Compare commits

...

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

10 changed files with 5195 additions and 6625 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/openjdk-jdk11u-jdk-11.0.25+9.tar.xz SOURCES/openjdk-jdk11u-jdk-11.0.18+9-4curve.tar.xz
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

View File

@ -1,2 +1,2 @@
5fd3e49485572a2ac8c350503d872a624c59ddb2 SOURCES/openjdk-jdk11u-jdk-11.0.25+9.tar.xz 99b83c6bd4a99a9763594c4e3f661b983af6e031 SOURCES/openjdk-jdk11u-jdk-11.0.18+9-4curve.tar.xz
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

4254
SOURCES/NEWS Normal file

File diff suppressed because it is too large Load Diff

View File

@ -1,39 +0,0 @@
OpenJDK 11 is a Long-Term Support (LTS) release of the Java platform.
For a list of major changes from OpenJDK 8 (java-1.8.0-openjdk), see
the upstream release page for OpenJDK 11 and the preceding interim
releases:
* 9: https://openjdk.org/projects/jdk9/
* 10: https://openjdk.java.net/projects/jdk/10/
* 11: https://openjdk.java.net/projects/jdk/11/
# Rebuilding the OpenJDK package
The OpenJDK packages are now created from a single build which is then
packaged for different major versions of Red Hat Enterprise Linux
(RHEL). This allows the OpenJDK team to focus their efforts on the
development and testing of this single build, rather than having
multiple builds which only differ by the platform they were built on.
This does make rebuilding the package slightly more complicated than a
normal package. Modifications should be made to the
`java-11-openjdk-portable.specfile` file, which can be found with this
README file in the source RPM or installed in the documentation tree
by the `java-11-openjdk-headless` RPM.
Once the modified `java-11-openjdk-portable` RPMs are built, they
should be installed and will produce a number of tarballs in the
`/usr/lib/jvm` directory. The `java-11-openjdk` RPMs can then be
built, which will use these tarballs to create the usual RPMs found in
RHEL. The `java-11-openjdk-portable` RPMs can be uninstalled once the
desired final RPMs are produced.
Note that the `java-11-openjdk.spec` file has a hard requirement on
the exact version of java-11-openjdk-portable to use, so this will
need to be modified if the version or rpmrelease values are changed in
`java-11-openjdk-portable.specfile`.
To reduce the number of RPMs involved, the `fastdebug` and `slowdebug`
builds may be disabled using `--without fastdebug` and `--without
slowdebug`.

View File

@ -1,5 +1,5 @@
diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4 diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
index 16e906bdc6..1a352e5a32 100644 index a73c0f38181..80710886ed8 100644
--- a/make/autoconf/libraries.m4 --- a/make/autoconf/libraries.m4
+++ b/make/autoconf/libraries.m4 +++ b/make/autoconf/libraries.m4
@@ -101,6 +101,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES], @@ -101,6 +101,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
@ -74,10 +74,10 @@ index 16e906bdc6..1a352e5a32 100644
+ AC_SUBST(USE_SYSCONF_NSS) + AC_SUBST(USE_SYSCONF_NSS)
+]) +])
diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
index 3787b12600..dab108a82b 100644 index 0ae23b93167..a242acc1234 100644
--- a/make/autoconf/spec.gmk.in --- a/make/autoconf/spec.gmk.in
+++ b/make/autoconf/spec.gmk.in +++ b/make/autoconf/spec.gmk.in
@@ -848,6 +848,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@ @@ -826,6 +826,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@
# Libraries # Libraries
# #
@ -89,10 +89,10 @@ index 3787b12600..dab108a82b 100644
LCMS_CFLAGS:=@LCMS_CFLAGS@ LCMS_CFLAGS:=@LCMS_CFLAGS@
LCMS_LIBS:=@LCMS_LIBS@ LCMS_LIBS:=@LCMS_LIBS@
diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk
index b40d3114b9..0d1d83cf3e 100644 index a529768f39e..daf9c947172 100644
--- a/make/lib/Lib-java.base.gmk --- a/make/lib/Lib-java.base.gmk
+++ b/make/lib/Lib-java.base.gmk +++ b/make/lib/Lib-java.base.gmk
@@ -178,6 +178,31 @@ ifeq ($(call isTargetOsType, unix), true) @@ -178,6 +178,31 @@ ifeq ($(OPENJDK_TARGET_OS_TYPE), unix)
endif endif
endif endif
@ -125,7 +125,7 @@ index b40d3114b9..0d1d83cf3e 100644
# Create the symbols file for static builds. # Create the symbols file for static builds.
diff --git a/make/nb_native/nbproject/configurations.xml b/make/nb_native/nbproject/configurations.xml diff --git a/make/nb_native/nbproject/configurations.xml b/make/nb_native/nbproject/configurations.xml
index fb07d54c1f..c5813e2b7a 100644 index fb07d54c1f0..c5813e2b7aa 100644
--- a/make/nb_native/nbproject/configurations.xml --- a/make/nb_native/nbproject/configurations.xml
+++ b/make/nb_native/nbproject/configurations.xml +++ b/make/nb_native/nbproject/configurations.xml
@@ -2950,6 +2950,9 @@ @@ -2950,6 +2950,9 @@
@ -151,7 +151,7 @@ index fb07d54c1f..c5813e2b7a 100644
ex="false" ex="false"
tool="3" tool="3"
diff --git a/make/scripts/compare_exceptions.sh.incl b/make/scripts/compare_exceptions.sh.incl diff --git a/make/scripts/compare_exceptions.sh.incl b/make/scripts/compare_exceptions.sh.incl
index 6327040964..6b3780123b 100644 index 6327040964d..6b3780123b6 100644
--- a/make/scripts/compare_exceptions.sh.incl --- a/make/scripts/compare_exceptions.sh.incl
+++ b/make/scripts/compare_exceptions.sh.incl +++ b/make/scripts/compare_exceptions.sh.incl
@@ -179,6 +179,7 @@ if [ "$OPENJDK_TARGET_OS" = "solaris" ] && [ "$OPENJDK_TARGET_CPU" = "x86_64" ]; @@ -179,6 +179,7 @@ if [ "$OPENJDK_TARGET_OS" = "solaris" ] && [ "$OPENJDK_TARGET_CPU" = "x86_64" ];
@ -172,7 +172,7 @@ index 6327040964..6b3780123b 100644
./lib/libzip.so ./lib/libzip.so
diff --git a/src/java.base/linux/native/libsystemconf/systemconf.c b/src/java.base/linux/native/libsystemconf/systemconf.c diff --git a/src/java.base/linux/native/libsystemconf/systemconf.c b/src/java.base/linux/native/libsystemconf/systemconf.c
new file mode 100644 new file mode 100644
index 0000000000..8dcb7d9073 index 00000000000..8dcb7d9073f
--- /dev/null --- /dev/null
+++ b/src/java.base/linux/native/libsystemconf/systemconf.c +++ b/src/java.base/linux/native/libsystemconf/systemconf.c
@@ -0,0 +1,224 @@ @@ -0,0 +1,224 @@
@ -401,7 +401,7 @@ index 0000000000..8dcb7d9073
+ } + }
+} +}
diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
index 5b9552058b..b46de49211 100644 index b36510a376b..ad5182e1e7c 100644
--- a/src/java.base/share/classes/java/security/Security.java --- a/src/java.base/share/classes/java/security/Security.java
+++ b/src/java.base/share/classes/java/security/Security.java +++ b/src/java.base/share/classes/java/security/Security.java
@@ -32,6 +32,7 @@ import java.net.URL; @@ -32,6 +32,7 @@ import java.net.URL;
@ -412,17 +412,16 @@ index 5b9552058b..b46de49211 100644
import jdk.internal.misc.SharedSecrets; import jdk.internal.misc.SharedSecrets;
import jdk.internal.util.StaticProperty; import jdk.internal.util.StaticProperty;
import sun.security.util.Debug; import sun.security.util.Debug;
@@ -47,6 +48,9 @@ import sun.security.jca.*; @@ -47,12 +48,20 @@ import sun.security.jca.*;
* implementation-specific location, which is typically the properties file * implementation-specific location, which is typically the properties file
* {@code conf/security/java.security} in the Java installation directory. * {@code conf/security/java.security} in the Java installation directory.
* *
+ * <p>Additional default values of security properties are read from a + * <p>Additional default values of security properties are read from a
+ * system-specific location, if available.</p> + * system-specific location, if available.</p>
+ * + *
* @implNote If the properties file fails to load, the JDK implementation will * @author Benjamin Renaud
* throw an unspecified error when initializing the {@code Security} class. * @since 1.1
* */
@@ -56,6 +60,11 @@ import sun.security.jca.*;
public final class Security { public final class Security {
@ -434,7 +433,7 @@ index 5b9552058b..b46de49211 100644
/* Are we debugging? -- for developers */ /* Are we debugging? -- for developers */
private static final Debug sdebug = private static final Debug sdebug =
Debug.getInstance("properties"); Debug.getInstance("properties");
@@ -70,6 +79,19 @@ public final class Security { @@ -67,6 +76,19 @@ public final class Security {
} }
static { static {
@ -454,19 +453,26 @@ index 5b9552058b..b46de49211 100644
// doPrivileged here because there are multiple // doPrivileged here because there are multiple
// things in initialize that might require privs. // things in initialize that might require privs.
// (the FileInputStream call and the File.exists call, // (the FileInputStream call and the File.exists call,
@@ -85,6 +107,7 @@ public final class Security { @@ -83,6 +105,7 @@ public final class Security {
private static void initialize() {
props = new Properties(); props = new Properties();
boolean loadedProps = false;
boolean overrideAll = false; boolean overrideAll = false;
+ boolean systemSecPropsEnabled = false; + boolean systemSecPropsEnabled = false;
// first load the system properties file // first load the system properties file
// to determine the value of security.overridePropertiesFile // to determine the value of security.overridePropertiesFile
@@ -105,9 +128,63 @@ public final class Security { @@ -98,6 +121,7 @@ public final class Security {
if (sdebug != null) {
sdebug.println("reading security properties file: " +
propFile);
+ sdebug.println(props.toString());
} }
loadProps(null, extraPropFile, overrideAll); } catch (IOException e) {
if (sdebug != null) {
@@ -192,6 +216,61 @@ public final class Security {
} }
+ }
+ boolean sysUseProps = Boolean.valueOf(System.getProperty(SYS_PROP_SWITCH, "false")); + boolean sysUseProps = Boolean.valueOf(System.getProperty(SYS_PROP_SWITCH, "false"));
+ boolean secUseProps = Boolean.valueOf(props.getProperty(SEC_PROP_SWITCH)); + boolean secUseProps = Boolean.valueOf(props.getProperty(SEC_PROP_SWITCH));
+ if (sdebug != null) { + if (sdebug != null) {
@ -486,7 +492,9 @@ index 5b9552058b..b46de49211 100644
+ } + }
+ } + }
+ +
+ if (systemSecPropsEnabled) { + // FIPS support depends on the contents of java.security so
+ // ensure it has loaded first
+ if (loadedProps && systemSecPropsEnabled) {
+ boolean shouldEnable; + boolean shouldEnable;
+ String sysProp = System.getProperty("com.redhat.fips"); + String sysProp = System.getProperty("com.redhat.fips");
+ if (sysProp == null) { + if (sysProp == null) {
@ -522,19 +530,15 @@ index 5b9552058b..b46de49211 100644
+ } + }
} }
- private static boolean loadProps(File masterFile, String extraPropFile, boolean overrideAll) { /*
+ static boolean loadProps(File masterFile, String extraPropFile, boolean overrideAll) {
InputStream is = null;
try {
if (masterFile != null && masterFile.exists()) {
diff --git a/src/java.base/share/classes/java/security/SystemConfigurator.java b/src/java.base/share/classes/java/security/SystemConfigurator.java diff --git a/src/java.base/share/classes/java/security/SystemConfigurator.java b/src/java.base/share/classes/java/security/SystemConfigurator.java
new file mode 100644 new file mode 100644
index 0000000000..49bf17ea17 index 00000000000..90f6dd2ebc0
--- /dev/null --- /dev/null
+++ b/src/java.base/share/classes/java/security/SystemConfigurator.java +++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
@@ -0,0 +1,231 @@ @@ -0,0 +1,248 @@
+/* +/*
+ * Copyright (c) 2019, 2023, Red Hat, Inc. + * Copyright (c) 2019, 2021, Red Hat, Inc.
+ * + *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * + *
@ -612,9 +616,26 @@ index 0000000000..49bf17ea17
+ * security.useSystemPropertiesFile is true. + * security.useSystemPropertiesFile is true.
+ */ + */
+ static boolean configureSysProps(Properties props) { + static boolean configureSysProps(Properties props) {
+ // now load the system file, if it exists, so its values + boolean systemSecPropsLoaded = false;
+ // will win if they conflict with the earlier values +
+ return Security.loadProps(null, CRYPTO_POLICIES_JAVA_CONFIG, false); + try (BufferedInputStream bis =
+ new BufferedInputStream(
+ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) {
+ props.load(bis);
+ systemSecPropsLoaded = true;
+ if (sdebug != null) {
+ sdebug.println("reading system security properties file " +
+ CRYPTO_POLICIES_JAVA_CONFIG);
+ sdebug.println(props.toString());
+ }
+ } catch (IOException e) {
+ if (sdebug != null) {
+ sdebug.println("unable to load security properties from " +
+ CRYPTO_POLICIES_JAVA_CONFIG);
+ e.printStackTrace();
+ }
+ }
+ return systemSecPropsLoaded;
+ } + }
+ +
+ /* + /*
@ -766,7 +787,7 @@ index 0000000000..49bf17ea17
+} +}
diff --git a/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java diff --git a/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
new file mode 100644 new file mode 100644
index 0000000000..21bc6d0b59 index 00000000000..21bc6d0b591
--- /dev/null --- /dev/null
+++ b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java +++ b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
@@ -0,0 +1,31 @@ @@ -0,0 +1,31 @@
@ -802,7 +823,7 @@ index 0000000000..21bc6d0b59
+ boolean isPlainKeySupportEnabled(); + boolean isPlainKeySupportEnabled();
+} +}
diff --git a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java diff --git a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
index 688ec9f091..8489b940c4 100644 index 688ec9f0915..8489b940c43 100644
--- a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java --- a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
+++ b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java +++ b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
@@ -36,6 +36,7 @@ import java.io.FilePermission; @@ -36,6 +36,7 @@ import java.io.FilePermission;
@ -838,7 +859,7 @@ index 688ec9f091..8489b940c4 100644
+ } + }
} }
diff --git a/src/java.base/share/classes/module-info.java b/src/java.base/share/classes/module-info.java diff --git a/src/java.base/share/classes/module-info.java b/src/java.base/share/classes/module-info.java
index 7351627db3..859591890d 100644 index 5460efcf8c5..f08dc2fafc5 100644
--- a/src/java.base/share/classes/module-info.java --- a/src/java.base/share/classes/module-info.java
+++ b/src/java.base/share/classes/module-info.java +++ b/src/java.base/share/classes/module-info.java
@@ -182,6 +182,7 @@ module java.base { @@ -182,6 +182,7 @@ module java.base {
@ -850,7 +871,7 @@ index 7351627db3..859591890d 100644
jdk.attach, jdk.attach,
jdk.charsets, jdk.charsets,
diff --git a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java diff --git a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
index ffee2c1603..ff3d5e0e4a 100644 index ffee2c1603b..ff3d5e0e4ab 100644
--- a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java --- a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java +++ b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
@@ -33,8 +33,13 @@ import java.security.KeyStore.*; @@ -33,8 +33,13 @@ import java.security.KeyStore.*;
@ -889,7 +910,7 @@ index ffee2c1603..ff3d5e0e4a 100644
"FIPS mode: KeyStore must be " + "FIPS mode: KeyStore must be " +
"from provider " + SunJSSE.cryptoProvider.getName()); "from provider " + SunJSSE.cryptoProvider.getName());
diff --git a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java diff --git a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
index e06b2a588c..315a2ce370 100644 index de7da5c3379..5c3813dda7b 100644
--- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java --- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
@@ -31,6 +31,7 @@ import java.security.*; @@ -31,6 +31,7 @@ import java.security.*;
@ -910,14 +931,6 @@ index e06b2a588c..315a2ce370 100644
- ProtocolVersion.TLS11, - ProtocolVersion.TLS11,
- ProtocolVersion.TLS10 - ProtocolVersion.TLS10
- ); - );
-
- serverDefaultProtocols = getAvailableProtocols(
- new ProtocolVersion[] {
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10
- });
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess() + if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled()) { + .isSystemFipsEnabled()) {
+ // RH1860986: TLSv1.3 key derivation not supported with + // RH1860986: TLSv1.3 key derivation not supported with
@ -927,7 +940,14 @@ index e06b2a588c..315a2ce370 100644
+ ProtocolVersion.TLS11, + ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10 + ProtocolVersion.TLS10
+ ); + );
+
- serverDefaultProtocols = getAvailableProtocols(
- new ProtocolVersion[] {
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10
- });
+ serverDefaultProtocols = getAvailableProtocols( + serverDefaultProtocols = getAvailableProtocols(
+ new ProtocolVersion[] { + new ProtocolVersion[] {
+ ProtocolVersion.TLS12, + ProtocolVersion.TLS12,
@ -953,68 +973,42 @@ index e06b2a588c..315a2ce370 100644
} else { } else {
supportedProtocols = Arrays.asList( supportedProtocols = Arrays.asList(
ProtocolVersion.TLS13, ProtocolVersion.TLS13,
@@ -910,12 +929,23 @@ public abstract class SSLContextImpl extends SSLContextSpi { @@ -620,6 +639,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
if (client) {
// default client protocols static ProtocolVersion[] getSupportedProtocols() {
if (SunJSSE.isFIPS()) { if (SunJSSE.isFIPS()) {
- candidates = new ProtocolVersion[] {
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10
- };
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess() + if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled()) { + .isSystemFipsEnabled()) {
+ // RH1860986: TLSv1.3 key derivation not supported with + // RH1860986: TLSv1.3 key derivation not supported with
+ // the Security Providers available in system FIPS mode. + // the Security Providers available in system FIPS mode.
+ candidates = new ProtocolVersion[] { + return new ProtocolVersion[] {
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ };
+ } else {
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS13,
+ ProtocolVersion.TLS12, + ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11, + ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10 + ProtocolVersion.TLS10
+ }; + };
+ } + }
} else { return new ProtocolVersion[] {
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13, ProtocolVersion.TLS13,
@@ -927,12 +957,23 @@ public abstract class SSLContextImpl extends SSLContextSpi { ProtocolVersion.TLS12,
} else { @@ -949,6 +978,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
// default server protocols
static ProtocolVersion[] getProtocols() {
if (SunJSSE.isFIPS()) { if (SunJSSE.isFIPS()) {
- candidates = new ProtocolVersion[] {
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10
- };
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess() + if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled()) { + .isSystemFipsEnabled()) {
+ // RH1860986: TLSv1.3 key derivation not supported with + // RH1860986: TLSv1.3 key derivation not supported with
+ // the Security Providers available in system FIPS mode. + // the Security Providers available in system FIPS mode.
+ candidates = new ProtocolVersion[] { + return new ProtocolVersion[] {
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ };
+ } else {
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS13,
+ ProtocolVersion.TLS12, + ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11, + ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10 + ProtocolVersion.TLS10
+ }; + };
+ } + }
} else { return new ProtocolVersion[]{
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13, ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
index 2a2b5d7568..891796f19b 100644 index c50ba93ecfc..de2a91a478c 100644
--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java --- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java +++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
@@ -27,6 +27,8 @@ package sun.security.ssl; @@ -27,6 +27,8 @@ package sun.security.ssl;
@ -1025,7 +1019,7 @@ index 2a2b5d7568..891796f19b 100644
+import jdk.internal.misc.SharedSecrets; +import jdk.internal.misc.SharedSecrets;
import sun.security.rsa.SunRsaSignEntries; import sun.security.rsa.SunRsaSignEntries;
import static sun.security.util.SecurityConstants.PROVIDER_VER; import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.util.SecurityProviderConstants.*; import static sun.security.provider.SunEntries.createAliases;
@@ -195,8 +197,13 @@ public abstract class SunJSSE extends java.security.Provider { @@ -195,8 +197,13 @@ public abstract class SunJSSE extends java.security.Provider {
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null); "sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
ps("SSLContext", "TLSv1.2", ps("SSLContext", "TLSv1.2",
@ -1041,12 +1035,12 @@ index 2a2b5d7568..891796f19b 100644
+ } + }
ps("SSLContext", "TLS", ps("SSLContext", "TLS",
"sun.security.ssl.SSLContextImpl$TLSContext", "sun.security.ssl.SSLContextImpl$TLSContext",
(isfips? null : List.of("SSL")), null); (isfips? null : createAliases("SSL")), null);
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
index c0eed3f884..b03bd9f896 100644 index 097517926d1..474fe6f401f 100644
--- a/src/java.base/share/conf/security/java.security --- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security
@@ -88,6 +88,14 @@ security.provider.tbd=Apple @@ -85,6 +85,14 @@ security.provider.tbd=Apple
security.provider.tbd=SunPKCS11 security.provider.tbd=SunPKCS11
#endif #endif
@ -1061,7 +1055,7 @@ index c0eed3f884..b03bd9f896 100644
# #
# A list of preferred providers for specific algorithms. These providers will # A list of preferred providers for specific algorithms. These providers will
# be searched for matching algorithms before the list of registered providers. # be searched for matching algorithms before the list of registered providers.
@@ -301,6 +309,11 @@ policy.ignoreIdentityScope=false @@ -298,6 +306,11 @@ policy.ignoreIdentityScope=false
# #
keystore.type=pkcs12 keystore.type=pkcs12
@ -1073,7 +1067,7 @@ index c0eed3f884..b03bd9f896 100644
# #
# Controls compatibility mode for JKS and PKCS12 keystore types. # Controls compatibility mode for JKS and PKCS12 keystore types.
# #
@@ -338,6 +351,13 @@ package.definition=sun.misc.,\ @@ -335,6 +348,13 @@ package.definition=sun.misc.,\
# #
security.overridePropertiesFile=true security.overridePropertiesFile=true
@ -1089,7 +1083,7 @@ index c0eed3f884..b03bd9f896 100644
# the javax.net.ssl package. # the javax.net.ssl package.
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
new file mode 100644 new file mode 100644
index 0000000000..b848a1fd78 index 00000000000..b848a1fd783
--- /dev/null --- /dev/null
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
@@ -0,0 +1,290 @@ @@ -0,0 +1,290 @@
@ -1384,7 +1378,7 @@ index 0000000000..b848a1fd78
+ } + }
+} +}
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
index ffbd671246..bdaad67e06 100644 index 099caac605f..977e5332bd1 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -26,6 +26,9 @@ @@ -26,6 +26,9 @@
@ -1406,7 +1400,7 @@ index ffbd671246..bdaad67e06 100644
import sun.security.util.Debug; import sun.security.util.Debug;
import sun.security.util.ResourcesMgr; import sun.security.util.ResourcesMgr;
import static sun.security.util.SecurityConstants.PROVIDER_VER; import static sun.security.util.SecurityConstants.PROVIDER_VER;
@@ -61,6 +66,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; @@ -60,6 +65,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
*/ */
public final class SunPKCS11 extends AuthProvider { public final class SunPKCS11 extends AuthProvider {
@ -1436,7 +1430,7 @@ index ffbd671246..bdaad67e06 100644
private static final long serialVersionUID = -1354835039035306505L; private static final long serialVersionUID = -1354835039035306505L;
static final Debug debug = Debug.getInstance("sunpkcs11"); static final Debug debug = Debug.getInstance("sunpkcs11");
@@ -318,10 +346,15 @@ public final class SunPKCS11 extends AuthProvider { @@ -317,10 +345,15 @@ public final class SunPKCS11 extends AuthProvider {
// request multithreaded access first // request multithreaded access first
initArgs.flags = CKF_OS_LOCKING_OK; initArgs.flags = CKF_OS_LOCKING_OK;
PKCS11 tmpPKCS11; PKCS11 tmpPKCS11;
@ -1453,7 +1447,7 @@ index ffbd671246..bdaad67e06 100644
} catch (PKCS11Exception e) { } catch (PKCS11Exception e) {
if (debug != null) { if (debug != null) {
debug.println("Multi-threaded initialization failed: " + e); debug.println("Multi-threaded initialization failed: " + e);
@@ -337,7 +370,7 @@ public final class SunPKCS11 extends AuthProvider { @@ -336,7 +369,7 @@ public final class SunPKCS11 extends AuthProvider {
initArgs.flags = 0; initArgs.flags = 0;
} }
tmpPKCS11 = PKCS11.getInstance(library, tmpPKCS11 = PKCS11.getInstance(library,
@ -1462,7 +1456,7 @@ index ffbd671246..bdaad67e06 100644
} }
p11 = tmpPKCS11; p11 = tmpPKCS11;
@@ -377,6 +410,24 @@ public final class SunPKCS11 extends AuthProvider { @@ -376,6 +409,24 @@ public final class SunPKCS11 extends AuthProvider {
if (nssModule != null) { if (nssModule != null) {
nssModule.setProvider(this); nssModule.setProvider(this);
} }
@ -1488,7 +1482,7 @@ index ffbd671246..bdaad67e06 100644
if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) { if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
throw new UnsupportedOperationException throw new UnsupportedOperationException
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
index 04a369f453..f033fe4759 100644 index 04a369f453c..f033fe47593 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
@@ -49,6 +49,7 @@ package sun.security.pkcs11.wrapper; @@ -49,6 +49,7 @@ package sun.security.pkcs11.wrapper;

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,20 @@
--- openjdk/src/java.base/share/conf/security/java.security
+++ openjdk/src/java.base/share/conf/security/java.security
@@ -304,6 +304,8 @@
#
package.access=sun.misc.,\
sun.reflect.,\
+ org.GNOME.Accessibility.,\
+ org.GNOME.Bonobo.,\
#
# List of comma-separated packages that start with or equal this string
@@ -316,6 +318,8 @@
#
package.definition=sun.misc.,\
sun.reflect.,\
+ org.GNOME.Accessibility.,\
+ org.GNOME.Bonobo.,\
#
# Determines whether this properties file can be appended to

View File

@ -1,8 +1,7 @@
diff --git openjdk.orig/make/launcher/Launcher-java.base.gmk openjdk/make/launcher/Launcher-java.base.gmk diff -r 1356affa5e44 make/launcher/Launcher-java.base.gmk
index a8990dd0ef..320fec6e51 100644 --- openjdk/make/launcher/Launcher-java.base.gmk Wed Nov 25 08:27:15 2020 +0100
--- openjdk.orig/make/launcher/Launcher-java.base.gmk +++ openjdk/make/launcher/Launcher-java.base.gmk Tue Dec 01 12:29:30 2020 +0100
+++ openjdk/make/launcher/Launcher-java.base.gmk @@ -41,6 +41,16 @@
@@ -41,6 +41,16 @@ $(eval $(call SetupBuildLauncher, java, \
OPTIMIZATION := HIGH, \ OPTIMIZATION := HIGH, \
)) ))
@ -16,14 +15,13 @@ index a8990dd0ef..320fec6e51 100644
+ OPTIMIZATION := HIGH, \ + OPTIMIZATION := HIGH, \
+)) +))
+ +
ifeq ($(call isTargetOs, windows), true) ifeq ($(OPENJDK_TARGET_OS), windows)
$(eval $(call SetupBuildLauncher, javaw, \ $(eval $(call SetupBuildLauncher, javaw, \
CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \ CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \
diff --git openjdk.orig/src/java.base/share/native/launcher/alt_main.h openjdk/src/java.base/share/native/launcher/alt_main.h
new file mode 100644 diff -r 25e94aa812b2 src/share/bin/alt_main.h
index 0000000000..697df2898a --- /dev/null Thu Jan 01 00:00:00 1970 +0000
--- /dev/null +++ openjdk/src/java.base/share/native/launcher/alt_main.h Tue Jun 02 17:15:28 2020 +0100
+++ openjdk/src/java.base/share/native/launcher/alt_main.h
@@ -0,0 +1,73 @@ @@ -0,0 +1,73 @@
+/* +/*
+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved. + * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
@ -98,10 +96,9 @@ index 0000000000..697df2898a
+} +}
+ +
+#endif // REDHAT_ALT_JAVA +#endif // REDHAT_ALT_JAVA
diff --git openjdk.orig/src/java.base/share/native/launcher/main.c openjdk/src/java.base/share/native/launcher/main.c diff -r 25e94aa812b2 src/share/bin/main.c
index b734fe2ba7..79dc830765 100644 --- openjdk/src/java.base/share/native/launcher/main.c Wed Feb 05 12:20:36 2020 -0300
--- openjdk.orig/src/java.base/share/native/launcher/main.c +++ openjdk/src/java.base/share/native/launcher/main.c Tue Jun 02 17:15:28 2020 +0100
+++ openjdk/src/java.base/share/native/launcher/main.c
@@ -34,6 +34,14 @@ @@ -34,6 +34,14 @@
#include "jli_util.h" #include "jli_util.h"
#include "jni.h" #include "jni.h"

File diff suppressed because it is too large Load Diff