Compare commits
No commits in common. "c8" and "a9" have entirely different histories.
|
|
@ -1,2 +1,2 @@
|
|||
SOURCES/openjdk-jdk11u-jdk-11.0.23+9.tar.xz
|
||||
SOURCES/openjdk-jdk11u-jdk-11.0.19+7-4curve.tar.xz
|
||||
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
db99bc0a0912f824db1043d18b199c154d57bb5b SOURCES/openjdk-jdk11u-jdk-11.0.23+9.tar.xz
|
||||
aa30c8827f7ced0a1fa9a9c226884f7c79101e86 SOURCES/openjdk-jdk11u-jdk-11.0.19+7-4curve.tar.xz
|
||||
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ index 3787b12600..dab108a82b 100644
|
|||
LCMS_CFLAGS:=@LCMS_CFLAGS@
|
||||
LCMS_LIBS:=@LCMS_LIBS@
|
||||
diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk
|
||||
index b40d3114b9..0d1d83cf3e 100644
|
||||
index 4cd656a086..e1fc94b5b4 100644
|
||||
--- a/make/lib/Lib-java.base.gmk
|
||||
+++ b/make/lib/Lib-java.base.gmk
|
||||
@@ -178,6 +178,31 @@ ifeq ($(call isTargetOsType, unix), true)
|
||||
|
|
@ -401,7 +401,7 @@ index 0000000000..8dcb7d9073
|
|||
+ }
|
||||
+}
|
||||
diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
|
||||
index 5b9552058b..b46de49211 100644
|
||||
index b36510a376..ad5182e1e7 100644
|
||||
--- a/src/java.base/share/classes/java/security/Security.java
|
||||
+++ b/src/java.base/share/classes/java/security/Security.java
|
||||
@@ -32,6 +32,7 @@ import java.net.URL;
|
||||
|
|
@ -412,17 +412,16 @@ index 5b9552058b..b46de49211 100644
|
|||
import jdk.internal.misc.SharedSecrets;
|
||||
import jdk.internal.util.StaticProperty;
|
||||
import sun.security.util.Debug;
|
||||
@@ -47,6 +48,9 @@ import sun.security.jca.*;
|
||||
@@ -47,12 +48,20 @@ import sun.security.jca.*;
|
||||
* implementation-specific location, which is typically the properties file
|
||||
* {@code conf/security/java.security} in the Java installation directory.
|
||||
*
|
||||
+ * <p>Additional default values of security properties are read from a
|
||||
+ * system-specific location, if available.</p>
|
||||
+ *
|
||||
* @implNote If the properties file fails to load, the JDK implementation will
|
||||
* throw an unspecified error when initializing the {@code Security} class.
|
||||
*
|
||||
@@ -56,6 +60,11 @@ import sun.security.jca.*;
|
||||
* @author Benjamin Renaud
|
||||
* @since 1.1
|
||||
*/
|
||||
|
||||
public final class Security {
|
||||
|
||||
|
|
@ -434,7 +433,7 @@ index 5b9552058b..b46de49211 100644
|
|||
/* Are we debugging? -- for developers */
|
||||
private static final Debug sdebug =
|
||||
Debug.getInstance("properties");
|
||||
@@ -70,6 +79,19 @@ public final class Security {
|
||||
@@ -67,6 +76,19 @@ public final class Security {
|
||||
}
|
||||
|
||||
static {
|
||||
|
|
@ -454,19 +453,26 @@ index 5b9552058b..b46de49211 100644
|
|||
// doPrivileged here because there are multiple
|
||||
// things in initialize that might require privs.
|
||||
// (the FileInputStream call and the File.exists call,
|
||||
@@ -85,6 +107,7 @@ public final class Security {
|
||||
private static void initialize() {
|
||||
@@ -83,6 +105,7 @@ public final class Security {
|
||||
props = new Properties();
|
||||
boolean loadedProps = false;
|
||||
boolean overrideAll = false;
|
||||
+ boolean systemSecPropsEnabled = false;
|
||||
|
||||
// first load the system properties file
|
||||
// to determine the value of security.overridePropertiesFile
|
||||
@@ -105,9 +128,63 @@ public final class Security {
|
||||
@@ -98,6 +121,7 @@ public final class Security {
|
||||
if (sdebug != null) {
|
||||
sdebug.println("reading security properties file: " +
|
||||
propFile);
|
||||
+ sdebug.println(props.toString());
|
||||
}
|
||||
} catch (IOException e) {
|
||||
if (sdebug != null) {
|
||||
@@ -192,6 +216,61 @@ public final class Security {
|
||||
}
|
||||
loadProps(null, extraPropFile, overrideAll);
|
||||
}
|
||||
+
|
||||
|
||||
+ boolean sysUseProps = Boolean.valueOf(System.getProperty(SYS_PROP_SWITCH, "false"));
|
||||
+ boolean secUseProps = Boolean.valueOf(props.getProperty(SEC_PROP_SWITCH));
|
||||
+ if (sdebug != null) {
|
||||
|
|
@ -486,7 +492,9 @@ index 5b9552058b..b46de49211 100644
|
|||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (systemSecPropsEnabled) {
|
||||
+ // FIPS support depends on the contents of java.security so
|
||||
+ // ensure it has loaded first
|
||||
+ if (loadedProps && systemSecPropsEnabled) {
|
||||
+ boolean shouldEnable;
|
||||
+ String sysProp = System.getProperty("com.redhat.fips");
|
||||
+ if (sysProp == null) {
|
||||
|
|
@ -522,19 +530,15 @@ index 5b9552058b..b46de49211 100644
|
|||
+ }
|
||||
}
|
||||
|
||||
- private static boolean loadProps(File masterFile, String extraPropFile, boolean overrideAll) {
|
||||
+ static boolean loadProps(File masterFile, String extraPropFile, boolean overrideAll) {
|
||||
InputStream is = null;
|
||||
try {
|
||||
if (masterFile != null && masterFile.exists()) {
|
||||
/*
|
||||
diff --git a/src/java.base/share/classes/java/security/SystemConfigurator.java b/src/java.base/share/classes/java/security/SystemConfigurator.java
|
||||
new file mode 100644
|
||||
index 0000000000..49bf17ea17
|
||||
index 0000000000..90f6dd2ebc
|
||||
--- /dev/null
|
||||
+++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
|
||||
@@ -0,0 +1,231 @@
|
||||
@@ -0,0 +1,248 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2019, 2023, Red Hat, Inc.
|
||||
+ * Copyright (c) 2019, 2021, Red Hat, Inc.
|
||||
+ *
|
||||
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
+ *
|
||||
|
|
@ -612,9 +616,26 @@ index 0000000000..49bf17ea17
|
|||
+ * security.useSystemPropertiesFile is true.
|
||||
+ */
|
||||
+ static boolean configureSysProps(Properties props) {
|
||||
+ // now load the system file, if it exists, so its values
|
||||
+ // will win if they conflict with the earlier values
|
||||
+ return Security.loadProps(null, CRYPTO_POLICIES_JAVA_CONFIG, false);
|
||||
+ boolean systemSecPropsLoaded = false;
|
||||
+
|
||||
+ try (BufferedInputStream bis =
|
||||
+ new BufferedInputStream(
|
||||
+ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) {
|
||||
+ props.load(bis);
|
||||
+ systemSecPropsLoaded = true;
|
||||
+ if (sdebug != null) {
|
||||
+ sdebug.println("reading system security properties file " +
|
||||
+ CRYPTO_POLICIES_JAVA_CONFIG);
|
||||
+ sdebug.println(props.toString());
|
||||
+ }
|
||||
+ } catch (IOException e) {
|
||||
+ if (sdebug != null) {
|
||||
+ sdebug.println("unable to load security properties from " +
|
||||
+ CRYPTO_POLICIES_JAVA_CONFIG);
|
||||
+ e.printStackTrace();
|
||||
+ }
|
||||
+ }
|
||||
+ return systemSecPropsLoaded;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
|
|
@ -1014,7 +1035,7 @@ index e06b2a588c..315a2ce370 100644
|
|||
candidates = new ProtocolVersion[] {
|
||||
ProtocolVersion.TLS13,
|
||||
diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
|
||||
index 2a2b5d7568..891796f19b 100644
|
||||
index c50ba93ecf..de2a91a478 100644
|
||||
--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
|
||||
+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
|
||||
@@ -27,6 +27,8 @@ package sun.security.ssl;
|
||||
|
|
@ -1025,7 +1046,7 @@ index 2a2b5d7568..891796f19b 100644
|
|||
+import jdk.internal.misc.SharedSecrets;
|
||||
import sun.security.rsa.SunRsaSignEntries;
|
||||
import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
||||
import static sun.security.util.SecurityProviderConstants.*;
|
||||
import static sun.security.provider.SunEntries.createAliases;
|
||||
@@ -195,8 +197,13 @@ public abstract class SunJSSE extends java.security.Provider {
|
||||
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
|
||||
ps("SSLContext", "TLSv1.2",
|
||||
|
|
@ -1041,12 +1062,12 @@ index 2a2b5d7568..891796f19b 100644
|
|||
+ }
|
||||
ps("SSLContext", "TLS",
|
||||
"sun.security.ssl.SSLContextImpl$TLSContext",
|
||||
(isfips? null : List.of("SSL")), null);
|
||||
(isfips? null : createAliases("SSL")), null);
|
||||
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
|
||||
index c0eed3f884..b03bd9f896 100644
|
||||
index 9af64321c4..957cd78a55 100644
|
||||
--- a/src/java.base/share/conf/security/java.security
|
||||
+++ b/src/java.base/share/conf/security/java.security
|
||||
@@ -88,6 +88,14 @@ security.provider.tbd=Apple
|
||||
@@ -85,6 +85,14 @@ security.provider.tbd=Apple
|
||||
security.provider.tbd=SunPKCS11
|
||||
#endif
|
||||
|
||||
|
|
@ -1061,7 +1082,7 @@ index c0eed3f884..b03bd9f896 100644
|
|||
#
|
||||
# A list of preferred providers for specific algorithms. These providers will
|
||||
# be searched for matching algorithms before the list of registered providers.
|
||||
@@ -301,6 +309,11 @@ policy.ignoreIdentityScope=false
|
||||
@@ -298,6 +306,11 @@ policy.ignoreIdentityScope=false
|
||||
#
|
||||
keystore.type=pkcs12
|
||||
|
||||
|
|
@ -1073,7 +1094,7 @@ index c0eed3f884..b03bd9f896 100644
|
|||
#
|
||||
# Controls compatibility mode for JKS and PKCS12 keystore types.
|
||||
#
|
||||
@@ -338,6 +351,13 @@ package.definition=sun.misc.,\
|
||||
@@ -335,6 +348,13 @@ package.definition=sun.misc.,\
|
||||
#
|
||||
security.overridePropertiesFile=true
|
||||
|
||||
|
|
@ -1384,7 +1405,7 @@ index 0000000000..b848a1fd78
|
|||
+ }
|
||||
+}
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
index ffbd671246..bdaad67e06 100644
|
||||
index cf7cd19b68..69cda46f85 100644
|
||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
@@ -26,6 +26,9 @@
|
||||
|
|
@ -1406,7 +1427,7 @@ index ffbd671246..bdaad67e06 100644
|
|||
import sun.security.util.Debug;
|
||||
import sun.security.util.ResourcesMgr;
|
||||
import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
||||
@@ -61,6 +66,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
|
||||
@@ -60,6 +65,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
|
||||
*/
|
||||
public final class SunPKCS11 extends AuthProvider {
|
||||
|
||||
|
|
@ -1436,7 +1457,7 @@ index ffbd671246..bdaad67e06 100644
|
|||
private static final long serialVersionUID = -1354835039035306505L;
|
||||
|
||||
static final Debug debug = Debug.getInstance("sunpkcs11");
|
||||
@@ -318,10 +346,15 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
@@ -317,10 +345,15 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
// request multithreaded access first
|
||||
initArgs.flags = CKF_OS_LOCKING_OK;
|
||||
PKCS11 tmpPKCS11;
|
||||
|
|
@ -1453,7 +1474,7 @@ index ffbd671246..bdaad67e06 100644
|
|||
} catch (PKCS11Exception e) {
|
||||
if (debug != null) {
|
||||
debug.println("Multi-threaded initialization failed: " + e);
|
||||
@@ -337,7 +370,7 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
@@ -336,7 +369,7 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
initArgs.flags = 0;
|
||||
}
|
||||
tmpPKCS11 = PKCS11.getInstance(library,
|
||||
|
|
@ -1462,7 +1483,7 @@ index ffbd671246..bdaad67e06 100644
|
|||
}
|
||||
p11 = tmpPKCS11;
|
||||
|
||||
@@ -377,6 +410,24 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
@@ -376,6 +409,24 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
if (nssModule != null) {
|
||||
nssModule.setProvider(this);
|
||||
}
|
||||
|
|
@ -330,8 +330,9 @@
|
|||
%global stapinstall %{nil}
|
||||
%endif
|
||||
|
||||
# always off for portable builds
|
||||
%ifarch %{systemtap_arches}
|
||||
%global with_systemtap 1
|
||||
%global with_systemtap 0
|
||||
%else
|
||||
%global with_systemtap 0
|
||||
%endif
|
||||
|
|
@ -339,7 +340,7 @@
|
|||
# New Version-String scheme-style defines
|
||||
%global featurever 11
|
||||
%global interimver 0
|
||||
%global updatever 23
|
||||
%global updatever 19
|
||||
%global patchver 0
|
||||
# buildjdkver is usually same as %%{featurever},
|
||||
# but in time of bootstrap of next jdk, it is featurever-1,
|
||||
|
|
@ -367,7 +368,7 @@
|
|||
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{component}&version=%{fedora}
|
||||
%else
|
||||
%if 0%{?rhel}
|
||||
%global oj_vendor_bug_url https://access.redhat.com/support/cases/
|
||||
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{component}
|
||||
%else
|
||||
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi
|
||||
%endif
|
||||
|
|
@ -378,21 +379,14 @@
|
|||
# Define IcedTea version used for SystemTap tapsets and desktop file
|
||||
%global icedteaver 6.0.0pre00-c848b93a8598
|
||||
# Define current Git revision for the FIPS support patches
|
||||
%global fipsver f93a863b56
|
||||
# Define JDK versions
|
||||
%global javaver %{featurever}
|
||||
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
|
||||
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
|
||||
%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn})
|
||||
# The tag used to create the OpenJDK tarball
|
||||
%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}
|
||||
%global fipsver b34fb09a5c
|
||||
|
||||
# Standard JPackage naming and versioning defines
|
||||
%global origin openjdk
|
||||
%global origin_nice OpenJDK
|
||||
%global top_level_dir_name %{vcstag}
|
||||
%global top_level_dir_name %{origin}
|
||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||
%global buildver 9
|
||||
%global buildver 7
|
||||
%global rpmrelease 2
|
||||
#%%global tagsuffix %%{nil}
|
||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||
|
|
@ -407,6 +401,15 @@
|
|||
# for techpreview, using 1, so slowdebugs can have 0
|
||||
%global priority %( printf '%08d' 1 )
|
||||
%endif
|
||||
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
|
||||
|
||||
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
|
||||
%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn})
|
||||
|
||||
# The tag used to create the OpenJDK tarball
|
||||
%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}
|
||||
|
||||
%global javaver %{featurever}
|
||||
|
||||
# Define milestone (EA for pre-releases, GA for releases)
|
||||
# Release will be (where N is usually a number starting at 1):
|
||||
|
|
@ -441,9 +444,9 @@
|
|||
%define uniquesuffix() %{expand:%{fullversion}.%{_arch}%{?1}}
|
||||
# portable only declarations
|
||||
%global jreimage jre
|
||||
%define jreportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable%{1}.jre;g")
|
||||
%define jdkportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable%{1}.jdk;g")
|
||||
%define staticlibsportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable%{1}.static-libs;g")
|
||||
%define jreportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable%{1}.jre.;g" | sed "s;openjdkportable;el;g")
|
||||
%define jdkportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable%{1}.jdk.;g" | sed "s;openjdkportable;el;g")
|
||||
%define staticlibsportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable%{1}.static-libs.;g" | sed "s;openjdkportable;el;g")
|
||||
%define jreportablearchive() %{expand:%{jreportablenameimpl -- %%{1}}.tar.xz}
|
||||
%define jdkportablearchive() %{expand:%{jdkportablenameimpl -- %%{1}}.tar.xz}
|
||||
%define staticlibsportablearchive() %{expand:%{staticlibsportablenameimpl -- %%{1}}.tar.xz}
|
||||
|
|
@ -452,9 +455,9 @@
|
|||
# Intentionally use jdkportablenameimpl here since we want to have static-libs files overlayed on
|
||||
# top of the JDK archive
|
||||
%define staticlibsportablename() %{expand:%{jdkportablenameimpl -- %%{1}}}
|
||||
%define docportablename() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable.docs;g")
|
||||
%define docportablename() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable.docs.;g" | sed "s;openjdkportable;el;g")
|
||||
%define docportablearchive() %{docportablename}.tar.xz
|
||||
%define miscportablename() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable.misc;g")
|
||||
%define miscportablename() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable.misc.;g" | sed "s;openjdkportable;el;g")
|
||||
%define miscportablearchive() %{miscportablename}.tar.xz
|
||||
|
||||
#################################################################
|
||||
|
|
@ -499,6 +502,20 @@
|
|||
%global alternatives_requires %{_sbindir}/alternatives
|
||||
%endif
|
||||
|
||||
%if %{with_systemtap}
|
||||
# Where to install systemtap tapset (links)
|
||||
# We would like these to be in a package specific sub-dir,
|
||||
# but currently systemtap doesn't support that, so we have to
|
||||
# use the root tapset dir for now. To distinguish between 64
|
||||
# and 32 bit architectures we place the tapsets under the arch
|
||||
# specific dir (note that systemtap will only pickup the tapset
|
||||
# for the primary arch for now). Systemtap uses the machine name
|
||||
# aka target_cpu as architecture specific directory name.
|
||||
%global tapsetroot /usr/share/systemtap
|
||||
%global tapsetdirttapset %{tapsetroot}/tapset/
|
||||
%global tapsetdir %{tapsetdirttapset}/%{stapinstall}
|
||||
%endif
|
||||
|
||||
# Portables have no repo (requires/provides), but these are awesome for orientation in spec
|
||||
# Also scriptlets are happily missing and files are handled old fashion
|
||||
# not-duplicated requires/provides/obsoletes for normal/debug packages
|
||||
|
|
@ -566,12 +583,13 @@ URL: http://openjdk.java.net/
|
|||
|
||||
# to regenerate source0 (jdk) run update_package.sh
|
||||
# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
|
||||
Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz
|
||||
Source0: openjdk-jdk%{featurever}u-%{vcstag}-4curve.tar.xz
|
||||
|
||||
# Use 'icedtea_sync.sh' to update the following
|
||||
# They are based on code contained in the IcedTea project (6.x).
|
||||
# Systemtap tapsets. Zipped up to keep it small.
|
||||
Source8: tapsets-icedtea-%{icedteaver}.tar.xz
|
||||
# Disabled in portables
|
||||
#Source8: tapsets-icedtea-%%{icedteaver}.tar.xz
|
||||
|
||||
# Desktop files. Adapted from IcedTea
|
||||
# Disabled in portables
|
||||
|
|
@ -669,17 +687,21 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1
|
|||
# need to be reviewed & pushed to the appropriate
|
||||
# updates tree of OpenJDK.
|
||||
#############################################
|
||||
Patch2002: jdk8242332-rh2108712-sha3-sunpkcs11.patch
|
||||
Patch2001: jdk8242332-rh2108712-sha3-sunpkcs11.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
# Patches appearing in 11.0.23
|
||||
# Patches appearing in 11.0.20
|
||||
#
|
||||
# This section includes patches which are present
|
||||
# in the listed OpenJDK 8u release and should be
|
||||
# in the listed OpenJDK 11u release and should be
|
||||
# able to be removed once that release is out
|
||||
# and used by this RPM.
|
||||
#############################################
|
||||
# JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile
|
||||
Patch2002: jdk8274864-remove_amman_cairo_hacks.patch
|
||||
# JDK-8305113: (tz) Update Timezone Data to 2023c
|
||||
Patch2003: jdk8305113-tzdata2023c.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
|
|
@ -726,9 +748,10 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel
|
|||
%ifarch %{zero_arches}
|
||||
BuildRequires: libffi-devel
|
||||
%endif
|
||||
# 2024a required as of JDK-8325150
|
||||
# Use 2023d until 2024a is in the buildroot
|
||||
BuildRequires: tzdata-java >= 2023d
|
||||
# 2023c required as of JDK-8305113
|
||||
#BuildRequires: tzdata-java >= 2023c
|
||||
# Temporarily lowering requirement until https://errata.devel.redhat.com/advisory/112353 ships
|
||||
BuildRequires: tzdata-java >= 2022g
|
||||
# cacerts build requirement in portable mode
|
||||
BuildRequires: ca-certificates
|
||||
# Earlier versions have a bug in tree vectorization on PPC
|
||||
|
|
@ -748,17 +771,17 @@ BuildRequires: libjpeg-devel
|
|||
BuildRequires: libpng-devel
|
||||
%else
|
||||
# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
|
||||
Provides: bundled(freetype) = 2.13.2
|
||||
Provides: bundled(freetype) = 2.12.1
|
||||
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
|
||||
Provides: bundled(giflib) = 5.2.1
|
||||
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
|
||||
Provides: bundled(harfbuzz) = 8.2.2
|
||||
Provides: bundled(harfbuzz) = 4.4.1
|
||||
# Version in src/java.desktop/share/native/liblcms/lcms2.h
|
||||
Provides: bundled(lcms2) = 2.15.0
|
||||
Provides: bundled(lcms2) = 2.12.0
|
||||
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
|
||||
Provides: bundled(libjpeg) = 6b
|
||||
# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
|
||||
Provides: bundled(libpng) = 1.6.40
|
||||
Provides: bundled(libpng) = 1.6.37
|
||||
# We link statically against libstdc++ to increase portability
|
||||
BuildRequires: libstdc++-static
|
||||
%endif
|
||||
|
|
@ -955,13 +978,14 @@ pushd %{top_level_dir_name}
|
|||
# nss.cfg PKCS11 support; must come last as it also alters java.security
|
||||
%patch1000 -p1
|
||||
# PKCS11 SHA3 backport
|
||||
%patch2001 -p1
|
||||
# tzdata update
|
||||
%patch2002 -p1
|
||||
# alt-java
|
||||
%patch600 -p1
|
||||
# RSA default
|
||||
%patch1003 -p1
|
||||
%patch2003 -p1
|
||||
popd # openjdk
|
||||
|
||||
%patch600
|
||||
%patch1003
|
||||
|
||||
# Extract systemtap tapsets
|
||||
%if %{with_systemtap}
|
||||
|
|
@ -975,8 +999,18 @@ cp -r tapset tapset%{fastdebug_suffix}
|
|||
|
||||
for suffix in %{build_loop} ; do
|
||||
for file in "tapset"$suffix/*.in; do
|
||||
sed -i -e "s:@JAVA_SPEC_VER@:%{javaver}:g" $file
|
||||
sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $file
|
||||
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
|
||||
sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/server/libjvm.so:g" $file > $file.1
|
||||
sed -e "s:@JAVA_SPEC_VER@:%{javaver}:g" $file.1 > $file.2
|
||||
# TODO find out which architectures other than i686 have a client vm
|
||||
%ifarch %{ix86}
|
||||
sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" $file.2 > $OUTPUT_FILE
|
||||
%else
|
||||
sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.2 > $OUTPUT_FILE
|
||||
%endif
|
||||
sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE
|
||||
sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE
|
||||
sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE
|
||||
done
|
||||
done
|
||||
# systemtap tapsets ends
|
||||
|
|
@ -1063,6 +1097,9 @@ function buildjdk() {
|
|||
bash ${top_dir_abs_src_path}/configure \
|
||||
%ifarch %{zero_arches}
|
||||
--with-jvm-variants=zero \
|
||||
%endif
|
||||
%ifarch %{ppc64le}
|
||||
--with-jobs=1 \
|
||||
%endif
|
||||
--with-cacerts-file=`readlink -f %{_sysconfdir}/pki/java/cacerts` \
|
||||
--with-version-build=%{buildver} \
|
||||
|
|
@ -1098,57 +1135,16 @@ function buildjdk() {
|
|||
cat spec.gmk
|
||||
|
||||
make JAVAC_FLAGS=-g LOG=trace $maketargets || \
|
||||
( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false )
|
||||
( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false )
|
||||
|
||||
popd
|
||||
}
|
||||
|
||||
function stripjdk() {
|
||||
local outputdir=${1}
|
||||
local jdkimagepath=${outputdir}/images/%{jdkimage}
|
||||
local jreimagepath=${outputdir}/images/%{jreimage}
|
||||
local jmodimagepath=${outputdir}/images/jmods
|
||||
local supportdir=${outputdir}/support
|
||||
|
||||
if [ "x$suffix" = "x" ] ; then
|
||||
# Keep the unstripped version for consumption by RHEL RPMs
|
||||
cp -a ${jdkimagepath}{,.unstripped}
|
||||
|
||||
# Strip the files
|
||||
for file in $(find ${jdkimagepath} ${jreimagepath} ${supportdir} -type f) ; do
|
||||
if file ${file} | grep -q 'ELF'; then
|
||||
noextfile=${file/.so/};
|
||||
objcopy --only-keep-debug ${file} ${noextfile}.debuginfo;
|
||||
objcopy --add-gnu-debuglink=${noextfile}.debuginfo ${file};
|
||||
strip -g ${file};
|
||||
fi
|
||||
done
|
||||
|
||||
# Rebuild jmod files against the stripped binaries
|
||||
if [ ! -d ${supportdir} ] ; then
|
||||
echo "Support directory missing.";
|
||||
exit 15
|
||||
fi
|
||||
for cmd in $(find ${supportdir} -name '*.jmod.cmdline') ; do
|
||||
jmod=$(cat ${cmd} | sed -r 's|.*support/(.*$)|\1|');
|
||||
echo "Rebuilding ${jmod} against stripped binaries...";
|
||||
echo "Removing old jmod ${jmod}...";
|
||||
rm -vf ${jmod}
|
||||
rm -vf ${jdkimagepath}/jmods/$(basename ${jmod});
|
||||
echo "Executing $(cat ${cmd})...";
|
||||
cat ${cmd} | sh -s ;
|
||||
echo "Moving jmod to image...";
|
||||
mv -v ${supportdir}/${jmod} ${jdkimagepath}/jmods;
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
function installjdk() {
|
||||
local outputdir=${1}
|
||||
local installdir=${2}
|
||||
local jdkimagepath=${installdir}/images/%{jdkimage}
|
||||
local jreimagepath=${installdir}/images/%{jreimage}
|
||||
local unstripped=${jdkimagepath}.unstripped
|
||||
|
||||
echo "Installing build from ${outputdir} to ${installdir}..."
|
||||
mkdir -p ${installdir}
|
||||
|
|
@ -1164,7 +1160,7 @@ function installjdk() {
|
|||
rm -rf ${outputdir}
|
||||
%endif
|
||||
|
||||
for imagepath in ${jdkimagepath} ${jreimagepath} ${unstripped}; do
|
||||
for imagepath in ${jdkimagepath} ${jreimagepath} ; do
|
||||
|
||||
if [ -d ${imagepath} ] ; then
|
||||
# the build (erroneously) removes read permissions from some jars
|
||||
|
|
@ -1214,7 +1210,6 @@ function packagejdk() {
|
|||
local bundledir=$(pwd)/${1}/bundles
|
||||
local packagesdir=$(pwd)/${2}
|
||||
local srcdir=$(pwd)/%{top_level_dir_name}
|
||||
local tapsetdir=$(pwd)/tapset
|
||||
|
||||
echo "Packaging build from ${imagesdir} to ${packagesdir}..."
|
||||
mkdir -p ${packagesdir}
|
||||
|
|
@ -1242,39 +1237,42 @@ function packagejdk() {
|
|||
miscname=%{miscportablename}
|
||||
miscarchive=${packagesdir}/%{miscportablearchive}
|
||||
|
||||
if [ "x$suffix" = "x" ] ; then
|
||||
# Keep the unstripped version for consumption by RHEL RPMs
|
||||
mv %{jdkimage}.unstripped ${jdkname}
|
||||
tar -cJf ${unstrippedarchive} ${jdkname}
|
||||
genchecksum ${unstrippedarchive}
|
||||
mv ${jdkname} %{jdkimage}.unstripped
|
||||
fi
|
||||
|
||||
# Rename directories for packaging
|
||||
mv %{jdkimage} ${jdkname}
|
||||
mv %{jreimage} ${jrename}
|
||||
|
||||
# Release images have external debug symbols
|
||||
if [ "x$suffix" = "x" ] ; then
|
||||
# Keep the unstripped version for consumption by RHEL RPMs
|
||||
tar -cJf ${unstrippedarchive} ${jdkname}
|
||||
genchecksum ${unstrippedarchive}
|
||||
|
||||
# Strip the files
|
||||
for file in $(find ${jdkname} ${jrename} -type f) ; do
|
||||
if file ${file} | grep -q 'ELF'; then
|
||||
noextfile=${file/.so/};
|
||||
objcopy --only-keep-debug ${file} ${noextfile}.debuginfo;
|
||||
objcopy --add-gnu-debuglink=${noextfile}.debuginfo ${file};
|
||||
strip -g ${file};
|
||||
fi
|
||||
done
|
||||
|
||||
tar -cJf ${debugarchive} $(find ${jdkname} -name \*.debuginfo)
|
||||
genchecksum ${debugarchive}
|
||||
|
||||
mkdir ${docname}
|
||||
mv ${docdir} ${docname}
|
||||
mv ${bundledir}/${built_doc_archive} ${docname}
|
||||
tar -cJf ${docarchive} ${docname}
|
||||
genchecksum ${docarchive}
|
||||
mkdir ${docname}
|
||||
mv ${docdir} ${docname}
|
||||
mv ${bundledir}/${built_doc_archive} ${docname}
|
||||
tar -cJf ${docarchive} ${docname}
|
||||
genchecksum ${docarchive}
|
||||
|
||||
mkdir ${miscname}
|
||||
for s in 16 24 32 48 ; do
|
||||
cp -av ${srcdir}/src/java.desktop/unix/classes/sun/awt/X11/java-icon${s}.png ${miscname}
|
||||
done
|
||||
cp -a ${srcdir}/src/sample ${miscname}
|
||||
%if %{with_systemtap}
|
||||
cp -a ${tapsetdir}* ${miscname}
|
||||
%endif
|
||||
tar -cJf ${miscarchive} ${miscname}
|
||||
genchecksum ${miscarchive}
|
||||
mkdir ${miscname}
|
||||
for s in 16 24 32 48 ; do
|
||||
cp -av ${srcdir}/src/java.desktop/unix/classes/sun/awt/X11/java-icon${s}.png ${miscname}
|
||||
done
|
||||
cp -a ${srcdir}/src/sample ${miscname}
|
||||
tar -cJf ${miscarchive} ${miscname}
|
||||
genchecksum ${miscarchive}
|
||||
fi
|
||||
|
||||
tar -cJf ${jdkarchive} --exclude='**.debuginfo' ${jdkname}
|
||||
|
|
@ -1351,12 +1349,10 @@ for suffix in %{build_loop} ; do
|
|||
buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt} ${debug_symbols}
|
||||
installjdk ${bootbuilddir} ${bootinstalldir}
|
||||
buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols}
|
||||
stripjdk ${builddir}
|
||||
installjdk ${builddir} ${installdir}
|
||||
%{!?with_artifacts:rm -rf ${bootinstalldir}}
|
||||
else
|
||||
buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols}
|
||||
stripjdk ${builddir}
|
||||
installjdk ${builddir} ${installdir}
|
||||
fi
|
||||
packagejdk ${installdir} ${packagesdir}
|
||||
|
|
@ -1646,101 +1642,6 @@ done
|
|||
%{_jvmdir}/%{miscportablearchive}.sha256sum
|
||||
|
||||
%changelog
|
||||
* Thu Apr 11 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.23.0.9-2
|
||||
- Fix 11.0.22 release date in NEWS
|
||||
|
||||
* Wed Apr 10 2024 Anton Bobrov <abobrov@redhat.com> - 1:11.0.23.0.9-1
|
||||
- Update to jdk-11.0.23+9 (GA)
|
||||
- Update release notes to 11.0.23+9
|
||||
- Switch to GA mode for release
|
||||
- Require tzdata 2024a due to upstream inclusion of JDK-8322725
|
||||
- Only require tzdata 2023d for now as 2024a is unavailable in buildroot
|
||||
- Speed up PPC build by removing ppc64le --with-jobs=1 workaround
|
||||
- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. **
|
||||
|
||||
* Thu Mar 21 2024 Anton Bobrov <abobrov@redhat.com> - 1:11.0.23.0.1-0.1.ea
|
||||
- Update to jdk-11.0.23+1 (EA)
|
||||
- Update release notes to 11.0.23+1
|
||||
- Switch to EA mode
|
||||
|
||||
* Wed Jan 10 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.22.0.7-1
|
||||
- Update to jdk-11.0.22+7 (GA)
|
||||
- Update release notes to 11.0.22+7
|
||||
- Switch to GA mode for release
|
||||
- ** This tarball is embargoed until 2024-01-16 @ 1pm PT. **
|
||||
|
||||
* Mon Jan 08 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.22.0.6-0.1.ea
|
||||
- Update to jdk-11.0.22+6 (EA)
|
||||
- Update release notes to 11.0.22+6
|
||||
|
||||
* Thu Jan 04 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.22.0.1-0.1.ea
|
||||
- Update to jdk-11.0.22+1 (EA)
|
||||
- Update release notes to 11.0.22+1
|
||||
- Switch to EA mode
|
||||
- Drop local copy of JDK-8312489 which is now included upstream
|
||||
|
||||
* Wed Oct 11 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.21.0.9-1
|
||||
- Update to jdk-11.0.21+9 (GA)
|
||||
- Update release notes to 11.0.21+9
|
||||
- Switch to GA mode for release
|
||||
- Drop local backport of JDK-8243210 which is upstream from 11.0.21+2
|
||||
- Bump freetype version to 2.13.0 following JDK-8306881
|
||||
- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. **
|
||||
|
||||
* Thu Oct 05 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.21.0.1-0.1.ea
|
||||
- Update to jdk-11.0.21+1 (EA)
|
||||
- Update release notes to 11.0.21+1
|
||||
- Switch to EA mode
|
||||
- Re-generate FIPS patch against 11.0.21+1 following backport of JDK-8155246
|
||||
- Re-generate SHA3 patch following backport of JDK-8242151
|
||||
- Bump libpng version to 1.6.39 following JDK-8305815
|
||||
- Bump HarfBuzz version to 7.2.0 following JDK-8307301
|
||||
- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal
|
||||
- Update bug URL for RHEL to point to the Red Hat customer portal
|
||||
- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball
|
||||
- Apply all patches using -p1
|
||||
|
||||
* Tue Sep 05 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.1.1-1
|
||||
- Update to jdk-11.0.20.1+1 (GA)
|
||||
- Update release notes to 11.0.20.1+1
|
||||
- Add backport of JDK-8312489 already upstream in 11.0.22 (see OPENJDK-2095)
|
||||
- Add backport of JDK-8243210 already upstream in 11.0.21 (see RH2229269)
|
||||
- Update openjdk_news script to specify subdirectory last
|
||||
- Add missing discover_trees script required by openjdk_news
|
||||
- Update README.md to match the version in later RHEL releases
|
||||
- Resolves: rhbz#2236589
|
||||
|
||||
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.0.8-1
|
||||
- Update to jdk-11.0.20.0+8 (GA)
|
||||
- Update release notes to 11.0.20.0+8
|
||||
- Switch to GA mode for release
|
||||
- Bump bundled HarfBuzz version to 7.0.1 as in jdk-11.0.20+7
|
||||
- ** This tarball is embargoed until 2023-07-18 @ 1pm PT. **
|
||||
|
||||
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.0.1-0.3.ea
|
||||
- Determine path of output jmod path from command rather than guessing
|
||||
|
||||
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.0.1-0.3.ea
|
||||
- Rebuild jmods using the stripped binaries in release builds
|
||||
- Fix trailing '.' in tarball name
|
||||
- Make sure the unstripped JDK is customised by the installjdk function
|
||||
- Resolves: OPENJDK-1975
|
||||
|
||||
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.0.1-0.2.ea
|
||||
- Re-enable SystemTap support and perform only substitutions possible without final NVR available
|
||||
- Include tapsets in the miscellaneous tarball
|
||||
- Drop unused globals for tapset installation
|
||||
|
||||
* Fri Jun 30 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.0.1-0.2.ea
|
||||
- Bump bundled LCMS version to 2.15 as in jdk-11.0.20+1.
|
||||
|
||||
* Fri Jun 30 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.20.0.1-0.1.ea
|
||||
- Update to jdk-11.0.20+1 (EA)
|
||||
- Update release notes to 11.0.20+1
|
||||
- Switch to EA mode
|
||||
- Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 11.0.20+1
|
||||
- Bump tzdata requirement to 2023c now it is available in the buildroot
|
||||
|
||||
* Mon Apr 24 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.19.0.7-2
|
||||
- Sync with existing RHEL 8 build, in order to start building portables on RHEL 8
|
||||
- Remove use of devtoolset (RHEL 8 native compilers should be sufficient)
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
commit b8711800e3cd9132ad2b195c82cf816210feb77d
|
||||
commit 81c2107a9188680f7c35ebc7697b292d5972436e
|
||||
Author: Andrew Hughes <gnu.andrew@redhat.com>
|
||||
Date: Thu Oct 5 03:13:01 2023 +0100
|
||||
Date: Mon Feb 27 13:22:43 2023 +0000
|
||||
|
||||
Backport 78be334c3817a1b5840922a9bf1339a40dcc5185
|
||||
|
||||
diff --git a/src/java.base/share/classes/sun/security/util/KnownOIDs.java b/src/java.base/share/classes/sun/security/util/KnownOIDs.java
|
||||
index b5cc3b05f1..7e235c90dd 100644
|
||||
index 92ecb9adc0c..a5848c96aad 100644
|
||||
--- a/src/java.base/share/classes/sun/security/util/KnownOIDs.java
|
||||
+++ b/src/java.base/share/classes/sun/security/util/KnownOIDs.java
|
||||
@@ -155,6 +155,14 @@ public enum KnownOIDs {
|
||||
|
|
@ -24,7 +24,7 @@ index b5cc3b05f1..7e235c90dd 100644
|
|||
SHA3_256withRSA("2.16.840.1.101.3.4.3.14", "SHA3-256withRSA"),
|
||||
SHA3_384withRSA("2.16.840.1.101.3.4.3.15", "SHA3-384withRSA"),
|
||||
diff --git a/src/java.base/share/classes/sun/security/util/SignatureUtil.java b/src/java.base/share/classes/sun/security/util/SignatureUtil.java
|
||||
index 32c089fd96..7d5c0c7e29 100644
|
||||
index 32c089fd96d..7d5c0c7e299 100644
|
||||
--- a/src/java.base/share/classes/sun/security/util/SignatureUtil.java
|
||||
+++ b/src/java.base/share/classes/sun/security/util/SignatureUtil.java
|
||||
@@ -168,4 +168,22 @@ public class SignatureUtil {
|
||||
|
|
@ -51,7 +51,7 @@ index 32c089fd96..7d5c0c7e29 100644
|
|||
+ }
|
||||
}
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java
|
||||
index 41fe61b8a1..daf0bc9f69 100644
|
||||
index 41fe61b8a16..daf0bc9f69c 100644
|
||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java
|
||||
@@ -1,5 +1,5 @@
|
||||
|
|
@ -93,7 +93,7 @@ index 41fe61b8a1..daf0bc9f69 100644
|
|||
break;
|
||||
default:
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java
|
||||
index 926414608c..f343e6025e 100644
|
||||
index 926414608cb..f343e6025e1 100644
|
||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java
|
||||
@@ -36,7 +36,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
|
||||
|
|
@ -428,7 +428,7 @@ index 926414608c..f343e6025e 100644
|
|||
-
|
||||
}
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java
|
||||
index c88e4a6ace..29b26651c3 100644
|
||||
index c88e4a6ace5..29b26651c39 100644
|
||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java
|
||||
@@ -39,8 +39,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
|
||||
|
|
@ -465,7 +465,7 @@ index c88e4a6ace..29b26651c3 100644
|
|||
break;
|
||||
case (int)CKM_SSL3_MD5_MAC:
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
|
||||
index 1419be3754..18e00a544b 100644
|
||||
index 26eaa4735f1..905b6ea9562 100644
|
||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
|
||||
@@ -38,6 +38,7 @@ import java.security.spec.MGF1ParameterSpec;
|
||||
|
|
@ -738,7 +738,7 @@ index 1419be3754..18e00a544b 100644
|
|||
|
||||
// see JCA spec
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
|
||||
index e3af106d05..e49edf32c2 100644
|
||||
index e3af106d05a..e49edf32c29 100644
|
||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
|
||||
@@ -51,8 +51,15 @@ import sun.security.util.KeyUtil;
|
||||
|
|
@ -970,88 +970,111 @@ index e3af106d05..e49edf32c2 100644
|
|||
// return RSASignature.decodeSignature(digestOID, signature);
|
||||
// }
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
index ffbd671246..d191831dab 100644
|
||||
index cf7cd19b689..7a8bcffb92c 100644
|
||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
@@ -546,6 +546,14 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
m(CKM_SHA512_224));
|
||||
dA(MD, "SHA-512/256", P11Digest,
|
||||
@@ -550,6 +550,18 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
d(MD, "SHA-512/256", P11Digest,
|
||||
s("2.16.840.1.101.3.4.2.6", "OID.2.16.840.1.101.3.4.2.6"),
|
||||
m(CKM_SHA512_256));
|
||||
+ dA(MD, "SHA3-224", P11Digest,
|
||||
+ d(MD, "SHA3-224", P11Digest,
|
||||
+ s("2.16.840.1.101.3.4.2.7", "OID.2.16.840.1.101.3.4.2.7"),
|
||||
+ m(CKM_SHA3_224));
|
||||
+ dA(MD, "SHA3-256", P11Digest,
|
||||
+ d(MD, "SHA3-256", P11Digest,
|
||||
+ s("2.16.840.1.101.3.4.2.8", "OID.2.16.840.1.101.3.4.2.8"),
|
||||
+ m(CKM_SHA3_256));
|
||||
+ dA(MD, "SHA3-384", P11Digest,
|
||||
+ d(MD, "SHA3-384", P11Digest,
|
||||
+ s("2.16.840.1.101.3.4.2.9", "OID.2.16.840.1.101.3.4.2.9"),
|
||||
+ m(CKM_SHA3_384));
|
||||
+ dA(MD, "SHA3-512", P11Digest,
|
||||
+ d(MD, "SHA3-512", P11Digest,
|
||||
+ s("2.16.840.1.101.3.4.2.10", "OID.2.16.840.1.101.3.4.2.10"),
|
||||
+ m(CKM_SHA3_512));
|
||||
|
||||
d(MAC, "HmacMD5", P11MAC,
|
||||
m(CKM_MD5_HMAC));
|
||||
@@ -563,7 +571,14 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
m(CKM_SHA512_224_HMAC));
|
||||
dA(MAC, "HmacSHA512/256", P11MAC,
|
||||
@@ -574,7 +586,18 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
d(MAC, "HmacSHA512/256", P11MAC,
|
||||
s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"),
|
||||
m(CKM_SHA512_256_HMAC));
|
||||
-
|
||||
+ dA(MAC, "HmacSHA3-224", P11MAC,
|
||||
+ d(MAC, "HmacSHA3-224", P11MAC,
|
||||
+ s("2.16.840.1.101.3.4.2.13", "OID.2.16.840.1.101.3.4.2.13"),
|
||||
+ m(CKM_SHA3_224_HMAC));
|
||||
+ dA(MAC, "HmacSHA3-256", P11MAC,
|
||||
+ d(MAC, "HmacSHA3-256", P11MAC,
|
||||
+ s("2.16.840.1.101.3.4.2.14", "OID.2.16.840.1.101.3.4.2.14"),
|
||||
+ m(CKM_SHA3_256_HMAC));
|
||||
+ dA(MAC, "HmacSHA3-384", P11MAC,
|
||||
+ d(MAC, "HmacSHA3-384", P11MAC,
|
||||
+ s("2.16.840.1.101.3.4.2.15", "OID.2.16.840.1.101.3.4.2.15"),
|
||||
+ m(CKM_SHA3_384_HMAC));
|
||||
+ dA(MAC, "HmacSHA3-512", P11MAC,
|
||||
+ d(MAC, "HmacSHA3-512", P11MAC,
|
||||
+ s("2.16.840.1.101.3.4.2.16", "OID.2.16.840.1.101.3.4.2.16"),
|
||||
+ m(CKM_SHA3_512_HMAC));
|
||||
d(MAC, "SslMacMD5", P11MAC,
|
||||
m(CKM_SSL3_MD5_MAC));
|
||||
d(MAC, "SslMacSHA1", P11MAC,
|
||||
@@ -595,6 +610,30 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
@@ -604,6 +627,41 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
m(CKM_BLOWFISH_KEY_GEN));
|
||||
d(KG, "ChaCha20", P11KeyGenerator,
|
||||
m(CKM_CHACHA20_KEY_GEN));
|
||||
+ d(KG, "HmacMD5", P11KeyGenerator, // 1.3.6.1.5.5.8.1.1
|
||||
+ m(CKM_GENERIC_SECRET_KEY_GEN));
|
||||
+ dA(KG, "HmacSHA1", P11KeyGenerator,
|
||||
+ d(KG, "HmacSHA1", P11KeyGenerator,
|
||||
+ s("1.2.840.113549.2.7", "OID.1.2.840.113549.2.7"),
|
||||
+ m(CKM_SHA_1_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
|
||||
+ dA(KG, "HmacSHA224", P11KeyGenerator,
|
||||
+ d(KG, "HmacSHA224", P11KeyGenerator,
|
||||
+ s("1.2.840.113549.2.8", "OID.1.2.840.113549.2.8"),
|
||||
+ m(CKM_SHA224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
|
||||
+ dA(KG, "HmacSHA256", P11KeyGenerator,
|
||||
+ d(KG, "HmacSHA256", P11KeyGenerator,
|
||||
+ s("1.2.840.113549.2.9", "OID.1.2.840.113549.2.9"),
|
||||
+ m(CKM_SHA256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
|
||||
+ dA(KG, "HmacSHA384", P11KeyGenerator,
|
||||
+ d(KG, "HmacSHA384", P11KeyGenerator,
|
||||
+ s("1.2.840.113549.2.10", "OID.1.2.840.113549.2.10"),
|
||||
+ m(CKM_SHA384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
|
||||
+ dA(KG, "HmacSHA512", P11KeyGenerator,
|
||||
+ d(KG, "HmacSHA512", P11KeyGenerator,
|
||||
+ s("1.2.840.113549.2.11", "OID.1.2.840.113549.2.11"),
|
||||
+ m(CKM_SHA512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
|
||||
+ dA(KG, "HmacSHA512/224", P11KeyGenerator,
|
||||
+ d(KG, "HmacSHA512/224", P11KeyGenerator,
|
||||
+ s("1.2.840.113549.2.12", "OID.1.2.840.113549.2.12"),
|
||||
+ m(CKM_SHA512_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
|
||||
+ dA(KG, "HmacSHA512/256", P11KeyGenerator,
|
||||
+ d(KG, "HmacSHA512/256", P11KeyGenerator,
|
||||
+ s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"),
|
||||
+ m(CKM_SHA512_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
|
||||
+ dA(KG, "HmacSHA3-224", P11KeyGenerator,
|
||||
+ d(KG, "HmacSHA3-224", P11KeyGenerator,
|
||||
+ s("2.16.840.1.101.3.4.2.13", "OID.2.16.840.1.101.3.4.2.13"),
|
||||
+ m(CKM_SHA3_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
|
||||
+ dA(KG, "HmacSHA3-256", P11KeyGenerator,
|
||||
+ d(KG, "HmacSHA3-256", P11KeyGenerator,
|
||||
+ s("2.16.840.1.101.3.4.2.14", "OID.2.16.840.1.101.3.4.2.14"),
|
||||
+ m(CKM_SHA3_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
|
||||
+ dA(KG, "HmacSHA3-384", P11KeyGenerator,
|
||||
+ d(KG, "HmacSHA3-384", P11KeyGenerator,
|
||||
+ s("2.16.840.1.101.3.4.2.15", "OID.2.16.840.1.101.3.4.2.15"),
|
||||
+ m(CKM_SHA3_384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
|
||||
+ dA(KG, "HmacSHA3-512", P11KeyGenerator,
|
||||
+ d(KG, "HmacSHA3-512", P11KeyGenerator,
|
||||
+ s("2.16.840.1.101.3.4.2.16", "OID.2.16.840.1.101.3.4.2.16"),
|
||||
+ m(CKM_SHA3_512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
|
||||
|
||||
// register (Secret)KeyFactories if there are any mechanisms
|
||||
// for a particular algorithm that we support
|
||||
@@ -725,37 +764,77 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
m(CKM_DSA_SHA384));
|
||||
dA(SIG, "SHA512withDSA", P11Signature,
|
||||
@@ -747,13 +805,40 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
d(SIG, "SHA512withDSA", P11Signature,
|
||||
s("2.16.840.1.101.3.4.3.4", "OID.2.16.840.1.101.3.4.3.4"),
|
||||
m(CKM_DSA_SHA512));
|
||||
+ dA(SIG, "SHA3-224withDSA", P11Signature,
|
||||
+ d(SIG, "SHA3-224withDSA", P11Signature,
|
||||
+ s("2.16.840.1.101.3.4.3.5", "OID.2.16.840.1.101.3.4.3.5"),
|
||||
+ m(CKM_DSA_SHA3_224));
|
||||
+ dA(SIG, "SHA3-256withDSA", P11Signature,
|
||||
+ d(SIG, "SHA3-256withDSA", P11Signature,
|
||||
+ s("2.16.840.1.101.3.4.3.6", "OID.2.16.840.1.101.3.4.3.6"),
|
||||
+ m(CKM_DSA_SHA3_256));
|
||||
+ dA(SIG, "SHA3-384withDSA", P11Signature,
|
||||
+ d(SIG, "SHA3-384withDSA", P11Signature,
|
||||
+ s("2.16.840.1.101.3.4.3.7", "OID.2.16.840.1.101.3.4.3.7"),
|
||||
+ m(CKM_DSA_SHA3_384));
|
||||
+ dA(SIG, "SHA3-512withDSA", P11Signature,
|
||||
+ d(SIG, "SHA3-512withDSA", P11Signature,
|
||||
+ s("2.16.840.1.101.3.4.3.8", "OID.2.16.840.1.101.3.4.3.8"),
|
||||
+ m(CKM_DSA_SHA3_512));
|
||||
d(SIG, "RawDSAinP1363Format", P11Signature,
|
||||
List.of("NONEwithDSAinP1363Format"),
|
||||
s("NONEwithDSAinP1363Format"),
|
||||
m(CKM_DSA));
|
||||
d(SIG, "DSAinP1363Format", P11Signature,
|
||||
List.of("SHA1withDSAinP1363Format"),
|
||||
s("SHA1withDSAinP1363Format"),
|
||||
m(CKM_DSA_SHA1, CKM_DSA));
|
||||
-
|
||||
+ d(SIG, "SHA224withDSAinP1363Format", P11Signature,
|
||||
|
|
@ -1072,27 +1095,36 @@ index ffbd671246..d191831dab 100644
|
|||
+ m(CKM_DSA_SHA3_512));
|
||||
d(SIG, "NONEwithECDSA", P11Signature,
|
||||
m(CKM_ECDSA));
|
||||
dA(SIG, "SHA1withECDSA", P11Signature,
|
||||
d(SIG, "SHA1withECDSA", P11Signature,
|
||||
@@ -761,28 +846,49 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
m(CKM_ECDSA_SHA1, CKM_ECDSA));
|
||||
dA(SIG, "SHA224withECDSA", P11Signature,
|
||||
d(SIG, "SHA224withECDSA", P11Signature,
|
||||
s("1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"),
|
||||
- m(CKM_ECDSA));
|
||||
+ m(CKM_ECDSA_SHA224, CKM_ECDSA));
|
||||
dA(SIG, "SHA256withECDSA", P11Signature,
|
||||
d(SIG, "SHA256withECDSA", P11Signature,
|
||||
s("1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"),
|
||||
- m(CKM_ECDSA));
|
||||
+ m(CKM_ECDSA_SHA256, CKM_ECDSA));
|
||||
dA(SIG, "SHA384withECDSA", P11Signature,
|
||||
d(SIG, "SHA384withECDSA", P11Signature,
|
||||
s("1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3"),
|
||||
- m(CKM_ECDSA));
|
||||
+ m(CKM_ECDSA_SHA384, CKM_ECDSA));
|
||||
dA(SIG, "SHA512withECDSA", P11Signature,
|
||||
d(SIG, "SHA512withECDSA", P11Signature,
|
||||
s("1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"),
|
||||
- m(CKM_ECDSA));
|
||||
+ m(CKM_ECDSA_SHA512, CKM_ECDSA));
|
||||
+ dA(SIG, "SHA3-224withECDSA", P11Signature,
|
||||
+ d(SIG, "SHA3-224withECDSA", P11Signature,
|
||||
+ s("1.2.840.10045.4.3.9", "OID.1.2.840.10045.4.3.9"),
|
||||
+ m(CKM_ECDSA_SHA3_224, CKM_ECDSA));
|
||||
+ dA(SIG, "SHA3-256withECDSA", P11Signature,
|
||||
+ d(SIG, "SHA3-256withECDSA", P11Signature,
|
||||
+ s("1.2.840.10045.4.3.10", "OID.1.2.840.10045.4.3.10"),
|
||||
+ m(CKM_ECDSA_SHA3_256, CKM_ECDSA));
|
||||
+ dA(SIG, "SHA3-384withECDSA", P11Signature,
|
||||
+ d(SIG, "SHA3-384withECDSA", P11Signature,
|
||||
+ s("1.2.840.10045.4.3.11", "OID.1.2.840.10045.4.3.11"),
|
||||
+ m(CKM_ECDSA_SHA3_384, CKM_ECDSA));
|
||||
+ dA(SIG, "SHA3-512withECDSA", P11Signature,
|
||||
+ d(SIG, "SHA3-512withECDSA", P11Signature,
|
||||
+ s("1.2.840.10045.4.3.12", "OID.1.2.840.10045.4.3.12"),
|
||||
+ m(CKM_ECDSA_SHA3_512, CKM_ECDSA));
|
||||
d(SIG, "NONEwithECDSAinP1363Format", P11Signature,
|
||||
m(CKM_ECDSA));
|
||||
|
|
@ -1119,25 +1151,29 @@ index ffbd671246..d191831dab 100644
|
|||
+ d(SIG, "SHA3-512withECDSAinP1363Format", P11Signature,
|
||||
+ m(CKM_ECDSA_SHA3_512, CKM_ECDSA));
|
||||
+
|
||||
dA(SIG, "MD2withRSA", P11Signature,
|
||||
d(SIG, "MD2withRSA", P11Signature,
|
||||
s("1.2.840.113549.1.1.2", "OID.1.2.840.113549.1.1.2"),
|
||||
m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
|
||||
dA(SIG, "MD5withRSA", P11Signature,
|
||||
@@ -770,6 +849,14 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
|
||||
dA(SIG, "SHA512withRSA", P11Signature,
|
||||
@@ -805,6 +911,18 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
d(SIG, "SHA512withRSA", P11Signature,
|
||||
s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
|
||||
m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
|
||||
+ dA(SIG, "SHA3-224withRSA", P11Signature,
|
||||
+ d(SIG, "SHA3-224withRSA", P11Signature,
|
||||
+ s("2.16.840.1.101.3.4.3.13", "OID.2.16.840.1.101.3.4.3.13"),
|
||||
+ m(CKM_SHA3_224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
|
||||
+ dA(SIG, "SHA3-256withRSA", P11Signature,
|
||||
+ d(SIG, "SHA3-256withRSA", P11Signature,
|
||||
+ s("2.16.840.1.101.3.4.3.14", "OID.2.16.840.1.101.3.4.3.14"),
|
||||
+ m(CKM_SHA3_256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
|
||||
+ dA(SIG, "SHA3-384withRSA", P11Signature,
|
||||
+ d(SIG, "SHA3-384withRSA", P11Signature,
|
||||
+ s("2.16.840.1.101.3.4.3.15", "OID.2.16.840.1.101.3.4.3.15"),
|
||||
+ m(CKM_SHA3_384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
|
||||
+ dA(SIG, "SHA3-512withRSA", P11Signature,
|
||||
+ d(SIG, "SHA3-512withRSA", P11Signature,
|
||||
+ s("2.16.840.1.101.3.4.3.16", "OID.2.16.840.1.101.3.4.3.16"),
|
||||
+ m(CKM_SHA3_512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
|
||||
dA(SIG, "RSASSA-PSS", P11PSSSignature,
|
||||
d(SIG, "RSASSA-PSS", P11PSSSignature,
|
||||
s("1.2.840.113549.1.1.10", "OID.1.2.840.113549.1.1.10"),
|
||||
m(CKM_RSA_PKCS_PSS));
|
||||
d(SIG, "SHA1withRSASSA-PSS", P11PSSSignature,
|
||||
@@ -782,6 +869,14 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
@@ -818,6 +936,14 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
m(CKM_SHA384_RSA_PKCS_PSS));
|
||||
d(SIG, "SHA512withRSASSA-PSS", P11PSSSignature,
|
||||
m(CKM_SHA512_RSA_PKCS_PSS));
|
||||
|
|
@ -1153,7 +1189,7 @@ index ffbd671246..d191831dab 100644
|
|||
d(KG, "SunTlsRsaPremasterSecret",
|
||||
"sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java
|
||||
index e077943bbc..cb04b95304 100644
|
||||
index e077943bbc2..cb04b95304d 100644
|
||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java
|
||||
@@ -1,5 +1,5 @@
|
||||
|
|
@ -1179,7 +1215,7 @@ index e077943bbc..cb04b95304 100644
|
|||
|
||||
diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java
|
||||
new file mode 100644
|
||||
index 0000000000..d6707028d9
|
||||
index 00000000000..d6707028d96
|
||||
--- /dev/null
|
||||
+++ b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java
|
||||
@@ -0,0 +1,84 @@
|
||||
|
|
@ -1268,7 +1304,7 @@ index 0000000000..d6707028d9
|
|||
+ }
|
||||
+}
|
||||
diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
|
||||
index b61d10beec..78b7d857e8 100644
|
||||
index b61d10beece..78b7d857e8e 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
|
||||
+++ b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
|
||||
@@ -23,7 +23,7 @@
|
||||
|
|
@ -1300,7 +1336,7 @@ index b61d10beec..78b7d857e8 100644
|
|||
test("ARCFOUR", 1024, p, TestResult.TBD);
|
||||
} else if (p.getName().equals("SunPKCS11-NSS")) {
|
||||
diff --git a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java
|
||||
index 59af327c1f..64c42a6dd0 100644
|
||||
index 59af327c1f2..64c42a6dd06 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java
|
||||
+++ b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java
|
||||
@@ -23,7 +23,7 @@
|
||||
|
|
@ -1385,7 +1421,7 @@ index 59af327c1f..64c42a6dd0 100644
|
|||
|
||||
mac.reset();
|
||||
diff --git a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java
|
||||
index 5cad885984..7e045232e3 100644
|
||||
index 5cad8859840..7e045232e3a 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java
|
||||
+++ b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java
|
||||
@@ -1,5 +1,5 @@
|
||||
|
|
@ -1478,7 +1514,7 @@ index 5cad885984..7e045232e3 100644
|
|||
}
|
||||
}
|
||||
diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java
|
||||
index 7ced00630c..a7a72e8ea3 100644
|
||||
index 7ced00630cc..a7a72e8ea3d 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java
|
||||
+++ b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java
|
||||
@@ -1,5 +1,5 @@
|
||||
|
|
@ -1538,7 +1574,7 @@ index 7ced00630c..a7a72e8ea3 100644
|
|||
byte[] d1 = md.digest(data);
|
||||
|
||||
diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java
|
||||
index ea7909bc39..268f698276 100644
|
||||
index ea7909bc397..268f698276b 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java
|
||||
+++ b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java
|
||||
@@ -1,5 +1,5 @@
|
||||
|
|
@ -1619,7 +1655,7 @@ index ea7909bc39..268f698276 100644
|
|||
|
||||
private static void check(byte[] d1, byte[] d2) throws Exception {
|
||||
diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java
|
||||
index b931c8564b..ace601c723 100644
|
||||
index b931c8564b2..ace601c7233 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java
|
||||
+++ b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java
|
||||
@@ -1,5 +1,5 @@
|
||||
|
|
@ -1708,7 +1744,7 @@ index b931c8564b..ace601c723 100644
|
|||
MessageDigest mdCopy0 = (MessageDigest) mdObj.clone();
|
||||
|
||||
diff --git a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java
|
||||
index 26eeacffed..f5de994779 100644
|
||||
index 26eeacffed9..f5de994779c 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java
|
||||
+++ b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java
|
||||
@@ -23,7 +23,7 @@
|
||||
|
|
@ -1734,7 +1770,7 @@ index 26eeacffed..f5de994779 100644
|
|||
sig.update(t);
|
||||
byte[] signature = sig.sign();
|
||||
diff --git a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
|
||||
index ccd66599fb..a2fa729497 100644
|
||||
index ccd66599fb0..a2fa7294977 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
|
||||
+++ b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
|
||||
@@ -1,5 +1,5 @@
|
||||
|
|
@ -1780,7 +1816,7 @@ index ccd66599fb..a2fa729497 100644
|
|||
PSSParameterSpec params = new PSSParameterSpec("SHA-256", "MGF1",
|
||||
new MGF1ParameterSpec("SHA-256"), 32,
|
||||
diff --git a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
|
||||
index 2e4fedbf1d..f1c0492b5f 100644
|
||||
index 2e4fedbf1d5..f1c0492b5fc 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
|
||||
+++ b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
|
||||
@@ -1,5 +1,5 @@
|
||||
|
|
@ -1874,7 +1910,7 @@ index 2e4fedbf1d..f1c0492b5f 100644
|
|||
System.out.println("test#4: pass");
|
||||
}
|
||||
diff --git a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java
|
||||
index 42ca7fa203..8c132ca7e4 100644
|
||||
index 42ca7fa203d..8c132ca7e4f 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java
|
||||
+++ b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java
|
||||
@@ -23,312 +23,13 @@
|
||||
|
|
@ -2206,7 +2242,7 @@ index 42ca7fa203..8c132ca7e4 100644
|
|||
new Random().nextBytes(data);
|
||||
sig.initSign(privateKey);
|
||||
diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
|
||||
index 3c3edb5aa6..1114702277 100644
|
||||
index 3c3edb5aa6a..11147022771 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
|
||||
+++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
|
||||
@@ -1,5 +1,5 @@
|
||||
|
|
@ -2227,7 +2263,7 @@ index 3c3edb5aa6..1114702277 100644
|
|||
* @library /test/lib ..
|
||||
diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java
|
||||
new file mode 100644
|
||||
index 0000000000..b8ea986332
|
||||
index 00000000000..b8ea9863327
|
||||
--- /dev/null
|
||||
+++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java
|
||||
@@ -0,0 +1,98 @@
|
||||
|
|
@ -2330,7 +2366,7 @@ index 0000000000..b8ea986332
|
|||
+ }
|
||||
+}
|
||||
diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
|
||||
index 3a6dbe345e..4c1f7284bb 100644
|
||||
index 3a6dbe345e9..4c1f7284bbc 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
|
||||
+++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
|
||||
@@ -1,5 +1,5 @@
|
||||
|
|
@ -2388,7 +2424,7 @@ index 3a6dbe345e..4c1f7284bb 100644
|
|||
hash, "MGF1", new MGF1ParameterSpec(mgfHash), 0, 1);
|
||||
diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java
|
||||
new file mode 100644
|
||||
index 0000000000..516b17972e
|
||||
index 00000000000..516b17972e5
|
||||
--- /dev/null
|
||||
+++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java
|
||||
@@ -0,0 +1,140 @@
|
||||
|
|
@ -2533,7 +2569,7 @@ index 0000000000..516b17972e
|
|||
+ }
|
||||
+}
|
||||
diff --git a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java
|
||||
index 222f8a2a5e..3161de6fc5 100644
|
||||
index 222f8a2a5ed..3161de6fc50 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java
|
||||
+++ b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java
|
||||
@@ -1,5 +1,5 @@
|
||||
|
|
@ -2628,7 +2664,7 @@ index 222f8a2a5e..3161de6fc5 100644
|
|||
}
|
||||
}
|
||||
diff --git a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java
|
||||
index f469ca17b6..7e5a012a5e 100644
|
||||
index f469ca17b65..7e5a012a5ec 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java
|
||||
+++ b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java
|
||||
@@ -22,8 +22,8 @@
|
||||
|
|
@ -2661,7 +2697,7 @@ index f469ca17b6..7e5a012a5e 100644
|
|||
kpg.initialize(512);
|
||||
KeyPair kp = kpg.generateKeyPair();
|
||||
diff --git a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt
|
||||
index 49778ea954..576b1dc4d6 100644
|
||||
index 49778ea954c..576b1dc4d69 100644
|
||||
--- a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt
|
||||
+++ b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt
|
||||
@@ -11,12 +11,23 @@ library = ${pkcs11test.nss.lib}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,55 @@
|
|||
commit b4caafe16f14983e303b7f1fdf3090e5c513ebd8
|
||||
Author: Andrew John Hughes <andrew@openjdk.org>
|
||||
Date: Thu Apr 13 15:37:20 2023 +0000
|
||||
|
||||
8274864: Remove Amman/Cairo hacks in ZoneInfoFile
|
||||
|
||||
Backport-of: ec199072c5867624d66840238cc8828e16ae8da7
|
||||
|
||||
diff --git a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
|
||||
index 1dc82561f2..a51490767d 100644
|
||||
--- a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
|
||||
+++ b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
|
||||
@@ -607,34 +607,6 @@ public final class ZoneInfoFile {
|
||||
params[8] = endRule.secondOfDay * 1000;
|
||||
params[9] = toSTZTime[endRule.timeDefinition];
|
||||
dstSavings = (startRule.offsetAfter - startRule.offsetBefore) * 1000;
|
||||
-
|
||||
- // Note: known mismatching -> Asia/Amman
|
||||
- // ZoneInfo : startDayOfWeek=5 <= Thursday
|
||||
- // startTime=86400000 <= 24 hours
|
||||
- // This: startDayOfWeek=6
|
||||
- // startTime=0
|
||||
- // Similar workaround needs to be applied to Africa/Cairo and
|
||||
- // its endDayOfWeek and endTime
|
||||
- // Below is the workarounds, it probably slows down everyone a little
|
||||
- if (params[2] == 6 && params[3] == 0 &&
|
||||
- (zoneId.equals("Asia/Amman"))) {
|
||||
- params[2] = 5;
|
||||
- params[3] = 86400000;
|
||||
- }
|
||||
- // Additional check for startDayOfWeek=6 and starTime=86400000
|
||||
- // is needed for Asia/Amman;
|
||||
- if (params[2] == 7 && params[3] == 0 &&
|
||||
- (zoneId.equals("Asia/Amman"))) {
|
||||
- params[2] = 6; // Friday
|
||||
- params[3] = 86400000; // 24h
|
||||
- }
|
||||
- //endDayOfWeek and endTime workaround
|
||||
- if (params[7] == 6 && params[8] == 0 &&
|
||||
- (zoneId.equals("Africa/Cairo"))) {
|
||||
- params[7] = 5;
|
||||
- params[8] = 86400000;
|
||||
- }
|
||||
-
|
||||
} else if (nTrans > 0) { // only do this if there is something in table already
|
||||
if (lastyear < LASTYEAR) {
|
||||
// ZoneInfo has an ending entry for 2037
|
||||
@@ -907,7 +879,6 @@ public final class ZoneInfoFile {
|
||||
this.dow = dowByte == 0 ? -1 : dowByte;
|
||||
this.secondOfDay = timeByte == 31 ? in.readInt() : timeByte * 3600;
|
||||
this.timeDefinition = (data & (3 << 12)) >>> 12;
|
||||
-
|
||||
this.standardOffset = stdByte == 255 ? in.readInt() : (stdByte - 128) * 900;
|
||||
this.offsetBefore = beforeByte == 3 ? in.readInt() : standardOffset + beforeByte * 1800;
|
||||
this.offsetAfter = afterByte == 3 ? in.readInt() : standardOffset + afterByte * 1800;
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue