Compare commits

...

No commits in common. "c8" and "c9-bootstrap" have entirely different histories.

9 changed files with 6967 additions and 5306 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/openjdk-jdk11u-jdk-11.0.25+9.tar.xz SOURCES/openjdk-jdk11u-jdk-11.0.19+7-4curve.tar.xz
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

View File

@ -1,2 +1,2 @@
5fd3e49485572a2ac8c350503d872a624c59ddb2 SOURCES/openjdk-jdk11u-jdk-11.0.25+9.tar.xz aa30c8827f7ced0a1fa9a9c226884f7c79101e86 SOURCES/openjdk-jdk11u-jdk-11.0.19+7-4curve.tar.xz
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

4584
SOURCES/NEWS Normal file

File diff suppressed because it is too large Load Diff

View File

@ -89,7 +89,7 @@ index 3787b12600..dab108a82b 100644
LCMS_CFLAGS:=@LCMS_CFLAGS@ LCMS_CFLAGS:=@LCMS_CFLAGS@
LCMS_LIBS:=@LCMS_LIBS@ LCMS_LIBS:=@LCMS_LIBS@
diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk
index b40d3114b9..0d1d83cf3e 100644 index 4cd656a086..e1fc94b5b4 100644
--- a/make/lib/Lib-java.base.gmk --- a/make/lib/Lib-java.base.gmk
+++ b/make/lib/Lib-java.base.gmk +++ b/make/lib/Lib-java.base.gmk
@@ -178,6 +178,31 @@ ifeq ($(call isTargetOsType, unix), true) @@ -178,6 +178,31 @@ ifeq ($(call isTargetOsType, unix), true)
@ -401,7 +401,7 @@ index 0000000000..8dcb7d9073
+ } + }
+} +}
diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
index 5b9552058b..b46de49211 100644 index b36510a376..ad5182e1e7 100644
--- a/src/java.base/share/classes/java/security/Security.java --- a/src/java.base/share/classes/java/security/Security.java
+++ b/src/java.base/share/classes/java/security/Security.java +++ b/src/java.base/share/classes/java/security/Security.java
@@ -32,6 +32,7 @@ import java.net.URL; @@ -32,6 +32,7 @@ import java.net.URL;
@ -412,17 +412,16 @@ index 5b9552058b..b46de49211 100644
import jdk.internal.misc.SharedSecrets; import jdk.internal.misc.SharedSecrets;
import jdk.internal.util.StaticProperty; import jdk.internal.util.StaticProperty;
import sun.security.util.Debug; import sun.security.util.Debug;
@@ -47,6 +48,9 @@ import sun.security.jca.*; @@ -47,12 +48,20 @@ import sun.security.jca.*;
* implementation-specific location, which is typically the properties file * implementation-specific location, which is typically the properties file
* {@code conf/security/java.security} in the Java installation directory. * {@code conf/security/java.security} in the Java installation directory.
* *
+ * <p>Additional default values of security properties are read from a + * <p>Additional default values of security properties are read from a
+ * system-specific location, if available.</p> + * system-specific location, if available.</p>
+ * + *
* @implNote If the properties file fails to load, the JDK implementation will * @author Benjamin Renaud
* throw an unspecified error when initializing the {@code Security} class. * @since 1.1
* */
@@ -56,6 +60,11 @@ import sun.security.jca.*;
public final class Security { public final class Security {
@ -434,7 +433,7 @@ index 5b9552058b..b46de49211 100644
/* Are we debugging? -- for developers */ /* Are we debugging? -- for developers */
private static final Debug sdebug = private static final Debug sdebug =
Debug.getInstance("properties"); Debug.getInstance("properties");
@@ -70,6 +79,19 @@ public final class Security { @@ -67,6 +76,19 @@ public final class Security {
} }
static { static {
@ -454,19 +453,26 @@ index 5b9552058b..b46de49211 100644
// doPrivileged here because there are multiple // doPrivileged here because there are multiple
// things in initialize that might require privs. // things in initialize that might require privs.
// (the FileInputStream call and the File.exists call, // (the FileInputStream call and the File.exists call,
@@ -85,6 +107,7 @@ public final class Security { @@ -83,6 +105,7 @@ public final class Security {
private static void initialize() {
props = new Properties(); props = new Properties();
boolean loadedProps = false;
boolean overrideAll = false; boolean overrideAll = false;
+ boolean systemSecPropsEnabled = false; + boolean systemSecPropsEnabled = false;
// first load the system properties file // first load the system properties file
// to determine the value of security.overridePropertiesFile // to determine the value of security.overridePropertiesFile
@@ -105,9 +128,63 @@ public final class Security { @@ -98,6 +121,7 @@ public final class Security {
if (sdebug != null) {
sdebug.println("reading security properties file: " +
propFile);
+ sdebug.println(props.toString());
}
} catch (IOException e) {
if (sdebug != null) {
@@ -192,6 +216,61 @@ public final class Security {
} }
loadProps(null, extraPropFile, overrideAll);
} }
+
+ boolean sysUseProps = Boolean.valueOf(System.getProperty(SYS_PROP_SWITCH, "false")); + boolean sysUseProps = Boolean.valueOf(System.getProperty(SYS_PROP_SWITCH, "false"));
+ boolean secUseProps = Boolean.valueOf(props.getProperty(SEC_PROP_SWITCH)); + boolean secUseProps = Boolean.valueOf(props.getProperty(SEC_PROP_SWITCH));
+ if (sdebug != null) { + if (sdebug != null) {
@ -486,7 +492,9 @@ index 5b9552058b..b46de49211 100644
+ } + }
+ } + }
+ +
+ if (systemSecPropsEnabled) { + // FIPS support depends on the contents of java.security so
+ // ensure it has loaded first
+ if (loadedProps && systemSecPropsEnabled) {
+ boolean shouldEnable; + boolean shouldEnable;
+ String sysProp = System.getProperty("com.redhat.fips"); + String sysProp = System.getProperty("com.redhat.fips");
+ if (sysProp == null) { + if (sysProp == null) {
@ -522,19 +530,15 @@ index 5b9552058b..b46de49211 100644
+ } + }
} }
- private static boolean loadProps(File masterFile, String extraPropFile, boolean overrideAll) { /*
+ static boolean loadProps(File masterFile, String extraPropFile, boolean overrideAll) {
InputStream is = null;
try {
if (masterFile != null && masterFile.exists()) {
diff --git a/src/java.base/share/classes/java/security/SystemConfigurator.java b/src/java.base/share/classes/java/security/SystemConfigurator.java diff --git a/src/java.base/share/classes/java/security/SystemConfigurator.java b/src/java.base/share/classes/java/security/SystemConfigurator.java
new file mode 100644 new file mode 100644
index 0000000000..49bf17ea17 index 0000000000..90f6dd2ebc
--- /dev/null --- /dev/null
+++ b/src/java.base/share/classes/java/security/SystemConfigurator.java +++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
@@ -0,0 +1,231 @@ @@ -0,0 +1,248 @@
+/* +/*
+ * Copyright (c) 2019, 2023, Red Hat, Inc. + * Copyright (c) 2019, 2021, Red Hat, Inc.
+ * + *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * + *
@ -612,9 +616,26 @@ index 0000000000..49bf17ea17
+ * security.useSystemPropertiesFile is true. + * security.useSystemPropertiesFile is true.
+ */ + */
+ static boolean configureSysProps(Properties props) { + static boolean configureSysProps(Properties props) {
+ // now load the system file, if it exists, so its values + boolean systemSecPropsLoaded = false;
+ // will win if they conflict with the earlier values +
+ return Security.loadProps(null, CRYPTO_POLICIES_JAVA_CONFIG, false); + try (BufferedInputStream bis =
+ new BufferedInputStream(
+ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) {
+ props.load(bis);
+ systemSecPropsLoaded = true;
+ if (sdebug != null) {
+ sdebug.println("reading system security properties file " +
+ CRYPTO_POLICIES_JAVA_CONFIG);
+ sdebug.println(props.toString());
+ }
+ } catch (IOException e) {
+ if (sdebug != null) {
+ sdebug.println("unable to load security properties from " +
+ CRYPTO_POLICIES_JAVA_CONFIG);
+ e.printStackTrace();
+ }
+ }
+ return systemSecPropsLoaded;
+ } + }
+ +
+ /* + /*
@ -1014,7 +1035,7 @@ index e06b2a588c..315a2ce370 100644
candidates = new ProtocolVersion[] { candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13, ProtocolVersion.TLS13,
diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
index 2a2b5d7568..891796f19b 100644 index c50ba93ecf..de2a91a478 100644
--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java --- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java +++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
@@ -27,6 +27,8 @@ package sun.security.ssl; @@ -27,6 +27,8 @@ package sun.security.ssl;
@ -1025,7 +1046,7 @@ index 2a2b5d7568..891796f19b 100644
+import jdk.internal.misc.SharedSecrets; +import jdk.internal.misc.SharedSecrets;
import sun.security.rsa.SunRsaSignEntries; import sun.security.rsa.SunRsaSignEntries;
import static sun.security.util.SecurityConstants.PROVIDER_VER; import static sun.security.util.SecurityConstants.PROVIDER_VER;
import static sun.security.util.SecurityProviderConstants.*; import static sun.security.provider.SunEntries.createAliases;
@@ -195,8 +197,13 @@ public abstract class SunJSSE extends java.security.Provider { @@ -195,8 +197,13 @@ public abstract class SunJSSE extends java.security.Provider {
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null); "sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
ps("SSLContext", "TLSv1.2", ps("SSLContext", "TLSv1.2",
@ -1041,12 +1062,12 @@ index 2a2b5d7568..891796f19b 100644
+ } + }
ps("SSLContext", "TLS", ps("SSLContext", "TLS",
"sun.security.ssl.SSLContextImpl$TLSContext", "sun.security.ssl.SSLContextImpl$TLSContext",
(isfips? null : List.of("SSL")), null); (isfips? null : createAliases("SSL")), null);
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
index c0eed3f884..b03bd9f896 100644 index 9af64321c4..957cd78a55 100644
--- a/src/java.base/share/conf/security/java.security --- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security
@@ -88,6 +88,14 @@ security.provider.tbd=Apple @@ -85,6 +85,14 @@ security.provider.tbd=Apple
security.provider.tbd=SunPKCS11 security.provider.tbd=SunPKCS11
#endif #endif
@ -1061,7 +1082,7 @@ index c0eed3f884..b03bd9f896 100644
# #
# A list of preferred providers for specific algorithms. These providers will # A list of preferred providers for specific algorithms. These providers will
# be searched for matching algorithms before the list of registered providers. # be searched for matching algorithms before the list of registered providers.
@@ -301,6 +309,11 @@ policy.ignoreIdentityScope=false @@ -298,6 +306,11 @@ policy.ignoreIdentityScope=false
# #
keystore.type=pkcs12 keystore.type=pkcs12
@ -1073,7 +1094,7 @@ index c0eed3f884..b03bd9f896 100644
# #
# Controls compatibility mode for JKS and PKCS12 keystore types. # Controls compatibility mode for JKS and PKCS12 keystore types.
# #
@@ -338,6 +351,13 @@ package.definition=sun.misc.,\ @@ -335,6 +348,13 @@ package.definition=sun.misc.,\
# #
security.overridePropertiesFile=true security.overridePropertiesFile=true
@ -1384,7 +1405,7 @@ index 0000000000..b848a1fd78
+ } + }
+} +}
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
index ffbd671246..bdaad67e06 100644 index cf7cd19b68..69cda46f85 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -26,6 +26,9 @@ @@ -26,6 +26,9 @@
@ -1406,7 +1427,7 @@ index ffbd671246..bdaad67e06 100644
import sun.security.util.Debug; import sun.security.util.Debug;
import sun.security.util.ResourcesMgr; import sun.security.util.ResourcesMgr;
import static sun.security.util.SecurityConstants.PROVIDER_VER; import static sun.security.util.SecurityConstants.PROVIDER_VER;
@@ -61,6 +66,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; @@ -60,6 +65,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
*/ */
public final class SunPKCS11 extends AuthProvider { public final class SunPKCS11 extends AuthProvider {
@ -1436,7 +1457,7 @@ index ffbd671246..bdaad67e06 100644
private static final long serialVersionUID = -1354835039035306505L; private static final long serialVersionUID = -1354835039035306505L;
static final Debug debug = Debug.getInstance("sunpkcs11"); static final Debug debug = Debug.getInstance("sunpkcs11");
@@ -318,10 +346,15 @@ public final class SunPKCS11 extends AuthProvider { @@ -317,10 +345,15 @@ public final class SunPKCS11 extends AuthProvider {
// request multithreaded access first // request multithreaded access first
initArgs.flags = CKF_OS_LOCKING_OK; initArgs.flags = CKF_OS_LOCKING_OK;
PKCS11 tmpPKCS11; PKCS11 tmpPKCS11;
@ -1453,7 +1474,7 @@ index ffbd671246..bdaad67e06 100644
} catch (PKCS11Exception e) { } catch (PKCS11Exception e) {
if (debug != null) { if (debug != null) {
debug.println("Multi-threaded initialization failed: " + e); debug.println("Multi-threaded initialization failed: " + e);
@@ -337,7 +370,7 @@ public final class SunPKCS11 extends AuthProvider { @@ -336,7 +369,7 @@ public final class SunPKCS11 extends AuthProvider {
initArgs.flags = 0; initArgs.flags = 0;
} }
tmpPKCS11 = PKCS11.getInstance(library, tmpPKCS11 = PKCS11.getInstance(library,
@ -1462,7 +1483,7 @@ index ffbd671246..bdaad67e06 100644
} }
p11 = tmpPKCS11; p11 = tmpPKCS11;
@@ -377,6 +410,24 @@ public final class SunPKCS11 extends AuthProvider { @@ -376,6 +409,24 @@ public final class SunPKCS11 extends AuthProvider {
if (nssModule != null) { if (nssModule != null) {
nssModule.setProvider(this); nssModule.setProvider(this);
} }

File diff suppressed because it is too large Load Diff

View File

@ -1,11 +1,11 @@
commit b8711800e3cd9132ad2b195c82cf816210feb77d commit 81c2107a9188680f7c35ebc7697b292d5972436e
Author: Andrew Hughes <gnu.andrew@redhat.com> Author: Andrew Hughes <gnu.andrew@redhat.com>
Date: Thu Oct 5 03:13:01 2023 +0100 Date: Mon Feb 27 13:22:43 2023 +0000
Backport 78be334c3817a1b5840922a9bf1339a40dcc5185 Backport 78be334c3817a1b5840922a9bf1339a40dcc5185
diff --git a/src/java.base/share/classes/sun/security/util/KnownOIDs.java b/src/java.base/share/classes/sun/security/util/KnownOIDs.java diff --git a/src/java.base/share/classes/sun/security/util/KnownOIDs.java b/src/java.base/share/classes/sun/security/util/KnownOIDs.java
index b5cc3b05f1..7e235c90dd 100644 index 92ecb9adc0c..a5848c96aad 100644
--- a/src/java.base/share/classes/sun/security/util/KnownOIDs.java --- a/src/java.base/share/classes/sun/security/util/KnownOIDs.java
+++ b/src/java.base/share/classes/sun/security/util/KnownOIDs.java +++ b/src/java.base/share/classes/sun/security/util/KnownOIDs.java
@@ -155,6 +155,14 @@ public enum KnownOIDs { @@ -155,6 +155,14 @@ public enum KnownOIDs {
@ -24,7 +24,7 @@ index b5cc3b05f1..7e235c90dd 100644
SHA3_256withRSA("2.16.840.1.101.3.4.3.14", "SHA3-256withRSA"), SHA3_256withRSA("2.16.840.1.101.3.4.3.14", "SHA3-256withRSA"),
SHA3_384withRSA("2.16.840.1.101.3.4.3.15", "SHA3-384withRSA"), SHA3_384withRSA("2.16.840.1.101.3.4.3.15", "SHA3-384withRSA"),
diff --git a/src/java.base/share/classes/sun/security/util/SignatureUtil.java b/src/java.base/share/classes/sun/security/util/SignatureUtil.java diff --git a/src/java.base/share/classes/sun/security/util/SignatureUtil.java b/src/java.base/share/classes/sun/security/util/SignatureUtil.java
index 32c089fd96..7d5c0c7e29 100644 index 32c089fd96d..7d5c0c7e299 100644
--- a/src/java.base/share/classes/sun/security/util/SignatureUtil.java --- a/src/java.base/share/classes/sun/security/util/SignatureUtil.java
+++ b/src/java.base/share/classes/sun/security/util/SignatureUtil.java +++ b/src/java.base/share/classes/sun/security/util/SignatureUtil.java
@@ -168,4 +168,22 @@ public class SignatureUtil { @@ -168,4 +168,22 @@ public class SignatureUtil {
@ -51,7 +51,7 @@ index 32c089fd96..7d5c0c7e29 100644
+ } + }
} }
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java
index 41fe61b8a1..daf0bc9f69 100644 index 41fe61b8a16..daf0bc9f69c 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -93,7 +93,7 @@ index 41fe61b8a1..daf0bc9f69 100644
break; break;
default: default:
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java
index 926414608c..f343e6025e 100644 index 926414608cb..f343e6025e1 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java
@@ -36,7 +36,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; @@ -36,7 +36,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
@ -428,7 +428,7 @@ index 926414608c..f343e6025e 100644
- -
} }
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java
index c88e4a6ace..29b26651c3 100644 index c88e4a6ace5..29b26651c39 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java
@@ -39,8 +39,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; @@ -39,8 +39,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
@ -465,7 +465,7 @@ index c88e4a6ace..29b26651c3 100644
break; break;
case (int)CKM_SSL3_MD5_MAC: case (int)CKM_SSL3_MD5_MAC:
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
index 1419be3754..18e00a544b 100644 index 26eaa4735f1..905b6ea9562 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
@@ -38,6 +38,7 @@ import java.security.spec.MGF1ParameterSpec; @@ -38,6 +38,7 @@ import java.security.spec.MGF1ParameterSpec;
@ -738,7 +738,7 @@ index 1419be3754..18e00a544b 100644
// see JCA spec // see JCA spec
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
index e3af106d05..e49edf32c2 100644 index e3af106d05a..e49edf32c29 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
@@ -51,8 +51,15 @@ import sun.security.util.KeyUtil; @@ -51,8 +51,15 @@ import sun.security.util.KeyUtil;
@ -970,88 +970,111 @@ index e3af106d05..e49edf32c2 100644
// return RSASignature.decodeSignature(digestOID, signature); // return RSASignature.decodeSignature(digestOID, signature);
// } // }
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
index ffbd671246..d191831dab 100644 index cf7cd19b689..7a8bcffb92c 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -546,6 +546,14 @@ public final class SunPKCS11 extends AuthProvider { @@ -550,6 +550,18 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_SHA512_224)); d(MD, "SHA-512/256", P11Digest,
dA(MD, "SHA-512/256", P11Digest, s("2.16.840.1.101.3.4.2.6", "OID.2.16.840.1.101.3.4.2.6"),
m(CKM_SHA512_256)); m(CKM_SHA512_256));
+ dA(MD, "SHA3-224", P11Digest, + d(MD, "SHA3-224", P11Digest,
+ s("2.16.840.1.101.3.4.2.7", "OID.2.16.840.1.101.3.4.2.7"),
+ m(CKM_SHA3_224)); + m(CKM_SHA3_224));
+ dA(MD, "SHA3-256", P11Digest, + d(MD, "SHA3-256", P11Digest,
+ s("2.16.840.1.101.3.4.2.8", "OID.2.16.840.1.101.3.4.2.8"),
+ m(CKM_SHA3_256)); + m(CKM_SHA3_256));
+ dA(MD, "SHA3-384", P11Digest, + d(MD, "SHA3-384", P11Digest,
+ s("2.16.840.1.101.3.4.2.9", "OID.2.16.840.1.101.3.4.2.9"),
+ m(CKM_SHA3_384)); + m(CKM_SHA3_384));
+ dA(MD, "SHA3-512", P11Digest, + d(MD, "SHA3-512", P11Digest,
+ s("2.16.840.1.101.3.4.2.10", "OID.2.16.840.1.101.3.4.2.10"),
+ m(CKM_SHA3_512)); + m(CKM_SHA3_512));
d(MAC, "HmacMD5", P11MAC, d(MAC, "HmacMD5", P11MAC,
m(CKM_MD5_HMAC)); m(CKM_MD5_HMAC));
@@ -563,7 +571,14 @@ public final class SunPKCS11 extends AuthProvider { @@ -574,7 +586,18 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_SHA512_224_HMAC)); d(MAC, "HmacSHA512/256", P11MAC,
dA(MAC, "HmacSHA512/256", P11MAC, s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"),
m(CKM_SHA512_256_HMAC)); m(CKM_SHA512_256_HMAC));
- -
+ dA(MAC, "HmacSHA3-224", P11MAC, + d(MAC, "HmacSHA3-224", P11MAC,
+ s("2.16.840.1.101.3.4.2.13", "OID.2.16.840.1.101.3.4.2.13"),
+ m(CKM_SHA3_224_HMAC)); + m(CKM_SHA3_224_HMAC));
+ dA(MAC, "HmacSHA3-256", P11MAC, + d(MAC, "HmacSHA3-256", P11MAC,
+ s("2.16.840.1.101.3.4.2.14", "OID.2.16.840.1.101.3.4.2.14"),
+ m(CKM_SHA3_256_HMAC)); + m(CKM_SHA3_256_HMAC));
+ dA(MAC, "HmacSHA3-384", P11MAC, + d(MAC, "HmacSHA3-384", P11MAC,
+ s("2.16.840.1.101.3.4.2.15", "OID.2.16.840.1.101.3.4.2.15"),
+ m(CKM_SHA3_384_HMAC)); + m(CKM_SHA3_384_HMAC));
+ dA(MAC, "HmacSHA3-512", P11MAC, + d(MAC, "HmacSHA3-512", P11MAC,
+ s("2.16.840.1.101.3.4.2.16", "OID.2.16.840.1.101.3.4.2.16"),
+ m(CKM_SHA3_512_HMAC)); + m(CKM_SHA3_512_HMAC));
d(MAC, "SslMacMD5", P11MAC, d(MAC, "SslMacMD5", P11MAC,
m(CKM_SSL3_MD5_MAC)); m(CKM_SSL3_MD5_MAC));
d(MAC, "SslMacSHA1", P11MAC, d(MAC, "SslMacSHA1", P11MAC,
@@ -595,6 +610,30 @@ public final class SunPKCS11 extends AuthProvider { @@ -604,6 +627,41 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_BLOWFISH_KEY_GEN)); m(CKM_BLOWFISH_KEY_GEN));
d(KG, "ChaCha20", P11KeyGenerator, d(KG, "ChaCha20", P11KeyGenerator,
m(CKM_CHACHA20_KEY_GEN)); m(CKM_CHACHA20_KEY_GEN));
+ d(KG, "HmacMD5", P11KeyGenerator, // 1.3.6.1.5.5.8.1.1 + d(KG, "HmacMD5", P11KeyGenerator, // 1.3.6.1.5.5.8.1.1
+ m(CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_GENERIC_SECRET_KEY_GEN));
+ dA(KG, "HmacSHA1", P11KeyGenerator, + d(KG, "HmacSHA1", P11KeyGenerator,
+ s("1.2.840.113549.2.7", "OID.1.2.840.113549.2.7"),
+ m(CKM_SHA_1_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA_1_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ dA(KG, "HmacSHA224", P11KeyGenerator, + d(KG, "HmacSHA224", P11KeyGenerator,
+ s("1.2.840.113549.2.8", "OID.1.2.840.113549.2.8"),
+ m(CKM_SHA224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ dA(KG, "HmacSHA256", P11KeyGenerator, + d(KG, "HmacSHA256", P11KeyGenerator,
+ s("1.2.840.113549.2.9", "OID.1.2.840.113549.2.9"),
+ m(CKM_SHA256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ dA(KG, "HmacSHA384", P11KeyGenerator, + d(KG, "HmacSHA384", P11KeyGenerator,
+ s("1.2.840.113549.2.10", "OID.1.2.840.113549.2.10"),
+ m(CKM_SHA384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ dA(KG, "HmacSHA512", P11KeyGenerator, + d(KG, "HmacSHA512", P11KeyGenerator,
+ s("1.2.840.113549.2.11", "OID.1.2.840.113549.2.11"),
+ m(CKM_SHA512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ dA(KG, "HmacSHA512/224", P11KeyGenerator, + d(KG, "HmacSHA512/224", P11KeyGenerator,
+ s("1.2.840.113549.2.12", "OID.1.2.840.113549.2.12"),
+ m(CKM_SHA512_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA512_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ dA(KG, "HmacSHA512/256", P11KeyGenerator, + d(KG, "HmacSHA512/256", P11KeyGenerator,
+ s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"),
+ m(CKM_SHA512_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA512_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ dA(KG, "HmacSHA3-224", P11KeyGenerator, + d(KG, "HmacSHA3-224", P11KeyGenerator,
+ s("2.16.840.1.101.3.4.2.13", "OID.2.16.840.1.101.3.4.2.13"),
+ m(CKM_SHA3_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA3_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ dA(KG, "HmacSHA3-256", P11KeyGenerator, + d(KG, "HmacSHA3-256", P11KeyGenerator,
+ s("2.16.840.1.101.3.4.2.14", "OID.2.16.840.1.101.3.4.2.14"),
+ m(CKM_SHA3_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA3_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ dA(KG, "HmacSHA3-384", P11KeyGenerator, + d(KG, "HmacSHA3-384", P11KeyGenerator,
+ s("2.16.840.1.101.3.4.2.15", "OID.2.16.840.1.101.3.4.2.15"),
+ m(CKM_SHA3_384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA3_384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
+ dA(KG, "HmacSHA3-512", P11KeyGenerator, + d(KG, "HmacSHA3-512", P11KeyGenerator,
+ s("2.16.840.1.101.3.4.2.16", "OID.2.16.840.1.101.3.4.2.16"),
+ m(CKM_SHA3_512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + m(CKM_SHA3_512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN));
// register (Secret)KeyFactories if there are any mechanisms // register (Secret)KeyFactories if there are any mechanisms
// for a particular algorithm that we support // for a particular algorithm that we support
@@ -725,37 +764,77 @@ public final class SunPKCS11 extends AuthProvider { @@ -747,13 +805,40 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_DSA_SHA384)); d(SIG, "SHA512withDSA", P11Signature,
dA(SIG, "SHA512withDSA", P11Signature, s("2.16.840.1.101.3.4.3.4", "OID.2.16.840.1.101.3.4.3.4"),
m(CKM_DSA_SHA512)); m(CKM_DSA_SHA512));
+ dA(SIG, "SHA3-224withDSA", P11Signature, + d(SIG, "SHA3-224withDSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.5", "OID.2.16.840.1.101.3.4.3.5"),
+ m(CKM_DSA_SHA3_224)); + m(CKM_DSA_SHA3_224));
+ dA(SIG, "SHA3-256withDSA", P11Signature, + d(SIG, "SHA3-256withDSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.6", "OID.2.16.840.1.101.3.4.3.6"),
+ m(CKM_DSA_SHA3_256)); + m(CKM_DSA_SHA3_256));
+ dA(SIG, "SHA3-384withDSA", P11Signature, + d(SIG, "SHA3-384withDSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.7", "OID.2.16.840.1.101.3.4.3.7"),
+ m(CKM_DSA_SHA3_384)); + m(CKM_DSA_SHA3_384));
+ dA(SIG, "SHA3-512withDSA", P11Signature, + d(SIG, "SHA3-512withDSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.8", "OID.2.16.840.1.101.3.4.3.8"),
+ m(CKM_DSA_SHA3_512)); + m(CKM_DSA_SHA3_512));
d(SIG, "RawDSAinP1363Format", P11Signature, d(SIG, "RawDSAinP1363Format", P11Signature,
List.of("NONEwithDSAinP1363Format"), s("NONEwithDSAinP1363Format"),
m(CKM_DSA)); m(CKM_DSA));
d(SIG, "DSAinP1363Format", P11Signature, d(SIG, "DSAinP1363Format", P11Signature,
List.of("SHA1withDSAinP1363Format"), s("SHA1withDSAinP1363Format"),
m(CKM_DSA_SHA1, CKM_DSA)); m(CKM_DSA_SHA1, CKM_DSA));
- -
+ d(SIG, "SHA224withDSAinP1363Format", P11Signature, + d(SIG, "SHA224withDSAinP1363Format", P11Signature,
@ -1072,27 +1095,36 @@ index ffbd671246..d191831dab 100644
+ m(CKM_DSA_SHA3_512)); + m(CKM_DSA_SHA3_512));
d(SIG, "NONEwithECDSA", P11Signature, d(SIG, "NONEwithECDSA", P11Signature,
m(CKM_ECDSA)); m(CKM_ECDSA));
dA(SIG, "SHA1withECDSA", P11Signature, d(SIG, "SHA1withECDSA", P11Signature,
@@ -761,28 +846,49 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_ECDSA_SHA1, CKM_ECDSA)); m(CKM_ECDSA_SHA1, CKM_ECDSA));
dA(SIG, "SHA224withECDSA", P11Signature, d(SIG, "SHA224withECDSA", P11Signature,
s("1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"),
- m(CKM_ECDSA)); - m(CKM_ECDSA));
+ m(CKM_ECDSA_SHA224, CKM_ECDSA)); + m(CKM_ECDSA_SHA224, CKM_ECDSA));
dA(SIG, "SHA256withECDSA", P11Signature, d(SIG, "SHA256withECDSA", P11Signature,
s("1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"),
- m(CKM_ECDSA)); - m(CKM_ECDSA));
+ m(CKM_ECDSA_SHA256, CKM_ECDSA)); + m(CKM_ECDSA_SHA256, CKM_ECDSA));
dA(SIG, "SHA384withECDSA", P11Signature, d(SIG, "SHA384withECDSA", P11Signature,
s("1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3"),
- m(CKM_ECDSA)); - m(CKM_ECDSA));
+ m(CKM_ECDSA_SHA384, CKM_ECDSA)); + m(CKM_ECDSA_SHA384, CKM_ECDSA));
dA(SIG, "SHA512withECDSA", P11Signature, d(SIG, "SHA512withECDSA", P11Signature,
s("1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"),
- m(CKM_ECDSA)); - m(CKM_ECDSA));
+ m(CKM_ECDSA_SHA512, CKM_ECDSA)); + m(CKM_ECDSA_SHA512, CKM_ECDSA));
+ dA(SIG, "SHA3-224withECDSA", P11Signature, + d(SIG, "SHA3-224withECDSA", P11Signature,
+ s("1.2.840.10045.4.3.9", "OID.1.2.840.10045.4.3.9"),
+ m(CKM_ECDSA_SHA3_224, CKM_ECDSA)); + m(CKM_ECDSA_SHA3_224, CKM_ECDSA));
+ dA(SIG, "SHA3-256withECDSA", P11Signature, + d(SIG, "SHA3-256withECDSA", P11Signature,
+ s("1.2.840.10045.4.3.10", "OID.1.2.840.10045.4.3.10"),
+ m(CKM_ECDSA_SHA3_256, CKM_ECDSA)); + m(CKM_ECDSA_SHA3_256, CKM_ECDSA));
+ dA(SIG, "SHA3-384withECDSA", P11Signature, + d(SIG, "SHA3-384withECDSA", P11Signature,
+ s("1.2.840.10045.4.3.11", "OID.1.2.840.10045.4.3.11"),
+ m(CKM_ECDSA_SHA3_384, CKM_ECDSA)); + m(CKM_ECDSA_SHA3_384, CKM_ECDSA));
+ dA(SIG, "SHA3-512withECDSA", P11Signature, + d(SIG, "SHA3-512withECDSA", P11Signature,
+ s("1.2.840.10045.4.3.12", "OID.1.2.840.10045.4.3.12"),
+ m(CKM_ECDSA_SHA3_512, CKM_ECDSA)); + m(CKM_ECDSA_SHA3_512, CKM_ECDSA));
d(SIG, "NONEwithECDSAinP1363Format", P11Signature, d(SIG, "NONEwithECDSAinP1363Format", P11Signature,
m(CKM_ECDSA)); m(CKM_ECDSA));
@ -1119,25 +1151,29 @@ index ffbd671246..d191831dab 100644
+ d(SIG, "SHA3-512withECDSAinP1363Format", P11Signature, + d(SIG, "SHA3-512withECDSAinP1363Format", P11Signature,
+ m(CKM_ECDSA_SHA3_512, CKM_ECDSA)); + m(CKM_ECDSA_SHA3_512, CKM_ECDSA));
+ +
dA(SIG, "MD2withRSA", P11Signature, d(SIG, "MD2withRSA", P11Signature,
s("1.2.840.113549.1.1.2", "OID.1.2.840.113549.1.1.2"),
m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
dA(SIG, "MD5withRSA", P11Signature, @@ -805,6 +911,18 @@ public final class SunPKCS11 extends AuthProvider {
@@ -770,6 +849,14 @@ public final class SunPKCS11 extends AuthProvider { d(SIG, "SHA512withRSA", P11Signature,
m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
dA(SIG, "SHA512withRSA", P11Signature,
m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
+ dA(SIG, "SHA3-224withRSA", P11Signature, + d(SIG, "SHA3-224withRSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.13", "OID.2.16.840.1.101.3.4.3.13"),
+ m(CKM_SHA3_224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); + m(CKM_SHA3_224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
+ dA(SIG, "SHA3-256withRSA", P11Signature, + d(SIG, "SHA3-256withRSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.14", "OID.2.16.840.1.101.3.4.3.14"),
+ m(CKM_SHA3_256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); + m(CKM_SHA3_256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
+ dA(SIG, "SHA3-384withRSA", P11Signature, + d(SIG, "SHA3-384withRSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.15", "OID.2.16.840.1.101.3.4.3.15"),
+ m(CKM_SHA3_384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); + m(CKM_SHA3_384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
+ dA(SIG, "SHA3-512withRSA", P11Signature, + d(SIG, "SHA3-512withRSA", P11Signature,
+ s("2.16.840.1.101.3.4.3.16", "OID.2.16.840.1.101.3.4.3.16"),
+ m(CKM_SHA3_512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); + m(CKM_SHA3_512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
dA(SIG, "RSASSA-PSS", P11PSSSignature, d(SIG, "RSASSA-PSS", P11PSSSignature,
s("1.2.840.113549.1.1.10", "OID.1.2.840.113549.1.1.10"),
m(CKM_RSA_PKCS_PSS)); m(CKM_RSA_PKCS_PSS));
d(SIG, "SHA1withRSASSA-PSS", P11PSSSignature, @@ -818,6 +936,14 @@ public final class SunPKCS11 extends AuthProvider {
@@ -782,6 +869,14 @@ public final class SunPKCS11 extends AuthProvider {
m(CKM_SHA384_RSA_PKCS_PSS)); m(CKM_SHA384_RSA_PKCS_PSS));
d(SIG, "SHA512withRSASSA-PSS", P11PSSSignature, d(SIG, "SHA512withRSASSA-PSS", P11PSSSignature,
m(CKM_SHA512_RSA_PKCS_PSS)); m(CKM_SHA512_RSA_PKCS_PSS));
@ -1153,7 +1189,7 @@ index ffbd671246..d191831dab 100644
d(KG, "SunTlsRsaPremasterSecret", d(KG, "SunTlsRsaPremasterSecret",
"sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator", "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator",
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java
index e077943bbc..cb04b95304 100644 index e077943bbc2..cb04b95304d 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -1179,7 +1215,7 @@ index e077943bbc..cb04b95304 100644
diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java
new file mode 100644 new file mode 100644
index 0000000000..d6707028d9 index 00000000000..d6707028d96
--- /dev/null --- /dev/null
+++ b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java +++ b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java
@@ -0,0 +1,84 @@ @@ -0,0 +1,84 @@
@ -1268,7 +1304,7 @@ index 0000000000..d6707028d9
+ } + }
+} +}
diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
index b61d10beec..78b7d857e8 100644 index b61d10beece..78b7d857e8e 100644
--- a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java --- a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
+++ b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java +++ b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
@@ -23,7 +23,7 @@ @@ -23,7 +23,7 @@
@ -1300,7 +1336,7 @@ index b61d10beec..78b7d857e8 100644
test("ARCFOUR", 1024, p, TestResult.TBD); test("ARCFOUR", 1024, p, TestResult.TBD);
} else if (p.getName().equals("SunPKCS11-NSS")) { } else if (p.getName().equals("SunPKCS11-NSS")) {
diff --git a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java diff --git a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java
index 59af327c1f..64c42a6dd0 100644 index 59af327c1f2..64c42a6dd06 100644
--- a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java --- a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java
+++ b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java +++ b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java
@@ -23,7 +23,7 @@ @@ -23,7 +23,7 @@
@ -1385,7 +1421,7 @@ index 59af327c1f..64c42a6dd0 100644
mac.reset(); mac.reset();
diff --git a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java diff --git a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java
index 5cad885984..7e045232e3 100644 index 5cad8859840..7e045232e3a 100644
--- a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java --- a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java
+++ b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java +++ b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -1478,7 +1514,7 @@ index 5cad885984..7e045232e3 100644
} }
} }
diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java
index 7ced00630c..a7a72e8ea3 100644 index 7ced00630cc..a7a72e8ea3d 100644
--- a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java --- a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java
+++ b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java +++ b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -1538,7 +1574,7 @@ index 7ced00630c..a7a72e8ea3 100644
byte[] d1 = md.digest(data); byte[] d1 = md.digest(data);
diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java
index ea7909bc39..268f698276 100644 index ea7909bc397..268f698276b 100644
--- a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java --- a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java
+++ b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java +++ b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -1619,7 +1655,7 @@ index ea7909bc39..268f698276 100644
private static void check(byte[] d1, byte[] d2) throws Exception { private static void check(byte[] d1, byte[] d2) throws Exception {
diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java
index b931c8564b..ace601c723 100644 index b931c8564b2..ace601c7233 100644
--- a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java --- a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java
+++ b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java +++ b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -1708,7 +1744,7 @@ index b931c8564b..ace601c723 100644
MessageDigest mdCopy0 = (MessageDigest) mdObj.clone(); MessageDigest mdCopy0 = (MessageDigest) mdObj.clone();
diff --git a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java diff --git a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java
index 26eeacffed..f5de994779 100644 index 26eeacffed9..f5de994779c 100644
--- a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java --- a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java
+++ b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java +++ b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java
@@ -23,7 +23,7 @@ @@ -23,7 +23,7 @@
@ -1734,7 +1770,7 @@ index 26eeacffed..f5de994779 100644
sig.update(t); sig.update(t);
byte[] signature = sig.sign(); byte[] signature = sig.sign();
diff --git a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java diff --git a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
index ccd66599fb..a2fa729497 100644 index ccd66599fb0..a2fa7294977 100644
--- a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java --- a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
+++ b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -1780,7 +1816,7 @@ index ccd66599fb..a2fa729497 100644
PSSParameterSpec params = new PSSParameterSpec("SHA-256", "MGF1", PSSParameterSpec params = new PSSParameterSpec("SHA-256", "MGF1",
new MGF1ParameterSpec("SHA-256"), 32, new MGF1ParameterSpec("SHA-256"), 32,
diff --git a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java diff --git a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
index 2e4fedbf1d..f1c0492b5f 100644 index 2e4fedbf1d5..f1c0492b5fc 100644
--- a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java --- a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
+++ b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -1874,7 +1910,7 @@ index 2e4fedbf1d..f1c0492b5f 100644
System.out.println("test#4: pass"); System.out.println("test#4: pass");
} }
diff --git a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java diff --git a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java
index 42ca7fa203..8c132ca7e4 100644 index 42ca7fa203d..8c132ca7e4f 100644
--- a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java --- a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java
+++ b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java +++ b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java
@@ -23,312 +23,13 @@ @@ -23,312 +23,13 @@
@ -2206,7 +2242,7 @@ index 42ca7fa203..8c132ca7e4 100644
new Random().nextBytes(data); new Random().nextBytes(data);
sig.initSign(privateKey); sig.initSign(privateKey);
diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
index 3c3edb5aa6..1114702277 100644 index 3c3edb5aa6a..11147022771 100644
--- a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java --- a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
+++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -2227,7 +2263,7 @@ index 3c3edb5aa6..1114702277 100644
* @library /test/lib .. * @library /test/lib ..
diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java
new file mode 100644 new file mode 100644
index 0000000000..b8ea986332 index 00000000000..b8ea9863327
--- /dev/null --- /dev/null
+++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java +++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java
@@ -0,0 +1,98 @@ @@ -0,0 +1,98 @@
@ -2330,7 +2366,7 @@ index 0000000000..b8ea986332
+ } + }
+} +}
diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
index 3a6dbe345e..4c1f7284bb 100644 index 3a6dbe345e9..4c1f7284bbc 100644
--- a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java --- a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
+++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java +++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -2388,7 +2424,7 @@ index 3a6dbe345e..4c1f7284bb 100644
hash, "MGF1", new MGF1ParameterSpec(mgfHash), 0, 1); hash, "MGF1", new MGF1ParameterSpec(mgfHash), 0, 1);
diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java
new file mode 100644 new file mode 100644
index 0000000000..516b17972e index 00000000000..516b17972e5
--- /dev/null --- /dev/null
+++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java +++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java
@@ -0,0 +1,140 @@ @@ -0,0 +1,140 @@
@ -2533,7 +2569,7 @@ index 0000000000..516b17972e
+ } + }
+} +}
diff --git a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java diff --git a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java
index 222f8a2a5e..3161de6fc5 100644 index 222f8a2a5ed..3161de6fc50 100644
--- a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java --- a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java
+++ b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java +++ b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -2628,7 +2664,7 @@ index 222f8a2a5e..3161de6fc5 100644
} }
} }
diff --git a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java diff --git a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java
index f469ca17b6..7e5a012a5e 100644 index f469ca17b65..7e5a012a5ec 100644
--- a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java --- a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java
+++ b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java +++ b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java
@@ -22,8 +22,8 @@ @@ -22,8 +22,8 @@
@ -2661,7 +2697,7 @@ index f469ca17b6..7e5a012a5e 100644
kpg.initialize(512); kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair(); KeyPair kp = kpg.generateKeyPair();
diff --git a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt diff --git a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt
index 49778ea954..576b1dc4d6 100644 index 49778ea954c..576b1dc4d69 100644
--- a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt --- a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt
+++ b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt +++ b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt
@@ -11,12 +11,23 @@ library = ${pkcs11test.nss.lib} @@ -11,12 +11,23 @@ library = ${pkcs11test.nss.lib}

View File

@ -0,0 +1,55 @@
commit b4caafe16f14983e303b7f1fdf3090e5c513ebd8
Author: Andrew John Hughes <andrew@openjdk.org>
Date: Thu Apr 13 15:37:20 2023 +0000
8274864: Remove Amman/Cairo hacks in ZoneInfoFile
Backport-of: ec199072c5867624d66840238cc8828e16ae8da7
diff --git a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
index 1dc82561f2..a51490767d 100644
--- a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
+++ b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
@@ -607,34 +607,6 @@ public final class ZoneInfoFile {
params[8] = endRule.secondOfDay * 1000;
params[9] = toSTZTime[endRule.timeDefinition];
dstSavings = (startRule.offsetAfter - startRule.offsetBefore) * 1000;
-
- // Note: known mismatching -> Asia/Amman
- // ZoneInfo : startDayOfWeek=5 <= Thursday
- // startTime=86400000 <= 24 hours
- // This: startDayOfWeek=6
- // startTime=0
- // Similar workaround needs to be applied to Africa/Cairo and
- // its endDayOfWeek and endTime
- // Below is the workarounds, it probably slows down everyone a little
- if (params[2] == 6 && params[3] == 0 &&
- (zoneId.equals("Asia/Amman"))) {
- params[2] = 5;
- params[3] = 86400000;
- }
- // Additional check for startDayOfWeek=6 and starTime=86400000
- // is needed for Asia/Amman;
- if (params[2] == 7 && params[3] == 0 &&
- (zoneId.equals("Asia/Amman"))) {
- params[2] = 6; // Friday
- params[3] = 86400000; // 24h
- }
- //endDayOfWeek and endTime workaround
- if (params[7] == 6 && params[8] == 0 &&
- (zoneId.equals("Africa/Cairo"))) {
- params[7] = 5;
- params[8] = 86400000;
- }
-
} else if (nTrans > 0) { // only do this if there is something in table already
if (lastyear < LASTYEAR) {
// ZoneInfo has an ending entry for 2037
@@ -907,7 +879,6 @@ public final class ZoneInfoFile {
this.dow = dowByte == 0 ? -1 : dowByte;
this.secondOfDay = timeByte == 31 ? in.readInt() : timeByte * 3600;
this.timeDefinition = (data & (3 << 12)) >>> 12;
-
this.standardOffset = stdByte == 255 ? in.readInt() : (stdByte - 128) * 900;
this.offsetBefore = beforeByte == 3 ? in.readInt() : standardOffset + beforeByte * 1800;
this.offsetAfter = afterByte == 3 ? in.readInt() : standardOffset + afterByte * 1800;

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff