0766ba50e679ff33c078981b1e6 Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Tue, 16 Apr 2019 05:55:21 +0100 Subject: [PATCH] Update to aarch64-shenandoah-jdk8u212-b02. Remove patches included upstream - JDK-8197429/PR3546/RH153662{2,3} - JDK-8184309/PR3596 - JDK-8210647/RH1632174 - JDK-8029661/PR3642/RH1477159 - JDK-8145096/PR3693 Re-generate patches - JDK-8203030 Add casts to resolve s390 ambiguity in calls to log2_intptr Move JDK-8219772 to correct section as not yet upstreamed Add new clhsdb and hsdb binaries. Resolves: rhbz#1680640 --- .gitignore | 1 + java-1.8.0-openjdk.spec | 55 +- ...d_tlsv1_2_support_to_pkcs11_provider.patch | 2269 ----------------- jdk8145096-pr3693-undefined_behaviour.patch | 280 -- ...d_warnings_from_gcc_7_1_on_fedora_26.patch | 21 - ...ack_guard_causes_segfaults_on_x86_32.patch | 286 --- ...size_t_type_conflicts_in_shared_code.patch | 86 +- ..._being_compiled_without_optimization.patch | 23 - s390-8214206_fix.patch | 37 + sources | 2 +- 10 files changed, 108 insertions(+), 2952 deletions(-) delete mode 100644 jdk8029661-pr3642-rh1477159-add_tlsv1_2_support_to_pkcs11_provider.patch delete mode 100644 jdk8145096-pr3693-undefined_behaviour.patch delete mode 100644 jdk8184309-pr3596-build_warnings_from_gcc_7_1_on_fedora_26.patch delete mode 100644 jdk8197429-pr3546-rh1536622-increased_stack_guard_causes_segfaults_on_x86_32.patch delete mode 100644 jdk8210647-rh1632174-libsaproc_is_being_compiled_without_optimization.patch create mode 100644 s390-8214206_fix.patch diff --git a/.gitignore b/.gitignore index 08917ce..0047a5a 100644 --- a/.gitignore +++ b/.gitignore @@ -134,3 +134,4 @@ /tapsets-icedtea-3.11.0.tar.xz /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u201-b13.tar.xz /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u202-b08.tar.xz +/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u212-b02.tar.xz diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index f7282d6..3a2cb2c 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -226,7 +226,7 @@ # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project aarch64-port %global shenandoah_repo jdk8u-shenandoah -%global shenandoah_revision aarch64-shenandoah-jdk8u202-b08 +%global shenandoah_revision aarch64-shenandoah-jdk8u212-b02 # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} %global repo %{shenandoah_repo} @@ -578,6 +578,8 @@ exit 0 %dir %{_jvmdir}/%{jredir -- %{?1}} %dir %{_jvmdir}/%{jredir -- %{?1}}/bin %dir %{_jvmdir}/%{jredir -- %{?1}}/lib +%{_jvmdir}/%{jredir -- %{?1}}/bin/clhsdb +%{_jvmdir}/%{jredir -- %{?1}}/bin/hsdb %{_jvmdir}/%{jredir -- %{?1}}/bin/java %{_jvmdir}/%{jredir -- %{?1}}/bin/jjs %{_jvmdir}/%{jredir -- %{?1}}/bin/keytool @@ -723,7 +725,9 @@ exit 0 %dir %{_jvmdir}/%{sdkdir -- %{?1}}/include %dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib %{_jvmdir}/%{sdkdir -- %{?1}}/bin/appletviewer +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/clhsdb %{_jvmdir}/%{sdkdir -- %{?1}}/bin/extcheck +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/hsdb %{_jvmdir}/%{sdkdir -- %{?1}}/bin/idlj %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jar %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jarsigner @@ -1116,6 +1120,8 @@ Patch540: pr3575-rh1567204-system_cacerts_database_handling_no_longer_affect_jss Patch300: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch # PR3655: Allow use of system crypto policy to be disabled by the user Patch301: pr3655-toggle_system_crypto_policy.patch +# JDK-8219772: EXTRA_CFLAGS not being picked up for assembler files +Patch110: jdk8219772-extra_c_cxx_flags_not_picked_for_assembler_source.patch ############################################# # @@ -1134,6 +1140,8 @@ Patch103: pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_ Patch105: jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch # AArch64: PR3519: Fix further functions with a missing return value (AArch64) Patch106: pr3519-fix_further_functions_with_a_missing_return_value.patch +# S390 ambiguous log2_intptr calls +Patch107: s390-8214206_fix.patch ############################################# # @@ -1149,16 +1157,12 @@ Patch106: pr3519-fix_further_functions_with_a_missing_return_value.patch Patch502: pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch # S8154313: Generated javadoc scattered all over the place Patch400: jdk8154313-generated_javadoc_scattered_all_over_the_place.patch -# 8197429, PR3546, RH153662{2,3}: 32 bit java app started via JNI crashes with larger stack sizes -Patch561: jdk8197429-pr3546-rh1536622-increased_stack_guard_causes_segfaults_on_x86_32.patch # 8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode Patch563: jdk8171000-pr3542-rh1402819-robot_createScreenCapture_crashes_in_wayland_mode.patch # 8197546, PR3542, RH1402819: Fix for 8171000 breaks Solaris + Linux builds Patch564: jdk8197546-pr3542-rh1402819-fix_for_8171000_breaks_solaris_linux_builds.patch # PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code Patch571: jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch -# 8184309, PR3596: Build warnings from GCC 7.1 on Fedora 26 -Patch572: jdk8184309-pr3596-build_warnings_from_gcc_7_1_on_fedora_26.patch # 8141570, PR3548: Fix Zero interpreter build for --disable-precompiled-headers Patch573: jdk8141570-pr3548-fix_zero_interpreter_build_for_disable_precompiled_headers.patch # 8143245, PR3548: Zero build requires disabled warnings @@ -1177,8 +1181,6 @@ Patch202: jdk8035341-allow_using_system_installed_libpng.patch Patch203: jdk8042159-allow_using_system_installed_lcms2.patch # 8210761: libjsig is being compiled without optimization Patch620: jdk8210761-rh1632174-libjsig_is_being_compiled_without_optimization.patch -# 8210647: libsaproc is being compiled without optimization -Patch621: jdk8210647-rh1632174-libsaproc_is_being_compiled_without_optimization.patch # 8210416: [linux] Poor StrictMath performance due to non-optimized compilation Patch622: jdk8210416-rh1632174-compile_fdlibm_with_o2_ffp_contract_off_on_gcc_clang_arches.patch # 8210425: [x86] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization @@ -1193,29 +1195,13 @@ Patch625: jdk8210425-rh1632174-03-compile_with_o2_and_ffp_contract_off_as_for_fd ############################################# # -# Patches appearing in 8u212 +# Patches appearing in 8u222 # # This section includes patches which are present # in the listed OpenJDK 8u release and should be # able to be removed once that release is out # and used by this RPM. ############################################# -# 8219772: EXTRA_CFLAGS not being picked up for assembler files -Patch110: jdk8219772-extra_c_cxx_flags_not_picked_for_assembler_source.patch - -############################################# -# -# Patches appearing in 8u211 -# -# This section includes patches which are present -# in the listed OpenJDK 8u release and should be -# able to be removed once that release is out -# and used by this RPM. -############################################# -# JDK-8029661, PR3642, RH1477159: Support TLS v1.2 algorithm in SunPKCS11 provider -Patch585: jdk8029661-pr3642-rh1477159-add_tlsv1_2_support_to_pkcs11_provider.patch -# JDK-8145096, PR3693: Undefined behaviour in HotSpot -Patch588: jdk8145096-pr3693-undefined_behaviour.patch ############################################# # @@ -1576,6 +1562,7 @@ sh %{SOURCE12} # s390 build fixes %patch102 %patch103 +%patch107 # AArch64 fixes %patch106 @@ -1599,24 +1586,19 @@ sh %{SOURCE12} %patch528 %patch529 %patch530 -%patch561 %patch563 %patch564 %patch571 -%patch572 %patch573 %patch574 %patch575 %patch576 %patch577 %patch620 -%patch621 %patch622 %patch623 %patch624 %patch625 -%patch585 -%patch588 %patch110 # RPM-only fixes @@ -2285,6 +2267,21 @@ require "copy_jdk_configs.lua" %endif %changelog +* Tue Apr 09 2019 Andrew Hughes - 1:1.8.0.212.b02-0 +- Update to aarch64-shenandoah-jdk8u212-b02. +- Remove patches included upstream + - JDK-8197429/PR3546/RH153662{2,3} + - JDK-8184309/PR3596 + - JDK-8210647/RH1632174 + - JDK-8029661/PR3642/RH1477159 + - JDK-8145096/PR3693 +- Re-generate patches + - JDK-8203030 +- Add casts to resolve s390 ambiguity in calls to log2_intptr +- Move JDK-8219772 to correct section as not yet upstreamed +- Add new clhsdb and hsdb binaries. +- Resolves: rhbz#1680640 + * Sun Apr 07 2019 Andrew Hughes - 1:1.8.0.202.b08-0 - Update to aarch64-shenandoah-jdk8u202-b08. - Remove patches included upstream diff --git a/jdk8029661-pr3642-rh1477159-add_tlsv1_2_support_to_pkcs11_provider.patch b/jdk8029661-pr3642-rh1477159-add_tlsv1_2_support_to_pkcs11_provider.patch deleted file mode 100644 index f7a816a..0000000 --- a/jdk8029661-pr3642-rh1477159-add_tlsv1_2_support_to_pkcs11_provider.patch +++ /dev/null @@ -1,2269 +0,0 @@ -# HG changeset patch -# User mbalao -# Date 1541016287 10800 -# Wed Oct 31 17:04:47 2018 -0300 -# Node ID fa06cdb4c6f7b5ca148f26d345090d48014fecff -# Parent 478a4add975beb90696a4ead5f8fcd9c17fc1a83 -8029661, PR3642, RH1477159: Support TLS v1.2 algorithm in SunPKCS11 provider -Summary: TLS v1.2 algorithms for key and MAC derivation added to SunPKCS11 crypto provider. 8210912 fix is included as part of this changeset. -Reviewed-by: valeriep - -diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -95,9 +95,9 @@ - throw new InvalidAlgorithmParameterException("init() failed", e); - } - version = (spec.getMajorVersion() << 8) | spec.getMinorVersion(); -- if ((version < 0x0300) && (version > 0x0302)) { -- throw new InvalidAlgorithmParameterException -- ("Only SSL 3.0, TLS 1.0, and TLS 1.1 are supported"); -+ if ((version < 0x0300) && (version > 0x0303)) { -+ throw new InvalidAlgorithmParameterException("Only SSL 3.0," + -+ " TLS 1.0, TLS 1.1, and TLS 1.2 are supported"); - } - // we assume the token supports both the CKM_SSL3_* and the CKM_TLS_* - // mechanisms -@@ -112,8 +112,11 @@ - throw new IllegalStateException - ("TlsKeyMaterialGenerator must be initialized"); - } -- mechanism = (version == 0x0300) ? CKM_SSL3_KEY_AND_MAC_DERIVE -- : CKM_TLS_KEY_AND_MAC_DERIVE; -+ if (version == 0x0300) { -+ mechanism = CKM_SSL3_KEY_AND_MAC_DERIVE; -+ } else if (version == 0x0301 || version == 0x0302) { -+ mechanism = CKM_TLS_KEY_AND_MAC_DERIVE; -+ } - int macBits = spec.getMacKeyLength() << 3; - int ivBits = spec.getIvLength() << 3; - -@@ -129,8 +132,18 @@ - - CK_SSL3_RANDOM_DATA random = new CK_SSL3_RANDOM_DATA - (spec.getClientRandom(), spec.getServerRandom()); -- CK_SSL3_KEY_MAT_PARAMS params = new CK_SSL3_KEY_MAT_PARAMS -- (macBits, keyBits, ivBits, isExportable, random); -+ Object params = null; -+ CK_MECHANISM ckMechanism = null; -+ if (version < 0x0303) { -+ params = new CK_SSL3_KEY_MAT_PARAMS -+ (macBits, keyBits, ivBits, isExportable, random); -+ ckMechanism = new CK_MECHANISM(mechanism, (CK_SSL3_KEY_MAT_PARAMS)params); -+ } else if (version == 0x0303) { -+ params = new CK_TLS12_KEY_MAT_PARAMS -+ (macBits, keyBits, ivBits, isExportable, random, -+ Functions.getHashMechId(spec.getPRFHashAlg())); -+ ckMechanism = new CK_MECHANISM(mechanism, (CK_TLS12_KEY_MAT_PARAMS)params); -+ } - - String cipherAlgorithm = spec.getCipherAlgorithm(); - long keyType = P11SecretKeyFactory.getKeyType(cipherAlgorithm); -@@ -162,9 +175,14 @@ - (O_GENERATE, CKO_SECRET_KEY, keyType, attributes); - // the returned keyID is a dummy, ignore - long keyID = token.p11.C_DeriveKey(session.id(), -- new CK_MECHANISM(mechanism, params), p11Key.keyID, attributes); -+ ckMechanism, p11Key.keyID, attributes); - -- CK_SSL3_KEY_MAT_OUT out = params.pReturnedKeyMaterial; -+ CK_SSL3_KEY_MAT_OUT out = null; -+ if (params instanceof CK_SSL3_KEY_MAT_PARAMS) { -+ out = ((CK_SSL3_KEY_MAT_PARAMS)params).pReturnedKeyMaterial; -+ } else if (params instanceof CK_TLS12_KEY_MAT_PARAMS) { -+ out = ((CK_TLS12_KEY_MAT_PARAMS)params).pReturnedKeyMaterial; -+ } - // Note that the MAC keys do not inherit all attributes from the - // template, but they do inherit the sensitive/extractable/token - // flags, which is all P11Key cares about. -diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11TlsMasterSecretGenerator.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11TlsMasterSecretGenerator.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11TlsMasterSecretGenerator.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11TlsMasterSecretGenerator.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -89,9 +89,9 @@ - throw new InvalidAlgorithmParameterException("init() failed", e); - } - version = (spec.getMajorVersion() << 8) | spec.getMinorVersion(); -- if ((version < 0x0300) || (version > 0x0302)) { -- throw new InvalidAlgorithmParameterException -- ("Only SSL 3.0, TLS 1.0, and TLS 1.1 supported"); -+ if ((version < 0x0300) && (version > 0x0303)) { -+ throw new InvalidAlgorithmParameterException("Only SSL 3.0," + -+ " TLS 1.0, TLS 1.1, and TLS 1.2 are supported"); - } - // We assume the token supports the required mechanism. If it does not, - // generateKey() will fail and the failover should take care of us. -@@ -106,10 +106,20 @@ - throw new IllegalStateException - ("TlsMasterSecretGenerator must be initialized"); - } -+ final boolean isTlsRsaPremasterSecret = -+ p11Key.getAlgorithm().equals("TlsRsaPremasterSecret"); -+ if (version == 0x0300) { -+ mechanism = isTlsRsaPremasterSecret ? -+ CKM_SSL3_MASTER_KEY_DERIVE : CKM_SSL3_MASTER_KEY_DERIVE_DH; -+ } else if (version == 0x0301 || version == 0x0302) { -+ mechanism = isTlsRsaPremasterSecret ? -+ CKM_TLS_MASTER_KEY_DERIVE : CKM_TLS_MASTER_KEY_DERIVE_DH; -+ } else if (version == 0x0303) { -+ mechanism = isTlsRsaPremasterSecret ? -+ CKM_TLS12_MASTER_KEY_DERIVE : CKM_TLS12_MASTER_KEY_DERIVE_DH; -+ } - CK_VERSION ckVersion; -- if (p11Key.getAlgorithm().equals("TlsRsaPremasterSecret")) { -- mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE -- : CKM_TLS_MASTER_KEY_DERIVE; -+ if (isTlsRsaPremasterSecret) { - ckVersion = new CK_VERSION(0, 0); - } else { - // Note: we use DH for all non-RSA premaster secrets. That includes -@@ -118,16 +128,23 @@ - // TLS PRF (or the SSL equivalent). - // The only thing special about RSA master secret calculation is - // that it extracts the version numbers from the premaster secret. -- mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE_DH -- : CKM_TLS_MASTER_KEY_DERIVE_DH; - ckVersion = null; - } - byte[] clientRandom = spec.getClientRandom(); - byte[] serverRandom = spec.getServerRandom(); - CK_SSL3_RANDOM_DATA random = - new CK_SSL3_RANDOM_DATA(clientRandom, serverRandom); -- CK_SSL3_MASTER_KEY_DERIVE_PARAMS params = -- new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion); -+ CK_MECHANISM ckMechanism = null; -+ if (version < 0x0303) { -+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS params = -+ new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(random, ckVersion); -+ ckMechanism = new CK_MECHANISM(mechanism, params); -+ } else if (version == 0x0303) { -+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS params = -+ new CK_TLS12_MASTER_KEY_DERIVE_PARAMS(random, ckVersion, -+ Functions.getHashMechId(spec.getPRFHashAlg())); -+ ckMechanism = new CK_MECHANISM(mechanism, params); -+ } - - Session session = null; - try { -@@ -135,9 +152,8 @@ - CK_ATTRIBUTE[] attributes = token.getAttributes(O_GENERATE, - CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); - long keyID = token.p11.C_DeriveKey(session.id(), -- new CK_MECHANISM(mechanism, params), p11Key.keyID, attributes); -+ ckMechanism, p11Key.keyID, attributes); - int major, minor; -- ckVersion = params.pVersion; - if (ckVersion == null) { - major = -1; - minor = -1; -diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -124,8 +124,46 @@ - if (spec == null) { - throw new IllegalStateException("TlsPrfGenerator must be initialized"); - } -+ byte[] seed = spec.getSeed(); -+ -+ // TLS 1.2 -+ if (mechanism == CKM_TLS_MAC) { -+ SecretKey k = null; -+ int ulServerOrClient = 0; -+ if (spec.getLabel().equals("server finished")) { -+ ulServerOrClient = 1; -+ } -+ if (spec.getLabel().equals("client finished")) { -+ ulServerOrClient = 2; -+ } -+ -+ if (ulServerOrClient != 0) { -+ // Finished message -+ CK_TLS_MAC_PARAMS params = new CK_TLS_MAC_PARAMS( -+ Functions.getHashMechId(spec.getPRFHashAlg()), -+ spec.getOutputLength(), ulServerOrClient); -+ Session session = null; -+ try { -+ session = token.getOpSession(); -+ token.p11.C_SignInit(session.id(), -+ new CK_MECHANISM(mechanism, params), p11Key.keyID); -+ token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length); -+ byte[] out = token.p11.C_SignFinal -+ (session.id(), spec.getOutputLength()); -+ k = new SecretKeySpec(out, "TlsPrf"); -+ } catch (PKCS11Exception e) { -+ throw new ProviderException("Could not calculate PRF", e); -+ } finally { -+ token.releaseSession(session); -+ } -+ } else { -+ throw new ProviderException("Only Finished message authentication code"+ -+ " generation supported for TLS 1.2."); -+ } -+ return k; -+ } -+ - byte[] label = P11Util.getBytesUTF8(spec.getLabel()); -- byte[] seed = spec.getSeed(); - - if (mechanism == CKM_NSS_TLS_PRF_GENERAL) { - Session session = null; -diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -57,6 +57,8 @@ - // mechanism id - private long mechanism; - -+ private int version; -+ - private TlsRsaPremasterSecretParameterSpec spec; - - P11TlsRsaPremasterSecretGenerator(Token token, String algorithm, long mechanism) -@@ -77,6 +79,11 @@ - throw new InvalidAlgorithmParameterException(MSG); - } - this.spec = (TlsRsaPremasterSecretParameterSpec)params; -+ version = (spec.getMajorVersion() << 8) | spec.getMinorVersion(); -+ if ((version < 0x0300) && (version > 0x0303)) { -+ throw new InvalidAlgorithmParameterException -+ ("Only SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2 are supported"); -+ } - } - - protected void engineInit(int keysize, SecureRandom random) { -diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -720,38 +720,28 @@ - s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"), - m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); - -- /* -- * TLS 1.2 uses a different hash algorithm than 1.0/1.1 for the -- * PRF calculations. As of 2010, there is no PKCS11-level -- * support for TLS 1.2 PRF calculations, and no known OS's have -- * an internal variant we could use. Therefore for TLS 1.2, we -- * are updating JSSE to request different provider algorithms -- * (e.g. "SunTls12Prf"), and currently only SunJCE has these -- * TLS 1.2 algorithms. -- * -- * If we reused the names such as "SunTlsPrf", the PKCS11 -- * providers would need be updated to fail correctly when -- * presented with the wrong version number (via -- * Provider.Service.supportsParameters()), and we would also -- * need to add the appropriate supportsParamters() checks into -- * KeyGenerators (not currently there). -- * -- * In the future, if PKCS11 support is added, we will restructure -- * this. -- */ - d(KG, "SunTlsRsaPremasterSecret", - "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator", -+ s("SunTls12RsaPremasterSecret"), - m(CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN)); - d(KG, "SunTlsMasterSecret", - "sun.security.pkcs11.P11TlsMasterSecretGenerator", - m(CKM_SSL3_MASTER_KEY_DERIVE, CKM_TLS_MASTER_KEY_DERIVE, - CKM_SSL3_MASTER_KEY_DERIVE_DH, - CKM_TLS_MASTER_KEY_DERIVE_DH)); -+ d(KG, "SunTls12MasterSecret", -+ "sun.security.pkcs11.P11TlsMasterSecretGenerator", -+ m(CKM_TLS12_MASTER_KEY_DERIVE, CKM_TLS12_MASTER_KEY_DERIVE_DH)); - d(KG, "SunTlsKeyMaterial", - "sun.security.pkcs11.P11TlsKeyMaterialGenerator", - m(CKM_SSL3_KEY_AND_MAC_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE)); -+ d(KG, "SunTls12KeyMaterial", -+ "sun.security.pkcs11.P11TlsKeyMaterialGenerator", -+ m(CKM_TLS12_KEY_AND_MAC_DERIVE)); - d(KG, "SunTlsPrf", "sun.security.pkcs11.P11TlsPrfGenerator", - m(CKM_TLS_PRF, CKM_NSS_TLS_PRF_GENERAL)); -+ d(KG, "SunTls12Prf", "sun.security.pkcs11.P11TlsPrfGenerator", -+ m(CKM_TLS_MAC)); - } - - // background thread that periodically checks for token insertion -@@ -1016,13 +1006,16 @@ - if (algorithm == "SunTlsRsaPremasterSecret") { - return new P11TlsRsaPremasterSecretGenerator( - token, algorithm, mechanism); -- } else if (algorithm == "SunTlsMasterSecret") { -+ } else if (algorithm == "SunTlsMasterSecret" -+ || algorithm == "SunTls12MasterSecret") { - return new P11TlsMasterSecretGenerator( - token, algorithm, mechanism); -- } else if (algorithm == "SunTlsKeyMaterial") { -+ } else if (algorithm == "SunTlsKeyMaterial" -+ || algorithm == "SunTls12KeyMaterial") { - return new P11TlsKeyMaterialGenerator( - token, algorithm, mechanism); -- } else if (algorithm == "SunTlsPrf") { -+ } else if (algorithm == "SunTlsPrf" -+ || algorithm == "SunTls12Prf") { - return new P11TlsPrfGenerator(token, algorithm, mechanism); - } else { - return new P11KeyGenerator(token, algorithm, mechanism); -diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. - */ - - /* Copyright (c) 2002 Graz University of Technology. All rights reserved. -@@ -112,14 +112,26 @@ - init(mechanism, params); - } - -+ public CK_MECHANISM(long mechanism, CK_TLS12_MASTER_KEY_DERIVE_PARAMS params) { -+ init(mechanism, params); -+ } -+ - public CK_MECHANISM(long mechanism, CK_SSL3_KEY_MAT_PARAMS params) { - init(mechanism, params); - } - -+ public CK_MECHANISM(long mechanism, CK_TLS12_KEY_MAT_PARAMS params) { -+ init(mechanism, params); -+ } -+ - public CK_MECHANISM(long mechanism, CK_TLS_PRF_PARAMS params) { - init(mechanism, params); - } - -+ public CK_MECHANISM(long mechanism, CK_TLS_MAC_PARAMS params) { -+ init(mechanism, params); -+ } -+ - public CK_MECHANISM(long mechanism, CK_ECDH1_DERIVE_PARAMS params) { - init(mechanism, params); - } -diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_TLS12_KEY_MAT_PARAMS.java openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_TLS12_KEY_MAT_PARAMS.java -new file mode 100644 ---- /dev/null -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_TLS12_KEY_MAT_PARAMS.java -@@ -0,0 +1,151 @@ -+/* -+ * Copyright (c) 2018, Red Hat, Inc. and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package sun.security.pkcs11.wrapper; -+ -+/** -+ * CK_TLS12_KEY_MAT_PARAMS from PKCS#11 v2.40. -+ */ -+public class CK_TLS12_KEY_MAT_PARAMS { -+ -+ /** -+ * PKCS#11: -+ * 
-+     *   CK_ULONG ulMacSizeInBits;
-+     *
-+ */ -+ public long ulMacSizeInBits; -+ -+ /** -+ * PKCS#11: -+ * 
-+     *   CK_ULONG ulKeySizeInBits;
-+     *
-+ */ -+ public long ulKeySizeInBits; -+ -+ /** -+ * PKCS#11: -+ * 
-+     *   CK_ULONG ulIVSizeInBits;
-+     *
-+ */ -+ public long ulIVSizeInBits; -+ -+ /** -+ * PKCS#11: -+ * 
-+     *   CK_BBOOL bIsExport;
-+     *
-+ */ -+ public boolean bIsExport; -+ -+ /** -+ * PKCS#11: -+ * 
-+     *   CK_SSL3_RANDOM_DATA RandomInfo;
-+     *
-+ */ -+ public CK_SSL3_RANDOM_DATA RandomInfo; -+ -+ /** -+ * PKCS#11: -+ * 
-+     *   CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-+     *
-+ */ -+ public CK_SSL3_KEY_MAT_OUT pReturnedKeyMaterial; -+ -+ /** -+ * PKCS#11: -+ * 
-+     *   CK_MECHANISM_TYPE prfHashMechanism;
-+     *
-+ */ -+ public long prfHashMechanism; -+ -+ public CK_TLS12_KEY_MAT_PARAMS( -+ int macSize, int keySize, int ivSize, boolean export, -+ CK_SSL3_RANDOM_DATA random, long prfHashMechanism) { -+ ulMacSizeInBits = macSize; -+ ulKeySizeInBits = keySize; -+ ulIVSizeInBits = ivSize; -+ bIsExport = export; -+ RandomInfo = random; -+ pReturnedKeyMaterial = new CK_SSL3_KEY_MAT_OUT(); -+ if (ivSize != 0) { -+ int n = ivSize >> 3; -+ pReturnedKeyMaterial.pIVClient = new byte[n]; -+ pReturnedKeyMaterial.pIVServer = new byte[n]; -+ } -+ this.prfHashMechanism = prfHashMechanism; -+ } -+ -+ /** -+ * Returns the string representation of CK_TLS12_KEY_MAT_PARAMS. -+ * -+ * @return the string representation of CK_TLS12_KEY_MAT_PARAMS -+ */ -+ public String toString() { -+ StringBuilder buffer = new StringBuilder(); -+ -+ buffer.append(Constants.INDENT); -+ buffer.append("ulMacSizeInBits: "); -+ buffer.append(ulMacSizeInBits); -+ buffer.append(Constants.NEWLINE); -+ -+ buffer.append(Constants.INDENT); -+ buffer.append("ulKeySizeInBits: "); -+ buffer.append(ulKeySizeInBits); -+ buffer.append(Constants.NEWLINE); -+ -+ buffer.append(Constants.INDENT); -+ buffer.append("ulIVSizeInBits: "); -+ buffer.append(ulIVSizeInBits); -+ buffer.append(Constants.NEWLINE); -+ -+ buffer.append(Constants.INDENT); -+ buffer.append("bIsExport: "); -+ buffer.append(bIsExport); -+ buffer.append(Constants.NEWLINE); -+ -+ buffer.append(Constants.INDENT); -+ buffer.append("RandomInfo: "); -+ buffer.append(RandomInfo); -+ buffer.append(Constants.NEWLINE); -+ -+ buffer.append(Constants.INDENT); -+ buffer.append("pReturnedKeyMaterial: "); -+ buffer.append(pReturnedKeyMaterial); -+ buffer.append(Constants.NEWLINE); -+ -+ buffer.append(Constants.INDENT); -+ buffer.append("prfHashMechanism: "); -+ buffer.append(prfHashMechanism); -+ -+ return buffer.toString(); -+ } -+ -+} -diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_TLS12_MASTER_KEY_DERIVE_PARAMS.java openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_TLS12_MASTER_KEY_DERIVE_PARAMS.java -new file mode 100644 ---- /dev/null -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_TLS12_MASTER_KEY_DERIVE_PARAMS.java -@@ -0,0 +1,65 @@ -+/* -+ * Copyright (c) 2018, Red Hat, Inc. and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package sun.security.pkcs11.wrapper; -+ -+/** -+ * CK_TLS12_MASTER_KEY_DERIVE_PARAMS from PKCS#11 v2.40. -+ */ -+public class CK_TLS12_MASTER_KEY_DERIVE_PARAMS { -+ -+ /** -+ * PKCS#11: -+ * 
-+     *   CK_SSL3_RANDOM_DATA RandomInfo;
-+     *
-+ */ -+ public CK_SSL3_RANDOM_DATA RandomInfo; -+ -+ /** -+ * PKCS#11: -+ * 
-+     *   CK_VERSION_PTR pVersion;
-+     *
-+ */ -+ public CK_VERSION pVersion; -+ -+ /** -+ * PKCS#11: -+ * 
-+     *   CK_MECHANISM_TYPE prfHashMechanism;
-+     *
-+ */ -+ public long prfHashMechanism; -+ -+ public CK_TLS12_MASTER_KEY_DERIVE_PARAMS( -+ CK_SSL3_RANDOM_DATA random, CK_VERSION version, -+ long prfHashMechanism) { -+ RandomInfo = random; -+ pVersion = version; -+ this.prfHashMechanism = prfHashMechanism; -+ } -+ -+} -diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_TLS_MAC_PARAMS.java openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_TLS_MAC_PARAMS.java -new file mode 100644 ---- /dev/null -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/CK_TLS_MAC_PARAMS.java -@@ -0,0 +1,64 @@ -+/* -+ * Copyright (c) 2018, Red Hat, Inc. and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+package sun.security.pkcs11.wrapper; -+ -+/** -+ * CK_TLS_MAC_PARAMS from PKCS#11 v2.40. -+ */ -+public class CK_TLS_MAC_PARAMS { -+ -+ /** -+ * PKCS#11: -+ * 
-+     *   CK_MECHANISM_TYPE prfMechanism;
-+     *
-+ */ -+ public long prfMechanism; -+ -+ /** -+ * PKCS#11: -+ * 
-+     *   CK_ULONG ulMacLength;
-+     *
-+ */ -+ public long ulMacLength; -+ -+ /** -+ * PKCS#11: -+ * 
-+     *   CK_ULONG ulServerOrClient;
-+     *
-+ */ -+ public long ulServerOrClient; -+ -+ public CK_TLS_MAC_PARAMS(long prfMechanism, -+ long ulMacLength, long ulServerOrClient) { -+ this.prfMechanism = prfMechanism; -+ this.ulMacLength = ulMacLength; -+ this.ulServerOrClient = ulServerOrClient; -+ } -+ -+} -diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. - */ - - /* Copyright (c) 2002 Graz University of Technology. All rights reserved. -@@ -73,6 +73,9 @@ - private static final Map mechIds = - new HashMap(); - -+ private static final Map hashMechIds = -+ new HashMap(); -+ - // key types (CKK_*) - private static final Map keyNames = - new HashMap(); -@@ -94,7 +97,6 @@ - private static final Map objectClassIds = - new HashMap(); - -- - /** - * For converting numbers to their hex presentation. - */ -@@ -444,6 +446,10 @@ - return getId(objectClassIds, name); - } - -+ public static long getHashMechId(String name) { -+ return hashMechIds.get(name); -+ } -+ - /** - * Check the given arrays for equalitiy. This method considers both arrays as - * equal, if both are null or both have the same length and -@@ -589,6 +595,10 @@ - addMapping(objectClassNames, objectClassIds, id, name); - } - -+ private static void addHashMech(long id, String name) { -+ hashMechIds.put(name, id); -+ } -+ - static { - addMech(CKM_RSA_PKCS_KEY_PAIR_GEN, "CKM_RSA_PKCS_KEY_PAIR_GEN"); - addMech(CKM_RSA_PKCS, "CKM_RSA_PKCS"); -@@ -719,6 +729,10 @@ - addMech(CKM_TLS_PRF, "CKM_TLS_PRF"); - addMech(CKM_SSL3_MD5_MAC, "CKM_SSL3_MD5_MAC"); - addMech(CKM_SSL3_SHA1_MAC, "CKM_SSL3_SHA1_MAC"); -+ addMech(CKM_TLS12_MASTER_KEY_DERIVE, "CKM_TLS12_MASTER_KEY_DERIVE"); -+ addMech(CKM_TLS12_KEY_AND_MAC_DERIVE, "CKM_TLS12_KEY_AND_MAC_DERIVE"); -+ addMech(CKM_TLS12_MASTER_KEY_DERIVE_DH, "CKM_TLS12_MASTER_KEY_DERIVE_DH"); -+ addMech(CKM_TLS_MAC, "CKM_TLS_MAC"); - addMech(CKM_MD5_KEY_DERIVATION, "CKM_MD5_KEY_DERIVATION"); - addMech(CKM_MD2_KEY_DERIVATION, "CKM_MD2_KEY_DERIVATION"); - addMech(CKM_SHA1_KEY_DERIVATION, "CKM_SHA1_KEY_DERIVATION"); -@@ -794,6 +808,12 @@ - addMech(PCKM_SECURERANDOM, "SecureRandom"); - addMech(PCKM_KEYSTORE, "KeyStore"); - -+ addHashMech(CKM_SHA_1, "SHA-1"); -+ addHashMech(CKM_SHA224, "SHA-224"); -+ addHashMech(CKM_SHA256, "SHA-256"); -+ addHashMech(CKM_SHA384, "SHA-384"); -+ addHashMech(CKM_SHA512, "SHA-512"); -+ - addKeyType(CKK_RSA, "CKK_RSA"); - addKeyType(CKK_DSA, "CKK_DSA"); - addKeyType(CKK_DH, "CKK_DH"); -diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. - */ - - /* Copyright (c) 2002 Graz University of Technology. All rights reserved. -@@ -625,6 +625,14 @@ - public static final long CKM_PKCS5_PBKD2 = 0x000003B0L; - - public static final long CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0L; -+ -+ /* CKM_TLS12_MASTER_KEY_DERIVE, CKM_TLS12_KEY_AND_MAC_DERIVE, -+ * CKM_TLS12_MASTER_KEY_DERIVE_DH and CKM_TLS_MAC are new for v2.40 */ -+ public static final long CKM_TLS12_MASTER_KEY_DERIVE = 0x000003E0L; -+ public static final long CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003E1L; -+ public static final long CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2L; -+ public static final long CKM_TLS_MAC = 0x000003E4L; -+ - public static final long CKM_KEY_WRAP_LYNKS = 0x00000400L; - public static final long CKM_KEY_WRAP_SET_OAEP = 0x00000401L; - -diff --git openjdk.orig/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c openjdk/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c ---- openjdk.orig/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c -+++ openjdk/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. - */ - - /* Copyright (c) 2002 Graz University of Technology. All rights reserved. -@@ -457,67 +457,113 @@ - return ckAttribute ; - } - --/* -- * converts the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS object to a -- * CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure -- * -- * @param env - used to call JNI funktions to get the Java classes and objects -- * @param jParam - the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS object to convert -- * @return - the new CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure -- */ --CK_SSL3_MASTER_KEY_DERIVE_PARAMS jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env, jobject jParam) --{ -- // XXX don't return structs -- // XXX prefetch class and field ids -- jclass jSsl3MasterKeyDeriveParamsClass; -- CK_SSL3_MASTER_KEY_DERIVE_PARAMS ckParam; -+void masterKeyDeriveParamToCKMasterKeyDeriveParam(JNIEnv *env, jobject jParam, -+ jclass masterKeyDeriveParamClass, -+ CK_VERSION_PTR* cKMasterKeyDeriveParamVersion, -+ CK_SSL3_RANDOM_DATA* cKMasterKeyDeriveParamRandomInfo) { - jfieldID fieldID; - jclass jSsl3RandomDataClass; - jobject jRandomInfo, jRIClientRandom, jRIServerRandom, jVersion; -- memset(&ckParam, 0, sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS)); - - /* get RandomInfo */ -- jSsl3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); -- if (jSsl3MasterKeyDeriveParamsClass == NULL) { return ckParam; } -- fieldID = (*env)->GetFieldID(env, jSsl3MasterKeyDeriveParamsClass, "RandomInfo", "Lsun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA;"); -- if (fieldID == NULL) { return ckParam; } -+ fieldID = (*env)->GetFieldID(env, masterKeyDeriveParamClass, "RandomInfo", -+ "Lsun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA;"); -+ if (fieldID == NULL) { return; } - jRandomInfo = (*env)->GetObjectField(env, jParam, fieldID); - - /* get pClientRandom and ulClientRandomLength out of RandomInfo */ - jSsl3RandomDataClass = (*env)->FindClass(env, CLASS_SSL3_RANDOM_DATA); -- if (jSsl3RandomDataClass == NULL) { return ckParam; } -+ if (jSsl3RandomDataClass == NULL) { return; } - fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pClientRandom", "[B"); -- if (fieldID == NULL) { return ckParam; } -+ if (fieldID == NULL) { return; } - jRIClientRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID); - - /* get pServerRandom and ulServerRandomLength out of RandomInfo */ - fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pServerRandom", "[B"); -- if (fieldID == NULL) { return ckParam; } -+ if (fieldID == NULL) { return; } - jRIServerRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID); - - /* get pVersion */ -- fieldID = (*env)->GetFieldID(env, jSsl3MasterKeyDeriveParamsClass, "pVersion", "Lsun/security/pkcs11/wrapper/CK_VERSION;"); -- if (fieldID == NULL) { return ckParam; } -+ fieldID = (*env)->GetFieldID(env, masterKeyDeriveParamClass, "pVersion", -+ "Lsun/security/pkcs11/wrapper/CK_VERSION;"); -+ if (fieldID == NULL) { return; } - jVersion = (*env)->GetObjectField(env, jParam, fieldID); - - /* populate java values */ -- ckParam.pVersion = jVersionToCKVersionPtr(env, jVersion); -- if ((*env)->ExceptionCheck(env)) { return ckParam; } -- jByteArrayToCKByteArray(env, jRIClientRandom, &(ckParam.RandomInfo.pClientRandom), &(ckParam.RandomInfo.ulClientRandomLen)); -+ *cKMasterKeyDeriveParamVersion = jVersionToCKVersionPtr(env, jVersion); -+ if ((*env)->ExceptionCheck(env)) { return; } -+ jByteArrayToCKByteArray(env, jRIClientRandom, -+ &(cKMasterKeyDeriveParamRandomInfo->pClientRandom), -+ &(cKMasterKeyDeriveParamRandomInfo->ulClientRandomLen)); - if ((*env)->ExceptionCheck(env)) { -- free(ckParam.pVersion); -- return ckParam; -+ free(*cKMasterKeyDeriveParamVersion); -+ return; - } -- jByteArrayToCKByteArray(env, jRIServerRandom, &(ckParam.RandomInfo.pServerRandom), &(ckParam.RandomInfo.ulServerRandomLen)); -+ jByteArrayToCKByteArray(env, jRIServerRandom, -+ &(cKMasterKeyDeriveParamRandomInfo->pServerRandom), -+ &(cKMasterKeyDeriveParamRandomInfo->ulServerRandomLen)); - if ((*env)->ExceptionCheck(env)) { -- free(ckParam.pVersion); -- free(ckParam.RandomInfo.pClientRandom); -- return ckParam; -+ free(*cKMasterKeyDeriveParamVersion); -+ free(cKMasterKeyDeriveParamRandomInfo->pClientRandom); -+ return; - } -- -- return ckParam ; - } - -+/* -+ * converts the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS object to a -+ * CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure -+ * -+ * @param env - used to call JNI functions to get the Java classes and objects -+ * @param jParam - the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS object to convert -+ * @return - the new CK_SSL3_MASTER_KEY_DERIVE_PARAMS structure -+ */ -+CK_SSL3_MASTER_KEY_DERIVE_PARAMS -+jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env, -+ jobject jParam) -+{ -+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS ckParam; -+ jclass jSsl3MasterKeyDeriveParamsClass; -+ memset(&ckParam, 0, sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS)); -+ jSsl3MasterKeyDeriveParamsClass = -+ (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); -+ if (jSsl3MasterKeyDeriveParamsClass == NULL) { return ckParam; } -+ masterKeyDeriveParamToCKMasterKeyDeriveParam(env, jParam, -+ jSsl3MasterKeyDeriveParamsClass, -+ &ckParam.pVersion, &ckParam.RandomInfo); -+ return ckParam; -+} -+ -+/* -+ * converts the Java CK_TLS12_MASTER_KEY_DERIVE_PARAMS object to a -+ * CK_TLS12_MASTER_KEY_DERIVE_PARAMS structure -+ * -+ * @param env - used to call JNI functions to get the Java classes and objects -+ * @param jParam - the Java CK_TLS12_MASTER_KEY_DERIVE_PARAMS object to convert -+ * @return - the new CK_TLS12_MASTER_KEY_DERIVE_PARAMS structure -+ */ -+CK_TLS12_MASTER_KEY_DERIVE_PARAMS -+jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParam(JNIEnv *env, -+ jobject jParam) -+{ -+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS ckParam; -+ jclass jTls12MasterKeyDeriveParamsClass; -+ jfieldID fieldID; -+ memset(&ckParam, 0, sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS)); -+ jTls12MasterKeyDeriveParamsClass = -+ (*env)->FindClass(env, CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS); -+ if (jTls12MasterKeyDeriveParamsClass == NULL) { return ckParam; } -+ masterKeyDeriveParamToCKMasterKeyDeriveParam(env, jParam, -+ jTls12MasterKeyDeriveParamsClass, &ckParam.pVersion, -+ &ckParam.RandomInfo); -+ fieldID = (*env)->GetFieldID(env, -+ jTls12MasterKeyDeriveParamsClass, "prfHashMechanism", "J"); -+ if (fieldID != NULL) { -+ jlong prfHashMechanism = -+ (*env)->GetLongField(env, jParam, fieldID); -+ ckParam.prfHashMechanism = (CK_MECHANISM_TYPE)prfHashMechanism; -+ } -+ return ckParam; -+} - - /* - * converts the Java CK_TLS_PRF_PARAMS object to a CK_TLS_PRF_PARAMS structure -@@ -576,126 +622,220 @@ - } - - /* -- * converts the Java CK_SSL3_KEY_MAT_PARAMS object to a CK_SSL3_KEY_MAT_PARAMS structure -- * -- * @param env - used to call JNI funktions to get the Java classes and objects -- * @param jParam - the Java CK_SSL3_KEY_MAT_PARAMS object to convert -- * @return - the new CK_SSL3_KEY_MAT_PARAMS structure -+ * converts the Java CK_TLS_MAC_PARAMS object to a CK_TLS_MAC_PARAMS structure - */ --CK_SSL3_KEY_MAT_PARAMS jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam) -+CK_TLS_MAC_PARAMS jTlsMacParamsToCKTlsMacParam(JNIEnv *env, jobject jParam) - { -- // XXX don't return structs -- // XXX prefetch class and field ids -- jclass jSsl3KeyMatParamsClass, jSsl3RandomDataClass, jSsl3KeyMatOutClass; -- CK_SSL3_KEY_MAT_PARAMS ckParam; -+ jclass jTlsMacParamsClass; -+ CK_TLS_MAC_PARAMS ckParam; -+ jfieldID fieldID; -+ jlong jPrfMechanism, jUlMacLength, jUlServerOrClient; -+ memset(&ckParam, 0, sizeof(CK_TLS_MAC_PARAMS)); -+ -+ jTlsMacParamsClass = (*env)->FindClass(env, CLASS_TLS_MAC_PARAMS); -+ if (jTlsMacParamsClass == NULL) { return ckParam; } -+ -+ /* get prfMechanism */ -+ fieldID = (*env)->GetFieldID(env, jTlsMacParamsClass, "prfMechanism", "J"); -+ if (fieldID == NULL) { return ckParam; } -+ jPrfMechanism = (*env)->GetLongField(env, jParam, fieldID); -+ -+ /* get ulMacLength */ -+ fieldID = (*env)->GetFieldID(env, jTlsMacParamsClass, "ulMacLength", "J"); -+ if (fieldID == NULL) { return ckParam; } -+ jUlMacLength = (*env)->GetLongField(env, jParam, fieldID); -+ -+ /* get ulServerOrClient */ -+ fieldID = (*env)->GetFieldID(env, jTlsMacParamsClass, "ulServerOrClient", "J"); -+ if (fieldID == NULL) { return ckParam; } -+ jUlServerOrClient = (*env)->GetLongField(env, jParam, fieldID); -+ -+ /* populate java values */ -+ ckParam.prfMechanism = jLongToCKULong(jPrfMechanism); -+ ckParam.ulMacLength = jLongToCKULong(jUlMacLength); -+ ckParam.ulServerOrClient = jLongToCKULong(jUlServerOrClient); -+ -+ return ckParam; -+} -+ -+void keyMatParamToCKKeyMatParam(JNIEnv *env, jobject jParam, -+ jclass jKeyMatParamClass, -+ CK_ULONG* cKKeyMatParamUlMacSizeInBits, -+ CK_ULONG* cKKeyMatParamUlKeySizeInBits, -+ CK_ULONG* cKKeyMatParamUlIVSizeInBits, -+ CK_BBOOL* cKKeyMatParamBIsExport, -+ CK_SSL3_RANDOM_DATA* cKKeyMatParamRandomInfo, -+ CK_SSL3_KEY_MAT_OUT_PTR* cKKeyMatParamPReturnedKeyMaterial) -+{ -+ jclass jSsl3RandomDataClass, jSsl3KeyMatOutClass; - jfieldID fieldID; - jlong jMacSizeInBits, jKeySizeInBits, jIVSizeInBits; - jboolean jIsExport; - jobject jRandomInfo, jRIClientRandom, jRIServerRandom; - jobject jReturnedKeyMaterial, jRMIvClient, jRMIvServer; - CK_ULONG ckTemp; -- memset(&ckParam, 0, sizeof(CK_SSL3_KEY_MAT_PARAMS)); - - /* get ulMacSizeInBits */ -- jSsl3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS); -- if (jSsl3KeyMatParamsClass == NULL) { return ckParam; } -- fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "ulMacSizeInBits", "J"); -- if (fieldID == NULL) { return ckParam; } -+ fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "ulMacSizeInBits", "J"); -+ if (fieldID == NULL) { return; } - jMacSizeInBits = (*env)->GetLongField(env, jParam, fieldID); - - /* get ulKeySizeInBits */ -- fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "ulKeySizeInBits", "J"); -- if (fieldID == NULL) { return ckParam; } -+ fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "ulKeySizeInBits", "J"); -+ if (fieldID == NULL) { return; } - jKeySizeInBits = (*env)->GetLongField(env, jParam, fieldID); - - /* get ulIVSizeInBits */ -- fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "ulIVSizeInBits", "J"); -- if (fieldID == NULL) { return ckParam; } -+ fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "ulIVSizeInBits", "J"); -+ if (fieldID == NULL) { return; } - jIVSizeInBits = (*env)->GetLongField(env, jParam, fieldID); - - /* get bIsExport */ -- fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "bIsExport", "Z"); -- if (fieldID == NULL) { return ckParam; } -+ fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "bIsExport", "Z"); -+ if (fieldID == NULL) { return; } - jIsExport = (*env)->GetBooleanField(env, jParam, fieldID); - - /* get RandomInfo */ - jSsl3RandomDataClass = (*env)->FindClass(env, CLASS_SSL3_RANDOM_DATA); -- if (jSsl3RandomDataClass == NULL) { return ckParam; } -- fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "RandomInfo", "Lsun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA;"); -- if (fieldID == NULL) { return ckParam; } -+ if (jSsl3RandomDataClass == NULL) { return; } -+ fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "RandomInfo", -+ "Lsun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA;"); -+ if (fieldID == NULL) { return; } - jRandomInfo = (*env)->GetObjectField(env, jParam, fieldID); - - /* get pClientRandom and ulClientRandomLength out of RandomInfo */ - fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pClientRandom", "[B"); -- if (fieldID == NULL) { return ckParam; } -+ if (fieldID == NULL) { return; } - jRIClientRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID); - - /* get pServerRandom and ulServerRandomLength out of RandomInfo */ - fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pServerRandom", "[B"); -- if (fieldID == NULL) { return ckParam; } -+ if (fieldID == NULL) { return; } - jRIServerRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID); - - /* get pReturnedKeyMaterial */ - jSsl3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT); -- if (jSsl3KeyMatOutClass == NULL) { return ckParam; } -- fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "pReturnedKeyMaterial", "Lsun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_OUT;"); -- if (fieldID == NULL) { return ckParam; } -+ if (jSsl3KeyMatOutClass == NULL) { return; } -+ fieldID = (*env)->GetFieldID(env, jKeyMatParamClass, "pReturnedKeyMaterial", -+ "Lsun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_OUT;"); -+ if (fieldID == NULL) { return; } - jReturnedKeyMaterial = (*env)->GetObjectField(env, jParam, fieldID); - - /* get pIVClient out of pReturnedKeyMaterial */ - fieldID = (*env)->GetFieldID(env, jSsl3KeyMatOutClass, "pIVClient", "[B"); -- if (fieldID == NULL) { return ckParam; } -+ if (fieldID == NULL) { return; } - jRMIvClient = (*env)->GetObjectField(env, jReturnedKeyMaterial, fieldID); - - /* get pIVServer out of pReturnedKeyMaterial */ - fieldID = (*env)->GetFieldID(env, jSsl3KeyMatOutClass, "pIVServer", "[B"); -- if (fieldID == NULL) { return ckParam; } -+ if (fieldID == NULL) { return; } - jRMIvServer = (*env)->GetObjectField(env, jReturnedKeyMaterial, fieldID); - - /* populate java values */ -- ckParam.ulMacSizeInBits = jLongToCKULong(jMacSizeInBits); -- ckParam.ulKeySizeInBits = jLongToCKULong(jKeySizeInBits); -- ckParam.ulIVSizeInBits = jLongToCKULong(jIVSizeInBits); -- ckParam.bIsExport = jBooleanToCKBBool(jIsExport); -- jByteArrayToCKByteArray(env, jRIClientRandom, &(ckParam.RandomInfo.pClientRandom), &(ckParam.RandomInfo.ulClientRandomLen)); -- if ((*env)->ExceptionCheck(env)) { return ckParam; } -- jByteArrayToCKByteArray(env, jRIServerRandom, &(ckParam.RandomInfo.pServerRandom), &(ckParam.RandomInfo.ulServerRandomLen)); -+ *cKKeyMatParamUlMacSizeInBits = jLongToCKULong(jMacSizeInBits); -+ *cKKeyMatParamUlKeySizeInBits = jLongToCKULong(jKeySizeInBits); -+ *cKKeyMatParamUlIVSizeInBits = jLongToCKULong(jIVSizeInBits); -+ *cKKeyMatParamBIsExport = jBooleanToCKBBool(jIsExport); -+ jByteArrayToCKByteArray(env, jRIClientRandom, -+ &(cKKeyMatParamRandomInfo->pClientRandom), -+ &(cKKeyMatParamRandomInfo->ulClientRandomLen)); -+ if ((*env)->ExceptionCheck(env)) { return; } -+ jByteArrayToCKByteArray(env, jRIServerRandom, -+ &(cKKeyMatParamRandomInfo->pServerRandom), -+ &(cKKeyMatParamRandomInfo->ulServerRandomLen)); - if ((*env)->ExceptionCheck(env)) { -- free(ckParam.RandomInfo.pClientRandom); -- return ckParam; -+ free(cKKeyMatParamRandomInfo->pClientRandom); -+ return; - } - /* allocate memory for pRetrunedKeyMaterial */ -- ckParam.pReturnedKeyMaterial = (CK_SSL3_KEY_MAT_OUT_PTR) malloc(sizeof(CK_SSL3_KEY_MAT_OUT)); -- if (ckParam.pReturnedKeyMaterial == NULL) { -- free(ckParam.RandomInfo.pClientRandom); -- free(ckParam.RandomInfo.pServerRandom); -+ *cKKeyMatParamPReturnedKeyMaterial = -+ (CK_SSL3_KEY_MAT_OUT_PTR)malloc(sizeof(CK_SSL3_KEY_MAT_OUT)); -+ if (*cKKeyMatParamPReturnedKeyMaterial == NULL) { -+ free(cKKeyMatParamRandomInfo->pClientRandom); -+ free(cKKeyMatParamRandomInfo->pServerRandom); - throwOutOfMemoryError(env, 0); -- return ckParam; -+ return; - } - - // the handles are output params only, no need to fetch them from Java -- ckParam.pReturnedKeyMaterial->hClientMacSecret = 0; -- ckParam.pReturnedKeyMaterial->hServerMacSecret = 0; -- ckParam.pReturnedKeyMaterial->hClientKey = 0; -- ckParam.pReturnedKeyMaterial->hServerKey = 0; -+ (*cKKeyMatParamPReturnedKeyMaterial)->hClientMacSecret = 0; -+ (*cKKeyMatParamPReturnedKeyMaterial)->hServerMacSecret = 0; -+ (*cKKeyMatParamPReturnedKeyMaterial)->hClientKey = 0; -+ (*cKKeyMatParamPReturnedKeyMaterial)->hServerKey = 0; - -- jByteArrayToCKByteArray(env, jRMIvClient, &(ckParam.pReturnedKeyMaterial->pIVClient), &ckTemp); -+ jByteArrayToCKByteArray(env, jRMIvClient, -+ &((*cKKeyMatParamPReturnedKeyMaterial)->pIVClient), &ckTemp); - if ((*env)->ExceptionCheck(env)) { -- free(ckParam.RandomInfo.pClientRandom); -- free(ckParam.RandomInfo.pServerRandom); -- free(ckParam.pReturnedKeyMaterial); -- return ckParam; -+ free(cKKeyMatParamRandomInfo->pClientRandom); -+ free(cKKeyMatParamRandomInfo->pServerRandom); -+ free((*cKKeyMatParamPReturnedKeyMaterial)); -+ return; - } -- jByteArrayToCKByteArray(env, jRMIvServer, &(ckParam.pReturnedKeyMaterial->pIVServer), &ckTemp); -+ jByteArrayToCKByteArray(env, jRMIvServer, -+ &((*cKKeyMatParamPReturnedKeyMaterial)->pIVServer), &ckTemp); - if ((*env)->ExceptionCheck(env)) { -- free(ckParam.RandomInfo.pClientRandom); -- free(ckParam.RandomInfo.pServerRandom); -- free(ckParam.pReturnedKeyMaterial->pIVClient); -- free(ckParam.pReturnedKeyMaterial); -- return ckParam; -+ free(cKKeyMatParamRandomInfo->pClientRandom); -+ free(cKKeyMatParamRandomInfo->pServerRandom); -+ free((*cKKeyMatParamPReturnedKeyMaterial)->pIVClient); -+ free((*cKKeyMatParamPReturnedKeyMaterial)); -+ return; - } - -- return ckParam ; -+ return; -+} -+/* -+ * converts the Java CK_SSL3_KEY_MAT_PARAMS object to a -+ * CK_SSL3_KEY_MAT_PARAMS structure -+ * -+ * @param env - used to call JNI funktions to get the Java classes and objects -+ * @param jParam - the Java CK_SSL3_KEY_MAT_PARAMS object to convert -+ * @return - the new CK_SSL3_KEY_MAT_PARAMS structure -+ */ -+CK_SSL3_KEY_MAT_PARAMS -+jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam) -+{ -+ CK_SSL3_KEY_MAT_PARAMS ckParam; -+ jclass jSsl3KeyMatParamsClass; -+ memset(&ckParam, 0, sizeof(CK_SSL3_KEY_MAT_PARAMS)); -+ jSsl3KeyMatParamsClass = (*env)->FindClass(env, -+ CLASS_SSL3_KEY_MAT_PARAMS); -+ if (jSsl3KeyMatParamsClass == NULL) { return ckParam; } -+ keyMatParamToCKKeyMatParam(env, jParam, jSsl3KeyMatParamsClass, -+ &ckParam.ulMacSizeInBits, &ckParam.ulKeySizeInBits, -+ &ckParam.ulIVSizeInBits, &ckParam.bIsExport, -+ &ckParam.RandomInfo, &ckParam.pReturnedKeyMaterial); -+ return ckParam; -+} -+ -+/* -+ * converts the Java CK_TLS12_KEY_MAT_PARAMS object to a -+ * CK_TLS12_KEY_MAT_PARAMS structure -+ * -+ * @param env - used to call JNI functions to get the Java classes and objects -+ * @param jParam - the Java CK_TLS12_KEY_MAT_PARAMS object to convert -+ * @return - the new CK_TLS12_KEY_MAT_PARAMS structure -+ */ -+CK_TLS12_KEY_MAT_PARAMS jTls12KeyMatParamToCKTls12KeyMatParam(JNIEnv *env, -+ jobject jParam) -+{ -+ CK_TLS12_KEY_MAT_PARAMS ckParam; -+ jclass jTls12KeyMatParamsClass; -+ jfieldID fieldID; -+ memset(&ckParam, 0, sizeof(CK_TLS12_KEY_MAT_PARAMS)); -+ jTls12KeyMatParamsClass = (*env)->FindClass(env, -+ CLASS_TLS12_KEY_MAT_PARAMS); -+ if (jTls12KeyMatParamsClass == NULL) { return ckParam; } -+ keyMatParamToCKKeyMatParam(env, jParam, jTls12KeyMatParamsClass, -+ &ckParam.ulMacSizeInBits, &ckParam.ulKeySizeInBits, -+ &ckParam.ulIVSizeInBits, &ckParam.bIsExport, -+ &ckParam.RandomInfo, &ckParam.pReturnedKeyMaterial); -+ fieldID = (*env)->GetFieldID(env, jTls12KeyMatParamsClass, -+ "prfHashMechanism", "J"); -+ if (fieldID != NULL) { -+ jlong prfHashMechanism = (*env)->GetLongField(env, jParam, fieldID); -+ ckParam.prfHashMechanism = (CK_MECHANISM_TYPE)prfHashMechanism; -+ } -+ return ckParam; - } - - /* -@@ -980,8 +1120,11 @@ - void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, CK_VOID_PTR *ckpParamPtr, CK_ULONG *ckpLength) - { - /* get all Java mechanism parameter classes */ -- jclass jVersionClass, jSsl3MasterKeyDeriveParamsClass, jSsl3KeyMatParamsClass; -- jclass jTlsPrfParamsClass, jAesCtrParamsClass, jRsaPkcsOaepParamsClass; -+ jclass jVersionClass, jSsl3MasterKeyDeriveParamsClass; -+ jclass jTls12MasterKeyDeriveParamsClass, jSsl3KeyMatParamsClass; -+ jclass jTls12KeyMatParamsClass; -+ jclass jTlsPrfParamsClass, jTlsMacParamsClass, jAesCtrParamsClass; -+ jclass jRsaPkcsOaepParamsClass; - jclass jPbeParamsClass, jPkcs5Pbkd2ParamsClass, jRsaPkcsPssParamsClass; - jclass jEcdh1DeriveParamsClass, jEcdh2DeriveParamsClass; - jclass jX942Dh1DeriveParamsClass, jX942Dh2DeriveParamsClass; -@@ -1061,6 +1204,62 @@ - return; - } - -+ jTls12KeyMatParamsClass = (*env)->FindClass(env, CLASS_TLS12_KEY_MAT_PARAMS); -+ if (jTls12KeyMatParamsClass == NULL) { return; } -+ if ((*env)->IsInstanceOf(env, jParam, jTls12KeyMatParamsClass)) { -+ /* -+ * CK_TLS12_KEY_MAT_PARAMS -+ */ -+ CK_TLS12_KEY_MAT_PARAMS_PTR ckpParam; -+ -+ ckpParam = (CK_TLS12_KEY_MAT_PARAMS_PTR) malloc(sizeof(CK_TLS12_KEY_MAT_PARAMS)); -+ if (ckpParam == NULL) { -+ throwOutOfMemoryError(env, 0); -+ return; -+ } -+ -+ /* convert jParameter to CKParameter */ -+ *ckpParam = jTls12KeyMatParamToCKTls12KeyMatParam(env, jParam); -+ if ((*env)->ExceptionCheck(env)) { -+ free(ckpParam); -+ return; -+ } -+ -+ /* get length and pointer of parameter */ -+ *ckpLength = sizeof(CK_TLS12_KEY_MAT_PARAMS); -+ *ckpParamPtr = ckpParam; -+ return; -+ } -+ -+ jTls12MasterKeyDeriveParamsClass = -+ (*env)->FindClass(env, CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS); -+ if (jTls12MasterKeyDeriveParamsClass == NULL) { return; } -+ if ((*env)->IsInstanceOf(env, jParam, jTls12MasterKeyDeriveParamsClass)) { -+ /* -+ * CK_TLS12_MASTER_KEY_DERIVE_PARAMS -+ */ -+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR ckpParam; -+ -+ ckpParam = (CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR)malloc( -+ sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS)); -+ if (ckpParam == NULL) { -+ throwOutOfMemoryError(env, 0); -+ return; -+ } -+ -+ /* convert jParameter to CKParameter */ -+ *ckpParam = jTls12MasterKeyDeriveParamToCKTls12MasterKeyDeriveParam(env, jParam); -+ if ((*env)->ExceptionCheck(env)) { -+ free(ckpParam); -+ return; -+ } -+ -+ /* get length and pointer of parameter */ -+ *ckpLength = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); -+ *ckpParamPtr = ckpParam; -+ return; -+ } -+ - jTlsPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS); - if (jTlsPrfParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jTlsPrfParamsClass)) { -@@ -1088,6 +1287,30 @@ - return; - } - -+ jTlsMacParamsClass = (*env)->FindClass(env, CLASS_TLS_MAC_PARAMS); -+ if (jTlsMacParamsClass == NULL) { return; } -+ if ((*env)->IsInstanceOf(env, jParam, jTlsMacParamsClass)) { -+ CK_TLS_MAC_PARAMS_PTR ckpParam; -+ -+ ckpParam = (CK_TLS_MAC_PARAMS_PTR) malloc(sizeof(CK_TLS_MAC_PARAMS)); -+ if (ckpParam == NULL) { -+ throwOutOfMemoryError(env, 0); -+ return; -+ } -+ -+ /* convert jParameter to CKParameter */ -+ *ckpParam = jTlsMacParamsToCKTlsMacParam(env, jParam); -+ if ((*env)->ExceptionCheck(env)) { -+ free(ckpParam); -+ return; -+ } -+ -+ /* get length and pointer of parameter */ -+ *ckpLength = sizeof(CK_TLS_MAC_PARAMS); -+ *ckpParamPtr = ckpParam; -+ return; -+ } -+ - jAesCtrParamsClass = (*env)->FindClass(env, CLASS_AES_CTR_PARAMS); - if (jAesCtrParamsClass == NULL) { return; } - if ((*env)->IsInstanceOf(env, jParam, jAesCtrParamsClass)) { -diff --git openjdk.orig/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c openjdk/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c ---- openjdk.orig/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c -+++ openjdk/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. - */ - - /* Copyright (c) 2002 Graz University of Technology. All rights reserved. -@@ -355,25 +355,38 @@ - - #ifdef P11_ENABLE_C_DERIVEKEY - --void freeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) { -+static void freeMasterKeyDeriveParams(CK_SSL3_RANDOM_DATA *RandomInfo, CK_VERSION_PTR pVersion) { -+ if (RandomInfo->pClientRandom != NULL) { -+ free(RandomInfo->pClientRandom); -+ } -+ if (RandomInfo->pServerRandom != NULL) { -+ free(RandomInfo->pServerRandom); -+ } -+ if (pVersion != NULL) { -+ free(pVersion); -+ } -+} -+ -+void ssl3FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) { - CK_SSL3_MASTER_KEY_DERIVE_PARAMS *params = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter; - if (params == NULL) { - return; - } -+ freeMasterKeyDeriveParams(&(params->RandomInfo), params->pVersion); -+} - -- if (params->RandomInfo.pClientRandom != NULL) { -- free(params->RandomInfo.pClientRandom); -+void tls12FreeMasterKeyDeriveParams(CK_MECHANISM_PTR ckMechanism) { -+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS *params = -+ (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter; -+ if (params == NULL) { -+ return; - } -- if (params->RandomInfo.pServerRandom != NULL) { -- free(params->RandomInfo.pServerRandom); -- } -- if (params->pVersion != NULL) { -- free(params->pVersion); -- } -+ freeMasterKeyDeriveParams(&(params->RandomInfo), params->pVersion); - } - - void freeEcdh1DeriveParams(CK_MECHANISM_PTR ckMechanism) { -- CK_ECDH1_DERIVE_PARAMS *params = (CK_ECDH1_DERIVE_PARAMS *) ckMechanism->pParameter; -+ CK_ECDH1_DERIVE_PARAMS *params = -+ (CK_ECDH1_DERIVE_PARAMS *)ckMechanism->pParameter; - if (params == NULL) { - return; - } -@@ -498,6 +511,7 @@ - switch (ckMechanism.mechanism) { - case CKM_SSL3_KEY_AND_MAC_DERIVE: - case CKM_TLS_KEY_AND_MAC_DERIVE: -+ case CKM_TLS12_KEY_AND_MAC_DERIVE: - case CKM_TLS_PRF: - // these mechanism do not return a key handle via phKey - // set to NULL in case pedantic implementations check for it -@@ -519,17 +533,28 @@ - case CKM_SSL3_MASTER_KEY_DERIVE: - case CKM_TLS_MASTER_KEY_DERIVE: - /* we must copy back the client version */ -- copyBackClientVersion(env, &ckMechanism, jMechanism); -- freeMasterKeyDeriveParams(&ckMechanism); -+ ssl3CopyBackClientVersion(env, &ckMechanism, jMechanism); -+ ssl3FreeMasterKeyDeriveParams(&ckMechanism); -+ break; -+ case CKM_TLS12_MASTER_KEY_DERIVE: -+ tls12CopyBackClientVersion(env, &ckMechanism, jMechanism); -+ tls12FreeMasterKeyDeriveParams(&ckMechanism); - break; - case CKM_SSL3_MASTER_KEY_DERIVE_DH: - case CKM_TLS_MASTER_KEY_DERIVE_DH: -- freeMasterKeyDeriveParams(&ckMechanism); -+ ssl3FreeMasterKeyDeriveParams(&ckMechanism); -+ break; -+ case CKM_TLS12_MASTER_KEY_DERIVE_DH: -+ tls12FreeMasterKeyDeriveParams(&ckMechanism); - break; - case CKM_SSL3_KEY_AND_MAC_DERIVE: - case CKM_TLS_KEY_AND_MAC_DERIVE: - /* we must copy back the unwrapped key info to the jMechanism object */ -- copyBackSSLKeyMatParams(env, &ckMechanism, jMechanism); -+ ssl3CopyBackKeyMatParams(env, &ckMechanism, jMechanism); -+ break; -+ case CKM_TLS12_KEY_AND_MAC_DERIVE: -+ /* we must copy back the unwrapped key info to the jMechanism object */ -+ tls12CopyBackKeyMatParams(env, &ckMechanism, jMechanism); - break; - case CKM_TLS_PRF: - copyBackTLSPrfParams(env, &ckMechanism, jMechanism); -@@ -550,53 +575,42 @@ - return jKeyHandle ; - } - --/* -- * Copy back the client version information from the native -- * structure to the Java object. This is only used for the -- * CKM_SSL3_MASTER_KEY_DERIVE mechanism when used for deriving a key. -- * -- */ --void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism) -+static void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism, -+ CK_VERSION *ckVersion, const char *class_master_key_derive_params) - { -- jclass jMechanismClass, jSSL3MasterKeyDeriveParamsClass, jVersionClass; -- CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams; -- CK_VERSION *ckVersion; -- jfieldID fieldID; -- CK_MECHANISM_TYPE ckMechanismType; -- jlong jMechanismType; -- jobject jSSL3MasterKeyDeriveParams; -- jobject jVersion; -+ jclass jMasterKeyDeriveParamsClass, jMechanismClass, jVersionClass; -+ jobject jMasterKeyDeriveParams; -+ jfieldID fieldID; -+ CK_MECHANISM_TYPE ckMechanismType; -+ jlong jMechanismType; -+ jobject jVersion; - -- /* get mechanism */ -- jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM); -- if (jMechanismClass == NULL) { return; } -- fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J"); -- if (fieldID == NULL) { return; } -- jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); -- ckMechanismType = jLongToCKULong(jMechanismType); -- if (ckMechanismType != ckMechanism->mechanism) { -- /* we do not have maching types, this should not occur */ -- return; -- } -+ /* get mechanism */ -+ jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM); -+ if (jMechanismClass == NULL) { return; } -+ fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J"); -+ if (fieldID == NULL) { return; } -+ jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); -+ ckMechanismType = jLongToCKULong(jMechanismType); -+ if (ckMechanismType != ckMechanism->mechanism) { -+ /* we do not have maching types, this should not occur */ -+ return; -+ } - -- /* get the native CK_SSL3_MASTER_KEY_DERIVE_PARAMS */ -- ckSSL3MasterKeyDeriveParams = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *) ckMechanism->pParameter; -- if (ckSSL3MasterKeyDeriveParams != NULL_PTR) { -- /* get the native CK_VERSION */ -- ckVersion = ckSSL3MasterKeyDeriveParams->pVersion; - if (ckVersion != NULL_PTR) { - /* get the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS (pParameter) */ - fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;"); - if (fieldID == NULL) { return; } - -- jSSL3MasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID); -+ jMasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID); - - /* get the Java CK_VERSION */ -- jSSL3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); -- if (jSSL3MasterKeyDeriveParamsClass == NULL) { return; } -- fieldID = (*env)->GetFieldID(env, jSSL3MasterKeyDeriveParamsClass, "pVersion", "L"CLASS_VERSION";"); -+ jMasterKeyDeriveParamsClass = (*env)->FindClass(env, class_master_key_derive_params); -+ if (jMasterKeyDeriveParamsClass == NULL) { return; } -+ fieldID = (*env)->GetFieldID(env, jMasterKeyDeriveParamsClass, -+ "pVersion", "L"CLASS_VERSION";"); - if (fieldID == NULL) { return; } -- jVersion = (*env)->GetObjectField(env, jSSL3MasterKeyDeriveParams, fieldID); -+ jVersion = (*env)->GetObjectField(env, jMasterKeyDeriveParams, fieldID); - - /* now copy back the version from the native structure to the Java structure */ - -@@ -612,92 +626,126 @@ - if (fieldID == NULL) { return; } - (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->minor)); - } -- } - } - -+/* -+ * Copy back the client version information from the native -+ * structure to the Java object. This is only used for -+ * CKM_SSL3_MASTER_KEY_DERIVE and CKM_TLS_MASTER_KEY_DERIVE -+ * mechanisms when used for deriving a key. -+ * -+ */ -+void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, -+ jobject jMechanism) -+{ -+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams; -+ ckSSL3MasterKeyDeriveParams = -+ (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter; -+ if (ckSSL3MasterKeyDeriveParams != NULL_PTR) { -+ copyBackClientVersion(env, ckMechanism, jMechanism, -+ ckSSL3MasterKeyDeriveParams->pVersion, -+ CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); -+ } -+} - - /* -- * Copy back the derived keys and initialization vectors from the native -- * structure to the Java object. This is only used for the -- * CKM_SSL3_KEY_AND_MAC_DERIVE mechanism when used for deriving a key. -+ * Copy back the client version information from the native -+ * structure to the Java object. This is only used for -+ * CKM_TLS12_MASTER_KEY_DERIVE mechanism when used for deriving a key. - * - */ --void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism) -+void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, -+ jobject jMechanism) - { -- jclass jMechanismClass, jSSL3KeyMatParamsClass, jSSL3KeyMatOutClass; -- CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam; -- CK_SSL3_KEY_MAT_OUT *ckSSL3KeyMatOut; -- jfieldID fieldID; -- CK_MECHANISM_TYPE ckMechanismType; -- jlong jMechanismType; -- CK_BYTE_PTR iv; -- jobject jSSL3KeyMatParam; -- jobject jSSL3KeyMatOut; -- jobject jIV; -- jint jLength; -- jbyte* jBytes; -- int i; -+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS *ckTLS12MasterKeyDeriveParams; -+ ckTLS12MasterKeyDeriveParams = -+ (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)ckMechanism->pParameter; -+ if (ckTLS12MasterKeyDeriveParams != NULL_PTR) { -+ copyBackClientVersion(env, ckMechanism, jMechanism, -+ ckTLS12MasterKeyDeriveParams->pVersion, -+ CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS); -+ } -+} - -- /* get mechanism */ -- jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM); -- if (jMechanismClass == NULL) { return; } -- fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J"); -- if (fieldID == NULL) { return; } -- jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); -- ckMechanismType = jLongToCKULong(jMechanismType); -- if (ckMechanismType != ckMechanism->mechanism) { -- /* we do not have maching types, this should not occur */ -- return; -- } -+static void copyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, -+ jobject jMechanism, CK_SSL3_RANDOM_DATA *RandomInfo, -+ CK_SSL3_KEY_MAT_OUT_PTR ckSSL3KeyMatOut, const char *class_key_mat_params) -+{ -+ jclass jMechanismClass, jKeyMatParamsClass, jSSL3KeyMatOutClass; -+ jfieldID fieldID; -+ CK_MECHANISM_TYPE ckMechanismType; -+ jlong jMechanismType; -+ CK_BYTE_PTR iv; -+ jobject jKeyMatParam; -+ jobject jSSL3KeyMatOut; -+ jobject jIV; -+ jint jLength; -+ jbyte* jBytes; -+ int i; - -- /* get the native CK_SSL3_KEY_MAT_PARAMS */ -- ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *) ckMechanism->pParameter; -- if (ckSSL3KeyMatParam != NULL_PTR) { -- // free malloc'd data -- if (ckSSL3KeyMatParam->RandomInfo.pClientRandom != NULL) { -- free(ckSSL3KeyMatParam->RandomInfo.pClientRandom); -- } -- if (ckSSL3KeyMatParam->RandomInfo.pServerRandom != NULL) { -- free(ckSSL3KeyMatParam->RandomInfo.pServerRandom); -+ /* get mechanism */ -+ jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM); -+ if (jMechanismClass == NULL) { return; } -+ fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J"); -+ if (fieldID == NULL) { return; } -+ jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); -+ ckMechanismType = jLongToCKULong(jMechanismType); -+ if (ckMechanismType != ckMechanism->mechanism) { -+ /* we do not have maching types, this should not occur */ -+ return; - } - -- /* get the native CK_SSL3_KEY_MAT_OUT */ -- ckSSL3KeyMatOut = ckSSL3KeyMatParam->pReturnedKeyMaterial; -+ // free malloc'd data -+ if (RandomInfo->pClientRandom != NULL) { -+ free(RandomInfo->pClientRandom); -+ } -+ if (RandomInfo->pServerRandom != NULL) { -+ free(RandomInfo->pServerRandom); -+ } -+ - if (ckSSL3KeyMatOut != NULL_PTR) { -- /* get the Java CK_SSL3_KEY_MAT_PARAMS (pParameter) */ -- fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;"); -+ /* get the Java params object (pParameter) */ -+ fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", -+ "Ljava/lang/Object;"); - if (fieldID == NULL) { return; } -- jSSL3KeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID); -+ jKeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID); - - /* get the Java CK_SSL3_KEY_MAT_OUT */ -- jSSL3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS); -- if (jSSL3KeyMatParamsClass == NULL) { return; } -- fieldID = (*env)->GetFieldID(env, jSSL3KeyMatParamsClass, "pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT";"); -+ jKeyMatParamsClass = (*env)->FindClass(env, class_key_mat_params); -+ if (jKeyMatParamsClass == NULL) { return; } -+ fieldID = (*env)->GetFieldID(env, jKeyMatParamsClass, -+ "pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT";"); - if (fieldID == NULL) { return; } -- jSSL3KeyMatOut = (*env)->GetObjectField(env, jSSL3KeyMatParam, fieldID); -+ jSSL3KeyMatOut = (*env)->GetObjectField(env, jKeyMatParam, fieldID); - - /* now copy back all the key handles and the initialization vectors */ - /* copy back client MAC secret handle */ - jSSL3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT); - if (jSSL3KeyMatOutClass == NULL) { return; } -- fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientMacSecret", "J"); -+ fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, -+ "hClientMacSecret", "J"); - if (fieldID == NULL) { return; } -- (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret)); -+ (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, -+ ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret)); - - /* copy back server MAC secret handle */ -- fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerMacSecret", "J"); -+ fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, -+ "hServerMacSecret", "J"); - if (fieldID == NULL) { return; } -- (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret)); -+ (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, -+ ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret)); - - /* copy back client secret key handle */ - fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientKey", "J"); - if (fieldID == NULL) { return; } -- (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hClientKey)); -+ (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, -+ ckULongToJLong(ckSSL3KeyMatOut->hClientKey)); - - /* copy back server secret key handle */ - fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerKey", "J"); - if (fieldID == NULL) { return; } -- (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hServerKey)); -+ (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, -+ ckULongToJLong(ckSSL3KeyMatOut->hServerKey)); - - /* copy back the client IV */ - fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVClient", "[B"); -@@ -740,7 +788,45 @@ - free(ckSSL3KeyMatOut->pIVServer); - free(ckSSL3KeyMatOut); - } -- } -+} -+ -+/* -+ * Copy back the derived keys and initialization vectors from the native -+ * structure to the Java object. This is only used for -+ * CKM_SSL3_KEY_AND_MAC_DERIVE and CKM_TLS_KEY_AND_MAC_DERIVE mechanisms -+ * when used for deriving a key. -+ * -+ */ -+void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, -+ jobject jMechanism) -+{ -+ CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam; -+ ckSSL3KeyMatParam = (CK_SSL3_KEY_MAT_PARAMS *)ckMechanism->pParameter; -+ if (ckSSL3KeyMatParam != NULL_PTR) { -+ copyBackKeyMatParams(env, ckMechanism, jMechanism, -+ &(ckSSL3KeyMatParam->RandomInfo), -+ ckSSL3KeyMatParam->pReturnedKeyMaterial, -+ CLASS_SSL3_KEY_MAT_PARAMS); -+ } -+} -+ -+/* -+ * Copy back the derived keys and initialization vectors from the native -+ * structure to the Java object. This is only used for -+ * CKM_TLS12_KEY_AND_MAC_DERIVE mechanism when used for deriving a key. -+ * -+ */ -+void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, -+ jobject jMechanism) -+{ -+ CK_TLS12_KEY_MAT_PARAMS *ckTLS12KeyMatParam; -+ ckTLS12KeyMatParam = (CK_TLS12_KEY_MAT_PARAMS *) ckMechanism->pParameter; -+ if (ckTLS12KeyMatParam != NULL_PTR) { -+ copyBackKeyMatParams(env, ckMechanism, jMechanism, -+ &(ckTLS12KeyMatParam->RandomInfo), -+ ckTLS12KeyMatParam->pReturnedKeyMaterial, -+ CLASS_TLS12_KEY_MAT_PARAMS); -+ } - } - - #endif -diff --git openjdk.orig/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11t.h openjdk/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11t.h ---- openjdk.orig/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11t.h -+++ openjdk/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11t.h -@@ -807,6 +807,12 @@ - #define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4 - #define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5 - -+/* new for v2.40 */ -+#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0 -+#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1 -+#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2 -+#define CKM_TLS_MAC 0x000003E4 -+ - #define CKM_KEY_WRAP_LYNKS 0x00000400 - #define CKM_KEY_WRAP_SET_OAEP 0x00000401 - -@@ -1682,4 +1688,34 @@ - - typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR; - -+/* new for v2.40 */ -+ -+typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { -+ CK_SSL3_RANDOM_DATA RandomInfo; -+ CK_VERSION_PTR pVersion; -+ CK_MECHANISM_TYPE prfHashMechanism; -+} CK_TLS12_MASTER_KEY_DERIVE_PARAMS; -+ -+typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR; -+ -+typedef struct CK_TLS12_KEY_MAT_PARAMS { -+ CK_ULONG ulMacSizeInBits; -+ CK_ULONG ulKeySizeInBits; -+ CK_ULONG ulIVSizeInBits; -+ CK_BBOOL bIsExport; -+ CK_SSL3_RANDOM_DATA RandomInfo; -+ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; -+ CK_MECHANISM_TYPE prfHashMechanism; -+} CK_TLS12_KEY_MAT_PARAMS; -+ -+typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR; -+ -+typedef struct CK_TLS_MAC_PARAMS { -+ CK_MECHANISM_TYPE prfMechanism; -+ CK_ULONG ulMacLength; -+ CK_ULONG ulServerOrClient; -+} CK_TLS_MAC_PARAMS; -+ -+typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR; -+ - #endif -diff --git openjdk.orig/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h openjdk/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h ---- openjdk.orig/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h -+++ openjdk/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. - */ - - /* Copyright (c) 2002 Graz University of Technology. All rights reserved. -@@ -268,10 +268,13 @@ - #define CLASS_SSL3_RANDOM_DATA "sun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA" - // CLASS_SSL3_RANDOM_DATA is used by CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS - #define CLASS_SSL3_KEY_MAT_OUT "sun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_OUT" --// CLASS_SSL3_KEY_MAT_OUT is used by CLASS_SSL3_KEY_MAT_PARAMS -+// CLASS_SSL3_KEY_MAT_OUT is used by CLASS_SSL3_KEY_MAT_PARAMS and CK_TLS12_KEY_MAT_PARAMS - #define CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS "sun/security/pkcs11/wrapper/CK_SSL3_MASTER_KEY_DERIVE_PARAMS" -+#define CLASS_TLS12_MASTER_KEY_DERIVE_PARAMS "sun/security/pkcs11/wrapper/CK_TLS12_MASTER_KEY_DERIVE_PARAMS" - #define CLASS_SSL3_KEY_MAT_PARAMS "sun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_PARAMS" -+#define CLASS_TLS12_KEY_MAT_PARAMS "sun/security/pkcs11/wrapper/CK_TLS12_KEY_MAT_PARAMS" - #define CLASS_TLS_PRF_PARAMS "sun/security/pkcs11/wrapper/CK_TLS_PRF_PARAMS" -+#define CLASS_TLS_MAC_PARAMS "sun/security/pkcs11/wrapper/CK_TLS_MAC_PARAMS" - #define CLASS_AES_CTR_PARAMS "sun/security/pkcs11/wrapper/CK_AES_CTR_PARAMS" - - /* function to convert a PKCS#11 return value other than CK_OK into a Java Exception -@@ -361,9 +364,11 @@ - CK_KEY_WRAP_SET_OAEP_PARAMS jKeyWrapSetOaepParamToCKKeyWrapSetOaepParam(JNIEnv *env, jobject jParam); - void copyBackSetUnwrappedKey(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism); - CK_SSL3_MASTER_KEY_DERIVE_PARAMS jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(JNIEnv *env, jobject jParam); --void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism); -+void ssl3CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism); -+void tls12CopyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism); - CK_SSL3_KEY_MAT_PARAMS jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject jParam); --void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism); -+void ssl3CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism); -+void tls12CopyBackKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism); - CK_KEY_DERIVATION_STRING_DATA jKeyDerivationStringDataToCKKeyDerivationStringData(JNIEnv *env, jobject jParam); - CK_RSA_PKCS_PSS_PARAMS jRsaPkcsPssParamToCKRsaPkcsPssParam(JNIEnv *env, jobject jParam); - CK_ECDH1_DERIVE_PARAMS jEcdh1DeriveParamToCKEcdh1DeriveParam(JNIEnv *env, jobject jParam); -diff --git openjdk.orig/jdk/test/sun/security/pkcs11/fips/TestTLS12.java openjdk/jdk/test/sun/security/pkcs11/fips/TestTLS12.java -new file mode 100644 ---- /dev/null -+++ openjdk/jdk/test/sun/security/pkcs11/fips/TestTLS12.java -@@ -0,0 +1,449 @@ -+/* -+ * Copyright (c) 2018, Red Hat, Inc. and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+/* -+ * @test -+ * @bug 8029661 -+ * @summary Test TLS 1.2 -+ * @library .. -+ * @run main/othervm/timeout=120 TestTLS12 -+ */ -+ -+import java.io.File; -+import java.io.FileInputStream; -+import java.io.InputStream; -+import java.nio.ByteBuffer; -+ -+import java.security.interfaces.RSAPrivateKey; -+import java.security.interfaces.RSAPublicKey; -+import java.security.KeyStore; -+import java.security.NoSuchAlgorithmException; -+import java.security.Provider; -+import java.security.SecureRandom; -+import java.security.Security; -+ -+import java.util.Arrays; -+ -+import javax.crypto.Cipher; -+import javax.crypto.KeyGenerator; -+import javax.crypto.SecretKey; -+import javax.crypto.spec.SecretKeySpec; -+ -+import javax.net.ssl.KeyManagerFactory; -+import javax.net.ssl.SSLContext; -+import javax.net.ssl.SSLEngine; -+import javax.net.ssl.SSLEngineResult; -+import javax.net.ssl.SSLEngineResult.HandshakeStatus; -+import javax.net.ssl.SSLParameters; -+import javax.net.ssl.SSLSession; -+import javax.net.ssl.TrustManagerFactory; -+ -+import sun.security.internal.spec.TlsMasterSecretParameterSpec; -+import sun.security.internal.spec.TlsPrfParameterSpec; -+import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; -+ -+public final class TestTLS12 extends SecmodTest { -+ -+ private static final boolean enableDebug = true; -+ -+ private static Provider sunPKCS11NSSProvider; -+ private static Provider sunJCEProvider; -+ private static com.sun.net.ssl.internal.ssl.Provider jsseProvider; -+ private static KeyStore ks; -+ private static KeyStore ts; -+ private static char[] passphrase = "JAHshj131@@".toCharArray(); -+ private static RSAPrivateKey privateKey; -+ private static RSAPublicKey publicKey; -+ -+ public static void main(String[] args) throws Exception { -+ try { -+ initialize(); -+ } catch (Exception e) { -+ System.out.println("Test skipped: failure during" + -+ " initialization"); -+ return; -+ } -+ -+ if (shouldRun()) { -+ // Test against JCE -+ testTlsAuthenticationCodeGeneration(); -+ -+ // Self-integrity test (complete TLS 1.2 communication) -+ new testTLS12SunPKCS11Communication().run(); -+ -+ System.out.println("Test PASS - OK"); -+ } else { -+ System.out.println("Test skipped: TLS 1.2 mechanisms" + -+ " not supported by current SunPKCS11 back-end"); -+ } -+ } -+ -+ private static boolean shouldRun() { -+ if (sunPKCS11NSSProvider == null) { -+ return false; -+ } -+ try { -+ KeyGenerator.getInstance("SunTls12MasterSecret", -+ sunPKCS11NSSProvider); -+ KeyGenerator.getInstance( -+ "SunTls12RsaPremasterSecret", sunPKCS11NSSProvider); -+ KeyGenerator.getInstance("SunTls12Prf", sunPKCS11NSSProvider); -+ } catch (NoSuchAlgorithmException e) { -+ return false; -+ } -+ return true; -+ } -+ -+ private static void testTlsAuthenticationCodeGeneration() -+ throws Exception { -+ // Generate RSA Pre-Master Secret in SunPKCS11 provider -+ SecretKey rsaPreMasterSecret = null; -+ @SuppressWarnings("deprecation") -+ TlsRsaPremasterSecretParameterSpec rsaPreMasterSecretSpec = -+ new TlsRsaPremasterSecretParameterSpec(0x0303, 0x0303); -+ { -+ KeyGenerator rsaPreMasterSecretKG = KeyGenerator.getInstance( -+ "SunTls12RsaPremasterSecret", sunPKCS11NSSProvider); -+ rsaPreMasterSecretKG.init(rsaPreMasterSecretSpec, null); -+ rsaPreMasterSecret = rsaPreMasterSecretKG.generateKey(); -+ } -+ -+ // Get RSA Pre-Master Secret in plain (from SunPKCS11 provider) -+ byte[] rsaPlainPreMasterSecret = null; -+ { -+ Cipher rsaPreMasterSecretWrapperCipher = -+ Cipher.getInstance("RSA/ECB/PKCS1Padding", -+ sunPKCS11NSSProvider); -+ rsaPreMasterSecretWrapperCipher.init(Cipher.WRAP_MODE, publicKey, -+ new SecureRandom()); -+ byte[] rsaEncryptedPreMasterSecret = -+ rsaPreMasterSecretWrapperCipher.wrap(rsaPreMasterSecret); -+ Cipher rsaPreMasterSecretUnwrapperCipher = -+ Cipher.getInstance("RSA/ECB/PKCS1Padding", sunJCEProvider); -+ rsaPreMasterSecretUnwrapperCipher.init(Cipher.UNWRAP_MODE, -+ privateKey, rsaPreMasterSecretSpec); -+ rsaPlainPreMasterSecret = rsaPreMasterSecretUnwrapperCipher.unwrap( -+ rsaEncryptedPreMasterSecret, "TlsRsaPremasterSecret", -+ Cipher.SECRET_KEY).getEncoded(); -+ -+ if (enableDebug) { -+ System.out.println("rsaPlainPreMasterSecret:"); -+ for (byte b : rsaPlainPreMasterSecret) { -+ System.out.printf("%02X, ", b); -+ } -+ System.out.println(""); -+ } -+ } -+ -+ // Generate Master Secret -+ SecretKey sunPKCS11MasterSecret = null; -+ SecretKey jceMasterSecret = null; -+ { -+ KeyGenerator sunPKCS11MasterSecretGenerator = -+ KeyGenerator.getInstance("SunTls12MasterSecret", -+ sunPKCS11NSSProvider); -+ KeyGenerator jceMasterSecretGenerator = KeyGenerator.getInstance( -+ "SunTls12MasterSecret", sunJCEProvider); -+ @SuppressWarnings("deprecation") -+ TlsMasterSecretParameterSpec sunPKCS11MasterSecretSpec = -+ new TlsMasterSecretParameterSpec(rsaPreMasterSecret, 3, 3, -+ new byte[32], new byte[32], "SHA-256", 32, 64); -+ @SuppressWarnings("deprecation") -+ TlsMasterSecretParameterSpec jceMasterSecretSpec = -+ new TlsMasterSecretParameterSpec( -+ new SecretKeySpec(rsaPlainPreMasterSecret, -+ "Generic"), 3, 3, new byte[32], -+ new byte[32], "SHA-256", 32, 64); -+ sunPKCS11MasterSecretGenerator.init(sunPKCS11MasterSecretSpec, -+ null); -+ jceMasterSecretGenerator.init(jceMasterSecretSpec, null); -+ sunPKCS11MasterSecret = -+ sunPKCS11MasterSecretGenerator.generateKey(); -+ jceMasterSecret = jceMasterSecretGenerator.generateKey(); -+ if (enableDebug) { -+ System.out.println("Master Secret (SunJCE):"); -+ if (jceMasterSecret != null) { -+ for (byte b : jceMasterSecret.getEncoded()) { -+ System.out.printf("%02X, ", b); -+ } -+ System.out.println(""); -+ } -+ } -+ } -+ -+ // Generate authentication codes -+ byte[] sunPKCS11AuthenticationCode = null; -+ byte[] jceAuthenticationCode = null; -+ { -+ // Generate SunPKCS11 authentication code -+ { -+ @SuppressWarnings("deprecation") -+ TlsPrfParameterSpec sunPKCS11AuthenticationCodeSpec = -+ new TlsPrfParameterSpec(sunPKCS11MasterSecret, -+ "client finished", "a".getBytes(), 12, -+ "SHA-256", 32, 64); -+ KeyGenerator sunPKCS11AuthCodeGenerator = -+ KeyGenerator.getInstance("SunTls12Prf", -+ sunPKCS11NSSProvider); -+ sunPKCS11AuthCodeGenerator.init( -+ sunPKCS11AuthenticationCodeSpec); -+ sunPKCS11AuthenticationCode = -+ sunPKCS11AuthCodeGenerator.generateKey().getEncoded(); -+ } -+ -+ // Generate SunJCE authentication code -+ { -+ @SuppressWarnings("deprecation") -+ TlsPrfParameterSpec jceAuthenticationCodeSpec = -+ new TlsPrfParameterSpec(jceMasterSecret, -+ "client finished", "a".getBytes(), 12, -+ "SHA-256", 32, 64); -+ KeyGenerator jceAuthCodeGenerator = -+ KeyGenerator.getInstance("SunTls12Prf", -+ sunJCEProvider); -+ jceAuthCodeGenerator.init(jceAuthenticationCodeSpec); -+ jceAuthenticationCode = -+ jceAuthCodeGenerator.generateKey().getEncoded(); -+ } -+ -+ if (enableDebug) { -+ System.out.println("SunPKCS11 Authentication Code: "); -+ for (byte b : sunPKCS11AuthenticationCode) { -+ System.out.printf("%02X, ", b); -+ } -+ System.out.println(""); -+ System.out.println("SunJCE Authentication Code: "); -+ for (byte b : jceAuthenticationCode) { -+ System.out.printf("%02X, ", b); -+ } -+ System.out.println(""); -+ } -+ } -+ -+ if (sunPKCS11AuthenticationCode == null || -+ jceAuthenticationCode == null || -+ sunPKCS11AuthenticationCode.length == 0 || -+ jceAuthenticationCode.length == 0 || -+ !Arrays.equals(sunPKCS11AuthenticationCode, -+ jceAuthenticationCode)) { -+ throw new Exception("Authentication codes from JCE" + -+ " and SunPKCS11 differ."); -+ } -+ } -+ -+ private static class testTLS12SunPKCS11Communication { -+ public static void run() throws Exception { -+ SSLEngine[][] enginesToTest = getSSLEnginesToTest(); -+ -+ for (SSLEngine[] engineToTest : enginesToTest) { -+ -+ SSLEngine clientSSLEngine = engineToTest[0]; -+ SSLEngine serverSSLEngine = engineToTest[1]; -+ -+ // SSLEngine code based on RedhandshakeFinished.java -+ -+ boolean dataDone = false; -+ -+ ByteBuffer clientOut = null; -+ ByteBuffer clientIn = null; -+ ByteBuffer serverOut = null; -+ ByteBuffer serverIn = null; -+ ByteBuffer cTOs; -+ ByteBuffer sTOc; -+ -+ SSLSession session = clientSSLEngine.getSession(); -+ int appBufferMax = session.getApplicationBufferSize(); -+ int netBufferMax = session.getPacketBufferSize(); -+ -+ clientIn = ByteBuffer.allocate(appBufferMax + 50); -+ serverIn = ByteBuffer.allocate(appBufferMax + 50); -+ -+ cTOs = ByteBuffer.allocateDirect(netBufferMax); -+ sTOc = ByteBuffer.allocateDirect(netBufferMax); -+ -+ clientOut = ByteBuffer.wrap( -+ "Hi Server, I'm Client".getBytes()); -+ serverOut = ByteBuffer.wrap( -+ "Hello Client, I'm Server".getBytes()); -+ -+ SSLEngineResult clientResult; -+ SSLEngineResult serverResult; -+ -+ while (!dataDone) { -+ clientResult = clientSSLEngine.wrap(clientOut, cTOs); -+ runDelegatedTasks(clientResult, clientSSLEngine); -+ serverResult = serverSSLEngine.wrap(serverOut, sTOc); -+ runDelegatedTasks(serverResult, serverSSLEngine); -+ cTOs.flip(); -+ sTOc.flip(); -+ -+ if (enableDebug) { -+ System.out.println("Client -> Network"); -+ printTlsNetworkPacket("", cTOs); -+ System.out.println(""); -+ System.out.println("Server -> Network"); -+ printTlsNetworkPacket("", sTOc); -+ System.out.println(""); -+ } -+ -+ clientResult = clientSSLEngine.unwrap(sTOc, clientIn); -+ runDelegatedTasks(clientResult, clientSSLEngine); -+ serverResult = serverSSLEngine.unwrap(cTOs, serverIn); -+ runDelegatedTasks(serverResult, serverSSLEngine); -+ -+ cTOs.compact(); -+ sTOc.compact(); -+ -+ if (!dataDone && -+ (clientOut.limit() == serverIn.position()) && -+ (serverOut.limit() == clientIn.position())) { -+ checkTransfer(serverOut, clientIn); -+ checkTransfer(clientOut, serverIn); -+ dataDone = true; -+ } -+ } -+ } -+ } -+ -+ static void printTlsNetworkPacket(String prefix, ByteBuffer bb) { -+ ByteBuffer slice = bb.slice(); -+ byte[] buffer = new byte[slice.remaining()]; -+ slice.get(buffer); -+ for (int i = 0; i < buffer.length; i++) { -+ System.out.printf("%02X, ", (byte)(buffer[i] & (byte)0xFF)); -+ if (i % 8 == 0 && i % 16 != 0) { -+ System.out.print(" "); -+ } -+ if (i % 16 == 0) { -+ System.out.println(""); -+ } -+ } -+ System.out.flush(); -+ } -+ -+ private static void checkTransfer(ByteBuffer a, ByteBuffer b) -+ throws Exception { -+ a.flip(); -+ b.flip(); -+ if (!a.equals(b)) { -+ throw new Exception("Data didn't transfer cleanly"); -+ } -+ a.position(a.limit()); -+ b.position(b.limit()); -+ a.limit(a.capacity()); -+ b.limit(b.capacity()); -+ } -+ -+ private static void runDelegatedTasks(SSLEngineResult result, -+ SSLEngine engine) throws Exception { -+ -+ if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { -+ Runnable runnable; -+ while ((runnable = engine.getDelegatedTask()) != null) { -+ runnable.run(); -+ } -+ HandshakeStatus hsStatus = engine.getHandshakeStatus(); -+ if (hsStatus == HandshakeStatus.NEED_TASK) { -+ throw new Exception( -+ "handshake shouldn't need additional tasks"); -+ } -+ } -+ } -+ -+ private static SSLEngine[][] getSSLEnginesToTest() throws Exception { -+ SSLEngine[][] enginesToTest = new SSLEngine[2][2]; -+ String[][] preferredSuites = new String[][]{ new String[] { -+ "TLS_RSA_WITH_AES_128_CBC_SHA256" -+ }, new String[] { -+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" -+ }}; -+ for (int i = 0; i < enginesToTest.length; i++) { -+ enginesToTest[i][0] = createSSLEngine(true); -+ enginesToTest[i][1] = createSSLEngine(false); -+ enginesToTest[i][0].setEnabledCipherSuites(preferredSuites[i]); -+ enginesToTest[i][1].setEnabledCipherSuites(preferredSuites[i]); -+ } -+ return enginesToTest; -+ } -+ -+ static private SSLEngine createSSLEngine(boolean client) -+ throws Exception { -+ SSLEngine ssle; -+ KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX", -+ jsseProvider); -+ kmf.init(ks, passphrase); -+ -+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", -+ jsseProvider); -+ tmf.init(ts); -+ -+ SSLContext sslCtx = SSLContext.getInstance("TLSv1.2", -+ jsseProvider); -+ sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); -+ ssle = sslCtx.createSSLEngine("localhost", 443); -+ ssle.setUseClientMode(client); -+ SSLParameters sslParameters = ssle.getSSLParameters(); -+ ssle.setSSLParameters(sslParameters); -+ -+ return ssle; -+ } -+ } -+ -+ private static void initialize() throws Exception { -+ if (initSecmod() == false) { -+ return; -+ } -+ String configName = BASE + SEP + "fips.cfg"; -+ sunPKCS11NSSProvider = getSunPKCS11(configName); -+ System.out.println("SunPKCS11 provider: " + sunPKCS11NSSProvider); -+ Security.addProvider(sunPKCS11NSSProvider); -+ -+ sunJCEProvider = new com.sun.crypto.provider.SunJCE(); -+ Security.addProvider(sunJCEProvider); -+ -+ Security.removeProvider("SunJSSE"); -+ jsseProvider =new com.sun.net.ssl.internal.ssl.Provider( -+ sunPKCS11NSSProvider); -+ Security.addProvider(jsseProvider); -+ System.out.println(jsseProvider.getInfo()); -+ -+ ks = KeyStore.getInstance("PKCS11", sunPKCS11NSSProvider); -+ ks.load(null, "test12".toCharArray()); -+ ts = ks; -+ -+ KeyStore ksPlain = readTestKeyStore(); -+ privateKey = (RSAPrivateKey)ksPlain.getKey("rh_rsa_sha256", -+ passphrase); -+ publicKey = (RSAPublicKey)ksPlain.getCertificate( -+ "rh_rsa_sha256").getPublicKey(); -+ } -+ -+ private static KeyStore readTestKeyStore() throws Exception { -+ File file = new File(System.getProperty("test.src", "."), "keystore"); -+ InputStream in = new FileInputStream(file); -+ KeyStore ks = KeyStore.getInstance("JKS"); -+ ks.load(in, "passphrase".toCharArray()); -+ in.close(); -+ return ks; -+ } -+} -\ No newline at end of file diff --git a/jdk8145096-pr3693-undefined_behaviour.patch b/jdk8145096-pr3693-undefined_behaviour.patch deleted file mode 100644 index 51aed3c..0000000 --- a/jdk8145096-pr3693-undefined_behaviour.patch +++ /dev/null @@ -1,280 +0,0 @@ -# HG changeset patch -# User aph -# Date 1549014450 -3600 -# Fri Feb 01 10:47:30 2019 +0100 -# Node ID f43f77de876acfbf29c02803418d4d06d83e7dc3 -# Parent 28f68e5c6fb323c521a489cfc92e8a129379378f -8145096: Undefined behaviour in HotSpot -Summary: Fix some integer overflows -Reviewed-by: jrose, kvn, kbarrett, adinn, iklam - -diff --git openjdk.orig/hotspot/src/os/posix/vm/os_posix.cpp openjdk/hotspot/src/os/posix/vm/os_posix.cpp ---- openjdk.orig/hotspot/src/os/posix/vm/os_posix.cpp -+++ openjdk/hotspot/src/os/posix/vm/os_posix.cpp -@@ -604,7 +604,11 @@ - strncpy(buffer, "none", size); - - const struct { -- int i; -+ // NB: i is an unsigned int here because SA_RESETHAND is on some -+ // systems 0x80000000, which is implicitly unsigned. Assignining -+ // it to an int field would be an overflow in unsigned-to-signed -+ // conversion. -+ unsigned int i; - const char* s; - } flaginfo [] = { - { SA_NOCLDSTOP, "SA_NOCLDSTOP" }, -diff --git openjdk.orig/hotspot/src/share/vm/opto/addnode.cpp openjdk/hotspot/src/share/vm/opto/addnode.cpp ---- openjdk.orig/hotspot/src/share/vm/opto/addnode.cpp -+++ openjdk/hotspot/src/share/vm/opto/addnode.cpp -@@ -344,8 +344,8 @@ - const Type *AddINode::add_ring( const Type *t0, const Type *t1 ) const { - const TypeInt *r0 = t0->is_int(); // Handy access - const TypeInt *r1 = t1->is_int(); -- int lo = r0->_lo + r1->_lo; -- int hi = r0->_hi + r1->_hi; -+ int lo = java_add(r0->_lo, r1->_lo); -+ int hi = java_add(r0->_hi, r1->_hi); - if( !(r0->is_con() && r1->is_con()) ) { - // Not both constants, compute approximate result - if( (r0->_lo & r1->_lo) < 0 && lo >= 0 ) { -@@ -462,8 +462,8 @@ - const Type *AddLNode::add_ring( const Type *t0, const Type *t1 ) const { - const TypeLong *r0 = t0->is_long(); // Handy access - const TypeLong *r1 = t1->is_long(); -- jlong lo = r0->_lo + r1->_lo; -- jlong hi = r0->_hi + r1->_hi; -+ jlong lo = java_add(r0->_lo, r1->_lo); -+ jlong hi = java_add(r0->_hi, r1->_hi); - if( !(r0->is_con() && r1->is_con()) ) { - // Not both constants, compute approximate result - if( (r0->_lo & r1->_lo) < 0 && lo >= 0 ) { -diff --git openjdk.orig/hotspot/src/share/vm/opto/loopTransform.cpp openjdk/hotspot/src/share/vm/opto/loopTransform.cpp ---- openjdk.orig/hotspot/src/share/vm/opto/loopTransform.cpp -+++ openjdk/hotspot/src/share/vm/opto/loopTransform.cpp -@@ -1310,8 +1310,8 @@ - limit = new (C) Opaque2Node( C, limit ); - register_new_node( limit, opaq_ctrl ); - } -- if (stride_con > 0 && ((limit_type->_lo - stride_con) < limit_type->_lo) || -- stride_con < 0 && ((limit_type->_hi - stride_con) > limit_type->_hi)) { -+ if (stride_con > 0 && (java_subtract(limit_type->_lo, stride_con) < limit_type->_lo) || -+ stride_con < 0 && (java_subtract(limit_type->_hi, stride_con) > limit_type->_hi)) { - // No underflow. - new_limit = new (C) SubINode(limit, stride); - } else { -diff --git openjdk.orig/hotspot/src/share/vm/opto/mulnode.cpp openjdk/hotspot/src/share/vm/opto/mulnode.cpp ---- openjdk.orig/hotspot/src/share/vm/opto/mulnode.cpp -+++ openjdk/hotspot/src/share/vm/opto/mulnode.cpp -@@ -244,13 +244,13 @@ - double d = (double)hi1; - - // Compute all endpoints & check for overflow -- int32 A = lo0*lo1; -+ int32 A = java_multiply(lo0, lo1); - if( (double)A != a*c ) return TypeInt::INT; // Overflow? -- int32 B = lo0*hi1; -+ int32 B = java_multiply(lo0, hi1); - if( (double)B != a*d ) return TypeInt::INT; // Overflow? -- int32 C = hi0*lo1; -+ int32 C = java_multiply(hi0, lo1); - if( (double)C != b*c ) return TypeInt::INT; // Overflow? -- int32 D = hi0*hi1; -+ int32 D = java_multiply(hi0, hi1); - if( (double)D != b*d ) return TypeInt::INT; // Overflow? - - if( A < B ) { lo0 = A; hi0 = B; } // Sort range endpoints -@@ -340,13 +340,13 @@ - double d = (double)hi1; - - // Compute all endpoints & check for overflow -- jlong A = lo0*lo1; -+ jlong A = java_multiply(lo0, lo1); - if( (double)A != a*c ) return TypeLong::LONG; // Overflow? -- jlong B = lo0*hi1; -+ jlong B = java_multiply(lo0, hi1); - if( (double)B != a*d ) return TypeLong::LONG; // Overflow? -- jlong C = hi0*lo1; -+ jlong C = java_multiply(hi0, lo1); - if( (double)C != b*c ) return TypeLong::LONG; // Overflow? -- jlong D = hi0*hi1; -+ jlong D = java_multiply(hi0, hi1); - if( (double)D != b*d ) return TypeLong::LONG; // Overflow? - - if( A < B ) { lo0 = A; hi0 = B; } // Sort range endpoints -@@ -573,7 +573,8 @@ - // Masking off high bits which are always zero is useless. - const TypeLong* t1 = phase->type( in(1) )->isa_long(); - if (t1 != NULL && t1->_lo >= 0) { -- jlong t1_support = ((jlong)1 << (1 + log2_long(t1->_hi))) - 1; -+ int bit_count = log2_long(t1->_hi) + 1; -+ jlong t1_support = jlong(max_julong >> (BitsPerJavaLong - bit_count)); - if ((t1_support & con) == t1_support) - return usr; - } -@@ -801,7 +802,7 @@ - - // Check for ((x & ((CONST64(1)<<(64-c0))-1)) << c0) which ANDs off high bits - // before shifting them away. -- const jlong bits_mask = ((jlong)CONST64(1) << (jlong)(BitsPerJavaLong - con)) - CONST64(1); -+ const jlong bits_mask = jlong(max_julong >> con); - if( add1_op == Op_AndL && - phase->type(add1->in(2)) == TypeLong::make( bits_mask ) ) - return new (phase->C) LShiftLNode( add1->in(1), in(2) ); -@@ -1253,7 +1254,7 @@ - if ( con == 0 ) return NULL; // let Identity() handle a 0 shift count - // note: mask computation below does not work for 0 shift count - // We'll be wanting the right-shift amount as a mask of that many bits -- const jlong mask = (((jlong)CONST64(1) << (jlong)(BitsPerJavaLong - con)) -1); -+ const jlong mask = jlong(max_julong >> con); - - // Check for ((x << z) + Y) >>> z. Replace with x + con>>>z - // The idiom for rounding to a power of 2 is "(Q+(2^z-1)) >>> z". -diff --git openjdk.orig/hotspot/src/share/vm/opto/subnode.cpp openjdk/hotspot/src/share/vm/opto/subnode.cpp ---- openjdk.orig/hotspot/src/share/vm/opto/subnode.cpp -+++ openjdk/hotspot/src/share/vm/opto/subnode.cpp -@@ -252,8 +252,8 @@ - const Type *SubINode::sub( const Type *t1, const Type *t2 ) const { - const TypeInt *r0 = t1->is_int(); // Handy access - const TypeInt *r1 = t2->is_int(); -- int32 lo = r0->_lo - r1->_hi; -- int32 hi = r0->_hi - r1->_lo; -+ int32 lo = java_subtract(r0->_lo, r1->_hi); -+ int32 hi = java_subtract(r0->_hi, r1->_lo); - - // We next check for 32-bit overflow. - // If that happens, we just assume all integers are possible. -@@ -361,8 +361,8 @@ - const Type *SubLNode::sub( const Type *t1, const Type *t2 ) const { - const TypeLong *r0 = t1->is_long(); // Handy access - const TypeLong *r1 = t2->is_long(); -- jlong lo = r0->_lo - r1->_hi; -- jlong hi = r0->_hi - r1->_lo; -+ jlong lo = java_subtract(r0->_lo, r1->_hi); -+ jlong hi = java_subtract(r0->_hi, r1->_lo); - - // We next check for 32-bit overflow. - // If that happens, we just assume all integers are possible. -diff --git openjdk.orig/hotspot/src/share/vm/opto/type.cpp openjdk/hotspot/src/share/vm/opto/type.cpp ---- openjdk.orig/hotspot/src/share/vm/opto/type.cpp -+++ openjdk/hotspot/src/share/vm/opto/type.cpp -@@ -1329,8 +1329,8 @@ - - // The new type narrows the old type, so look for a "death march". - // See comments on PhaseTransform::saturate. -- juint nrange = _hi - _lo; -- juint orange = ohi - olo; -+ juint nrange = (juint)_hi - _lo; -+ juint orange = (juint)ohi - olo; - if (nrange < max_juint - 1 && nrange > (orange >> 1) + (SMALLINT*2)) { - // Use the new type only if the range shrinks a lot. - // We do not want the optimizer computing 2^31 point by point. -@@ -1363,7 +1363,7 @@ - //------------------------------hash------------------------------------------- - // Type-specific hashing function. - int TypeInt::hash(void) const { -- return _lo+_hi+_widen+(int)Type::Int; -+ return java_add(java_add(_lo, _hi), java_add(_widen, (int)Type::Int)); - } - - //------------------------------is_finite-------------------------------------- -@@ -1544,7 +1544,7 @@ - // If neither endpoint is extremal yet, push out the endpoint - // which is closer to its respective limit. - if (_lo >= 0 || // easy common case -- (julong)(_lo - min) >= (julong)(max - _hi)) { -+ ((julong)_lo - min) >= ((julong)max - _hi)) { - // Try to widen to an unsigned range type of 32/63 bits: - if (max >= max_juint && _hi < max_juint) - return make(_lo, max_juint, WidenMax); -@@ -2314,7 +2314,7 @@ - //------------------------------hash------------------------------------------- - // Type-specific hashing function. - int TypePtr::hash(void) const { -- return _ptr + _offset; -+ return java_add(_ptr, _offset); - } - - //------------------------------dump2------------------------------------------ -@@ -2904,12 +2904,8 @@ - // Type-specific hashing function. - int TypeOopPtr::hash(void) const { - return -- (const_oop() ? const_oop()->hash() : 0) + -- _klass_is_exact + -- _instance_id + -- hash_speculative() + -- _inline_depth + -- TypePtr::hash(); -+ java_add(java_add(java_add(const_oop() ? const_oop()->hash() : 0, _klass_is_exact), -+ java_add(_instance_id , hash_speculative())), java_add(_inline_depth , TypePtr::hash())); - } - - //------------------------------dump2------------------------------------------ -@@ -3635,7 +3631,7 @@ - //------------------------------hash------------------------------------------- - // Type-specific hashing function. - int TypeInstPtr::hash(void) const { -- int hash = klass()->hash() + TypeOopPtr::hash(); -+ int hash = java_add(klass()->hash(), TypeOopPtr::hash()); - return hash; - } - -@@ -4530,7 +4526,7 @@ - //------------------------------hash------------------------------------------- - // Type-specific hashing function. - int TypeKlassPtr::hash(void) const { -- return klass()->hash() + TypePtr::hash(); -+ return java_add(klass()->hash(), TypePtr::hash()); - } - - //------------------------------singleton-------------------------------------- -diff --git openjdk.orig/hotspot/src/share/vm/runtime/advancedThresholdPolicy.cpp openjdk/hotspot/src/share/vm/runtime/advancedThresholdPolicy.cpp ---- openjdk.orig/hotspot/src/share/vm/runtime/advancedThresholdPolicy.cpp -+++ openjdk/hotspot/src/share/vm/runtime/advancedThresholdPolicy.cpp -@@ -131,7 +131,8 @@ - } - - double AdvancedThresholdPolicy::weight(Method* method) { -- return (method->rate() + 1) * ((method->invocation_count() + 1) * (method->backedge_count() + 1)); -+ return (double)(method->rate() + 1) * -+ (method->invocation_count() + 1) * (method->backedge_count() + 1); - } - - // Apply heuristics and return true if x should be compiled before y -diff --git openjdk.orig/hotspot/src/share/vm/utilities/globalDefinitions.hpp openjdk/hotspot/src/share/vm/utilities/globalDefinitions.hpp ---- openjdk.orig/hotspot/src/share/vm/utilities/globalDefinitions.hpp -+++ openjdk/hotspot/src/share/vm/utilities/globalDefinitions.hpp -@@ -1403,6 +1403,32 @@ - - #define ARRAY_SIZE(array) (sizeof(array)/sizeof((array)[0])) - -+//---------------------------------------------------------------------------------------------------- -+// Sum and product which can never overflow: they wrap, just like the -+// Java operations. Note that we don't intend these to be used for -+// general-purpose arithmetic: their purpose is to emulate Java -+// operations. -+ -+// The goal of this code to avoid undefined or implementation-defined -+// behaviour. The use of an lvalue to reference cast is explicitly -+// permitted by Lvalues and rvalues [basic.lval]. [Section 3.10 Para -+// 15 in C++03] -+#define JAVA_INTEGER_OP(OP, NAME, TYPE, UNSIGNED_TYPE) \ -+inline TYPE NAME (TYPE in1, TYPE in2) { \ -+ UNSIGNED_TYPE ures = static_cast(in1); \ -+ ures OP ## = static_cast(in2); \ -+ return reinterpret_cast(ures); \ -+} -+ -+JAVA_INTEGER_OP(+, java_add, jint, juint) -+JAVA_INTEGER_OP(-, java_subtract, jint, juint) -+JAVA_INTEGER_OP(*, java_multiply, jint, juint) -+JAVA_INTEGER_OP(+, java_add, jlong, julong) -+JAVA_INTEGER_OP(-, java_subtract, jlong, julong) -+JAVA_INTEGER_OP(*, java_multiply, jlong, julong) -+ -+#undef JAVA_INTEGER_OP -+ - // Dereference vptr - // All C++ compilers that we know of have the vtbl pointer in the first - // word. If there are exceptions, this function needs to be made compiler diff --git a/jdk8184309-pr3596-build_warnings_from_gcc_7_1_on_fedora_26.patch b/jdk8184309-pr3596-build_warnings_from_gcc_7_1_on_fedora_26.patch deleted file mode 100644 index 00b6125..0000000 --- a/jdk8184309-pr3596-build_warnings_from_gcc_7_1_on_fedora_26.patch +++ /dev/null @@ -1,21 +0,0 @@ -# HG changeset patch -# User ysuenaga -# Date 1527498573 -3600 -# Mon May 28 10:09:33 2018 +0100 -# Node ID ef176cb429c49d1c330d9575938f66b04e3fb730 -# Parent 6915dc9ae18cce5625d3a3fc74b37da70a5b4215 -8184309, PR3596: Build warnings from GCC 7.1 on Fedora 26 -Reviewed-by: kbarrett, vlivanov - -diff --git openjdk.orig/hotspot/src/share/vm/code/dependencies.cpp openjdk/hotspot/src/share/vm/code/dependencies.cpp ---- openjdk.orig/hotspot/src/share/vm/code/dependencies.cpp -+++ openjdk/hotspot/src/share/vm/code/dependencies.cpp -@@ -525,7 +525,7 @@ - xtty->object("x", arg.metadata_value()); - } - } else { -- char xn[10]; sprintf(xn, "x%d", j); -+ char xn[12]; sprintf(xn, "x%d", j); - if (arg.is_oop()) { - xtty->object(xn, arg.oop_value()); - } else { diff --git a/jdk8197429-pr3546-rh1536622-increased_stack_guard_causes_segfaults_on_x86_32.patch b/jdk8197429-pr3546-rh1536622-increased_stack_guard_causes_segfaults_on_x86_32.patch deleted file mode 100644 index 6d7f743..0000000 --- a/jdk8197429-pr3546-rh1536622-increased_stack_guard_causes_segfaults_on_x86_32.patch +++ /dev/null @@ -1,286 +0,0 @@ -# HG changeset patch -# User aph -# Date 1530894306 -3600 -# Fri Jul 06 17:25:06 2018 +0100 -# Node ID 1485461a0fd1ff977a6acb8f2ed1069aaaf3b07e -# Parent d7bcbcfde5057ad066ad2fb55a87d19a5827ddee -8197429: Increased stack guard causes segfaults on x86-32 -Reviewed-by: dholmes - -diff --git openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp ---- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp -+++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp -@@ -724,6 +724,10 @@ - } - } - -+void os::Linux::expand_stack_to(address bottom) { -+ _expand_stack_to(bottom); -+} -+ - bool os::Linux::manually_expand_stack(JavaThread * t, address addr) { - assert(t!=NULL, "just checking"); - assert(t->osthread()->expanding_stack(), "expand should be set"); -diff --git openjdk.orig/hotspot/src/os/linux/vm/os_linux.hpp openjdk/hotspot/src/os/linux/vm/os_linux.hpp ---- openjdk.orig/hotspot/src/os/linux/vm/os_linux.hpp -+++ openjdk/hotspot/src/os/linux/vm/os_linux.hpp -@@ -249,6 +249,8 @@ - static int safe_cond_timedwait(pthread_cond_t *_cond, pthread_mutex_t *_mutex, const struct timespec *_abstime); - - private: -+ static void expand_stack_to(address bottom); -+ - typedef int (*sched_getcpu_func_t)(void); - typedef int (*numa_node_to_cpus_func_t)(int node, unsigned long *buffer, int bufferlen); - typedef int (*numa_max_node_func_t)(void); -diff --git openjdk.orig/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp ---- openjdk.orig/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp -+++ openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp -@@ -892,6 +892,27 @@ - void os::workaround_expand_exec_shield_cs_limit() { - #if defined(IA32) - size_t page_size = os::vm_page_size(); -+ -+ /* -+ * JDK-8197429 -+ * -+ * Expand the stack mapping to the end of the initial stack before -+ * attempting to install the codebuf. This is needed because newer -+ * Linux kernels impose a distance of a megabyte between stack -+ * memory and other memory regions. If we try to install the -+ * codebuf before expanding the stack the installation will appear -+ * to succeed but we'll get a segfault later if we expand the stack -+ * in Java code. -+ * -+ */ -+ if (os::is_primordial_thread()) { -+ address limit = Linux::initial_thread_stack_bottom(); -+ if (! DisablePrimordialThreadGuardPages) { -+ limit += (StackYellowPages + StackRedPages) * page_size; -+ } -+ os::Linux::expand_stack_to(limit); -+ } -+ - /* - * Take the highest VA the OS will give us and exec - * -@@ -910,6 +931,16 @@ - char* hint = (char*) (Linux::initial_thread_stack_bottom() - - ((StackYellowPages + StackRedPages + 1) * page_size)); - char* codebuf = os::attempt_reserve_memory_at(page_size, hint); -+ -+ if (codebuf == NULL) { -+ // JDK-8197429: There may be a stack gap of one megabyte between -+ // the limit of the stack and the nearest memory region: this is a -+ // Linux kernel workaround for CVE-2017-1000364. If we failed to -+ // map our codebuf, try again at an address one megabyte lower. -+ hint -= 1 * M; -+ codebuf = os::attempt_reserve_memory_at(page_size, hint); -+ } -+ - if ( (codebuf == NULL) || (!os::commit_memory(codebuf, page_size, true)) ) { - return; // No matter, we tried, best effort. - } -diff --git openjdk.orig/hotspot/test/runtime/StackGap/T.java openjdk/hotspot/test/runtime/StackGap/T.java -new file mode 100644 ---- /dev/null -+++ openjdk/hotspot/test/runtime/StackGap/T.java -@@ -0,0 +1,33 @@ -+/* -+ * Copyright (c) 2018, Red Hat, Inc. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+public class T { -+ -+ public static void test(int n) { -+ if (n == 0) return; -+ System.out.println (n); -+ test (n - 1); -+ -+ } -+ -+} -diff --git openjdk.orig/hotspot/test/runtime/StackGap/exestack-gap.c openjdk/hotspot/test/runtime/StackGap/exestack-gap.c -new file mode 100644 ---- /dev/null -+++ openjdk/hotspot/test/runtime/StackGap/exestack-gap.c -@@ -0,0 +1,82 @@ -+/* -+ * Copyright (c) 2018, Red Hat, Inc. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+#include -+#include -+#include -+ -+JNIEnv* create_vm(JavaVM **jvm, char *extra_option) -+{ -+ JNIEnv* env; -+ JavaVMInitArgs args; -+ JavaVMOption options[4]; -+ args.version = JNI_VERSION_1_8; -+ args.nOptions = 3 + (extra_option != NULL); -+ options[0].optionString = "-Xss2048k"; -+ char classpath[4096]; -+ snprintf(classpath, sizeof classpath, -+ "-Djava.class.path=%s", getenv("CLASSPATH")); -+ options[1].optionString = classpath; -+ options[2].optionString = "-XX:+UnlockExperimentalVMOptions"; -+ if (extra_option) { -+ options[3].optionString = extra_option; -+ } -+ args.options = &options[0]; -+ args.ignoreUnrecognized = 0; -+ int rv; -+ rv = JNI_CreateJavaVM(jvm, (void**)&env, &args); -+ if (rv < 0) return NULL; -+ return env; -+} -+ -+void run(char *extra_arg) { -+ JavaVM *jvm; -+ jclass T_class; -+ jmethodID test_method; -+ JNIEnv *env = create_vm(&jvm, extra_arg); -+ if (env == NULL) -+ exit(1); -+ T_class = (*env)->FindClass(env, "T"); -+ if ((*env)->ExceptionCheck(env) == JNI_TRUE) { -+ (*env)->ExceptionDescribe(env); -+ exit(1); -+ } -+ test_method = (*env)->GetStaticMethodID(env, T_class, "test", "(I)V"); -+ if ((*env)->ExceptionCheck(env) == JNI_TRUE) { -+ (*env)->ExceptionDescribe(env); -+ exit(1); -+ } -+ (*env)->CallStaticVoidMethod(env, T_class, test_method, 1000); -+} -+ -+ -+int main(int argc, char **argv) -+{ -+ if (argc > 1) { -+ run(argv[1]); -+ } else { -+ run(NULL); -+ } -+ -+ return 0; -+} -diff --git openjdk.orig/hotspot/test/runtime/StackGap/testme.sh openjdk/hotspot/test/runtime/StackGap/testme.sh -new file mode 100644 ---- /dev/null -+++ openjdk/hotspot/test/runtime/StackGap/testme.sh -@@ -0,0 +1,73 @@ -+# Copyright (c) 2014, 2018, Oracle and/or its affiliates. All rights reserved. -+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+# -+# This code is free software; you can redistribute it and/or modify it -+# under the terms of the GNU General Public License version 2 only, as -+# published by the Free Software Foundation. -+# -+# This code is distributed in the hope that it will be useful, but WITHOUT -+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+# version 2 for more details (a copy is included in the LICENSE file that -+# accompanied this code). -+# -+# You should have received a copy of the GNU General Public License version -+# 2 along with this work; if not, write to the Free Software Foundation, -+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+# -+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+# or visit www.oracle.com if you need additional information or have any -+# questions. -+#!/bin/sh -+ -+# -+# @test testme.sh -+# @bug 8197429 -+# @summary Linux kernel stack guard should not cause segfaults on x86-32 -+# @compile T.java -+# @run shell testme.sh -+# -+ -+if [ "${TESTSRC}" = "" ] -+then -+ TESTSRC=${PWD} -+ echo "TESTSRC not set. Using "${TESTSRC}" as default" -+fi -+echo "TESTSRC=${TESTSRC}" -+## Adding common setup Variables for running shell tests. -+. ${TESTSRC}/../../test_env.sh -+ -+if [ "${VM_OS}" != "linux" ] -+then -+ echo "Test only valid for Linux" -+ exit 0 -+fi -+ -+gcc_cmd=`which gcc` -+if [ "x$gcc_cmd" = "x" ]; then -+ echo "WARNING: gcc not found. Cannot execute test." 2>&1 -+ exit 0; -+fi -+ -+CFLAGS="-m${VM_BITS}" -+ -+LD_LIBRARY_PATH=.:${COMPILEJAVA}/jre/lib/${VM_CPU}/${VM_TYPE}:/usr/lib:$LD_LIBRARY_PATH -+export LD_LIBRARY_PATH -+ -+cp ${TESTSRC}${FS}exestack-gap.c . -+ -+# Copy the result of our @compile action: -+cp ${TESTCLASSES}${FS}T.class . -+ -+echo "Compilation flag: ${COMP_FLAG}" -+# Note pthread may not be found thus invoke creation will fail to be created. -+# Check to ensure you have a /usr/lib/libpthread.so if you don't please look -+# for /usr/lib/`uname -m`-linux-gnu version ensure to add that path to below compilation. -+ -+$gcc_cmd -DLINUX ${CFLAGS} -o stack-gap \ -+ -I${COMPILEJAVA}/include -I${COMPILEJAVA}/include/linux \ -+ -L${COMPILEJAVA}/jre/lib/${VM_CPU}/${VM_TYPE} \ -+ -ljvm -lpthread exestack-gap.c -+ -+./stack-gap || exit $? -+./stack-gap -XX:+DisablePrimordialThreadGuardPages || exit $? diff --git a/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch b/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch index 6e0d762..843158e 100644 --- a/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch +++ b/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch @@ -1,5 +1,5 @@ -diff --git a/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp b/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp ---- openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp +++ openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp @@ -2659,7 +2659,7 @@ if (ResizeOldPLAB && CMSOldPLABResizeQuicker) { @@ -10,8 +10,8 @@ diff --git a/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeL } assert(n_blks > 0, "Error"); _cfls->par_get_chunk_of_blocks(word_sz, n_blks, fl); -diff --git a/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp b/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp ---- openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp +++ openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp @@ -957,7 +957,7 @@ if (free_percentage < desired_free_percentage) { @@ -40,10 +40,10 @@ diff --git a/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSw // Do not give up existing stack until we have managed to // get the double capacity that we desired. ReservedSpace rs(ReservedSpace::allocation_align_size_up( -diff --git a/src/share/vm/gc_implementation/g1/concurrentMark.cpp b/src/share/vm/gc_implementation/g1/concurrentMark.cpp ---- openjdk/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp +++ openjdk/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp -@@ -3903,7 +3903,7 @@ +@@ -3902,7 +3902,7 @@ // of things to do) or totally (at the very end). size_t target_size; if (partially) { @@ -52,7 +52,7 @@ diff --git a/src/share/vm/gc_implementation/g1/concurrentMark.cpp b/src/share/vm } else { target_size = 0; } -@@ -4707,7 +4707,7 @@ +@@ -4706,7 +4706,7 @@ // The > 0 check is to deal with the prev and next live bytes which // could be 0. if (*hum_bytes > 0) { @@ -61,10 +61,10 @@ diff --git a/src/share/vm/gc_implementation/g1/concurrentMark.cpp b/src/share/vm *hum_bytes -= bytes; } return bytes; -diff --git a/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp b/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp ---- openjdk/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp +++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp -@@ -1726,7 +1726,7 @@ +@@ -1729,7 +1729,7 @@ verify_region_sets_optional(); @@ -73,8 +73,8 @@ diff --git a/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp b/src/share/v ergo_verbose1(ErgoHeapSizing, "attempt heap expansion", ergo_format_reason("allocation request failed") -diff --git a/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp b/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp ---- openjdk/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp +++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp @@ -117,7 +117,7 @@ return reserved_size() - committed_size(); @@ -85,8 +85,8 @@ diff --git a/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp b/src return (addr - _low_boundary) / _page_size; } -diff --git a/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp b/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp ---- openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp +++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp @@ -38,7 +38,7 @@ _cancel(false), @@ -97,8 +97,8 @@ diff --git a/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp b/src/shar _queues = NEW_C_HEAP_ARRAY(G1StringDedupWorkerQueue, _nqueues, mtGC); for (size_t i = 0; i < _nqueues; i++) { new (_queues + i) G1StringDedupWorkerQueue(G1StringDedupWorkerQueue::default_segment_size(), _max_cache_size, _max_size); -diff --git a/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp b/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp ---- openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp +++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp @@ -120,7 +120,7 @@ }; @@ -109,8 +109,8 @@ diff --git a/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp b/src/shar _max_list_length(0), _cached(PaddedArray::create_unfreeable((uint)_nlists)), _overflowed(PaddedArray::create_unfreeable((uint)_nlists)) { -diff --git a/src/share/vm/gc_implementation/g1/heapRegion.cpp b/src/share/vm/gc_implementation/g1/heapRegion.cpp ---- openjdk/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp +++ openjdk/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp @@ -109,7 +109,7 @@ if (FLAG_IS_DEFAULT(G1HeapRegionSize)) { @@ -121,8 +121,8 @@ diff --git a/src/share/vm/gc_implementation/g1/heapRegion.cpp b/src/share/vm/gc_ } int region_size_log = log2_long((jlong) region_size); -diff --git a/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp b/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp ---- openjdk/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp openjdk/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp +++ openjdk/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp @@ -194,7 +194,7 @@ const size_t num_overflow_elems = of_stack->size(); @@ -133,8 +133,8 @@ diff --git a/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp b/src/sh num_overflow_elems); // Transfer the most recent num_take_elems from the overflow // stack to our work queue. -diff --git a/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp b/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp ---- openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp +++ openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp @@ -910,8 +910,8 @@ void PSParallelCompact::initialize_dead_wood_limiter() @@ -147,8 +147,8 @@ diff --git a/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.c _dwl_first_term = 1.0 / (sqrt(2.0 * M_PI) * _dwl_std_dev); DEBUG_ONLY(_dwl_initialized = true;) _dwl_adjustment = normal_distribution(1.0); -diff --git a/src/share/vm/memory/collectorPolicy.cpp b/src/share/vm/memory/collectorPolicy.cpp ---- openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp +diff --git openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp +--- openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp +++ openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp @@ -385,7 +385,7 @@ uintx calculated_size = NewSize + OldSize; @@ -207,10 +207,10 @@ diff --git a/src/share/vm/memory/collectorPolicy.cpp b/src/share/vm/memory/colle _initial_gen1_size = OldSize; // If the user has explicitly set an OldSize that is inconsistent -diff --git a/src/share/vm/memory/metaspace.cpp b/src/share/vm/memory/metaspace.cpp ---- openjdk/hotspot/src/share/vm/memory/metaspace.cpp +diff --git openjdk.orig/hotspot/src/share/vm/memory/metaspace.cpp openjdk/hotspot/src/share/vm/memory/metaspace.cpp +--- openjdk.orig/hotspot/src/share/vm/memory/metaspace.cpp +++ openjdk/hotspot/src/share/vm/memory/metaspace.cpp -@@ -1455,7 +1455,7 @@ +@@ -1482,7 +1482,7 @@ void MetaspaceGC::post_initialize() { // Reset the high-water mark once the VM initialization is done. @@ -219,8 +219,8 @@ diff --git a/src/share/vm/memory/metaspace.cpp b/src/share/vm/memory/metaspace.c } bool MetaspaceGC::can_expand(size_t word_size, bool is_class) { -@@ -1515,7 +1515,7 @@ - (size_t)MIN2(min_tmp, double(max_uintx)); +@@ -1542,7 +1542,7 @@ + (size_t)MIN2(min_tmp, double(MaxMetaspaceSize)); // Don't shrink less than the initial generation size minimum_desired_capacity = MAX2(minimum_desired_capacity, - MetaspaceSize); @@ -228,16 +228,16 @@ diff --git a/src/share/vm/memory/metaspace.cpp b/src/share/vm/memory/metaspace.c if (PrintGCDetails && Verbose) { gclog_or_tty->print_cr("\nMetaspaceGC::compute_new_size: "); -@@ -1573,7 +1573,7 @@ +@@ -1600,7 +1600,7 @@ const double max_tmp = used_after_gc / minimum_used_percentage; - size_t maximum_desired_capacity = (size_t)MIN2(max_tmp, double(max_uintx)); + size_t maximum_desired_capacity = (size_t)MIN2(max_tmp, double(MaxMetaspaceSize)); maximum_desired_capacity = MAX2(maximum_desired_capacity, - MetaspaceSize); + (size_t)MetaspaceSize); if (PrintGCDetails && Verbose) { gclog_or_tty->print_cr(" " " maximum_free_percentage: %6.2f" -@@ -3285,7 +3285,7 @@ +@@ -3361,7 +3361,7 @@ // on the medium chunk list. The next chunk will be small and progress // from there. This size calculated by -version. _first_class_chunk_word_size = MIN2((size_t)MediumChunk*6, @@ -246,10 +246,10 @@ diff --git a/src/share/vm/memory/metaspace.cpp b/src/share/vm/memory/metaspace.c _first_class_chunk_word_size = align_word_size_up(_first_class_chunk_word_size); // Arbitrarily set the initial virtual space to a multiple // of the boot class loader size. -diff --git a/src/share/vm/memory/threadLocalAllocBuffer.cpp b/src/share/vm/memory/threadLocalAllocBuffer.cpp ---- openjdk/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp +diff --git openjdk.orig/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp openjdk/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp +--- openjdk.orig/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp +++ openjdk/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp -@@ -238,13 +238,13 @@ +@@ -250,13 +250,13 @@ size_t init_sz = 0; if (TLABSize > 0) { @@ -266,8 +266,8 @@ diff --git a/src/share/vm/memory/threadLocalAllocBuffer.cpp b/src/share/vm/memor init_sz = align_object_size(init_sz); } init_sz = MIN2(MAX2(init_sz, min_size()), max_size()); -diff --git a/src/share/vm/oops/objArrayKlass.inline.hpp b/src/share/vm/oops/objArrayKlass.inline.hpp ---- openjdk/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp +diff --git openjdk.orig/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp openjdk/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp +--- openjdk.orig/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp +++ openjdk/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp @@ -48,7 +48,7 @@ const size_t beg_index = size_t(index); @@ -287,10 +287,10 @@ diff --git a/src/share/vm/oops/objArrayKlass.inline.hpp b/src/share/vm/oops/objA const size_t end_index = beg_index + stride; T* const base = (T*)a->base(); T* const beg = base + beg_index; -diff --git a/src/share/vm/runtime/arguments.cpp b/src/share/vm/runtime/arguments.cpp ---- openjdk/hotspot/src/share/vm/runtime/arguments.cpp +diff --git openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp openjdk/hotspot/src/share/vm/runtime/arguments.cpp +--- openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp +++ openjdk/hotspot/src/share/vm/runtime/arguments.cpp -@@ -1283,7 +1283,7 @@ +@@ -1289,7 +1289,7 @@ // NewSize was set on the command line and it is larger than // preferred_max_new_size. if (!FLAG_IS_DEFAULT(NewSize)) { // NewSize explicitly set at command-line @@ -299,7 +299,7 @@ diff --git a/src/share/vm/runtime/arguments.cpp b/src/share/vm/runtime/arguments } else { FLAG_SET_ERGO(uintx, MaxNewSize, preferred_max_new_size); } -@@ -1308,8 +1308,8 @@ +@@ -1314,8 +1314,8 @@ // Unless explicitly requested otherwise, make young gen // at least min_new, and at most preferred_max_new_size. if (FLAG_IS_DEFAULT(NewSize)) { @@ -310,7 +310,7 @@ diff --git a/src/share/vm/runtime/arguments.cpp b/src/share/vm/runtime/arguments if (PrintGCDetails && Verbose) { // Too early to use gclog_or_tty tty->print_cr("CMS ergo set NewSize: " SIZE_FORMAT, NewSize); -@@ -1319,7 +1319,7 @@ +@@ -1325,7 +1325,7 @@ // so it's NewRatio x of NewSize. if (FLAG_IS_DEFAULT(OldSize)) { if (max_heap > NewSize) { diff --git a/jdk8210647-rh1632174-libsaproc_is_being_compiled_without_optimization.patch b/jdk8210647-rh1632174-libsaproc_is_being_compiled_without_optimization.patch deleted file mode 100644 index 096fe19..0000000 --- a/jdk8210647-rh1632174-libsaproc_is_being_compiled_without_optimization.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff --git openjdk.orig/hotspot/make/linux/makefiles/saproc.make openjdk/hotspot/make/linux/makefiles/saproc.make ---- openjdk.orig/hotspot/make/linux/makefiles/saproc.make -+++ openjdk/hotspot/make/linux/makefiles/saproc.make -@@ -59,6 +59,11 @@ - SA_DEBUG_CFLAGS = -g - endif - -+# Optimize saproc lib at level -O3 unless it's a slowdebug build -+ifneq ($(DEBUG_LEVEL), slowdebug) -+ SA_OPT_FLAGS = $(OPT_CFLAGS) -+endif -+ - # if $(AGENT_DIR) does not exist, we don't build SA - # also, we don't build SA on Itanium or zero. - -@@ -95,6 +100,7 @@ - $(SASRCFILES) \ - $(SA_LFLAGS) \ - $(SA_DEBUG_CFLAGS) \ -+ $(SA_OPT_FLAGS) \ - $(EXTRA_CFLAGS) \ - -o $@ \ - -lthread_db -ldl diff --git a/s390-8214206_fix.patch b/s390-8214206_fix.patch new file mode 100644 index 0000000..93f12de --- /dev/null +++ b/s390-8214206_fix.patch @@ -0,0 +1,37 @@ +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp ++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp +@@ -78,7 +78,8 @@ + size_t num_target_elems = pointer_delta(end, bottom, mapping_granularity_in_bytes); + idx_t bias = (uintptr_t)bottom / mapping_granularity_in_bytes; + address base = create_new_base_array(num_target_elems, target_elem_size_in_bytes); +- initialize_base(base, num_target_elems, bias, target_elem_size_in_bytes, log2_intptr(mapping_granularity_in_bytes)); ++ initialize_base(base, num_target_elems, bias, target_elem_size_in_bytes, ++ log2_intptr((uintptr_t) mapping_granularity_in_bytes)); + } + + size_t bias() const { return _bias; } +diff --git openjdk.orig/hotspot/src/share/vm/runtime/os.cpp openjdk/hotspot/src/share/vm/runtime/os.cpp +--- openjdk.orig/hotspot/src/share/vm/runtime/os.cpp ++++ openjdk/hotspot/src/share/vm/runtime/os.cpp +@@ -1284,7 +1284,7 @@ + } + + void os::set_memory_serialize_page(address page) { +- int count = log2_intptr(sizeof(class JavaThread)) - log2_int(64); ++ int count = log2_intptr((uintptr_t) sizeof(class JavaThread)) - log2_int(64); + _mem_serialize_page = (volatile int32_t *)page; + // We initialize the serialization page shift count here + // We assume a cache line size of 64 bytes +diff --git openjdk.orig/hotspot/src/share/vm/utilities/numberSeq.cpp openjdk/hotspot/src/share/vm/utilities/numberSeq.cpp +--- openjdk.orig/hotspot/src/share/vm/utilities/numberSeq.cpp ++++ openjdk/hotspot/src/share/vm/utilities/numberSeq.cpp +@@ -369,7 +369,7 @@ + void BinaryMagnitudeSeq::add(size_t val) { + Atomic::add(val, &_sum); + +- int mag = log2_intptr(val) + 1; ++ int mag = log2_intptr((uintptr_t) val) + 1; + + // Defensively saturate for product bits: + if (mag < 0) { diff --git a/sources b/sources index 38ea8ea..1b7cda2 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (tapsets-icedtea-3.11.0.tar.xz) = f98420b2f9d7a0fc0af3a7e6a817c4330169db9378d9c38db56b0dd8281a3f1ff7747b4da0c66194695ca85a470b7963902d863d301e5e290dbfe11f6b6f2b5e -SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u202-b08.tar.xz) = 5c2fde5b6595a8daeb2216c0eed0a9a5b311d651745fa5d299d8d6da674c27133ce23726e3f8ec32314c929d5a814d8167d9a33877fbf5237a2595b3f488585e +SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u212-b02.tar.xz) = 0068461fe6d2a376c44009a6f111b7aac8a0bdd99976f454d3015d443de8f87e1928ddad8d6dcc7572bc53ad6e3d6b71bcee045858d8e2e51cb6d2ac8864cc47