Mercurial > hg > icedtea6-hg
changeset 3169:ccfb83ff9e78
Sync with upstream OpenJDK 6 repository.
Upstream changes:
- OJ43: Backport JAX_WS-945; Socket backlog may be limiting lwhs performance
- S6364329: jstat displays "invalid argument count" with usage
- S6507067: TimeZone country/area message error
- S6585666: Spanish language names not compliant with CLDR
- S6608572: Currency change for Malta and Cyprus
- S6610748: Dateformat - AM-PM indicator in Finnish appears to be from English
- S6627549: ISO 3166 code addition: Saint Barthelemy and Saint Martin
- S6645271: Wrong date format for Croatian (hr) locale
- S6646611: Incorrect spelling of month name in locale for Belarusian language ("be", "BY")
- S6647452: Remove obfuscation, framework and provider self-verification checking
- S6716626: Integrate contributed language and country names for NL
- S6786276: Locale.getISOCountries() still contains country code "CS"
- S6868106: Ukrainian currency has wrong format
- S6870908: reopen bug 4244752: month names in Estonian should be lowercase
- S6873931: New Turkish currency since 2009
- S6910489: Slovenia Locale, wrong firstDayOfWeek number
- S6914413: abbreviation name for November is not correct in be_BY
- S6916787: Ukrainian currency name needs to be fixed
- S6919624: minimalDaysInFirstWeek ressource for hungarian is wrong
- S6931564: Incorrect display name of Locale for south africa
- S6938454: 2 new testcases for bug: Unable to determine generic type in program that compiles under Java 6
- S6938454: Unable to determine generic type in program that compiles under Java 6
- S7019267: Currency Display Names are not localized into pt_BR.
- S7020583: Some currency names are missing in some locales
- S7020960: CurrencyNames_sr_RS.properties is missing.
- S7025837: fix plural currency display names in sr_Latn_(BA|ME|RS).properties
- S7028073: The currency symbol for Peru is wrong
- S7036905: [de] dem - the german mark display name is incorrect
- S7066203: Update currency data to the latest ISO 4217 standard
- S7077119: remove past transition dates from CurrencyData.properties file
- S7085757: Currency Data: ISO 4217 Amendment 152
- S7122142: (ann) Race condition between isAnnotationPresent and getAnnotations
- S7161796: PhaseStringOpts::fetch_static_field tries to fetch field from the Klass instead of the mirror
- S7171028: dots are missed in the datetime for Slovanian
- S7185456: (ann) Optimize Annotation handling in java/sun.reflect.* code for small number of annotations
- S7189611: Venezuela current Currency should be Bs.F.
- S7195759: ISO 4217 Amendment 154
- S7201205: Add Makefile configuration option to build with unlimited crypto in OpenJDK.
- S8005232: (JEP-149) Class Instance size reduction
- S8006748: getISO3Country() returns wrong value
- S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale
- S8021121: ISO 4217 Amendment Number 156
- S8022721: TEST_BUG: AnnotationTypeDeadlockTest.java throws java.lang.IllegalStateException: unexpected condition
- S8027695: There should be a space before % sign in Swedish locale
- S8055222: Currency update needed for ISO 4217 Amendment #159
2015-01-19 Andrew John Hughes <gnu.andrew@member.fsf.org>
* patches/clean-crypto.patch: Removed; replaced by
inclusion of UNLIMITED_CRYPTO=true solution upstream.
* patches/openjdk/7122142-annotation_race_condition.patch,
* patches/openjdk/7161796-wrong_fetch_in_fetch_static_field.patch:
Remove patches included upstream.
* Makefile.am:
(ICEDTEA_PATCHES): Remove above patches.
(ICEDTEA_ENV): Set UNLIMITED_CRYPTO=true.
* NEWS: Updated.
* patches/openjdk/4963723-implement_sha-224.patch:
Regenerated following backport of 6647452 upstream.
* patches/openjdk/7044060-support_nsa_suite_b.patch:
Likewise.
* patches/openjdk/7106773-512_bits_rsa.patch: Likewise.
* patches/openjdk/8006935-long_keys_in_hmac_prf.patch: Likewise.
* patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch:
Likewise.
* patches/openjdk/p11cipher-6604496-support_ckm_aes_ctr.patch:
Likewise.
2015-01-05 Andrew John Hughes <gnu.andrew@member.fsf.org>
* patches/ecj/pr64174.patch: Drop the Lithuanian
changeover date now, as it's in the past.
2014-12-04 Andrew John Hughes <gnu.andrew@member.fsf.org>
* Makefile.am:
(ICEDTEA_ECJ_PATCHES): Add workaround for bug
in parsing end-of-year dates (Classpath PR64174).
* acinclude.m4:
(IT_PR64174_CHECK): Detect if the boot JDK suffers
from PR64174 and apply the patch if so.
* configure.ac: Call IT_PR64174_CHECK.
* patches/ecj/pr64174.patch: Drop the Latvian
Euro changeover date, which is in the past anyway,
and move Lithuania's two hours forward so it enters
2015 and avoids the bug.
| author | Andrew John Hughes <gnu.andrew@redhat.com> |
|---|---|
| date | Mon, 19 Jan 2015 17:52:30 +0000 |
| parents | d6a1b5eb846b |
| children | ee1714db3b97 |
| files | ChangeLog Makefile.am NEWS acinclude.m4 configure.ac patches/clean-crypto.patch patches/ecj/pr64174.patch patches/openjdk/4963723-implement_sha-224.patch patches/openjdk/7044060-support_nsa_suite_b.patch patches/openjdk/7106773-512_bits_rsa.patch patches/openjdk/7122142-annotation_race_condition.patch patches/openjdk/7161796-wrong_fetch_in_fetch_static_field.patch patches/openjdk/8006935-long_keys_in_hmac_prf.patch patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch patches/openjdk/p11cipher-6604496-support_ckm_aes_ctr.patch |
| diffstat | 15 files changed, 361 insertions(+), 3331 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Dec 24 18:48:30 2014 +0000 +++ b/ChangeLog Mon Jan 19 17:52:30 2015 +0000 @@ -1,3 +1,44 @@ +2015-01-19 Andrew John Hughes <gnu.andrew@member.fsf.org> + + * patches/clean-crypto.patch: Removed; replaced by + inclusion of UNLIMITED_CRYPTO=true solution upstream. + * patches/openjdk/7122142-annotation_race_condition.patch, + * patches/openjdk/7161796-wrong_fetch_in_fetch_static_field.patch: + Remove patches included upstream. + * Makefile.am: + (ICEDTEA_PATCHES): Remove above patches. + (ICEDTEA_ENV): Set UNLIMITED_CRYPTO=true. + * NEWS: Updated. + * patches/openjdk/4963723-implement_sha-224.patch: + Regenerated following backport of 6647452 upstream. + * patches/openjdk/7044060-support_nsa_suite_b.patch: + Likewise. + * patches/openjdk/7106773-512_bits_rsa.patch: Likewise. + * patches/openjdk/8006935-long_keys_in_hmac_prf.patch: Likewise. + * patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch: + Likewise. + * patches/openjdk/p11cipher-6604496-support_ckm_aes_ctr.patch: + Likewise. + +2015-01-05 Andrew John Hughes <gnu.andrew@member.fsf.org> + + * patches/ecj/pr64174.patch: Drop the Lithuanian + changeover date now, as it's in the past. + +2014-12-04 Andrew John Hughes <gnu.andrew@member.fsf.org> + + * Makefile.am: + (ICEDTEA_ECJ_PATCHES): Add workaround for bug + in parsing end-of-year dates (Classpath PR64174). + * acinclude.m4: + (IT_PR64174_CHECK): Detect if the boot JDK suffers + from PR64174 and apply the patch if so. + * configure.ac: Call IT_PR64174_CHECK. + * patches/ecj/pr64174.patch: Drop the Latvian + Euro changeover date, which is in the past anyway, + and move Lithuania's two hours forward so it enters + 2015 and avoids the bug. + 2014-11-12 Andrew John Hughes <gnu.andrew@redhat.com> * Makefile.am:
--- a/Makefile.am Wed Dec 24 18:48:30 2014 +0000 +++ b/Makefile.am Mon Jan 19 17:52:30 2015 +0000 @@ -345,7 +345,6 @@ patches/nomotif-mtoolkit.patch \ patches/alt-jar.patch \ patches/jdk-use-ssize_t.patch \ - patches/clean-crypto.patch \ patches/arch.patch \ patches/lc_ctype.patch \ patches/xjc.patch \ @@ -625,8 +624,6 @@ patches/openjdk/7106773-512_bits_rsa.patch \ patches/pr1904-icedtea_and_distro_versioning.patch \ patches/openjdk/8017173-xml_cipher_rsa_oaep_cant_be_instantiated.patch \ - patches/openjdk/7122142-annotation_race_condition.patch \ - patches/openjdk/7161796-wrong_fetch_in_fetch_static_field.patch \ patches/openjdk/8000897-use_corresponding_digest_length.patch \ patches/pr2083-aarch64_zero.patch @@ -748,6 +745,12 @@ ICEDTEA_ECJ_PATCHES += patches/ecj/no-test_gamma.patch endif +# If date parsing bug is present, drop Lithuania and Latvia EUR transition +# dates as they are already in the past anyway. +if CP64174 +ICEDTEA_ECJ_PATCHES += patches/ecj/pr64174.patch +endif + ICEDTEA_ECJ_PATCHES += $(DISTRIBUTION_ECJ_PATCHES) # OpenJDK build environment. @@ -822,7 +825,8 @@ STATIC_CXX="false" \ BUILD_GCC=gcc$(GCC_SUFFIX) \ BUILD_CXX=g++$(GCC_SUFFIX) \ - COMPILER_WARNINGS_FATAL="$(WERROR_STATUS)" + COMPILER_WARNINGS_FATAL="$(WERROR_STATUS)" \ + UNLIMITED_CRYPTO="true" if ENABLE_CACAO ICEDTEA_ENV += \
--- a/NEWS Wed Dec 24 18:48:30 2014 +0000 +++ b/NEWS Mon Jan 19 17:52:30 2015 +0000 @@ -14,14 +14,58 @@ New in release 1.14.0 (201X-XX-XX): +* Import of OpenJDK6 b34 + - OJ43: Backport JAX_WS-945; Socket backlog may be limiting lwhs performance + - S6364329: jstat displays "invalid argument count" with usage + - S6507067: TimeZone country/area message error + - S6585666: Spanish language names not compliant with CLDR + - S6608572: Currency change for Malta and Cyprus + - S6610748: Dateformat - AM-PM indicator in Finnish appears to be from English + - S6627549: ISO 3166 code addition: Saint Barthelemy and Saint Martin + - S6645271: Wrong date format for Croatian (hr) locale + - S6646611: Incorrect spelling of month name in locale for Belarusian language ("be", "BY") + - S6647452: Remove obfuscation, framework and provider self-verification checking + - S6716626: Integrate contributed language and country names for NL + - S6786276: Locale.getISOCountries() still contains country code "CS" + - S6868106: Ukrainian currency has wrong format + - S6870908: reopen bug 4244752: month names in Estonian should be lowercase + - S6873931: New Turkish currency since 2009 + - S6910489: Slovenia Locale, wrong firstDayOfWeek number + - S6914413: abbreviation name for November is not correct in be_BY + - S6916787: Ukrainian currency name needs to be fixed + - S6919624: minimalDaysInFirstWeek ressource for hungarian is wrong + - S6931564: Incorrect display name of Locale for south africa + - S6938454: 2 new testcases for bug: Unable to determine generic type in program that compiles under Java 6 + - S6938454: Unable to determine generic type in program that compiles under Java 6 + - S7019267: Currency Display Names are not localized into pt_BR. + - S7020583: Some currency names are missing in some locales + - S7020960: CurrencyNames_sr_RS.properties is missing. + - S7025837: fix plural currency display names in sr_Latn_(BA|ME|RS).properties + - S7028073: The currency symbol for Peru is wrong + - S7036905: [de] dem - the german mark display name is incorrect + - S7066203: Update currency data to the latest ISO 4217 standard + - S7077119: remove past transition dates from CurrencyData.properties file + - S7085757: Currency Data: ISO 4217 Amendment 152 + - S7122142, RH1151372: (ann) Race condition between isAnnotationPresent and getAnnotations + - S7161796, RH1151372: PhaseStringOpts::fetch_static_field tries to fetch field from the Klass instead of the mirror + - S7171028: dots are missed in the datetime for Slovanian + - S7185456: (ann) Optimize Annotation handling in java/sun.reflect.* code for small number of annotations + - S7189611: Venezuela current Currency should be Bs.F. + - S7195759: ISO 4217 Amendment 154 + - S7201205: Add Makefile configuration option to build with unlimited crypto in OpenJDK. + - S8005232: (JEP-149) Class Instance size reduction + - S8006748: getISO3Country() returns wrong value + - S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale + - S8021121: ISO 4217 Amendment Number 156 + - S8022721: TEST_BUG: AnnotationTypeDeadlockTest.java throws java.lang.IllegalStateException: unexpected condition + - S8027695: There should be a space before % sign in Swedish locale + - S8055222: Currency update needed for ISO 4217 Amendment #159 * Backports - S6611637: NullPointerException in sun.font.GlyphLayout$EngineRecord.init - S6727719: Performance of TextLayout.getBounds() - S6745225: Memory leak while drawing Attributed String - S6904962: GlyphVector.getVisualBounds should not be affected by leading or trailing white space. - - S7122142, RH1151372: (ann) Race condition between isAnnotationPresent and getAnnotations - S7151089: PS NUMA: NUMA allocator should not attempt to free pages when using SHM large pages - - S7161796, RH1151372: PhaseStringOpts::fetch_static_field tries to fetch field from the Klass instead of the mirror - S8000897, RH1155012: VM crash in CompileBroker - S8013057: Detect mmap() commit failures in Linux and Solaris os::commit_memory() impls and call vm_exit_out_of_memory() - S8026887: Make issues due to failed large pages allocations easier to debug
--- a/acinclude.m4 Wed Dec 24 18:48:30 2014 +0000 +++ b/acinclude.m4 Mon Jan 19 17:52:30 2015 +0000 @@ -2317,3 +2317,49 @@ AC_MSG_RESULT([$enable_werror]) AM_CONDITIONAL([ENABLE_WERROR], test x"${enable_werror}" = "xyes") ]) + +AC_DEFUN_ONCE([IT_PR64174_CHECK],[ +AC_REQUIRE([IT_CHECK_JAVA_AND_JAVAC_WORK]) +AC_CACHE_CHECK([if java.text.SimpleDateFormat exhibits Classpath bug 64174], it_cv_cp64174, [ + CLASS=Test.java + BYTECODE=$(echo $CLASS|sed 's#\.java##') + mkdir tmp.$$ + cd tmp.$$ + cat << \EOF > $CLASS +[/* [#]line __oline__ "configure" */ +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.Locale; +import java.util.TimeZone; + +public class Test +{ + public static void main(String[] args) + throws ParseException + { + SimpleDateFormat format; + + format = new SimpleDateFormat("yyyy-MM-dd-HH-mm-ss", Locale.US); + format.setTimeZone(TimeZone.getTimeZone("GMT")); + format.setLenient(false); + System.out.println(format.parse("2014-12-31-22-00-00")); + } +}] +EOF + if $JAVAC -cp . $JAVACFLAGS -source 5 -target 5 $CLASS >&AS_MESSAGE_LOG_FD 2>&1; then + if $JAVA -classpath . $BYTECODE >&AS_MESSAGE_LOG_FD 2>&1; then + it_cv_cp64174=no; + else + it_cv_cp64174=yes; + fi + else + it_cv_cp64174=yes; + fi + rm -f $CLASS *.class + cd .. + rmdir tmp.$$ + ]) +AM_CONDITIONAL([CP64174], test x"${it_cv_cp64174}" = "xyes") +AC_PROVIDE([$0])dnl +])
--- a/configure.ac Wed Dec 24 18:48:30 2014 +0000 +++ b/configure.ac Mon Jan 19 17:52:30 2015 +0000 @@ -167,6 +167,9 @@ IT_CHECK_FOR_CONSTRUCTOR([JAVA_SQL_EXCEPTION_REASON_STATE_THROWABLE],[java.sql.SQLException],[String.class,String.class,Throwable.class],["Something went wrong","",new Throwable()]) IT_CHECK_FOR_CONSTRUCTOR([JAVA_SQL_EXCEPTION_REASON_STATE_CODE_THROWABLE],[java.sql.SQLException],[String.class,String.class,Integer.TYPE,Throwable.class],["Something went wrong","",666,new Throwable()]) +dnl Check whether the JDK can parse the dates used in the currency file +IT_PR64174_CHECK + # Use xvfb-run if found to run gui tests (check-jdk). AC_CHECK_PROG(XVFB_RUN_CMD, xvfb-run, [xvfb-run -a -e xvfb-errors], []) AC_SUBST(XVFB_RUN_CMD)
--- a/patches/clean-crypto.patch Wed Dec 24 18:48:30 2014 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1099 +0,0 @@ -diff -Nru openjdk.orig/jdk/make/javax/crypto/Makefile openjdk/jdk/make/javax/crypto/Makefile ---- openjdk.orig/jdk/make/javax/crypto/Makefile 2010-05-26 09:32:35.000000000 +0100 -+++ openjdk/jdk/make/javax/crypto/Makefile 2010-05-26 13:53:03.000000000 +0100 -@@ -155,7 +155,8 @@ - # - - ifdef OPENJDK --all: build-jar install-jar build-policy install-limited -+# We don't need any policy files. -+all: build-jar install-jar - else # OPENJDK - ifeq ($(strip $(FILES_java)),) - all: -diff -Nru openjdk.orig/jdk/src/share/classes/javax/crypto/Cipher.java openjdk/jdk/src/share/classes/javax/crypto/Cipher.java ---- openjdk.orig/jdk/src/share/classes/javax/crypto/Cipher.java 2010-05-26 09:32:39.000000000 +0100 -+++ openjdk/jdk/src/share/classes/javax/crypto/Cipher.java 2010-05-26 13:53:03.000000000 +0100 -@@ -144,12 +144,6 @@ - // The transformation - private String transformation; - -- // Crypto permission representing the maximum allowable cryptographic -- // strength that this Cipher object can be used for. (The cryptographic -- // strength is a function of the keysize and algorithm parameters encoded -- // in the crypto permission.) -- private CryptoPermission cryptoPerm; -- - // The exemption mechanism that needs to be enforced - private ExemptionMechanism exmech; - -@@ -190,16 +184,9 @@ - protected Cipher(CipherSpi cipherSpi, - Provider provider, - String transformation) { -- // See bug 4341369 & 4334690 for more info. -- // If the caller is trusted, then okey. -- // Otherwise throw a NullPointerException. -- if (!JceSecurityManager.INSTANCE.isCallerTrusted()) { -- throw new NullPointerException(); -- } - this.spi = cipherSpi; - this.provider = provider; - this.transformation = transformation; -- this.cryptoPerm = CryptoAllPermission.INSTANCE; - this.lock = null; - } - -@@ -212,7 +199,6 @@ - Cipher(CipherSpi cipherSpi, String transformation) { - this.spi = cipherSpi; - this.transformation = transformation; -- this.cryptoPerm = CryptoAllPermission.INSTANCE; - this.lock = null; - } - -@@ -442,9 +428,6 @@ - Exception failure = null; - while (t.hasNext()) { - Service s = (Service)t.next(); -- if (JceSecurity.canUseProvider(s.getProvider()) == false) { -- continue; -- } - Transform tr = getTransform(s, transforms); - if (tr == null) { - // should never happen -@@ -570,7 +553,6 @@ - } - Exception failure = null; - List transforms = getTransforms(transformation); -- boolean providerChecked = false; - String paddingError = null; - for (Iterator t = transforms.iterator(); t.hasNext();) { - Transform tr = (Transform)t.next(); -@@ -578,19 +560,6 @@ - if (s == null) { - continue; - } -- if (providerChecked == false) { -- // for compatibility, first do the lookup and then verify -- // the provider. this makes the difference between a NSAE -- // and a SecurityException if the -- // provider does not support the algorithm. -- Exception ve = JceSecurity.getVerificationResult(provider); -- if (ve != null) { -- String msg = "JCE cannot authenticate the provider " -- + provider.getName(); -- throw new SecurityException(msg, ve); -- } -- providerChecked = true; -- } - if (tr.supportsMode(s) == S_NO) { - continue; - } -@@ -603,7 +572,6 @@ - tr.setModePadding(spi); - Cipher cipher = new Cipher(spi, transformation); - cipher.provider = s.getProvider(); -- cipher.initCryptoPermission(); - return cipher; - } catch (Exception e) { - failure = e; -@@ -622,22 +590,6 @@ - ("No such algorithm: " + transformation, failure); - } - -- // If the requested crypto service is export-controlled, -- // determine the maximum allowable keysize. -- private void initCryptoPermission() throws NoSuchAlgorithmException { -- if (JceSecurity.isRestricted() == false) { -- cryptoPerm = CryptoAllPermission.INSTANCE; -- exmech = null; -- return; -- } -- cryptoPerm = getConfiguredPermission(transformation); -- // Instantiate the exemption mechanism (if required) -- String exmechName = cryptoPerm.getExemptionMechanism(); -- if (exmechName != null) { -- exmech = ExemptionMechanism.getInstance(exmechName); -- } -- } -- - // max number of debug warnings to print from chooseFirstProvider() - private static int warnCount = 10; - -@@ -679,9 +631,6 @@ - s = (Service)serviceIterator.next(); - thisSpi = null; - } -- if (JceSecurity.canUseProvider(s.getProvider()) == false) { -- continue; -- } - Transform tr = getTransform(s, transforms); - if (tr == null) { - // should never happen -@@ -699,7 +648,6 @@ - thisSpi = (CipherSpi)obj; - } - tr.setModePadding(thisSpi); -- initCryptoPermission(); - spi = thisSpi; - provider = s.getProvider(); - // not needed any more -@@ -731,19 +679,15 @@ - InvalidAlgorithmParameterException { - switch (type) { - case I_KEY: -- checkCryptoPerm(thisSpi, key); - thisSpi.engineInit(opmode, key, random); - break; - case I_PARAMSPEC: -- checkCryptoPerm(thisSpi, key, paramSpec); - thisSpi.engineInit(opmode, key, paramSpec, random); - break; - case I_PARAMS: -- checkCryptoPerm(thisSpi, key, params); - thisSpi.engineInit(opmode, key, params, random); - break; - case I_CERT: -- checkCryptoPerm(thisSpi, key); - thisSpi.engineInit(opmode, key, random); - break; - default: -@@ -777,9 +721,6 @@ - if (s.supportsParameter(key) == false) { - continue; - } -- if (JceSecurity.canUseProvider(s.getProvider()) == false) { -- continue; -- } - Transform tr = getTransform(s, transforms); - if (tr == null) { - // should never happen -@@ -793,7 +734,6 @@ - thisSpi = (CipherSpi)s.newInstance(null); - } - tr.setModePadding(thisSpi); -- initCryptoPermission(); - implInit(thisSpi, initType, opmode, key, paramSpec, - params, random); - provider = s.getProvider(); -@@ -939,107 +879,6 @@ - return exmech; - } - -- // -- // Crypto permission check code below -- // -- private void checkCryptoPerm(CipherSpi checkSpi, Key key) -- throws InvalidKeyException { -- if (cryptoPerm == CryptoAllPermission.INSTANCE) { -- return; -- } -- // Check if key size and default parameters are within legal limits -- AlgorithmParameterSpec params; -- try { -- params = getAlgorithmParameterSpec(checkSpi.engineGetParameters()); -- } catch (InvalidParameterSpecException ipse) { -- throw new InvalidKeyException -- ("Unsupported default algorithm parameters"); -- } -- if (!passCryptoPermCheck(checkSpi, key, params)) { -- throw new InvalidKeyException( -- "Illegal key size or default parameters"); -- } -- } -- -- private void checkCryptoPerm(CipherSpi checkSpi, Key key, -- AlgorithmParameterSpec params) throws InvalidKeyException, -- InvalidAlgorithmParameterException { -- if (cryptoPerm == CryptoAllPermission.INSTANCE) { -- return; -- } -- // Determine keysize and check if it is within legal limits -- if (!passCryptoPermCheck(checkSpi, key, null)) { -- throw new InvalidKeyException("Illegal key size"); -- } -- if ((params != null) && (!passCryptoPermCheck(checkSpi, key, params))) { -- throw new InvalidAlgorithmParameterException("Illegal parameters"); -- } -- } -- -- private void checkCryptoPerm(CipherSpi checkSpi, Key key, -- AlgorithmParameters params) -- throws InvalidKeyException, InvalidAlgorithmParameterException { -- if (cryptoPerm == CryptoAllPermission.INSTANCE) { -- return; -- } -- // Convert the specified parameters into specs and then delegate. -- AlgorithmParameterSpec pSpec; -- try { -- pSpec = getAlgorithmParameterSpec(params); -- } catch (InvalidParameterSpecException ipse) { -- throw new InvalidAlgorithmParameterException -- ("Failed to retrieve algorithm parameter specification"); -- } -- checkCryptoPerm(checkSpi, key, pSpec); -- } -- -- private boolean passCryptoPermCheck(CipherSpi checkSpi, Key key, -- AlgorithmParameterSpec params) -- throws InvalidKeyException { -- String em = cryptoPerm.getExemptionMechanism(); -- int keySize = checkSpi.engineGetKeySize(key); -- // Use the "algorithm" component of the cipher -- // transformation so that the perm check would -- // work when the key has the "aliased" algo. -- String algComponent; -- int index = transformation.indexOf('/'); -- if (index != -1) { -- algComponent = transformation.substring(0, index); -- } else { -- algComponent = transformation; -- } -- CryptoPermission checkPerm = -- new CryptoPermission(algComponent, keySize, params, em); -- -- if (!cryptoPerm.implies(checkPerm)) { -- if (debug != null) { -- debug.println("Crypto Permission check failed"); -- debug.println("granted: " + cryptoPerm); -- debug.println("requesting: " + checkPerm); -- } -- return false; -- } -- if (exmech == null) { -- return true; -- } -- try { -- if (!exmech.isCryptoAllowed(key)) { -- if (debug != null) { -- debug.println(exmech.getName() + " isn't enforced"); -- } -- return false; -- } -- } catch (ExemptionMechanismException eme) { -- if (debug != null) { -- debug.println("Cannot determine whether "+ -- exmech.getName() + " has been enforced"); -- eme.printStackTrace(); -- } -- return false; -- } -- return true; -- } -- - // check if opmode is one of the defined constants - // throw InvalidParameterExeption if not - private static void checkOpmode(int opmode) { -@@ -1144,7 +983,6 @@ - checkOpmode(opmode); - - if (spi != null) { -- checkCryptoPerm(spi, key); - spi.engineInit(opmode, key, random); - } else { - try { -@@ -1270,7 +1108,6 @@ - checkOpmode(opmode); - - if (spi != null) { -- checkCryptoPerm(spi, key, params); - spi.engineInit(opmode, key, params, random); - } else { - chooseProvider(I_PARAMSPEC, opmode, key, params, null, random); -@@ -1391,7 +1228,6 @@ - checkOpmode(opmode); - - if (spi != null) { -- checkCryptoPerm(spi, key, params); - spi.engineInit(opmode, key, params, random); - } else { - chooseProvider(I_PARAMS, opmode, key, null, params, random); -@@ -1555,7 +1391,6 @@ - (certificate==null? null:certificate.getPublicKey()); - - if (spi != null) { -- checkCryptoPerm(spi, publicKey); - spi.engineInit(opmode, publicKey, random); - } else { - try { -@@ -2361,12 +2196,15 @@ - return null; - } - -+ // Used by getMaxAllowedKeyLength and getMaxAllowedParameterSpec -+ // always returns CryptoAllPermission. Old stuff from bad old days. - private static CryptoPermission getConfiguredPermission( - String transformation) throws NullPointerException, - NoSuchAlgorithmException { - if (transformation == null) throw new NullPointerException(); -- String[] parts = tokenizeTransformation(transformation); -- return JceSecurityManager.INSTANCE.getCryptoPermission(parts[0]); -+ // Called to make sure it is a valid transformation. -+ tokenizeTransformation(transformation); -+ return CryptoAllPermission.INSTANCE; - } - - /** -diff -Nru openjdk.orig/jdk/src/share/classes/javax/crypto/JarVerifier.java openjdk/jdk/src/share/classes/javax/crypto/JarVerifier.java ---- openjdk.orig/jdk/src/share/classes/javax/crypto/JarVerifier.java 2010-05-26 09:32:39.000000000 +0100 -+++ openjdk/jdk/src/share/classes/javax/crypto/JarVerifier.java 1970-01-01 01:00:00.000000000 +0100 -@@ -1,170 +0,0 @@ --/* -- * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved. -- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -- * -- * This code is free software; you can redistribute it and/or modify it -- * under the terms of the GNU General Public License version 2 only, as -- * published by the Free Software Foundation. Oracle designates this -- * particular file as subject to the "Classpath" exception as provided -- * by Oracle in the LICENSE file that accompanied this code. -- * -- * This code is distributed in the hope that it will be useful, but WITHOUT -- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -- * version 2 for more details (a copy is included in the LICENSE file that -- * accompanied this code). -- * -- * You should have received a copy of the GNU General Public License version -- * 2 along with this work; if not, write to the Free Software Foundation, -- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -- * -- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -- * or visit www.oracle.com if you need additional information or have any -- * questions. -- */ -- --package javax.crypto; -- --import java.io.*; --import java.net.*; --import java.security.*; --import java.util.*; --import java.util.jar.*; --import javax.crypto.CryptoPolicyParser.ParsingException; -- --/** -- * This class verifies JAR files (and any supporting JAR files), and -- * determines whether they may be used in this implementation. -- * -- * The JCE in OpenJDK has an open cryptographic interface, meaning it -- * does not restrict which providers can be used. Compliance with -- * United States export controls and with local law governing the -- * import/export of products incorporating the JCE in the OpenJDK is -- * the responsibility of the licensee. -- * -- * @since 1.7 -- */ --final class JarVerifier { -- -- // The URL for the JAR file we want to verify. -- private URL jarURL; -- private boolean savePerms; -- private CryptoPermissions appPerms = null; -- -- /** -- * Creates a JarVerifier object to verify the given URL. -- * -- * @param jarURL the JAR file to be verified. -- * @param savePerms if true, save the permissions allowed by the -- * exemption mechanism -- */ -- JarVerifier(URL jarURL, boolean savePerms) { -- this.jarURL = jarURL; -- this.savePerms = savePerms; -- } -- -- /** -- * Verify the JAR file is signed by an entity which has a certificate -- * issued by a trusted CA. -- * -- * In OpenJDK, we just need to examine the "cryptoperms" file to see -- * if any permissions were bundled together with this jar file. -- */ -- void verify() throws JarException, IOException { -- -- // Short-circuit. If we weren't asked to save any, we're done. -- if (!savePerms) { -- return; -- } -- -- // If the protocol of jarURL isn't "jar", we should -- // construct a JAR URL so we can open a JarURLConnection -- // for verifying this provider. -- final URL url = jarURL.getProtocol().equalsIgnoreCase("jar")? -- jarURL : new URL("jar:" + jarURL.toString() + "!/"); -- -- JarFile jf = null; -- try { -- -- // Get a link to the Jarfile to search. -- try { -- jf = (JarFile) -- AccessController.doPrivileged( -- new PrivilegedExceptionAction() { -- public Object run() throws Exception { -- JarURLConnection conn = -- (JarURLConnection) url.openConnection(); -- // You could do some caching here as -- // an optimization. -- conn.setUseCaches(false); -- return conn.getJarFile(); -- } -- }); -- } catch (java.security.PrivilegedActionException pae) { -- SecurityException se = new SecurityException( -- "Cannot load " + url.toString()); -- se.initCause(pae); -- throw se; -- } -- -- if (jf != null) { -- JarEntry je = jf.getJarEntry("cryptoPerms"); -- if (je == null) { -- throw new JarException( -- "Can not find cryptoPerms"); -- } -- try { -- appPerms = new CryptoPermissions(); -- appPerms.load(jf.getInputStream(je)); -- } catch (Exception ex) { -- JarException jex = -- new JarException("Cannot load/parse" + -- jarURL.toString()); -- jex.initCause(ex); -- throw jex; -- } -- } -- } finally { -- // Only call close() when caching is not enabled. -- // Otherwise, exceptions will be thrown for all -- // subsequent accesses of this cached jar. -- if (jf != null) { -- jf.close(); -- } -- } -- } -- -- /** -- * Verify that the provided JarEntry was indeed signed by the -- * framework signing certificate. -- * -- * @param je the URL of the jar entry to be checked. -- * @throws Exception if the jar entry was not signed by -- * the proper certificate -- */ -- static void verifyFrameworkSigned(URL je) throws Exception { -- } -- -- /** -- * Verify that the provided certs include the -- * framework signing certificate. -- * -- * @param certs the list of certs to be checked. -- * @throws Exception if the list of certs did not contain -- * the framework signing certificate -- */ -- static void verifyPolicySigned(java.security.cert.Certificate[] certs) -- throws Exception { -- } -- -- /** -- * Returns the permissions which are bundled with the JAR file, -- * aka the "cryptoperms" file. -- * -- * NOTE: if this JarVerifier instance is constructed with "savePerms" -- * equal to false, then this method would always return null. -- */ -- CryptoPermissions getPermissions() { -- return appPerms; -- } --} -diff -Nru openjdk.orig/jdk/src/share/classes/javax/crypto/JceSecurity.java openjdk/jdk/src/share/classes/javax/crypto/JceSecurity.java ---- openjdk.orig/jdk/src/share/classes/javax/crypto/JceSecurity.java 2010-05-26 09:32:39.000000000 +0100 -+++ openjdk/jdk/src/share/classes/javax/crypto/JceSecurity.java 2010-05-26 13:53:03.000000000 +0100 -@@ -25,11 +25,7 @@ - - package javax.crypto; - --import java.lang.ref.*; - import java.util.*; --import java.util.jar.*; --import java.io.*; --import java.net.URL; - import java.security.*; - - import java.security.Provider.Service; -@@ -48,72 +44,25 @@ - - final class JceSecurity { - -+ // Used in KeyGenerator, Cipher and KeyAgreement. - static final SecureRandom RANDOM = new SecureRandom(); - -- // The defaultPolicy and exemptPolicy will be set up -- // in the static initializer. -- private static CryptoPermissions defaultPolicy = null; -- private static CryptoPermissions exemptPolicy = null; -- -- // Map<Provider,?> of the providers we already have verified -- // value == PROVIDER_VERIFIED is successfully verified -- // value is failure cause Exception in error case -- private final static Map verificationResults = new IdentityHashMap(); -- -- // Map<Provider,?> of the providers currently being verified -- private final static Map verifyingProviders = new IdentityHashMap(); -- -- // Set the default value. May be changed in the static initializer. -- private static boolean isRestricted = true; -- - /* - * Don't let anyone instantiate this. - */ - private JceSecurity() { - } - -- static { -- try { -- AccessController.doPrivileged(new PrivilegedExceptionAction() { -- public Object run() throws Exception { -- setupJurisdictionPolicies(); -- return null; -- } -- }); -- -- isRestricted = defaultPolicy.implies( -- CryptoAllPermission.INSTANCE) ? false : true; -- } catch (Exception e) { -- SecurityException se = -- new SecurityException( -- "Can not initialize cryptographic mechanism"); -- se.initCause(e); -- throw se; -- } -- } -- - static Instance getInstance(String type, Class clazz, String algorithm, - String provider) throws NoSuchAlgorithmException, - NoSuchProviderException { - Service s = GetInstance.getService(type, algorithm, provider); -- Exception ve = getVerificationResult(s.getProvider()); -- if (ve != null) { -- String msg = "JCE cannot authenticate the provider " + provider; -- throw (NoSuchProviderException) -- new NoSuchProviderException(msg).initCause(ve); -- } - return GetInstance.getInstance(s, clazz); - } - - static Instance getInstance(String type, Class clazz, String algorithm, - Provider provider) throws NoSuchAlgorithmException { - Service s = GetInstance.getService(type, algorithm, provider); -- Exception ve = JceSecurity.getVerificationResult(provider); -- if (ve != null) { -- String msg = "JCE cannot authenticate the provider " -- + provider.getName(); -- throw new SecurityException(msg, ve); -- } - return GetInstance.getInstance(s, clazz); - } - -@@ -123,10 +72,6 @@ - NoSuchAlgorithmException failure = null; - for (Iterator t = services.iterator(); t.hasNext(); ) { - Service s = (Service)t.next(); -- if (canUseProvider(s.getProvider()) == false) { -- // allow only signed providers -- continue; -- } - try { - Instance instance = GetInstance.getInstance(s, clazz); - return instance; -@@ -138,203 +83,10 @@ - + " not available", failure); - } - -- /** -- * Verify if the JAR at URL codeBase is a signed exempt application -- * JAR file and returns the permissions bundled with the JAR. -- * -- * @throws Exception on error -- */ -- static CryptoPermissions verifyExemptJar(URL codeBase) throws Exception { -- JarVerifier jv = new JarVerifier(codeBase, true); -- jv.verify(); -- return jv.getPermissions(); -- } -- -- /** -- * Verify if the JAR at URL codeBase is a signed provider JAR file. -- * -- * @throws Exception on error -- */ -- static void verifyProviderJar(URL codeBase) throws Exception { -- // Verify the provider JAR file and all -- // supporting JAR files if there are any. -- JarVerifier jv = new JarVerifier(codeBase, false); -- jv.verify(); -- } -- -- private final static Object PROVIDER_VERIFIED = Boolean.TRUE; -- -- /* -- * Verify that the provider JAR files are signed properly, which -- * means the signer's certificate can be traced back to a -- * JCE trusted CA. -- * Return null if ok, failure Exception if verification failed. -- */ -- static synchronized Exception getVerificationResult(Provider p) { -- Object o = verificationResults.get(p); -- if (o == PROVIDER_VERIFIED) { -- return null; -- } else if (o != null) { -- return (Exception)o; -- } -- if (verifyingProviders.get(p) != null) { -- // this method is static synchronized, must be recursion -- // return failure now but do not save the result -- return new NoSuchProviderException("Recursion during verification"); -- } -- try { -- verifyingProviders.put(p, Boolean.FALSE); -- URL providerURL = getCodeBase(p.getClass()); -- verifyProviderJar(providerURL); -- // Verified ok, cache result -- verificationResults.put(p, PROVIDER_VERIFIED); -- return null; -- } catch (Exception e) { -- verificationResults.put(p, e); -- return e; -- } finally { -- verifyingProviders.remove(p); -- } -- } -- -- // return whether this provider is properly signed and can be used by JCE -+ // Used to return whether this provider is properly signed and -+ // can be used by JCE. These days just returns true. Still used -+ // in SecretKeyFactory, KeyGenerator, Mac and KeyAgreement. - static boolean canUseProvider(Provider p) { -- return getVerificationResult(p) == null; -- } -- -- // dummy object to represent null -- private static final URL NULL_URL; -- -- static { -- try { -- NULL_URL = new URL("http://null.sun.com/"); -- } catch (Exception e) { -- throw new RuntimeException(e); -- } -- } -- -- // reference to a Map we use as a cache for codebases -- private static final Map codeBaseCacheRef = new WeakHashMap(); -- -- /* -- * Retuns the CodeBase for the given class. -- */ -- static URL getCodeBase(final Class clazz) { -- URL url = (URL)codeBaseCacheRef.get(clazz); -- if (url == null) { -- url = (URL)AccessController.doPrivileged(new PrivilegedAction() { -- public Object run() { -- ProtectionDomain pd = clazz.getProtectionDomain(); -- if (pd != null) { -- CodeSource cs = pd.getCodeSource(); -- if (cs != null) { -- return cs.getLocation(); -- } -- } -- return NULL_URL; -- } -- }); -- codeBaseCacheRef.put(clazz, url); -- } -- return (url == NULL_URL) ? null : url; -- } -- -- private static void setupJurisdictionPolicies() throws Exception { -- String javaHomeDir = System.getProperty("java.home"); -- String sep = File.separator; -- String pathToPolicyJar = javaHomeDir + sep + "lib" + sep + -- "security" + sep; -- -- File exportJar = new File(pathToPolicyJar, "US_export_policy.jar"); -- File importJar = new File(pathToPolicyJar, "local_policy.jar"); -- URL jceCipherURL = ClassLoader.getSystemResource -- ("javax/crypto/Cipher.class"); -- -- if ((jceCipherURL == null) || -- !exportJar.exists() || !importJar.exists()) { -- throw new SecurityException -- ("Cannot locate policy or framework files!"); -- } -- -- // Enforce the signer restraint, i.e. signer of JCE framework -- // jar should also be the signer of the two jurisdiction policy -- // jar files. -- JarVerifier.verifyFrameworkSigned(jceCipherURL); -- -- // Read jurisdiction policies. -- CryptoPermissions defaultExport = new CryptoPermissions(); -- CryptoPermissions exemptExport = new CryptoPermissions(); -- loadPolicies(exportJar, defaultExport, exemptExport); -- -- CryptoPermissions defaultImport = new CryptoPermissions(); -- CryptoPermissions exemptImport = new CryptoPermissions(); -- loadPolicies(importJar, defaultImport, exemptImport); -- -- // Merge the export and import policies for default applications. -- if (defaultExport.isEmpty() || defaultImport.isEmpty()) { -- throw new SecurityException("Missing mandatory jurisdiction " + -- "policy files"); -- } -- defaultPolicy = defaultExport.getMinimum(defaultImport); -- -- // Merge the export and import policies for exempt applications. -- if (exemptExport.isEmpty()) { -- exemptPolicy = exemptImport.isEmpty() ? null : exemptImport; -- } else { -- exemptPolicy = exemptExport.getMinimum(exemptImport); -- } -- } -- -- /** -- * Load the policies from the specified file. Also checks that the -- * policies are correctly signed. -- */ -- private static void loadPolicies(File jarPathName, -- CryptoPermissions defaultPolicy, -- CryptoPermissions exemptPolicy) -- throws Exception { -- -- JarFile jf = new JarFile(jarPathName); -- -- Enumeration entries = jf.entries(); -- while (entries.hasMoreElements()) { -- JarEntry je = (JarEntry)entries.nextElement(); -- InputStream is = null; -- try { -- if (je.getName().startsWith("default_")) { -- is = jf.getInputStream(je); -- defaultPolicy.load(is); -- } else if (je.getName().startsWith("exempt_")) { -- is = jf.getInputStream(je); -- exemptPolicy.load(is); -- } else { -- continue; -- } -- } finally { -- if (is != null) { -- is.close(); -- } -- } -- -- // Enforce the signer restraint, i.e. signer of JCE framework -- // jar should also be the signer of the two jurisdiction policy -- // jar files. -- JarVerifier.verifyPolicySigned(je.getCertificates()); -- } -- // Close and nullify the JarFile reference to help GC. -- jf.close(); -- jf = null; -- } -- -- static CryptoPermissions getDefaultPolicy() { -- return defaultPolicy; -- } -- -- static CryptoPermissions getExemptPolicy() { -- return exemptPolicy; -- } -- -- static boolean isRestricted() { -- return isRestricted; -+ return true; - } - } -diff -Nru openjdk.orig/jdk/src/share/classes/javax/crypto/JceSecurityManager.java openjdk/jdk/src/share/classes/javax/crypto/JceSecurityManager.java ---- openjdk.orig/jdk/src/share/classes/javax/crypto/JceSecurityManager.java 2010-05-26 09:32:39.000000000 +0100 -+++ openjdk/jdk/src/share/classes/javax/crypto/JceSecurityManager.java 1970-01-01 01:00:00.000000000 +0100 -@@ -1,252 +0,0 @@ --/* -- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved. -- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -- * -- * This code is free software; you can redistribute it and/or modify it -- * under the terms of the GNU General Public License version 2 only, as -- * published by the Free Software Foundation. Oracle designates this -- * particular file as subject to the "Classpath" exception as provided -- * by Oracle in the LICENSE file that accompanied this code. -- * -- * This code is distributed in the hope that it will be useful, but WITHOUT -- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -- * version 2 for more details (a copy is included in the LICENSE file that -- * accompanied this code). -- * -- * You should have received a copy of the GNU General Public License version -- * 2 along with this work; if not, write to the Free Software Foundation, -- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -- * -- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -- * or visit www.oracle.com if you need additional information or have any -- * questions. -- */ -- --package javax.crypto; -- --import java.security.*; --import java.net.*; --import java.util.*; --import java.util.jar.*; -- --/** -- * The JCE security manager. -- * -- * <p>The JCE security manager is responsible for determining the maximum -- * allowable cryptographic strength for a given applet/application, for a given -- * algorithm, by consulting the configured jurisdiction policy files and -- * the cryptographic permissions bundled with the applet/application. -- * -- * <p>Note that this security manager is never installed, only instantiated. -- * -- * @author Jan Luehe -- * -- * @since 1.4 -- */ -- --final class JceSecurityManager extends SecurityManager { -- -- private static final CryptoPermissions defaultPolicy; -- private static final CryptoPermissions exemptPolicy; -- private static final CryptoAllPermission allPerm; -- private static final Vector TrustedCallersCache = new Vector(2); -- private static final Map exemptCache = new HashMap(); -- -- // singleton instance -- static final JceSecurityManager INSTANCE; -- -- static { -- defaultPolicy = JceSecurity.getDefaultPolicy(); -- exemptPolicy = JceSecurity.getExemptPolicy(); -- allPerm = CryptoAllPermission.INSTANCE; -- INSTANCE = (JceSecurityManager) -- AccessController.doPrivileged(new PrivilegedAction() { -- public Object run() { -- return new JceSecurityManager(); -- } -- }); -- } -- -- private JceSecurityManager() { -- // empty -- } -- -- /** -- * Returns the maximum allowable crypto strength for the given -- * applet/application, for the given algorithm. -- */ -- CryptoPermission getCryptoPermission(String alg) { -- // Need to convert to uppercase since the crypto perm -- // lookup is case sensitive. -- alg = alg.toUpperCase(Locale.ENGLISH); -- -- // If CryptoAllPermission is granted by default, we return that. -- // Otherwise, this will be the permission we return if anything goes -- // wrong. -- CryptoPermission defaultPerm = getDefaultPermission(alg); -- if (defaultPerm == CryptoAllPermission.INSTANCE) { -- return defaultPerm; -- } -- -- // Determine the codebase of the caller of the JCE API. -- // This is the codebase of the first class which is not in -- // javax.crypto.* packages. -- // NOTE: javax.crypto.* package maybe subject to package -- // insertion, so need to check its classloader as well. -- Class[] context = getClassContext(); -- URL callerCodeBase = null; -- int i; -- for (i=0; i<context.length; i++) { -- Class cls = context[i]; -- callerCodeBase = JceSecurity.getCodeBase(cls); -- if (callerCodeBase != null) { -- break; -- } else { -- if (cls.getName().startsWith("javax.crypto.")) { -- // skip jce classes since they aren't the callers -- continue; -- } -- // use default permission when the caller is system classes -- return defaultPerm; -- } -- } -- -- if (i == context.length) { -- return defaultPerm; -- } -- -- CryptoPermissions appPerms; -- synchronized (this.getClass()) { -- if (exemptCache.containsKey(callerCodeBase)) { -- appPerms = (CryptoPermissions)exemptCache.get(callerCodeBase); -- } else { -- appPerms = getAppPermissions(callerCodeBase); -- exemptCache.put(callerCodeBase, appPerms); -- } -- } -- -- if (appPerms == null) { -- return defaultPerm; -- } -- -- // If the app was granted the special CryptoAllPermission, return that. -- if (appPerms.implies(allPerm)) { -- return allPerm; -- } -- -- // Check if the crypto permissions granted to the app contain a -- // crypto permission for the requested algorithm that does not require -- // any exemption mechanism to be enforced. -- // Return that permission, if present. -- PermissionCollection appPc = appPerms.getPermissionCollection(alg); -- if (appPc == null) { -- return defaultPerm; -- } -- Enumeration enum_ = appPc.elements(); -- while (enum_.hasMoreElements()) { -- CryptoPermission cp = (CryptoPermission)enum_.nextElement(); -- if (cp.getExemptionMechanism() == null) { -- return cp; -- } -- } -- -- // Check if the jurisdiction file for exempt applications contains -- // any entries for the requested algorithm. -- // If not, return the default permission. -- PermissionCollection exemptPc = -- exemptPolicy.getPermissionCollection(alg); -- if (exemptPc == null) { -- return defaultPerm; -- } -- -- // In the jurisdiction file for exempt applications, go through the -- // list of CryptoPermission entries for the requested algorithm, and -- // stop at the first entry: -- // - that is implied by the collection of crypto permissions granted -- // to the app, and -- // - whose exemption mechanism is available from one of the -- // registered CSPs -- enum_ = exemptPc.elements(); -- while (enum_.hasMoreElements()) { -- CryptoPermission cp = (CryptoPermission)enum_.nextElement(); -- try { -- ExemptionMechanism.getInstance(cp.getExemptionMechanism()); -- if (cp.getAlgorithm().equals( -- CryptoPermission.ALG_NAME_WILDCARD)) { -- CryptoPermission newCp; -- if (cp.getCheckParam()) { -- newCp = new CryptoPermission( -- alg, cp.getMaxKeySize(), -- cp.getAlgorithmParameterSpec(), -- cp.getExemptionMechanism()); -- } else { -- newCp = new CryptoPermission( -- alg, cp.getMaxKeySize(), -- cp.getExemptionMechanism()); -- } -- if (appPerms.implies(newCp)) { -- return newCp; -- } -- } -- -- if (appPerms.implies(cp)) { -- return cp; -- } -- } catch (Exception e) { -- continue; -- } -- } -- return defaultPerm; -- } -- -- private static CryptoPermissions getAppPermissions(URL callerCodeBase) { -- // Check if app is exempt, and retrieve the permissions bundled with it -- try { -- return JceSecurity.verifyExemptJar(callerCodeBase); -- } catch (Exception e) { -- // Jar verification fails -- return null; -- } -- -- } -- -- /** -- * Returns the default permission for the given algorithm. -- */ -- private CryptoPermission getDefaultPermission(String alg) { -- Enumeration enum_ = -- defaultPolicy.getPermissionCollection(alg).elements(); -- return (CryptoPermission)enum_.nextElement(); -- } -- -- // See bug 4341369 & 4334690 for more info. -- boolean isCallerTrusted() { -- // Get the caller and its codebase. -- Class[] context = getClassContext(); -- URL callerCodeBase = null; -- int i; -- for (i=0; i<context.length; i++) { -- callerCodeBase = JceSecurity.getCodeBase(context[i]); -- if (callerCodeBase != null) { -- break; -- } -- } -- // The caller is in the JCE framework. -- if (i == context.length) { -- return true; -- } -- //The caller has been verified. -- if (TrustedCallersCache.contains(context[i])) { -- return true; -- } -- // Check whether the caller is a trusted provider. -- try { -- JceSecurity.verifyProviderJar(callerCodeBase); -- } catch (Exception e2) { -- return false; -- } -- TrustedCallersCache.addElement(context[i]); -- return true; -- } --} -diff -Nru openjdk.orig/jdk/test/com/sun/crypto/provider/Cipher/UTIL/TestUtil.java openjdk/jdk/test/com/sun/crypto/provider/Cipher/UTIL/TestUtil.java ---- openjdk.orig/jdk/test/com/sun/crypto/provider/Cipher/UTIL/TestUtil.java 2010-05-26 09:32:56.000000000 +0100 -+++ openjdk/jdk/test/com/sun/crypto/provider/Cipher/UTIL/TestUtil.java 2010-05-26 13:53:03.000000000 +0100 -@@ -44,18 +44,9 @@ - } - } - -- private static boolean isUnlimitedPolicy() throws IOException { -+ private static boolean isUnlimitedPolicy() { - if (instance == null) { -- String jreDir = System.getProperty("java.home"); -- String localPolicyPath = jreDir + File.separator + "lib" + -- File.separator + "security" + File.separator + -- "local_policy.jar"; -- JarFile localPolicy = new JarFile(localPolicyPath); -- if (localPolicy.getEntry("exempt_local.policy") == null) { -- return true; -- } else { -- return false; -- } -+ return true; - } else { - return instance.isUnlimited; - }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/patches/ecj/pr64174.patch Mon Jan 19 17:52:30 2015 +0000 @@ -0,0 +1,21 @@ +diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/util/CurrencyData.properties openjdk-boot/jdk/src/share/classes/java/util/CurrencyData.properties +--- openjdk-ecj.orig/jdk/src/share/classes/java/util/CurrencyData.properties 2014-12-04 15:09:06.030312835 +0000 ++++ openjdk-ecj/jdk/src/share/classes/java/util/CurrencyData.properties 2014-12-04 15:10:07.527160626 +0000 +@@ -320,7 +320,7 @@ + # LAO PEOPLE'S DEMOCRATIC REPUBLIC + LA=LAK + # LATVIA +-LV=LVL;2013-12-31-22-00-00;EUR ++LV=EUR + # LEBANON + LB=LBP + # LESOTHO +@@ -332,7 +332,7 @@ + # LIECHTENSTEIN + LI=CHF + # LITHUANIA +-LT=LTL;2014-12-31-22-00-00;EUR ++LT=EUR + # LUXEMBOURG + LU=EUR + # MACAU
--- a/patches/openjdk/4963723-implement_sha-224.patch Wed Dec 24 18:48:30 2014 +0000 +++ b/patches/openjdk/4963723-implement_sha-224.patch Mon Jan 19 17:52:30 2015 +0000 @@ -1,9 +1,9 @@ diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java ---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java 2014-07-14 04:24:43.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java 2014-10-08 23:26:07.127607311 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java 2014-12-24 18:49:01.960433052 +0000 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacCore.java 2014-12-24 20:08:44.235133898 +0000 @@ -1,5 +1,5 @@ /* -- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved. +- * Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * @@ -125,7 +125,7 @@ if (first == false) { md.reset(); first = true; -@@ -234,118 +228,38 @@ +@@ -234,115 +228,38 @@ * Clones this object. */ public Object clone() throws CloneNotSupportedException { @@ -149,7 +149,6 @@ - private final HmacCore core; + public static final class HmacSHA256 extends HmacCore { public HmacSHA256() throws NoSuchAlgorithmException { -- SunJCE.ensureIntegrity(getClass()); - core = new HmacCore("SHA-256", 64); - } - private HmacSHA256(HmacSHA256 base) throws CloneNotSupportedException { @@ -188,7 +187,6 @@ - private final HmacCore core; + public static final class HmacSHA384 extends HmacCore { public HmacSHA384() throws NoSuchAlgorithmException { -- SunJCE.ensureIntegrity(getClass()); - core = new HmacCore("SHA-384", 128); - } - private HmacSHA384(HmacSHA384 base) throws CloneNotSupportedException { @@ -227,7 +225,6 @@ - private final HmacCore core; + public static final class HmacSHA512 extends HmacCore { public HmacSHA512() throws NoSuchAlgorithmException { -- SunJCE.ensureIntegrity(getClass()); - core = new HmacCore("SHA-512", 128); - } - private HmacSHA512(HmacSHA512 base) throws CloneNotSupportedException { @@ -263,16 +260,16 @@ - } diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java ---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java 2014-07-14 04:24:43.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java 2014-10-08 23:26:07.127607311 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java 2014-12-24 18:49:01.960433052 +0000 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacMD5.java 2014-12-24 20:05:44.309011863 +0000 @@ -1,5 +1,5 @@ /* -- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved. +- * Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it -@@ -37,11 +37,7 @@ +@@ -37,97 +37,11 @@ * * @author Jan Luehe */ @@ -284,15 +281,8 @@ +public final class HmacMD5 extends HmacCore { /** * Standard constructor, creates a new HmacMD5 instance. - * Verify the SunJCE provider in the constructor. -@@ -50,92 +46,6 @@ - * its own integrity */ public HmacMD5() throws NoSuchAlgorithmException { -- if (!SunJCE.verifySelfIntegrity(this.getClass())) { -- throw new SecurityException("The SunJCE provider may have " + -- "been tampered."); -- } - hmac = new HmacCore(MessageDigest.getInstance("MD5"), - MD5_BLOCK_LENGTH); - } @@ -380,16 +370,16 @@ } } diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java ---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java 2014-07-14 04:24:43.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java 2014-10-08 23:26:07.127607311 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java 2014-12-24 18:49:01.960433052 +0000 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java 2014-12-24 20:04:48.704357000 +0000 @@ -1,5 +1,5 @@ /* -- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. +- * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it -@@ -41,10 +41,7 @@ +@@ -41,26 +41,13 @@ * * @author Valerie Peng */ @@ -401,11 +391,8 @@ /** * Standard constructor, creates a new HmacSHA1 instance. -@@ -54,18 +51,7 @@ - * its own integrity */ public HmacPKCS12PBESHA1() throws NoSuchAlgorithmException { -- SunJCE.ensureIntegrity(this.getClass()); - this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"), - SHA1_BLOCK_LENGTH); - } @@ -421,7 +408,7 @@ } /** -@@ -76,7 +62,7 @@ +@@ -71,7 +58,7 @@ * * @exception InvalidKeyException if the given key is inappropriate for * initializing this MAC. @@ -430,7 +417,7 @@ * parameters are inappropriate for this MAC. */ protected void engineInit(Key key, AlgorithmParameterSpec params) -@@ -145,64 +131,8 @@ +@@ -140,64 +127,8 @@ ("IterationCount must be a positive number"); } byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt, @@ -498,16 +485,16 @@ } } diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java ---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java 2014-07-14 04:24:43.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java 2014-10-08 23:26:07.127607311 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java 2014-12-24 18:49:01.960433052 +0000 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/HmacSHA1.java 2014-12-24 20:03:59.847781984 +0000 @@ -1,5 +1,5 @@ /* -- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved. +- * Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it -@@ -37,11 +37,7 @@ +@@ -37,97 +37,11 @@ * * @author Jan Luehe */ @@ -519,15 +506,8 @@ +public final class HmacSHA1 extends HmacCore { /** * Standard constructor, creates a new HmacSHA1 instance. - * Verify the SunJCE provider in the constructor. -@@ -50,92 +46,6 @@ - * its own integrity */ public HmacSHA1() throws NoSuchAlgorithmException { -- if (!SunJCE.verifySelfIntegrity(this.getClass())) { -- throw new SecurityException("The SunJCE provider may have " + -- "been tampered."); -- } - this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"), - SHA1_BLOCK_LENGTH); - } @@ -615,16 +595,16 @@ } } diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java ---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java 2014-07-14 04:24:43.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java 2014-10-08 23:26:07.127607311 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java 2014-12-24 18:49:01.960433052 +0000 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java 2014-12-24 20:02:30.166727408 +0000 @@ -1,5 +1,5 @@ /* -- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. +- * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it -@@ -105,12 +105,12 @@ +@@ -105,11 +105,11 @@ return new SecretKeySpec(b, name); } @@ -634,24 +614,42 @@ + abstract static class HmacSHA2KG extends KeyGeneratorSpi { private final KeyGeneratorCore core; - public HmacSHA256KG() { +- core = new KeyGeneratorCore("HmacSHA256", 256); + protected HmacSHA2KG(String algoName, int len) { - SunJCE.ensureIntegrity(getClass()); -- core = new KeyGeneratorCore("HmacSHA256", 256); + core = new KeyGeneratorCore(algoName, len); } protected void engineInit(SecureRandom random) { core.implInit(random); -@@ -125,49 +125,25 @@ +@@ -124,50 +124,27 @@ protected SecretKey engineGenerateKey() { return core.implGenerateKey(); } -- } ++ public static final class SHA224 extends HmacSHA2KG { ++ public SHA224() { ++ super("HmacSHA224", 224); ++ } ++ } ++ public static final class SHA256 extends HmacSHA2KG { ++ public SHA256() { ++ super("HmacSHA256", 256); ++ } ++ } ++ public static final class SHA384 extends HmacSHA2KG { ++ public SHA384() { ++ super("HmacSHA384", 384); ++ } ++ } ++ public static final class SHA512 extends HmacSHA2KG { ++ public SHA512() { ++ super("HmacSHA512", 512); ++ } ++ } + } - - // nested static class for the HmacSHA384 key generator - public static final class HmacSHA384KG extends KeyGeneratorSpi { - private final KeyGeneratorCore core; - public HmacSHA384KG() { -- SunJCE.ensureIntegrity(getClass()); - core = new KeyGeneratorCore("HmacSHA384", 384); - } - protected void engineInit(SecureRandom random) { @@ -673,7 +671,6 @@ - public static final class HmacSHA512KG extends KeyGeneratorSpi { - private final KeyGeneratorCore core; - public HmacSHA512KG() { -- SunJCE.ensureIntegrity(getClass()); - core = new KeyGeneratorCore("HmacSHA512", 512); - } - protected void engineInit(SecureRandom random) { @@ -688,31 +685,15 @@ - } - protected SecretKey engineGenerateKey() { - return core.implGenerateKey(); -+ public static final class SHA224 extends HmacSHA2KG { -+ public SHA224() { -+ super("HmacSHA224", 224); -+ } -+ } -+ public static final class SHA256 extends HmacSHA2KG { -+ public SHA256() { -+ super("HmacSHA256", 256); -+ } -+ } -+ public static final class SHA384 extends HmacSHA2KG { -+ public SHA384() { -+ super("HmacSHA384", 384); -+ } -+ } -+ public static final class SHA512 extends HmacSHA2KG { -+ public SHA512() { -+ super("HmacSHA512", 512); -+ } - } - } - +- } +- } +- + // nested static class for the RC2 key generator + public static final class RC2KeyGenerator extends KeyGeneratorSpi { + private final KeyGeneratorCore core; diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/OAEPParameters.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/OAEPParameters.java ---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/OAEPParameters.java 2014-07-14 04:24:43.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/OAEPParameters.java 2014-10-08 23:26:07.127607311 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/OAEPParameters.java 2013-08-21 20:33:04.180330661 +0100 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/OAEPParameters.java 2014-12-24 19:58:20.000164073 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. @@ -730,11 +711,11 @@ mgfSpec = MGF1ParameterSpec.SHA256; } else if (mgfDigestName.equals("SHA-384")) { diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java ---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java 2014-07-14 04:24:43.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java 2014-10-08 23:26:07.127607311 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java 2014-12-24 18:49:01.964433104 +0000 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java 2014-12-24 19:58:39.268401924 +0000 @@ -1,5 +1,5 @@ /* -- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. +- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * @@ -748,7 +729,7 @@ * */ -@@ -121,6 +121,7 @@ +@@ -117,6 +117,7 @@ "NOPADDING|PKCS1PADDING|OAEPWITHMD5ANDMGF1PADDING" + "|OAEPWITHSHA1ANDMGF1PADDING" + "|OAEPWITHSHA-1ANDMGF1PADDING" @@ -756,7 +737,7 @@ + "|OAEPWITHSHA-256ANDMGF1PADDING" + "|OAEPWITHSHA-384ANDMGF1PADDING" + "|OAEPWITHSHA-512ANDMGF1PADDING"); -@@ -229,12 +230,25 @@ +@@ -225,12 +226,25 @@ put("KeyGenerator.HmacSHA1", "com.sun.crypto.provider.HmacSHA1KeyGenerator"); @@ -785,7 +766,7 @@ put("KeyPairGenerator.DiffieHellman", "com.sun.crypto.provider.DHKeyPairGenerator"); -@@ -397,12 +411,23 @@ +@@ -393,12 +407,23 @@ */ put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5"); put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1"); @@ -809,7 +790,7 @@ put("Mac.HmacPBESHA1", "com.sun.crypto.provider.HmacPKCS12PBESHA1"); -@@ -413,6 +438,7 @@ +@@ -409,6 +434,7 @@ put("Mac.HmacMD5 SupportedKeyFormats", "RAW"); put("Mac.HmacSHA1 SupportedKeyFormats", "RAW"); @@ -818,8 +799,8 @@ put("Mac.HmacSHA384 SupportedKeyFormats", "RAW"); put("Mac.HmacSHA512 SupportedKeyFormats", "RAW"); diff -Nru openjdk.orig/jdk/src/share/classes/java/security/spec/MGF1ParameterSpec.java openjdk/jdk/src/share/classes/java/security/spec/MGF1ParameterSpec.java ---- openjdk.orig/jdk/src/share/classes/java/security/spec/MGF1ParameterSpec.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/java/security/spec/MGF1ParameterSpec.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/java/security/spec/MGF1ParameterSpec.java 2013-08-21 20:33:07.812389433 +0100 ++++ openjdk/jdk/src/share/classes/java/security/spec/MGF1ParameterSpec.java 2014-12-24 19:58:20.000164073 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. @@ -836,8 +817,8 @@ * { OID id-sha384 PARAMETERS NULL }| * { OID id-sha512 PARAMETERS NULL }, diff -Nru openjdk.orig/jdk/src/share/classes/java/security/spec/PSSParameterSpec.java openjdk/jdk/src/share/classes/java/security/spec/PSSParameterSpec.java ---- openjdk.orig/jdk/src/share/classes/java/security/spec/PSSParameterSpec.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/java/security/spec/PSSParameterSpec.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/java/security/spec/PSSParameterSpec.java 2013-08-21 20:33:07.812389433 +0100 ++++ openjdk/jdk/src/share/classes/java/security/spec/PSSParameterSpec.java 2014-12-24 19:58:20.000164073 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2006, Oracle and/or its affiliates. All rights reserved. @@ -854,8 +835,8 @@ * { OID id-sha384 PARAMETERS NULL }| * { OID id-sha512 PARAMETERS NULL }, diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Digest.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Digest.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Digest.java 2014-10-08 23:21:44.807972437 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Digest.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Digest.java 2014-12-24 19:57:29.151536657 +0000 ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Digest.java 2014-12-24 19:58:20.000164073 +0000 @@ -39,7 +39,7 @@ /** @@ -876,8 +857,8 @@ digestLength = 32; break; diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java 2013-08-21 20:33:03.292316290 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java 2014-12-24 19:58:20.000164073 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. @@ -907,8 +888,8 @@ macLength = 32; break; diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java 2013-08-21 20:33:03.296316354 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java 2014-12-24 19:58:20.000164073 +0000 @@ -54,12 +54,14 @@ * . MD2withRSA * . MD5withRSA @@ -961,8 +942,8 @@ encodedLength = 51; } else if (algorithm.equals("SHA384withRSA")) { diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java 2014-10-08 23:21:44.783972104 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java 2014-12-24 19:57:29.063535572 +0000 ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java 2014-12-24 19:58:20.000164073 +0000 @@ -328,6 +328,7 @@ System.out.println("Library info:"); System.out.println(p11Info); @@ -971,7 +952,7 @@ if ((slotID < 0) || showInfo) { long[] slots = p11.C_GetSlotList(false); if (showInfo) { -@@ -522,24 +523,37 @@ +@@ -504,24 +505,37 @@ m(CKM_MD2)); d(MD, "MD5", P11Digest, m(CKM_MD5)); @@ -1010,7 +991,7 @@ m(CKM_SHA512_HMAC)); d(MAC, "SslMacMD5", P11MAC, m(CKM_SSL3_MD5_MAC)); -@@ -637,11 +651,17 @@ +@@ -619,11 +633,17 @@ m(CKM_ECDSA)); d(SIG, "SHA1withECDSA", P11Signature, s("ECDSA"), m(CKM_ECDSA_SHA1, CKM_ECDSA)); @@ -1028,7 +1009,7 @@ m(CKM_ECDSA)); d(SIG, "MD2withRSA", P11Signature, m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); -@@ -649,11 +669,17 @@ +@@ -631,11 +651,17 @@ m(CKM_MD5_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); d(SIG, "SHA1withRSA", P11Signature, m(CKM_SHA1_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); @@ -1047,8 +1028,8 @@ d(KG, "SunTlsRsaPremasterSecret", "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator", diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java 2013-08-21 20:33:03.308316548 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java 2014-12-24 19:58:20.000164073 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved. @@ -1083,8 +1064,8 @@ addMech(CKM_SHA384_KEY_DERIVATION, "CKM_SHA384_KEY_DERIVATION"); addMech(CKM_SHA512_KEY_DERIVATION, "CKM_SHA512_KEY_DERIVATION"); diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/provider/DigestBase.java openjdk/jdk/src/share/classes/sun/security/provider/DigestBase.java ---- openjdk.orig/jdk/src/share/classes/sun/security/provider/DigestBase.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/provider/DigestBase.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/provider/DigestBase.java 2013-08-21 20:33:03.316316678 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/provider/DigestBase.java 2014-12-24 19:58:20.000164073 +0000 @@ -39,7 +39,6 @@ * . abstract void implCompress(byte[] b, int ofs); * . abstract void implDigest(byte[] out, int ofs); @@ -1146,8 +1127,8 @@ - } diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/provider/MD2.java openjdk/jdk/src/share/classes/sun/security/provider/MD2.java ---- openjdk.orig/jdk/src/share/classes/sun/security/provider/MD2.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/provider/MD2.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/provider/MD2.java 2013-08-21 20:33:03.320316743 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/provider/MD2.java 2014-12-24 19:58:20.000164073 +0000 @@ -39,14 +39,14 @@ public final class MD2 extends DigestBase { @@ -1189,8 +1170,8 @@ // reset state and checksum diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/provider/MD4.java openjdk/jdk/src/share/classes/sun/security/provider/MD4.java ---- openjdk.orig/jdk/src/share/classes/sun/security/provider/MD4.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/provider/MD4.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/provider/MD4.java 2013-08-21 20:33:03.320316743 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/provider/MD4.java 2014-12-24 19:58:20.000164073 +0000 @@ -44,9 +44,9 @@ public final class MD4 extends DigestBase { @@ -1226,8 +1207,8 @@ /** diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/provider/MD5.java openjdk/jdk/src/share/classes/sun/security/provider/MD5.java ---- openjdk.orig/jdk/src/share/classes/sun/security/provider/MD5.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/provider/MD5.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/provider/MD5.java 2013-08-21 20:33:03.320316743 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/provider/MD5.java 2014-12-24 19:58:20.000164073 +0000 @@ -39,9 +39,9 @@ public final class MD5 extends DigestBase { @@ -1263,8 +1244,8 @@ /** diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/provider/SHA2.java openjdk/jdk/src/share/classes/sun/security/provider/SHA2.java ---- openjdk.orig/jdk/src/share/classes/sun/security/provider/SHA2.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/provider/SHA2.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/provider/SHA2.java 2013-08-21 20:33:03.324316807 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/provider/SHA2.java 2014-12-24 19:58:20.000164073 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved. @@ -1377,8 +1358,8 @@ + } } diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/provider/SHA5.java openjdk/jdk/src/share/classes/sun/security/provider/SHA5.java ---- openjdk.orig/jdk/src/share/classes/sun/security/provider/SHA5.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/provider/SHA5.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/provider/SHA5.java 2013-08-21 20:33:03.324316807 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/provider/SHA5.java 2014-12-24 19:58:20.004164123 +0000 @@ -82,10 +82,10 @@ }; @@ -1454,8 +1435,8 @@ - } diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/provider/SHA.java openjdk/jdk/src/share/classes/sun/security/provider/SHA.java ---- openjdk.orig/jdk/src/share/classes/sun/security/provider/SHA.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/provider/SHA.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/provider/SHA.java 2013-08-21 20:33:03.324316807 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/provider/SHA.java 2014-12-24 19:58:20.004164123 +0000 @@ -47,10 +47,10 @@ // 64 bytes are included in each hash block so the low order // bits of count are used to know how to pack the bytes into ints @@ -1495,8 +1476,8 @@ /** diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/provider/SunEntries.java openjdk/jdk/src/share/classes/sun/security/provider/SunEntries.java ---- openjdk.orig/jdk/src/share/classes/sun/security/provider/SunEntries.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/provider/SunEntries.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/provider/SunEntries.java 2013-08-21 20:33:03.328316872 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/provider/SunEntries.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved. @@ -1537,8 +1518,8 @@ /* * Algorithm Parameter Generator engines diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/rsa/RSASignature.java openjdk/jdk/src/share/classes/sun/security/rsa/RSASignature.java ---- openjdk.orig/jdk/src/share/classes/sun/security/rsa/RSASignature.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/rsa/RSASignature.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/rsa/RSASignature.java 2013-08-21 20:33:03.348317196 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/rsa/RSASignature.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. @@ -1572,8 +1553,8 @@ public static final class SHA256withRSA extends RSASignature { public SHA256withRSA() { diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java openjdk/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java ---- openjdk.orig/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java 2013-08-21 20:33:03.348317196 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. @@ -1609,8 +1590,8 @@ map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA"); diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/x509/AlgorithmId.java openjdk/jdk/src/share/classes/sun/security/x509/AlgorithmId.java ---- openjdk.orig/jdk/src/share/classes/sun/security/x509/AlgorithmId.java 2014-10-08 23:21:44.739971495 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/x509/AlgorithmId.java 2014-10-08 23:26:20.231788929 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/x509/AlgorithmId.java 2014-12-24 19:57:29.027535128 +0000 ++++ openjdk/jdk/src/share/classes/sun/security/x509/AlgorithmId.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. @@ -1710,8 +1691,8 @@ nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA"); nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA"); diff -Nru openjdk.orig/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java openjdk/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java ---- openjdk.orig/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java 2013-08-21 20:32:57.876228625 +0100 ++++ openjdk/jdk/src/windows/classes/sun/security/mscapi/RSASignature.java 2014-12-24 19:58:20.004164123 +0000 @@ -49,6 +49,7 @@ * following algorithm names: * @@ -1734,8 +1715,8 @@ public MD5() { super("MD5"); diff -Nru openjdk.orig/jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java openjdk/jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java ---- openjdk.orig/jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java 2014-10-08 23:26:07.131607366 +0100 +--- openjdk.orig/jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java 2014-12-24 18:49:01.976433264 +0000 ++++ openjdk/jdk/src/windows/classes/sun/security/mscapi/SunMSCAPI.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved. @@ -1764,8 +1745,8 @@ "sun.security.mscapi.Key"); map.put("Signature.MD2withRSA SupportedKeyClasses", diff -Nru openjdk.orig/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEP.java openjdk/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEP.java ---- openjdk.orig/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEP.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEP.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEP.java 2013-08-21 20:32:58.220234193 +0100 ++++ openjdk/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEP.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. @@ -1809,8 +1790,8 @@ System.out.println("Testing OAEP with hash " + hashAlg + ", " + dataLength + " bytes"); Cipher c = Cipher.getInstance("RSA/ECB/OAEPwith" + hashAlg + "andMGF1Padding", cp); diff -Nru openjdk.orig/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java openjdk/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java ---- openjdk.orig/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java 2013-08-21 20:32:58.220234193 +0100 ++++ openjdk/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. @@ -1827,8 +1808,8 @@ status &= runTest("SHA-384", MGF1ParameterSpec.SHA384, p); status &= runTest("SHA-512", MGF1ParameterSpec.SHA512, p); diff -Nru openjdk.orig/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java openjdk/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java ---- openjdk.orig/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java 2013-08-21 20:32:58.220234193 +0100 ++++ openjdk/jdk/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. @@ -1850,8 +1831,8 @@ public static void main(String[] args) throws Exception { long start = System.currentTimeMillis(); diff -Nru openjdk.orig/jdk/test/com/sun/crypto/provider/KeyGenerator/Test4628062.java openjdk/jdk/test/com/sun/crypto/provider/KeyGenerator/Test4628062.java ---- openjdk.orig/jdk/test/com/sun/crypto/provider/KeyGenerator/Test4628062.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/com/sun/crypto/provider/KeyGenerator/Test4628062.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/com/sun/crypto/provider/KeyGenerator/Test4628062.java 2013-08-21 20:32:58.228234324 +0100 ++++ openjdk/jdk/test/com/sun/crypto/provider/KeyGenerator/Test4628062.java 2014-12-24 19:58:20.004164123 +0000 @@ -23,7 +23,7 @@ /* @@ -1953,8 +1934,8 @@ } } diff -Nru openjdk.orig/jdk/test/com/sun/crypto/provider/Mac/MacClone.java openjdk/jdk/test/com/sun/crypto/provider/Mac/MacClone.java ---- openjdk.orig/jdk/test/com/sun/crypto/provider/Mac/MacClone.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/com/sun/crypto/provider/Mac/MacClone.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/com/sun/crypto/provider/Mac/MacClone.java 2013-08-21 20:32:58.228234324 +0100 ++++ openjdk/jdk/test/com/sun/crypto/provider/Mac/MacClone.java 2014-12-24 19:58:20.004164123 +0000 @@ -28,15 +28,33 @@ * @author Jan Luehe */ @@ -2030,8 +2011,8 @@ } } diff -Nru openjdk.orig/jdk/test/com/sun/crypto/provider/Mac/MacKAT.java openjdk/jdk/test/com/sun/crypto/provider/Mac/MacKAT.java ---- openjdk.orig/jdk/test/com/sun/crypto/provider/Mac/MacKAT.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/com/sun/crypto/provider/Mac/MacKAT.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/com/sun/crypto/provider/Mac/MacKAT.java 2013-08-21 20:32:58.228234324 +0100 ++++ openjdk/jdk/test/com/sun/crypto/provider/Mac/MacKAT.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. @@ -2112,8 +2093,8 @@ KeyGenerator.getInstance("HmacSHA384", p); KeyGenerator.getInstance("HmacSHA512", p); diff -Nru openjdk.orig/jdk/test/sun/security/pkcs11/ec/TestCurves.java openjdk/jdk/test/sun/security/pkcs11/ec/TestCurves.java ---- openjdk.orig/jdk/test/sun/security/pkcs11/ec/TestCurves.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/sun/security/pkcs11/ec/TestCurves.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/sun/security/pkcs11/ec/TestCurves.java 2013-08-21 20:32:58.012230826 +0100 ++++ openjdk/jdk/test/sun/security/pkcs11/ec/TestCurves.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2007, Oracle and/or its affiliates. All rights reserved. @@ -2130,8 +2111,8 @@ testSigning(p, "SHA384withECDSA", data, kp1, kp2); testSigning(p, "SHA512withECDSA", data, kp1, kp2); diff -Nru openjdk.orig/jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java openjdk/jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java ---- openjdk.orig/jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java 2013-08-21 20:32:58.000230633 +0100 ++++ openjdk/jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. @@ -2153,8 +2134,8 @@ t("SHA-256", s("a"), "ca:97:81:12:ca:1b:bd:ca:fa:c2:31:b3:9a:23:dc:4d:a7:86:ef:f8:14:7c:4e:72:b9:80:77:85:af:ee:48:bb"), t("SHA-256", s("abc"), "ba:78:16:bf:8f:01:cf:ea:41:41:40:de:5d:ae:22:23:b0:03:61:a3:96:17:7a:9c:b4:10:ff:61:f2:00:15:ad"), diff -Nru openjdk.orig/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java openjdk/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java ---- openjdk.orig/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java 2013-08-21 20:32:58.024231021 +0100 ++++ openjdk/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. @@ -2171,8 +2152,8 @@ RSAPublicKey rsaKey = (RSAPublicKey)publicKey; if (rsaKey.getModulus().bitLength() > 512) { diff -Nru openjdk.orig/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java openjdk/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java ---- openjdk.orig/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java 2013-08-21 20:32:58.024231021 +0100 ++++ openjdk/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. @@ -2189,8 +2170,8 @@ RSAPublicKey rsaKey = (RSAPublicKey)publicKey; if (rsaKey.getModulus().bitLength() > 512) { diff -Nru openjdk.orig/jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java openjdk/jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java ---- openjdk.orig/jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java 2013-08-21 20:32:58.012230826 +0100 ++++ openjdk/jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. @@ -2208,8 +2189,8 @@ KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p); kpg.initialize(512); diff -Nru openjdk.orig/jdk/test/sun/security/provider/MessageDigest/DigestKAT.java openjdk/jdk/test/sun/security/provider/MessageDigest/DigestKAT.java ---- openjdk.orig/jdk/test/sun/security/provider/MessageDigest/DigestKAT.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/sun/security/provider/MessageDigest/DigestKAT.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/sun/security/provider/MessageDigest/DigestKAT.java 2013-08-21 20:32:58.044231344 +0100 ++++ openjdk/jdk/test/sun/security/provider/MessageDigest/DigestKAT.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved. @@ -2240,8 +2221,8 @@ t("SHA-256", s("a"), "ca:97:81:12:ca:1b:bd:ca:fa:c2:31:b3:9a:23:dc:4d:a7:86:ef:f8:14:7c:4e:72:b9:80:77:85:af:ee:48:bb"), t("SHA-256", s("abc"), "ba:78:16:bf:8f:01:cf:ea:41:41:40:de:5d:ae:22:23:b0:03:61:a3:96:17:7a:9c:b4:10:ff:61:f2:00:15:ad"), diff -Nru openjdk.orig/jdk/test/sun/security/provider/MessageDigest/Offsets.java openjdk/jdk/test/sun/security/provider/MessageDigest/Offsets.java ---- openjdk.orig/jdk/test/sun/security/provider/MessageDigest/Offsets.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/sun/security/provider/MessageDigest/Offsets.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/sun/security/provider/MessageDigest/Offsets.java 2013-08-21 20:32:58.044231344 +0100 ++++ openjdk/jdk/test/sun/security/provider/MessageDigest/Offsets.java 2014-12-24 19:58:20.004164123 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved. @@ -2258,8 +2239,8 @@ test("SHA-384", 0, 128, 0, 256); test("SHA-512", 0, 128, 0, 256); diff -Nru openjdk.orig/jdk/test/sun/security/provider/MessageDigest/TestSHAClone.java openjdk/jdk/test/sun/security/provider/MessageDigest/TestSHAClone.java ---- openjdk.orig/jdk/test/sun/security/provider/MessageDigest/TestSHAClone.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/sun/security/provider/MessageDigest/TestSHAClone.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/sun/security/provider/MessageDigest/TestSHAClone.java 2013-08-21 20:32:58.052231474 +0100 ++++ openjdk/jdk/test/sun/security/provider/MessageDigest/TestSHAClone.java 2014-12-24 19:58:20.008164172 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved. @@ -2286,8 +2267,8 @@ private static byte[] input1 = { diff -Nru openjdk.orig/jdk/test/sun/security/rsa/TestKeyPairGenerator.java openjdk/jdk/test/sun/security/rsa/TestKeyPairGenerator.java ---- openjdk.orig/jdk/test/sun/security/rsa/TestKeyPairGenerator.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/sun/security/rsa/TestKeyPairGenerator.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/sun/security/rsa/TestKeyPairGenerator.java 2013-08-21 20:32:58.088232056 +0100 ++++ openjdk/jdk/test/sun/security/rsa/TestKeyPairGenerator.java 2014-12-24 19:58:20.008164172 +0000 @@ -23,7 +23,7 @@ /** @@ -2306,8 +2287,8 @@ RSAPublicKey rsaKey = (RSAPublicKey)publicKey; if (rsaKey.getModulus().bitLength() > 512) { diff -Nru openjdk.orig/jdk/test/sun/security/rsa/TestSignatures.java openjdk/jdk/test/sun/security/rsa/TestSignatures.java ---- openjdk.orig/jdk/test/sun/security/rsa/TestSignatures.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/sun/security/rsa/TestSignatures.java 2014-10-08 23:26:07.135607422 +0100 +--- openjdk.orig/jdk/test/sun/security/rsa/TestSignatures.java 2013-08-21 20:32:58.088232056 +0100 ++++ openjdk/jdk/test/sun/security/rsa/TestSignatures.java 2014-12-24 19:58:20.008164172 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
--- a/patches/openjdk/7044060-support_nsa_suite_b.patch Wed Dec 24 18:48:30 2014 +0000 +++ b/patches/openjdk/7044060-support_nsa_suite_b.patch Mon Jan 19 17:52:30 2015 +0000 @@ -1,14 +1,14 @@ diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/AESCipher.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/AESCipher.java ---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/AESCipher.java 2014-07-14 04:24:43.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/AESCipher.java 2014-10-08 23:42:37.517304235 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/AESCipher.java 2014-12-24 18:49:01.952432946 +0000 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/AESCipher.java 2014-12-24 20:19:58.491124251 +0000 @@ -1,5 +1,5 @@ /* -- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved. +- * Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it -@@ -47,12 +47,115 @@ +@@ -47,18 +47,122 @@ * @see OutputFeedback */ @@ -125,19 +125,15 @@ /** * Creates an instance of AES cipher with default ECB mode and * PKCS5Padding. -@@ -60,9 +163,9 @@ - * @exception SecurityException if this constructor fails to verify - * its own integrity */ - public AESCipher() { -- SunJCE.ensureIntegrity(getClass()); + protected AESCipher(int keySize) { core = new CipherCore(new AESCrypt(), AESConstants.AES_BLOCK_SIZE); + fixedKeySize = keySize; } /** -@@ -187,6 +290,7 @@ +@@ -183,6 +287,7 @@ */ protected void engineInit(int opmode, Key key, SecureRandom random) throws InvalidKeyException { @@ -145,7 +141,7 @@ core.init(opmode, key, random); } -@@ -218,6 +322,7 @@ +@@ -214,6 +319,7 @@ AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { @@ -153,7 +149,7 @@ core.init(opmode, key, params, random); } -@@ -225,6 +330,7 @@ +@@ -221,6 +327,7 @@ AlgorithmParameters params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { @@ -162,11 +158,11 @@ } diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/AESWrapCipher.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/AESWrapCipher.java ---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/AESWrapCipher.java 2014-07-14 04:24:43.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/AESWrapCipher.java 2014-10-08 23:39:30.602719423 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/AESWrapCipher.java 2014-12-24 18:49:01.952432946 +0000 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/AESWrapCipher.java 2014-12-24 20:19:27.306753452 +0000 @@ -1,5 +1,5 @@ /* -- * Copyright (c) 2004, 2007, Oracle and/or its affiliates. All rights reserved. +- * Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * @@ -201,7 +197,7 @@ private static final byte[] IV = { (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6 -@@ -62,6 +81,12 @@ +@@ -62,12 +81,19 @@ */ private boolean decrypting = false; @@ -214,20 +210,15 @@ /** * Creates an instance of AES KeyWrap cipher with default * mode, i.e. "ECB" and padding scheme, i.e. "NoPadding". -@@ -69,9 +94,11 @@ - * @exception SecurityException if this constructor fails to verify - * its own integrity */ - public AESWrapCipher() { + public AESWrapCipher(int keySize) { - SunJCE.ensureIntegrity(getClass()); cipher = new AESCrypt(); + fixedKeySize = keySize; -+ } /** -@@ -174,6 +201,7 @@ +@@ -170,6 +196,7 @@ throw new UnsupportedOperationException("This cipher can " + "only be used for key wrapping and unwrapping"); } @@ -236,8 +227,8 @@ } diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java ---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java 2014-07-14 04:24:43.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java 2014-10-08 23:37:10.076777154 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java 2013-08-21 20:33:03.876325741 +0100 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java 2014-12-24 20:18:40.126192669 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. @@ -288,8 +279,8 @@ BigInteger x; diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java ---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java 2014-07-14 04:24:43.000000000 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java 2014-10-08 23:37:10.076777154 +0100 +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java 2013-08-21 20:33:03.892325999 +0100 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java 2014-12-24 20:18:40.126192669 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. @@ -324,9 +315,9 @@ exponentSize = dhParamSpec.getExponentSize(); diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java openjdk/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java ---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java 2014-10-08 23:36:49.400491428 +0100 -+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java 2014-10-08 23:37:10.076777154 +0100 -@@ -176,16 +176,67 @@ +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java 2014-12-24 20:10:36.400459042 +0000 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java 2014-12-24 20:18:40.130192717 +0000 +@@ -172,16 +172,67 @@ put("Cipher.Blowfish SupportedKeyFormats", "RAW"); put("Cipher.AES", "com.sun.crypto.provider.AESCipher"); @@ -395,7 +386,7 @@ put("Cipher.RC2", "com.sun.crypto.provider.RC2Cipher"); put("Cipher.RC2 SupportedModes", BLOCK_MODES); -@@ -200,7 +251,7 @@ +@@ -196,7 +247,7 @@ put("Cipher.ARCFOUR SupportedKeyFormats", "RAW"); /* @@ -404,7 +395,7 @@ */ put("KeyGenerator.DES", "com.sun.crypto.provider.DESKeyGenerator"); -@@ -229,6 +280,8 @@ +@@ -225,6 +276,8 @@ put("KeyGenerator.HmacSHA1", "com.sun.crypto.provider.HmacSHA1KeyGenerator"); @@ -413,7 +404,7 @@ put("KeyGenerator.HmacSHA224", "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224"); -@@ -411,6 +464,8 @@ +@@ -407,6 +460,8 @@ */ put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5"); put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1"); @@ -423,8 +414,8 @@ "com.sun.crypto.provider.HmacCore$HmacSHA224"); put("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224"); diff -Nru openjdk.orig/jdk/src/share/classes/java/security/interfaces/DSAKeyPairGenerator.java openjdk/jdk/src/share/classes/java/security/interfaces/DSAKeyPairGenerator.java ---- openjdk.orig/jdk/src/share/classes/java/security/interfaces/DSAKeyPairGenerator.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/java/security/interfaces/DSAKeyPairGenerator.java 2014-10-08 23:37:10.076777154 +0100 +--- openjdk.orig/jdk/src/share/classes/java/security/interfaces/DSAKeyPairGenerator.java 2013-08-21 20:33:07.800389240 +0100 ++++ openjdk/jdk/src/share/classes/java/security/interfaces/DSAKeyPairGenerator.java 2014-12-24 20:18:40.130192717 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2005, Oracle and/or its affiliates. All rights reserved. @@ -475,8 +466,8 @@ public void initialize(int modlen, boolean genParams, SecureRandom random) throws InvalidParameterException; diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java 2014-10-08 23:36:47.440464344 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java 2014-10-08 23:38:45.190091692 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java 2014-12-24 20:10:34.252433649 +0000 ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java 2014-12-24 20:18:40.130192717 +0000 @@ -164,6 +164,10 @@ // if we do the padding private int bytesBuffered; @@ -536,9 +527,9 @@ case Cipher.ENCRYPT_MODE: encrypt = true; diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java 2014-10-08 23:36:49.512492977 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java 2014-10-08 23:38:03.717518477 +0100 -@@ -401,12 +401,8 @@ +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java 2014-12-24 20:10:36.604461454 +0000 ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java 2014-12-24 20:18:40.130192717 +0000 +@@ -383,12 +383,8 @@ return System.identityHashCode(this); } @@ -553,7 +544,7 @@ } private static final class Descriptor { -@@ -523,7 +519,8 @@ +@@ -505,7 +501,8 @@ m(CKM_MD2)); d(MD, "MD5", P11Digest, m(CKM_MD5)); @@ -563,7 +554,7 @@ m(CKM_SHA_1)); d(MD, "SHA-224", P11Digest, -@@ -542,6 +539,7 @@ +@@ -524,6 +521,7 @@ d(MAC, "HmacMD5", P11MAC, m(CKM_MD5_HMAC)); d(MAC, "HmacSHA1", P11MAC, @@ -571,7 +562,7 @@ m(CKM_SHA_1_HMAC)); d(MAC, "HmacSHA224", P11MAC, s("1.2.840.113549.2.8", "OID.1.2.840.113549.2.8"), -@@ -563,6 +561,7 @@ +@@ -545,6 +543,7 @@ d(KPG, "RSA", P11KeyPairGenerator, m(CKM_RSA_PKCS_KEY_PAIR_GEN)); d(KPG, "DSA", P11KeyPairGenerator, @@ -579,7 +570,7 @@ m(CKM_DSA_KEY_PAIR_GEN)); d(KPG, "DH", P11KeyPairGenerator, s("DiffieHellman"), m(CKM_DH_PKCS_KEY_PAIR_GEN)); -@@ -585,6 +584,7 @@ +@@ -567,6 +566,7 @@ d(KF, "RSA", P11RSAKeyFactory, m(CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_RSA_PKCS, CKM_RSA_X_509)); d(KF, "DSA", P11DSAKeyFactory, @@ -587,7 +578,7 @@ m(CKM_DSA_KEY_PAIR_GEN, CKM_DSA, CKM_DSA_SHA1)); d(KF, "DH", P11DHKeyFactory, s("DiffieHellman"), m(CKM_DH_PKCS_KEY_PAIR_GEN, CKM_DH_PKCS_DERIVE)); -@@ -608,6 +608,7 @@ +@@ -590,6 +590,7 @@ d(SKF, "DESede", P11SecretKeyFactory, m(CKM_DES3_CBC)); d(SKF, "AES", P11SecretKeyFactory, @@ -595,7 +586,7 @@ m(CKM_AES_CBC)); d(SKF, "Blowfish", P11SecretKeyFactory, m(CKM_BLOWFISH_CBC)); -@@ -633,10 +634,28 @@ +@@ -615,10 +616,28 @@ m(CKM_DES3_ECB)); d(CIP, "AES/CBC/NoPadding", P11Cipher, m(CKM_AES_CBC)); @@ -624,7 +615,7 @@ d(CIP, "AES/ECB/PKCS5Padding", P11Cipher, s("AES"), m(CKM_AES_ECB)); d(CIP, "AES/CTR/NoPadding", P11Cipher, -@@ -650,13 +669,16 @@ +@@ -632,13 +651,16 @@ d(CIP, "RSA/ECB/PKCS1Padding", P11RSACipher, m(CKM_RSA_PKCS)); @@ -644,7 +635,7 @@ m(CKM_ECDSA_SHA1, CKM_ECDSA)); d(SIG, "SHA224withECDSA", P11Signature, s("1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"), -@@ -671,10 +693,14 @@ +@@ -653,10 +675,14 @@ s("1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"), m(CKM_ECDSA)); d(SIG, "MD2withRSA", P11Signature, @@ -660,8 +651,8 @@ d(SIG, "SHA224withRSA", P11Signature, s("1.2.840.113549.1.1.14", "OID.1.2.840.113549.1.1.14"), diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/provider/DSA.java openjdk/jdk/src/share/classes/sun/security/provider/DSA.java ---- openjdk.orig/jdk/src/share/classes/sun/security/provider/DSA.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/provider/DSA.java 2014-10-08 23:37:11.636798712 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/provider/DSA.java 2013-08-21 20:33:03.312316612 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/provider/DSA.java 2014-12-24 20:18:40.130192717 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2004, Oracle and/or its affiliates. All rights reserved. @@ -1588,8 +1579,8 @@ } } diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java openjdk/jdk/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java ---- openjdk.orig/jdk/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java 2014-10-08 23:37:11.636798712 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java 2013-08-21 20:33:03.316316678 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java 2014-12-24 20:18:40.130192717 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2005, Oracle and/or its affiliates. All rights reserved. @@ -1751,8 +1742,8 @@ /** diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/provider/DSAParameterGenerator.java openjdk/jdk/src/share/classes/sun/security/provider/DSAParameterGenerator.java ---- openjdk.orig/jdk/src/share/classes/sun/security/provider/DSAParameterGenerator.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/provider/DSAParameterGenerator.java 2014-10-08 23:37:11.636798712 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/provider/DSAParameterGenerator.java 2013-08-21 20:33:03.316316678 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/provider/DSAParameterGenerator.java 2014-12-24 20:18:40.130192717 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. @@ -2131,8 +2122,8 @@ - } } diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/provider/ParameterCache.java openjdk/jdk/src/share/classes/sun/security/provider/ParameterCache.java ---- openjdk.orig/jdk/src/share/classes/sun/security/provider/ParameterCache.java 2014-07-14 04:24:45.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/provider/ParameterCache.java 2014-10-08 23:37:11.636798712 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/provider/ParameterCache.java 2013-08-21 20:33:03.320316743 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/provider/ParameterCache.java 2014-12-24 20:18:40.130192717 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. @@ -2371,8 +2362,8 @@ } diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/provider/SunEntries.java openjdk/jdk/src/share/classes/sun/security/provider/SunEntries.java ---- openjdk.orig/jdk/src/share/classes/sun/security/provider/SunEntries.java 2014-10-08 23:36:49.404491484 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/provider/SunEntries.java 2014-10-08 23:37:11.636798712 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/provider/SunEntries.java 2014-12-24 20:10:36.404459089 +0000 ++++ openjdk/jdk/src/share/classes/sun/security/provider/SunEntries.java 2014-12-24 20:18:40.130192717 +0000 @@ -47,6 +47,10 @@ * SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384, * and SHA-512. @@ -2458,7 +2449,7 @@ * Implementation type: software or hardware diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/spec/DSAGenParameterSpec.java openjdk/jdk/src/share/classes/sun/security/spec/DSAGenParameterSpec.java --- openjdk.orig/jdk/src/share/classes/sun/security/spec/DSAGenParameterSpec.java 1970-01-01 01:00:00.000000000 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/spec/DSAGenParameterSpec.java 2014-10-08 23:37:11.636798712 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/spec/DSAGenParameterSpec.java 2014-12-24 20:18:40.130192717 +0000 @@ -0,0 +1,129 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. @@ -2590,8 +2581,8 @@ + } +} diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/x509/AlgorithmId.java openjdk/jdk/src/share/classes/sun/security/x509/AlgorithmId.java ---- openjdk.orig/jdk/src/share/classes/sun/security/x509/AlgorithmId.java 2014-10-08 23:36:49.476492479 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/x509/AlgorithmId.java 2014-10-08 23:37:11.636798712 +0100 +--- openjdk.orig/jdk/src/share/classes/sun/security/x509/AlgorithmId.java 2014-12-24 20:10:36.520460461 +0000 ++++ openjdk/jdk/src/share/classes/sun/security/x509/AlgorithmId.java 2014-12-24 20:18:40.130192717 +0000 @@ -508,6 +508,9 @@ if (name.equalsIgnoreCase("EC")) { return EC_oid; @@ -2661,8 +2652,8 @@ nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA"); nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA"); diff -Nru openjdk.orig/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java openjdk/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java ---- openjdk.orig/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java 2014-10-08 23:37:11.636798712 +0100 +--- openjdk.orig/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java 2013-08-21 20:32:58.224234259 +0100 ++++ openjdk/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java 2014-12-24 20:18:40.130192717 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved. @@ -2722,7 +2713,7 @@ diff -Nru openjdk.orig/jdk/test/sun/security/pkcs11/ec/TestECDH2.java openjdk/jdk/test/sun/security/pkcs11/ec/TestECDH2.java --- openjdk.orig/jdk/test/sun/security/pkcs11/ec/TestECDH2.java 1970-01-01 01:00:00.000000000 +0100 -+++ openjdk/jdk/test/sun/security/pkcs11/ec/TestECDH2.java 2014-10-08 23:37:11.636798712 +0100 ++++ openjdk/jdk/test/sun/security/pkcs11/ec/TestECDH2.java 2014-12-24 20:18:40.134192764 +0000 @@ -0,0 +1,127 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. @@ -2853,7 +2844,7 @@ +} diff -Nru openjdk.orig/jdk/test/sun/security/pkcs11/ec/TestECDSA2.java openjdk/jdk/test/sun/security/pkcs11/ec/TestECDSA2.java --- openjdk.orig/jdk/test/sun/security/pkcs11/ec/TestECDSA2.java 1970-01-01 01:00:00.000000000 +0100 -+++ openjdk/jdk/test/sun/security/pkcs11/ec/TestECDSA2.java 2014-10-08 23:37:11.636798712 +0100 ++++ openjdk/jdk/test/sun/security/pkcs11/ec/TestECDSA2.java 2014-12-24 20:18:40.134192764 +0000 @@ -0,0 +1,122 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. @@ -2979,7 +2970,7 @@ +} diff -Nru openjdk.orig/jdk/test/sun/security/provider/DSA/TestAlgParameterGenerator.java openjdk/jdk/test/sun/security/provider/DSA/TestAlgParameterGenerator.java --- openjdk.orig/jdk/test/sun/security/provider/DSA/TestAlgParameterGenerator.java 1970-01-01 01:00:00.000000000 +0100 -+++ openjdk/jdk/test/sun/security/provider/DSA/TestAlgParameterGenerator.java 2014-10-08 23:37:11.636798712 +0100 ++++ openjdk/jdk/test/sun/security/provider/DSA/TestAlgParameterGenerator.java 2014-12-24 20:18:40.134192764 +0000 @@ -0,0 +1,117 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. @@ -3100,7 +3091,7 @@ +} diff -Nru openjdk.orig/jdk/test/sun/security/provider/DSA/TestDSA2.java openjdk/jdk/test/sun/security/provider/DSA/TestDSA2.java --- openjdk.orig/jdk/test/sun/security/provider/DSA/TestDSA2.java 1970-01-01 01:00:00.000000000 +0100 -+++ openjdk/jdk/test/sun/security/provider/DSA/TestDSA2.java 2014-10-08 23:37:11.636798712 +0100 ++++ openjdk/jdk/test/sun/security/provider/DSA/TestDSA2.java 2014-12-24 20:18:40.134192764 +0000 @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. @@ -3199,8 +3190,8 @@ + } +} diff -Nru openjdk.orig/jdk/test/sun/security/provider/DSA/TestKeyPairGenerator.java openjdk/jdk/test/sun/security/provider/DSA/TestKeyPairGenerator.java ---- openjdk.orig/jdk/test/sun/security/provider/DSA/TestKeyPairGenerator.java 2014-07-14 04:24:44.000000000 +0100 -+++ openjdk/jdk/test/sun/security/provider/DSA/TestKeyPairGenerator.java 2014-10-08 23:37:11.636798712 +0100 +--- openjdk.orig/jdk/test/sun/security/provider/DSA/TestKeyPairGenerator.java 2013-08-21 20:32:58.044231344 +0100 ++++ openjdk/jdk/test/sun/security/provider/DSA/TestKeyPairGenerator.java 2014-12-24 20:18:40.134192764 +0000 @@ -24,7 +24,7 @@ /* * @test
--- a/patches/openjdk/7106773-512_bits_rsa.patch Wed Dec 24 18:48:30 2014 +0000 +++ b/patches/openjdk/7106773-512_bits_rsa.patch Mon Jan 19 17:52:30 2015 +0000 @@ -136,7 +136,7 @@ +++ openjdk/jdk/src/windows/classes/sun/security/mscapi/RSACipher.java 2014-10-08 23:57:43.965856392 +0100 @@ -1,5 +1,5 @@ /* -- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved. +- * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. *
--- a/patches/openjdk/7122142-annotation_race_condition.patch Wed Dec 24 18:48:30 2014 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1955 +0,0 @@ -diff -Nru openjdk.orig/jdk/src/share/classes/java/lang/Class.java openjdk/jdk/src/share/classes/java/lang/Class.java ---- openjdk.orig/jdk/src/share/classes/java/lang/Class.java 2014-10-14 22:40:53.675702174 +0100 -+++ openjdk/jdk/src/share/classes/java/lang/Class.java 2014-10-23 21:50:17.185342994 +0100 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 1994, 2012, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 1994, 2014, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -275,7 +275,7 @@ - } - - /** Called after security check for system loader access checks have been made. */ -- private static native Class forName0(String name, boolean initialize, -+ private static native Class<?> forName0(String name, boolean initialize, - ClassLoader loader, - Class<?> caller) - throws ClassNotFoundException; -@@ -346,15 +346,15 @@ - ); - } - try { -- Class[] empty = {}; -+ Class<?>[] empty = {}; - final Constructor<T> c = getConstructor0(empty, Member.DECLARED); - // Disable accessibility checks on the constructor - // since we have to do the security check here anyway - // (the stack depth is wrong for the Constructor's - // security check to work) -- java.security.AccessController.doPrivileged -- (new java.security.PrivilegedAction() { -- public Object run() { -+ java.security.AccessController.doPrivileged( -+ new java.security.PrivilegedAction<Void>() { -+ public Void run() { - c.setAccessible(true); - return null; - } -@@ -384,7 +384,7 @@ - } - } - private volatile transient Constructor<T> cachedConstructor; -- private volatile transient Class newInstanceCallerCache; -+ private volatile transient Class<?> newInstanceCallerCache; - - - /** -@@ -642,7 +642,7 @@ - if (getGenericSignature() != null) - return (TypeVariable<Class<T>>[])getGenericInfo().getTypeParameters(); - else -- return (TypeVariable<Class<T>>[])new TypeVariable[0]; -+ return (TypeVariable<Class<T>>[])new TypeVariable<?>[0]; - } - - -@@ -906,7 +906,7 @@ - - MethodRepository typeInfo = MethodRepository.make(enclosingInfo.getDescriptor(), - getFactory()); -- Class returnType = toClass(typeInfo.getReturnType()); -+ Class<?> returnType = toClass(typeInfo.getReturnType()); - Type [] parameterTypes = typeInfo.getParameterTypes(); - Class<?>[] parameterClasses = new Class<?>[parameterTypes.length]; - -@@ -1010,12 +1010,12 @@ - - } - -- private static Class toClass(Type o) { -+ private static Class<?> toClass(Type o) { - if (o instanceof GenericArrayType) - return Array.newInstance(toClass(((GenericArrayType)o).getGenericComponentType()), - 0) - .getClass(); -- return (Class)o; -+ return (Class<?>)o; - } - - /** -@@ -1345,13 +1345,13 @@ - // out anything other than public members and (2) public member access - // has already been ok'd by the SecurityManager. - -- Class[] result = (Class[]) java.security.AccessController.doPrivileged -- (new java.security.PrivilegedAction() { -- public Object run() { -- java.util.List<Class> list = new java.util.ArrayList(); -- Class currentClass = Class.this; -+ return java.security.AccessController.doPrivileged( -+ new java.security.PrivilegedAction<Class<?>[]>() { -+ public Class[] run() { -+ List<Class<?>> list = new ArrayList<Class<?>>(); -+ Class<?> currentClass = Class.this; - while (currentClass != null) { -- Class[] members = currentClass.getDeclaredClasses(); -+ Class<?>[] members = currentClass.getDeclaredClasses(); - for (int i = 0; i < members.length; i++) { - if (Modifier.isPublic(members[i].getModifiers())) { - list.add(members[i]); -@@ -1359,12 +1359,9 @@ - } - currentClass = currentClass.getSuperclass(); - } -- Class[] empty = {}; -- return list.toArray(empty); -+ return list.toArray(new Class[0]); - } - }); -- -- return result; - } - - -@@ -2288,7 +2285,7 @@ - return name; - } - if (!name.startsWith("/")) { -- Class c = this; -+ Class<?> c = this; - while (c.isArray()) { - c = c.getComponentType(); - } -@@ -2305,44 +2302,111 @@ - } - - /** -+ * Atomic operations support. -+ */ -+ private static class Atomic { -+ // initialize Unsafe machinery here, since we need to call Class.class instance method -+ // and have to avoid calling it in the static initializer of the Class class... -+ private static final Unsafe unsafe = Unsafe.getUnsafe(); -+ // offset of Class.reflectionData instance field -+ private static final long reflectionDataOffset; -+ // offset of Class.annotationType instance field -+ private static final long annotationTypeOffset; -+ -+ static { -+ Field[] fields = Class.class.getDeclaredFields0(false); // bypass caches -+ reflectionDataOffset = objectFieldOffset(fields, "reflectionData"); -+ annotationTypeOffset = objectFieldOffset(fields, "annotationType"); -+ } -+ -+ private static long objectFieldOffset(Field[] fields, String fieldName) { -+ Field field = searchFields(fields, fieldName); -+ if (field == null) { -+ throw new Error("No " + fieldName + " field found in java.lang.Class"); -+ } -+ return unsafe.objectFieldOffset(field); -+ } -+ -+ static <T> boolean casReflectionData(Class<?> clazz, -+ SoftReference<ReflectionData<T>> oldData, -+ SoftReference<ReflectionData<T>> newData) { -+ return unsafe.compareAndSwapObject(clazz, reflectionDataOffset, oldData, newData); -+ } -+ -+ static <T> boolean casAnnotationType(Class<?> clazz, -+ AnnotationType oldType, -+ AnnotationType newType) { -+ return unsafe.compareAndSwapObject(clazz, annotationTypeOffset, oldType, newType); -+ } -+ } -+ -+ /** - * Reflection support. - */ - - // Caches for certain reflective results - private static boolean useCaches = true; -- private volatile transient SoftReference declaredFields; -- private volatile transient SoftReference publicFields; -- private volatile transient SoftReference declaredMethods; -- private volatile transient SoftReference publicMethods; -- private volatile transient SoftReference declaredConstructors; -- private volatile transient SoftReference publicConstructors; -- // Intermediate results for getFields and getMethods -- private volatile transient SoftReference declaredPublicFields; -- private volatile transient SoftReference declaredPublicMethods; -+ -+ // reflection data that might get invalidated when JVM TI RedefineClasses() is called -+ static class ReflectionData<T> { -+ volatile Field[] declaredFields; -+ volatile Field[] publicFields; -+ volatile Method[] declaredMethods; -+ volatile Method[] publicMethods; -+ volatile Constructor<T>[] declaredConstructors; -+ volatile Constructor<T>[] publicConstructors; -+ // Intermediate results for getFields and getMethods -+ volatile Field[] declaredPublicFields; -+ volatile Method[] declaredPublicMethods; -+ // Value of classRedefinedCount when we created this ReflectionData instance -+ final int redefinedCount; -+ -+ ReflectionData(int redefinedCount) { -+ this.redefinedCount = redefinedCount; -+ } -+ } -+ -+ private volatile transient SoftReference<ReflectionData<T>> reflectionData; - - // Incremented by the VM on each call to JVM TI RedefineClasses() - // that redefines this class or a superclass. - private volatile transient int classRedefinedCount = 0; - -- // Value of classRedefinedCount when we last cleared the cached values -- // that are sensitive to class redefinition. -- private volatile transient int lastRedefinedCount = 0; -- -- // Clears cached values that might possibly have been obsoleted by -- // a class redefinition. -- private void clearCachesOnClassRedefinition() { -- if (lastRedefinedCount != classRedefinedCount) { -- declaredFields = publicFields = declaredPublicFields = null; -- declaredMethods = publicMethods = declaredPublicMethods = null; -- declaredConstructors = publicConstructors = null; -- annotations = declaredAnnotations = null; -- -- // Use of "volatile" (and synchronization by caller in the case -- // of annotations) ensures that no thread sees the update to -- // lastRedefinedCount before seeing the caches cleared. -- // We do not guard against brief windows during which multiple -- // threads might redundantly work to fill an empty cache. -- lastRedefinedCount = classRedefinedCount; -+ // Lazily create and cache ReflectionData -+ private ReflectionData<T> reflectionData() { -+ SoftReference<ReflectionData<T>> reflectionData = this.reflectionData; -+ int classRedefinedCount = this.classRedefinedCount; -+ ReflectionData<T> rd; -+ if (useCaches && -+ reflectionData != null && -+ (rd = reflectionData.get()) != null && -+ rd.redefinedCount == classRedefinedCount) { -+ return rd; -+ } -+ // else no SoftReference or cleared SoftReference or stale ReflectionData -+ // -> create and replace new instance -+ return newReflectionData(reflectionData, classRedefinedCount); -+ } -+ -+ private ReflectionData<T> newReflectionData(SoftReference<ReflectionData<T>> oldReflectionData, -+ int classRedefinedCount) { -+ if (!useCaches) return null; -+ -+ while (true) { -+ ReflectionData<T> rd = new ReflectionData<T>(classRedefinedCount); -+ // try to CAS it... -+ if (Atomic.casReflectionData(this, oldReflectionData, -+ new SoftReference<ReflectionData<T>>(rd))) { -+ return rd; -+ } -+ // else retry -+ oldReflectionData = this.reflectionData; -+ classRedefinedCount = this.classRedefinedCount; -+ if (oldReflectionData != null && -+ (rd = oldReflectionData.get()) != null && -+ rd.redefinedCount == classRedefinedCount) { -+ return rd; -+ } - } - } - -@@ -2370,7 +2434,7 @@ - } - - // Annotations handling -- private native byte[] getRawAnnotations(); -+ native byte[] getRawAnnotations(); - - native ConstantPool getConstantPool(); - -@@ -2385,27 +2449,19 @@ - // via ReflectionFactory.copyField. - private Field[] privateGetDeclaredFields(boolean publicOnly) { - checkInitted(); -- Field[] res = null; -- if (useCaches) { -- clearCachesOnClassRedefinition(); -- if (publicOnly) { -- if (declaredPublicFields != null) { -- res = (Field[]) declaredPublicFields.get(); -- } -- } else { -- if (declaredFields != null) { -- res = (Field[]) declaredFields.get(); -- } -- } -+ Field[] res; -+ ReflectionData<T> rd = reflectionData(); -+ if (rd != null) { -+ res = publicOnly ? rd.declaredPublicFields : rd.declaredFields; - if (res != null) return res; - } - // No cached value available; request value from VM - res = Reflection.filterFields(this, getDeclaredFields0(publicOnly)); -- if (useCaches) { -+ if (rd != null) { - if (publicOnly) { -- declaredPublicFields = new SoftReference(res); -+ rd.declaredPublicFields = res; - } else { -- declaredFields = new SoftReference(res); -+ rd.declaredFields = res; - } - } - return res; -@@ -2414,22 +2470,20 @@ - // Returns an array of "root" fields. These Field objects must NOT - // be propagated to the outside world, but must instead be copied - // via ReflectionFactory.copyField. -- private Field[] privateGetPublicFields(Set traversedInterfaces) { -+ private Field[] privateGetPublicFields(Set<Class<?>> traversedInterfaces) { - checkInitted(); -- Field[] res = null; -- if (useCaches) { -- clearCachesOnClassRedefinition(); -- if (publicFields != null) { -- res = (Field[]) publicFields.get(); -- } -+ Field[] res; -+ ReflectionData<T> rd = reflectionData(); -+ if (rd != null) { -+ res = rd.publicFields; - if (res != null) return res; - } - - // No cached value available; compute value recursively. - // Traverse in correct order for getField(). -- List fields = new ArrayList(); -+ List<Field> fields = new ArrayList<Field>(); - if (traversedInterfaces == null) { -- traversedInterfaces = new HashSet(); -+ traversedInterfaces = new HashSet<Class<?>>(); - } - - // Local fields -@@ -2437,9 +2491,7 @@ - addAll(fields, tmp); - - // Direct superinterfaces, recursively -- Class[] interfaces = getInterfaces(); -- for (int i = 0; i < interfaces.length; i++) { -- Class c = interfaces[i]; -+ for (Class<?> c : getInterfaces()) { - if (!traversedInterfaces.contains(c)) { - traversedInterfaces.add(c); - addAll(fields, c.privateGetPublicFields(traversedInterfaces)); -@@ -2448,7 +2500,7 @@ - - // Direct superclass, recursively - if (!isInterface()) { -- Class c = getSuperclass(); -+ Class<?> c = getSuperclass(); - if (c != null) { - addAll(fields, c.privateGetPublicFields(traversedInterfaces)); - } -@@ -2456,13 +2508,13 @@ - - res = new Field[fields.size()]; - fields.toArray(res); -- if (useCaches) { -- publicFields = new SoftReference(res); -+ if (rd != null) { -+ rd.publicFields = res; - } - return res; - } - -- private static void addAll(Collection c, Field[] o) { -+ private static void addAll(Collection<Field> c, Field[] o) { - for (int i = 0; i < o.length; i++) { - c.add(o[i]); - } -@@ -2478,20 +2530,12 @@ - // Returns an array of "root" constructors. These Constructor - // objects must NOT be propagated to the outside world, but must - // instead be copied via ReflectionFactory.copyConstructor. -- private Constructor[] privateGetDeclaredConstructors(boolean publicOnly) { -+ private Constructor<T>[] privateGetDeclaredConstructors(boolean publicOnly) { - checkInitted(); -- Constructor[] res = null; -- if (useCaches) { -- clearCachesOnClassRedefinition(); -- if (publicOnly) { -- if (publicConstructors != null) { -- res = (Constructor[]) publicConstructors.get(); -- } -- } else { -- if (declaredConstructors != null) { -- res = (Constructor[]) declaredConstructors.get(); -- } -- } -+ Constructor<T>[] res; -+ ReflectionData<T> rd = reflectionData(); -+ if (rd != null) { -+ res = publicOnly ? rd.publicConstructors : rd.declaredConstructors; - if (res != null) return res; - } - // No cached value available; request value from VM -@@ -2500,11 +2544,11 @@ - } else { - res = getDeclaredConstructors0(publicOnly); - } -- if (useCaches) { -+ if (rd != null) { - if (publicOnly) { -- publicConstructors = new SoftReference(res); -+ rd.publicConstructors = res; - } else { -- declaredConstructors = new SoftReference(res); -+ rd.declaredConstructors = res; - } - } - return res; -@@ -2521,27 +2565,19 @@ - // via ReflectionFactory.copyMethod. - private Method[] privateGetDeclaredMethods(boolean publicOnly) { - checkInitted(); -- Method[] res = null; -- if (useCaches) { -- clearCachesOnClassRedefinition(); -- if (publicOnly) { -- if (declaredPublicMethods != null) { -- res = (Method[]) declaredPublicMethods.get(); -- } -- } else { -- if (declaredMethods != null) { -- res = (Method[]) declaredMethods.get(); -- } -- } -+ Method[] res; -+ ReflectionData<T> rd = reflectionData(); -+ if (rd != null) { -+ res = publicOnly ? rd.declaredPublicMethods : rd.declaredMethods; - if (res != null) return res; - } - // No cached value available; request value from VM - res = Reflection.filterMethods(this, getDeclaredMethods0(publicOnly)); -- if (useCaches) { -+ if (rd != null) { - if (publicOnly) { -- declaredPublicMethods = new SoftReference(res); -+ rd.declaredPublicMethods = res; - } else { -- declaredMethods = new SoftReference(res); -+ rd.declaredMethods = res; - } - } - return res; -@@ -2643,12 +2679,10 @@ - // via ReflectionFactory.copyMethod. - private Method[] privateGetPublicMethods() { - checkInitted(); -- Method[] res = null; -- if (useCaches) { -- clearCachesOnClassRedefinition(); -- if (publicMethods != null) { -- res = (Method[]) publicMethods.get(); -- } -+ Method[] res; -+ ReflectionData<T> rd = reflectionData(); -+ if (rd != null) { -+ res = rd.publicMethods; - if (res != null) return res; - } - -@@ -2664,12 +2698,12 @@ - // out concrete implementations inherited from superclasses at - // the end. - MethodArray inheritedMethods = new MethodArray(); -- Class[] interfaces = getInterfaces(); -+ Class<?>[] interfaces = getInterfaces(); - for (int i = 0; i < interfaces.length; i++) { - inheritedMethods.addAll(interfaces[i].privateGetPublicMethods()); - } - if (!isInterface()) { -- Class c = getSuperclass(); -+ Class<?> c = getSuperclass(); - if (c != null) { - MethodArray supers = new MethodArray(); - supers.addAll(c.privateGetPublicMethods()); -@@ -2696,8 +2730,8 @@ - methods.addAllIfNotPresent(inheritedMethods); - methods.compactAndTrim(); - res = methods.getArray(); -- if (useCaches) { -- publicMethods = new SoftReference(res); -+ if (rd != null) { -+ rd.publicMethods = res; - } - return res; - } -@@ -2707,7 +2741,7 @@ - // Helpers for fetchers of one field, method, or constructor - // - -- private Field searchFields(Field[] fields, String name) { -+ private static Field searchFields(Field[] fields, String name) { - String internedName = name.intern(); - for (int i = 0; i < fields.length; i++) { - if (fields[i].getName() == internedName) { -@@ -2725,22 +2759,22 @@ - // of Field objects which have to be created for the common - // case where the field being requested is declared in the - // class which is being queried. -- Field res = null; -+ Field res; - // Search declared public fields - if ((res = searchFields(privateGetDeclaredFields(true), name)) != null) { - return res; - } - // Direct superinterfaces, recursively -- Class[] interfaces = getInterfaces(); -+ Class<?>[] interfaces = getInterfaces(); - for (int i = 0; i < interfaces.length; i++) { -- Class c = interfaces[i]; -+ Class<?> c = interfaces[i]; - if ((res = c.getField0(name)) != null) { - return res; - } - } - // Direct superclass, recursively - if (!isInterface()) { -- Class c = getSuperclass(); -+ Class<?> c = getSuperclass(); - if (c != null) { - if ((res = c.getField0(name)) != null) { - return res; -@@ -2752,7 +2786,7 @@ - - private static Method searchMethods(Method[] methods, - String name, -- Class[] parameterTypes) -+ Class<?>[] parameterTypes) - { - Method res = null; - String internedName = name.intern(); -@@ -2769,7 +2803,7 @@ - } - - -- private Method getMethod0(String name, Class[] parameterTypes) { -+ private Method getMethod0(String name, Class<?>[] parameterTypes) { - // Note: the intent is that the search algorithm this routine - // uses be equivalent to the ordering imposed by - // privateGetPublicMethods(). It fetches only the declared -@@ -2777,7 +2811,7 @@ - // number of Method objects which have to be created for the - // common case where the method being requested is declared in - // the class which is being queried. -- Method res = null; -+ Method res; - // Search declared public methods - if ((res = searchMethods(privateGetDeclaredMethods(true), - name, -@@ -2786,7 +2820,7 @@ - } - // Search superclass's methods - if (!isInterface()) { -- Class c = getSuperclass(); -+ Class<? super T> c = getSuperclass(); - if (c != null) { - if ((res = c.getMethod0(name, parameterTypes)) != null) { - return res; -@@ -2794,9 +2828,9 @@ - } - } - // Search superinterfaces' methods -- Class[] interfaces = getInterfaces(); -+ Class<?>[] interfaces = getInterfaces(); - for (int i = 0; i < interfaces.length; i++) { -- Class c = interfaces[i]; -+ Class<?> c = interfaces[i]; - if ((res = c.getMethod0(name, parameterTypes)) != null) { - return res; - } -@@ -2805,14 +2839,14 @@ - return null; - } - -- private Constructor<T> getConstructor0(Class[] parameterTypes, -+ private Constructor<T> getConstructor0(Class<?>[] parameterTypes, - int which) throws NoSuchMethodException - { -- Constructor[] constructors = privateGetDeclaredConstructors((which == Member.PUBLIC)); -- for (int i = 0; i < constructors.length; i++) { -+ Constructor<T>[] constructors = privateGetDeclaredConstructors((which == Member.PUBLIC)); -+ for (Constructor<T> constructor : constructors) { - if (arrayContentsEq(parameterTypes, -- constructors[i].getParameterTypes())) { -- return getReflectionFactory().copyConstructor(constructors[i]); -+ constructor.getParameterTypes())) { -+ return getReflectionFactory().copyConstructor(constructor); - } - } - throw new NoSuchMethodException(getName() + ".<init>" + argumentTypesToString(parameterTypes)); -@@ -2862,21 +2896,21 @@ - return out; - } - -- private static Constructor[] copyConstructors(Constructor[] arg) { -- Constructor[] out = new Constructor[arg.length]; -+ private static <U> Constructor<U>[] copyConstructors(Constructor<U>[] arg) { -+ Constructor<U>[] out = arg.clone(); - ReflectionFactory fact = getReflectionFactory(); -- for (int i = 0; i < arg.length; i++) { -- out[i] = fact.copyConstructor(arg[i]); -+ for (int i = 0; i < out.length; i++) { -+ out[i] = fact.copyConstructor(out[i]); - } - return out; - } - - private native Field[] getDeclaredFields0(boolean publicOnly); - private native Method[] getDeclaredMethods0(boolean publicOnly); -- private native Constructor[] getDeclaredConstructors0(boolean publicOnly); -- private native Class[] getDeclaredClasses0(); -+ private native Constructor<T>[] getDeclaredConstructors0(boolean publicOnly); -+ private native Class<?>[] getDeclaredClasses0(); - -- private static String argumentTypesToString(Class[] argTypes) { -+ private static String argumentTypesToString(Class<?>[] argTypes) { - StringBuilder buf = new StringBuilder(); - buf.append("("); - if (argTypes != null) { -@@ -2884,7 +2918,7 @@ - if (i > 0) { - buf.append(", "); - } -- Class c = argTypes[i]; -+ Class<?> c = argTypes[i]; - buf.append((c == null) ? "null" : c.getName()); - } - } -@@ -2957,7 +2991,7 @@ - } - - // Retrieves the desired assertion status of this class from the VM -- private static native boolean desiredAssertionStatus0(Class clazz); -+ private static native boolean desiredAssertionStatus0(Class<?> clazz); - - /** - * Returns true if and only if this class was declared as an enum in the -@@ -2978,7 +3012,7 @@ - // Fetches the factory for reflective objects - private static ReflectionFactory getReflectionFactory() { - if (reflectionFactory == null) { -- reflectionFactory = (ReflectionFactory) -+ reflectionFactory = - java.security.AccessController.doPrivileged - (new sun.reflect.ReflectionFactory.GetReflectionFactoryAction()); - } -@@ -3044,9 +3078,9 @@ - if (!isEnum()) return null; - try { - final Method values = getMethod("values"); -- java.security.AccessController.doPrivileged -- (new java.security.PrivilegedAction() { -- public Object run() { -+ java.security.AccessController.doPrivileged( -+ new java.security.PrivilegedAction<Void>() { -+ public Void run() { - values.setAccessible(true); - return null; - } -@@ -3078,7 +3112,7 @@ - getName() + " is not an enum type"); - Map<String, T> m = new HashMap<String, T>(2 * universe.length); - for (T constant : universe) -- m.put(((Enum)constant).name(), constant); -+ m.put(((Enum<?>)constant).name(), constant); - enumConstantDirectory = m; - } - return enumConstantDirectory; -@@ -3178,11 +3212,22 @@ - } - - // Annotations cache -- private transient Map<Class, Annotation> annotations; -- private transient Map<Class, Annotation> declaredAnnotations; -+ private transient Map<Class<? extends Annotation>, Annotation> annotations; -+ private transient Map<Class<? extends Annotation>, Annotation> declaredAnnotations; -+ // Value of classRedefinedCount when we last cleared the cached annotations and declaredAnnotations fields -+ private transient int lastAnnotationsRedefinedCount = 0; -+ -+ // Clears cached values that might possibly have been obsoleted by -+ // a class redefinition. -+ private void clearAnnotationCachesOnClassRedefinition() { -+ if (lastAnnotationsRedefinedCount != classRedefinedCount) { -+ annotations = declaredAnnotations = null; -+ lastAnnotationsRedefinedCount = classRedefinedCount; -+ } -+ } - - private synchronized void initAnnotationsIfNecessary() { -- clearCachesOnClassRedefinition(); -+ clearAnnotationCachesOnClassRedefinition(); - if (annotations != null) - return; - declaredAnnotations = AnnotationParser.parseAnnotations( -@@ -3191,10 +3236,10 @@ - if (superClass == null) { - annotations = declaredAnnotations; - } else { -- annotations = new HashMap<Class, Annotation>(); -+ annotations = new HashMap<Class<? extends Annotation>, Annotation>(); - superClass.initAnnotationsIfNecessary(); -- for (Map.Entry<Class, Annotation> e : superClass.annotations.entrySet()) { -- Class annotationClass = e.getKey(); -+ for (Map.Entry<Class<? extends Annotation>, Annotation> e : superClass.annotations.entrySet()) { -+ Class<? extends Annotation> annotationClass = e.getKey(); - if (AnnotationType.getInstance(annotationClass).isInherited()) - annotations.put(annotationClass, e.getValue()); - } -@@ -3204,10 +3249,11 @@ - - // Annotation types cache their internal (AnnotationType) form - -- private AnnotationType annotationType; -+ @SuppressWarnings("UnusedDeclaration") -+ private volatile transient AnnotationType annotationType; - -- void setAnnotationType(AnnotationType type) { -- annotationType = type; -+ boolean casAnnotationType(AnnotationType oldType, AnnotationType newType) { -+ return Atomic.casAnnotationType(this, oldType, newType); - } - - AnnotationType getAnnotationType() { -diff -Nru openjdk.orig/jdk/src/share/classes/java/lang/reflect/Constructor.java openjdk/jdk/src/share/classes/java/lang/reflect/Constructor.java ---- openjdk.orig/jdk/src/share/classes/java/lang/reflect/Constructor.java 2013-11-22 04:25:09.861029306 +0000 -+++ openjdk/jdk/src/share/classes/java/lang/reflect/Constructor.java 2014-10-23 21:49:38.072708619 +0100 -@@ -65,8 +65,8 @@ - - private Class<T> clazz; - private int slot; -- private Class[] parameterTypes; -- private Class[] exceptionTypes; -+ private Class<?>[] parameterTypes; -+ private Class<?>[] exceptionTypes; - private int modifiers; - // Generics and annotations support - private transient String signature; -@@ -118,8 +118,8 @@ - * package via sun.reflect.LangReflectAccess. - */ - Constructor(Class<T> declaringClass, -- Class[] parameterTypes, -- Class[] checkedExceptions, -+ Class<?>[] parameterTypes, -+ Class<?>[] checkedExceptions, - int modifiers, - int slot, - String signature, -@@ -366,14 +366,14 @@ - } - sb.append(Field.getTypeName(getDeclaringClass())); - sb.append("("); -- Class[] params = parameterTypes; // avoid clone -+ Class<?>[] params = parameterTypes; // avoid clone - for (int j = 0; j < params.length; j++) { - sb.append(Field.getTypeName(params[j])); - if (j < (params.length - 1)) - sb.append(","); - } - sb.append(")"); -- Class[] exceptions = exceptionTypes; // avoid clone -+ Class<?>[] exceptions = exceptionTypes; // avoid clone - if (exceptions.length > 0) { - sb.append(" throws "); - for (int k = 0; k < exceptions.length; k++) { -@@ -454,7 +454,7 @@ - sb.append(" throws "); - for (int k = 0; k < exceptions.length; k++) { - sb.append((exceptions[k] instanceof Class)? -- ((Class)exceptions[k]).getName(): -+ ((Class<?>)exceptions[k]).getName(): - exceptions[k].toString()); - if (k < (exceptions.length - 1)) - sb.append(","); -@@ -630,9 +630,9 @@ - return declaredAnnotations().values().toArray(EMPTY_ANNOTATION_ARRAY); - } - -- private transient Map<Class, Annotation> declaredAnnotations; -+ private transient Map<Class<? extends Annotation>, Annotation> declaredAnnotations; - -- private synchronized Map<Class, Annotation> declaredAnnotations() { -+ private synchronized Map<Class<? extends Annotation>, Annotation> declaredAnnotations() { - if (declaredAnnotations == null) { - declaredAnnotations = AnnotationParser.parseAnnotations( - annotations, sun.misc.SharedSecrets.getJavaLangAccess(). -diff -Nru openjdk.orig/jdk/src/share/classes/java/lang/reflect/Field.java openjdk/jdk/src/share/classes/java/lang/reflect/Field.java ---- openjdk.orig/jdk/src/share/classes/java/lang/reflect/Field.java 2013-11-22 04:25:09.861029306 +0000 -+++ openjdk/jdk/src/share/classes/java/lang/reflect/Field.java 2014-10-23 21:49:38.072708619 +0100 -@@ -59,12 +59,12 @@ - public final - class Field extends AccessibleObject implements Member { - -- private Class clazz; -+ private Class<?> clazz; - private int slot; - // This is guaranteed to be interned by the VM in the 1.4 - // reflection implementation - private String name; -- private Class type; -+ private Class<?> type; - private int modifiers; - // Generics and annotations support - private transient String signature; -@@ -113,9 +113,9 @@ - * instantiation of these objects in Java code from the java.lang - * package via sun.reflect.LangReflectAccess. - */ -- Field(Class declaringClass, -+ Field(Class<?> declaringClass, - String name, -- Class type, -+ Class<?> type, - int modifiers, - int slot, - String signature, -@@ -1090,10 +1090,10 @@ - /* - * Utility routine to paper over array type names - */ -- static String getTypeName(Class type) { -+ static String getTypeName(Class<?> type) { - if (type.isArray()) { - try { -- Class cl = type; -+ Class<?> cl = type; - int dimensions = 0; - while (cl.isArray()) { - dimensions++; -@@ -1130,9 +1130,9 @@ - return declaredAnnotations().values().toArray(EMPTY_ANNOTATION_ARRAY); - } - -- private transient Map<Class, Annotation> declaredAnnotations; -+ private transient Map<Class<? extends Annotation>, Annotation> declaredAnnotations; - -- private synchronized Map<Class, Annotation> declaredAnnotations() { -+ private synchronized Map<Class<? extends Annotation>, Annotation> declaredAnnotations() { - if (declaredAnnotations == null) { - declaredAnnotations = AnnotationParser.parseAnnotations( - annotations, sun.misc.SharedSecrets.getJavaLangAccess(). -diff -Nru openjdk.orig/jdk/src/share/classes/java/lang/reflect/Method.java openjdk/jdk/src/share/classes/java/lang/reflect/Method.java ---- openjdk.orig/jdk/src/share/classes/java/lang/reflect/Method.java 2013-11-22 04:25:09.861029306 +0000 -+++ openjdk/jdk/src/share/classes/java/lang/reflect/Method.java 2014-10-23 21:49:38.072708619 +0100 -@@ -62,14 +62,14 @@ - public final - class Method extends AccessibleObject implements GenericDeclaration, - Member { -- private Class clazz; -+ private Class<?> clazz; - private int slot; - // This is guaranteed to be interned by the VM in the 1.4 - // reflection implementation - private String name; -- private Class returnType; -- private Class[] parameterTypes; -- private Class[] exceptionTypes; -+ private Class<?> returnType; -+ private Class<?>[] parameterTypes; -+ private Class<?>[] exceptionTypes; - private int modifiers; - // Generics and annotations support - private transient String signature; -@@ -121,11 +121,11 @@ - * instantiation of these objects in Java code from the java.lang - * package via sun.reflect.LangReflectAccess. - */ -- Method(Class declaringClass, -+ Method(Class<?> declaringClass, - String name, -- Class[] parameterTypes, -- Class returnType, -- Class[] checkedExceptions, -+ Class<?>[] parameterTypes, -+ Class<?> returnType, -+ Class<?>[] checkedExceptions, - int modifiers, - int slot, - String signature, -@@ -366,8 +366,8 @@ - if (!returnType.equals(other.getReturnType())) - return false; - /* Avoid unnecessary cloning */ -- Class[] params1 = parameterTypes; -- Class[] params2 = other.parameterTypes; -+ Class<?>[] params1 = parameterTypes; -+ Class<?>[] params2 = other.parameterTypes; - if (params1.length == params2.length) { - for (int i = 0; i < params1.length; i++) { - if (params1[i] != params2[i]) -@@ -428,7 +428,7 @@ - sb.append(","); - } - sb.append(")"); -- Class[] exceptions = exceptionTypes; // avoid clone -+ Class<?>[] exceptions = exceptionTypes; // avoid clone - if (exceptions.length > 0) { - sb.append(" throws "); - for (int k = 0; k < exceptions.length; k++) { -@@ -723,9 +723,9 @@ - return declaredAnnotations().values().toArray(EMPTY_ANNOTATION_ARRAY); - } - -- private transient Map<Class, Annotation> declaredAnnotations; -+ private transient Map<Class<? extends Annotation>, Annotation> declaredAnnotations; - -- private synchronized Map<Class, Annotation> declaredAnnotations() { -+ private synchronized Map<Class<? extends Annotation>, Annotation> declaredAnnotations() { - if (declaredAnnotations == null) { - declaredAnnotations = AnnotationParser.parseAnnotations( - annotations, sun.misc.SharedSecrets.getJavaLangAccess(). -@@ -752,7 +752,7 @@ - public Object getDefaultValue() { - if (annotationDefault == null) - return null; -- Class memberType = AnnotationType.invocationHandlerReturnType( -+ Class<?> memberType = AnnotationType.invocationHandlerReturnType( - getReturnType()); - Object result = AnnotationParser.parseMemberValue( - memberType, ByteBuffer.wrap(annotationDefault), -diff -Nru openjdk.orig/jdk/src/share/classes/java/lang/System.java openjdk/jdk/src/share/classes/java/lang/System.java ---- openjdk.orig/jdk/src/share/classes/java/lang/System.java 2014-10-23 21:16:04.814301560 +0100 -+++ openjdk/jdk/src/share/classes/java/lang/System.java 2014-10-23 21:49:38.072708619 +0100 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 1994, 2007, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 1994, 2014, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -1126,12 +1126,15 @@ - public sun.reflect.ConstantPool getConstantPool(Class klass) { - return klass.getConstantPool(); - } -- public void setAnnotationType(Class klass, AnnotationType type) { -- klass.setAnnotationType(type); -+ public boolean casAnnotationType(Class<?> klass, AnnotationType oldType, AnnotationType newType) { -+ return klass.casAnnotationType(oldType, newType); - } - public AnnotationType getAnnotationType(Class klass) { - return klass.getAnnotationType(); - } -+ public byte[] getRawClassAnnotations(Class<?> klass) { -+ return klass.getRawAnnotations(); -+ } - public <E extends Enum<E>> - E[] getEnumConstantsShared(Class<E> klass) { - return klass.getEnumConstantsShared(); -diff -Nru openjdk.orig/jdk/src/share/classes/sun/misc/JavaLangAccess.java openjdk/jdk/src/share/classes/sun/misc/JavaLangAccess.java ---- openjdk.orig/jdk/src/share/classes/sun/misc/JavaLangAccess.java 2013-11-22 04:25:09.917030148 +0000 -+++ openjdk/jdk/src/share/classes/sun/misc/JavaLangAccess.java 2014-10-23 21:49:38.072708619 +0100 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -35,10 +35,10 @@ - ConstantPool getConstantPool(Class klass); - - /** -- * Set the AnnotationType instance corresponding to this class. -+ * Compare-And-Swap the AnnotationType instance corresponding to this class. - * (This method only applies to annotation types.) - */ -- void setAnnotationType(Class klass, AnnotationType annotationType); -+ boolean casAnnotationType(Class<?> klass, AnnotationType oldType, AnnotationType newType); - - /** - * Get the AnnotationType instance corresponding to this class. -@@ -47,6 +47,12 @@ - AnnotationType getAnnotationType(Class klass); - - /** -+ * Get the array of bytes that is the class-file representation -+ * of this Class' annotations. -+ */ -+ byte[] getRawClassAnnotations(Class<?> klass); -+ -+ /** - * Returns the elements of an enum class or null if the - * Class object does not represent an enum type; - * the result is uncloned, cached, and shared by all callers. -diff -Nru openjdk.orig/jdk/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java openjdk/jdk/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java ---- openjdk.orig/jdk/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java 2014-10-14 22:40:53.707702622 +0100 -+++ openjdk/jdk/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java 2014-10-23 21:51:18.178330529 +0100 -@@ -40,10 +40,10 @@ - */ - class AnnotationInvocationHandler implements InvocationHandler, Serializable { - private static final long serialVersionUID = 6182022883658399397L; -- private final Class type; -+ private final Class<? extends Annotation> type; - private final Map<String, Object> memberValues; - -- AnnotationInvocationHandler(Class type, Map<String, Object> memberValues) { -+ AnnotationInvocationHandler(Class<? extends Annotation> type, Map<String, Object> memberValues) { - Class<?>[] superInterfaces = type.getInterfaces(); - if (!type.isAnnotation() || - superInterfaces.length != 1 || -@@ -55,7 +55,7 @@ - - public Object invoke(Object proxy, Method method, Object[] args) { - String member = method.getName(); -- Class[] paramTypes = method.getParameterTypes(); -+ Class<?>[] paramTypes = method.getParameterTypes(); - - // Handle Object and Annotation methods - if (member.equals("equals") && paramTypes.length == 1 && -@@ -92,7 +92,7 @@ - * if Cloneable had a public clone method. - */ - private Object cloneArray(Object array) { -- Class type = array.getClass(); -+ Class<?> type = array.getClass(); - - if (type == byte[].class) { - byte[] byteArray = (byte[])array; -@@ -159,7 +159,7 @@ - * Translates a member value (in "dynamic proxy return form") into a string - */ - private static String memberValueToString(Object value) { -- Class type = value.getClass(); -+ Class<?> type = value.getClass(); - if (!type.isArray()) // primitive, string, class, enum const, - // or annotation - return value.toString(); -@@ -237,7 +237,7 @@ - * two members are identical object references. - */ - private static boolean memberValueEquals(Object v1, Object v2) { -- Class type = v1.getClass(); -+ Class<?> type = v1.getClass(); - - // Check for primitive, string, class, enum const, annotation, - // or ExceptionProxy -@@ -397,7 +397,7 @@ - * Computes hashCode of a member value (in "dynamic proxy return form") - */ - private static int memberValueHashCode(Object value) { -- Class type = value.getClass(); -+ Class<?> type = value.getClass(); - if (!type.isArray()) // primitive, string, class, enum const, - // or annotation - return value.hashCode(); -@@ -435,13 +435,13 @@ - throw new java.io.InvalidObjectException("Non-annotation type in annotation serial stream"); - } - -- Map<String, Class> memberTypes = annotationType.memberTypes(); -+ Map<String, Class<?>> memberTypes = annotationType.memberTypes(); - - // If there are annotation members without values, that - // situation is handled by the invoke method. - for (Map.Entry<String, Object> memberValue : memberValues.entrySet()) { - String name = memberValue.getKey(); -- Class memberType = memberTypes.get(name); -+ Class<?> memberType = memberTypes.get(name); - if (memberType != null) { // i.e. member still exists - Object value = memberValue.getValue(); - if (!(memberType.isInstance(value) || -diff -Nru openjdk.orig/jdk/src/share/classes/sun/reflect/annotation/AnnotationParser.java openjdk/jdk/src/share/classes/sun/reflect/annotation/AnnotationParser.java ---- openjdk.orig/jdk/src/share/classes/sun/reflect/annotation/AnnotationParser.java 2013-08-21 20:33:02.380301529 +0100 -+++ openjdk/jdk/src/share/classes/sun/reflect/annotation/AnnotationParser.java 2014-10-23 21:49:38.076708685 +0100 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -59,15 +59,15 @@ - * @throws AnnotationFormatError if an annotation is found to be - * malformed. - */ -- public static Map<Class, Annotation> parseAnnotations( -+ public static Map<Class<? extends Annotation>, Annotation> parseAnnotations( - byte[] rawAnnotations, - ConstantPool constPool, -- Class container) { -+ Class<?> container) { - if (rawAnnotations == null) - return Collections.emptyMap(); - - try { -- return parseAnnotations2(rawAnnotations, constPool, container); -+ return parseAnnotations2(rawAnnotations, constPool, container, null); - } catch(BufferUnderflowException e) { - throw new AnnotationFormatError("Unexpected end of annotations."); - } catch(IllegalArgumentException e) { -@@ -76,24 +76,53 @@ - } - } - -- private static Map<Class, Annotation> parseAnnotations2( -+ /** -+ * Like {@link #parseAnnotations(byte[], sun.reflect.ConstantPool, Class)} -+ * with an additional parameter {@code selectAnnotationClasses} which selects the -+ * annotation types to parse (other than selected are quickly skipped).<p> -+ * This method is only used to parse select meta annotations in the construction -+ * phase of {@link AnnotationType} instances to prevent infinite recursion. -+ * -+ * @param selectAnnotationClasses an array of annotation types to select when parsing -+ */ -+ static Map<Class<? extends Annotation>, Annotation> parseSelectAnnotations( -+ byte[] rawAnnotations, -+ ConstantPool constPool, -+ Class<?> container, -+ Class<? extends Annotation> ... selectAnnotationClasses) { -+ if (rawAnnotations == null) -+ return Collections.emptyMap(); -+ -+ try { -+ return parseAnnotations2(rawAnnotations, constPool, container, selectAnnotationClasses); -+ } catch(BufferUnderflowException e) { -+ throw new AnnotationFormatError("Unexpected end of annotations."); -+ } catch(IllegalArgumentException e) { -+ // Type mismatch in constant pool -+ throw new AnnotationFormatError(e); -+ } -+ } -+ -+ private static Map<Class<? extends Annotation>, Annotation> parseAnnotations2( - byte[] rawAnnotations, - ConstantPool constPool, -- Class container) { -- Map<Class, Annotation> result = new LinkedHashMap<Class, Annotation>(); -+ Class<?> container, -+ Class<? extends Annotation>[] selectAnnotationClasses) { -+ Map<Class<? extends Annotation>, Annotation> result = -+ new LinkedHashMap<Class<? extends Annotation>, Annotation>(); - ByteBuffer buf = ByteBuffer.wrap(rawAnnotations); - int numAnnotations = buf.getShort() & 0xFFFF; - for (int i = 0; i < numAnnotations; i++) { -- Annotation a = parseAnnotation(buf, constPool, container, false); -+ Annotation a = parseAnnotation2(buf, constPool, container, false, selectAnnotationClasses); - if (a != null) { -- Class klass = a.annotationType(); -- AnnotationType type = AnnotationType.getInstance(klass); -- if (type.retention() == RetentionPolicy.RUNTIME) -- if (result.put(klass, a) != null) -+ Class<? extends Annotation> klass = a.annotationType(); -+ if (AnnotationType.getInstance(klass).retention() == RetentionPolicy.RUNTIME && -+ result.put(klass, a) != null) { - throw new AnnotationFormatError( - "Duplicate annotation for class: "+klass+": " + a); - } - } -+ } - return result; - } - -@@ -123,7 +152,7 @@ - public static Annotation[][] parseParameterAnnotations( - byte[] rawAnnotations, - ConstantPool constPool, -- Class container) { -+ Class<?> container) { - try { - return parseParameterAnnotations2(rawAnnotations, constPool, container); - } catch(BufferUnderflowException e) { -@@ -138,7 +167,7 @@ - private static Annotation[][] parseParameterAnnotations2( - byte[] rawAnnotations, - ConstantPool constPool, -- Class container) { -+ Class<?> container) { - ByteBuffer buf = ByteBuffer.wrap(rawAnnotations); - int numParameters = buf.get() & 0xFF; - Annotation[][] result = new Annotation[numParameters][]; -@@ -188,15 +217,24 @@ - */ - private static Annotation parseAnnotation(ByteBuffer buf, - ConstantPool constPool, -- Class container, -+ Class<?> container, - boolean exceptionOnMissingAnnotationClass) { -+ return parseAnnotation2(buf, constPool, container, exceptionOnMissingAnnotationClass, null); -+ } -+ -+ @SuppressWarnings("unchecked") -+ private static Annotation parseAnnotation2(ByteBuffer buf, -+ ConstantPool constPool, -+ Class<?> container, -+ boolean exceptionOnMissingAnnotationClass, -+ Class<? extends Annotation>[] selectAnnotationClasses) { - int typeIndex = buf.getShort() & 0xFFFF; -- Class annotationClass = null; -+ Class<? extends Annotation> annotationClass = null; - String sig = "[unknown]"; - try { - try { - sig = constPool.getUTF8At(typeIndex); -- annotationClass = parseSig(sig, container); -+ annotationClass = (Class<? extends Annotation>)parseSig(sig, container); - } catch (IllegalArgumentException ex) { - // support obsolete early jsr175 format class files - annotationClass = constPool.getClassAt(typeIndex); -@@ -215,6 +253,10 @@ - skipAnnotation(buf, false); - return null; - } -+ if (selectAnnotationClasses != null && !contains(selectAnnotationClasses, annotationClass)) { -+ skipAnnotation(buf, false); -+ return null; -+ } - AnnotationType type = null; - try { - type = AnnotationType.getInstance(annotationClass); -@@ -223,7 +265,7 @@ - return null; - } - -- Map<String, Class> memberTypes = type.memberTypes(); -+ Map<String, Class<?>> memberTypes = type.memberTypes(); - Map<String, Object> memberValues = - new LinkedHashMap<String, Object>(type.memberDefaults()); - -@@ -231,7 +273,7 @@ - for (int i = 0; i < numMembers; i++) { - int memberNameIndex = buf.getShort() & 0xFFFF; - String memberName = constPool.getUTF8At(memberNameIndex); -- Class memberType = memberTypes.get(memberName); -+ Class<?> memberType = memberTypes.get(memberName); - - if (memberType == null) { - // Member is no longer present in annotation type; ignore it -@@ -252,7 +294,7 @@ - * member -> value map. - */ - public static Annotation annotationForMap( -- Class type, Map<String, Object> memberValues) -+ Class<? extends Annotation> type, Map<String, Object> memberValues) - { - return (Annotation) Proxy.newProxyInstance( - type.getClassLoader(), new Class[] { type }, -@@ -286,14 +328,15 @@ - * The member must be of the indicated type. If it is not, this - * method returns an AnnotationTypeMismatchExceptionProxy. - */ -- public static Object parseMemberValue(Class memberType, ByteBuffer buf, -+ public static Object parseMemberValue(Class<?> memberType, -+ ByteBuffer buf, - ConstantPool constPool, -- Class container) { -+ Class<?> container) { - Object result = null; - int tag = buf.get(); - switch(tag) { - case 'e': -- return parseEnumValue(memberType, buf, constPool, container); -+ return parseEnumValue((Class<? extends Enum<?>>)memberType, buf, constPool, container); - case 'c': - result = parseClassValue(buf, constPool, container); - break; -@@ -361,7 +404,7 @@ - */ - private static Object parseClassValue(ByteBuffer buf, - ConstantPool constPool, -- Class container) { -+ Class<?> container) { - int classIndex = buf.getShort() & 0xFFFF; - try { - try { -@@ -379,7 +422,7 @@ - } - } - -- private static Class<?> parseSig(String sig, Class container) { -+ private static Class<?> parseSig(String sig, Class<?> container) { - if (sig.equals("V")) return void.class; - SignatureParser parser = SignatureParser.make(); - TypeSignature typeSig = parser.parseTypeSig(sig); -@@ -389,7 +432,7 @@ - Type result = reify.getResult(); - return toClass(result); - } -- static Class toClass(Type o) { -+ static Class<?> toClass(Type o) { - if (o instanceof GenericArrayType) - return Array.newInstance(toClass(((GenericArrayType)o).getGenericComponentType()), - 0) -@@ -409,9 +452,9 @@ - * u2 const_name_index; - * } enum_const_value; - */ -- private static Object parseEnumValue(Class enumType, ByteBuffer buf, -+ private static Object parseEnumValue(Class<? extends Enum> enumType, ByteBuffer buf, - ConstantPool constPool, -- Class container) { -+ Class<?> container) { - int typeNameIndex = buf.getShort() & 0xFFFF; - String typeName = constPool.getUTF8At(typeNameIndex); - int constNameIndex = buf.getShort() & 0xFFFF; -@@ -449,12 +492,12 @@ - * If the array values do not match arrayType, an - * AnnotationTypeMismatchExceptionProxy will be returned. - */ -- private static Object parseArray(Class arrayType, -+ private static Object parseArray(Class<?> arrayType, - ByteBuffer buf, - ConstantPool constPool, -- Class container) { -+ Class<?> container) { - int length = buf.getShort() & 0xFFFF; // Number of array components -- Class componentType = arrayType.getComponentType(); -+ Class<?> componentType = arrayType.getComponentType(); - - if (componentType == byte.class) { - return parseByteArray(length, buf, constPool); -@@ -477,11 +520,11 @@ - } else if (componentType == Class.class) { - return parseClassArray(length, buf, constPool, container); - } else if (componentType.isEnum()) { -- return parseEnumArray(length, componentType, buf, -+ return parseEnumArray(length, (Class<? extends Enum>)componentType, buf, - constPool, container); - } else { - assert componentType.isAnnotation(); -- return parseAnnotationArray(length, componentType, buf, -+ return parseAnnotationArray(length, (Class <? extends Annotation>)componentType, buf, - constPool, container); - } - } -@@ -660,8 +703,8 @@ - private static Object parseClassArray(int length, - ByteBuffer buf, - ConstantPool constPool, -- Class container) { -- Object[] result = new Class[length]; -+ Class<?> container) { -+ Object[] result = new Class<?>[length]; - boolean typeMismatch = false; - int tag = 0; - -@@ -677,10 +720,10 @@ - return typeMismatch ? exceptionProxy(tag) : result; - } - -- private static Object parseEnumArray(int length, Class enumType, -+ private static Object parseEnumArray(int length, Class<? extends Enum> enumType, - ByteBuffer buf, - ConstantPool constPool, -- Class container) { -+ Class<?> container) { - Object[] result = (Object[]) Array.newInstance(enumType, length); - boolean typeMismatch = false; - int tag = 0; -@@ -698,10 +741,10 @@ - } - - private static Object parseAnnotationArray(int length, -- Class annotationType, -+ Class<? extends Annotation> annotationType, - ByteBuffer buf, - ConstantPool constPool, -- Class container) { -+ Class<?> container) { - Object[] result = (Object[]) Array.newInstance(annotationType, length); - boolean typeMismatch = false; - int tag = 0; -@@ -788,4 +831,16 @@ - for (int i = 0; i < length; i++) - skipMemberValue(buf); - } -+ -+ /** -+ * Searches for given {@code element} in given {@code array} by identity. -+ * Returns {@code true} if found {@code false} if not. -+ */ -+ private static boolean contains(Object[] array, Object element) { -+ for (Object e : array) -+ if (e == element) -+ return true; -+ return false; -+ } -+ - } -diff -Nru openjdk.orig/jdk/src/share/classes/sun/reflect/annotation/AnnotationType.java openjdk/jdk/src/share/classes/sun/reflect/annotation/AnnotationType.java ---- openjdk.orig/jdk/src/share/classes/sun/reflect/annotation/AnnotationType.java 2013-08-21 20:33:02.380301529 +0100 -+++ openjdk/jdk/src/share/classes/sun/reflect/annotation/AnnotationType.java 2014-10-23 21:49:38.076708685 +0100 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -25,6 +25,8 @@ - - package sun.reflect.annotation; - -+import sun.misc.JavaLangAccess; -+ - import java.lang.annotation.*; - import java.lang.reflect.*; - import java.util.*; -@@ -45,29 +47,28 @@ - * types. This matches the return value that must be used for a - * dynamic proxy, allowing for a simple isInstance test. - */ -- private final Map<String, Class> memberTypes = new HashMap<String,Class>(); -+ private final Map<String, Class<?>> memberTypes; - - /** - * Member name -> default value mapping. - */ -- private final Map<String, Object> memberDefaults = -- new HashMap<String, Object>(); -+ private final Map<String, Object> memberDefaults; - - /** -- * Member name -> Method object mapping. This (and its assoicated -+ * Member name -> Method object mapping. This (and its associated - * accessor) are used only to generate AnnotationTypeMismatchExceptions. - */ -- private final Map<String, Method> members = new HashMap<String, Method>(); -+ private final Map<String, Method> members; - - /** - * The retention policy for this annotation type. - */ -- private RetentionPolicy retention = RetentionPolicy.RUNTIME;; -+ private final RetentionPolicy retention; - - /** - * Whether this annotation type is inherited. - */ -- private boolean inherited = false; -+ private final boolean inherited; - - /** - * Returns an AnnotationType instance for the specified annotation type. -@@ -75,13 +76,20 @@ - * @throw IllegalArgumentException if the specified class object for - * does not represent a valid annotation type - */ -- public static synchronized AnnotationType getInstance( -- Class annotationClass) -+ public static AnnotationType getInstance( -+ Class<? extends Annotation> annotationClass) - { -- AnnotationType result = sun.misc.SharedSecrets.getJavaLangAccess(). -- getAnnotationType(annotationClass); -- if (result == null) -- result = new AnnotationType((Class<?>) annotationClass); -+ JavaLangAccess jla = sun.misc.SharedSecrets.getJavaLangAccess(); -+ AnnotationType result = jla.getAnnotationType(annotationClass); // volatile read -+ if (result == null) { -+ result = new AnnotationType(annotationClass); -+ // try to CAS the AnnotationType: null -> result -+ if (!jla.casAnnotationType(annotationClass, null, result)) { -+ // somebody was quicker -> read its result -+ result = jla.getAnnotationType(annotationClass); -+ assert result != null; -+ } -+ } - - return result; - } -@@ -93,7 +101,7 @@ - * @throw IllegalArgumentException if the specified class object for - * does not represent a valid annotation type - */ -- private AnnotationType(final Class<?> annotationClass) { -+ private AnnotationType(final Class<? extends Annotation> annotationClass) { - if (!annotationClass.isAnnotation()) - throw new IllegalArgumentException("Not an annotation type"); - -@@ -105,32 +113,42 @@ - } - }); - -+ memberTypes = new HashMap<String,Class<?>>(methods.length+1, 1.0f); -+ memberDefaults = new HashMap<String, Object>(0); -+ members = new HashMap<String, Method>(methods.length+1, 1.0f); - - for (Method method : methods) { - if (method.getParameterTypes().length != 0) - throw new IllegalArgumentException(method + " has params"); - String name = method.getName(); -- Class type = method.getReturnType(); -+ Class<?> type = method.getReturnType(); - memberTypes.put(name, invocationHandlerReturnType(type)); - members.put(name, method); - - Object defaultValue = method.getDefaultValue(); - if (defaultValue != null) - memberDefaults.put(name, defaultValue); -- -- members.put(name, method); - } - -- sun.misc.SharedSecrets.getJavaLangAccess(). -- setAnnotationType(annotationClass, this); -- - // Initialize retention, & inherited fields. Special treatment - // of the corresponding annotation types breaks infinite recursion. - if (annotationClass != Retention.class && - annotationClass != Inherited.class) { -- Retention ret = annotationClass.getAnnotation(Retention.class); -+ JavaLangAccess jla = sun.misc.SharedSecrets.getJavaLangAccess(); -+ Map<Class<? extends Annotation>, Annotation> metaAnnotations = -+ AnnotationParser.parseSelectAnnotations( -+ jla.getRawClassAnnotations(annotationClass), -+ jla.getConstantPool(annotationClass), -+ annotationClass, -+ Retention.class, Inherited.class -+ ); -+ Retention ret = (Retention) metaAnnotations.get(Retention.class); - retention = (ret == null ? RetentionPolicy.CLASS : ret.value()); -- inherited = annotationClass.isAnnotationPresent(Inherited.class); -+ inherited = metaAnnotations.containsKey(Inherited.class); -+ } -+ else { -+ retention = RetentionPolicy.RUNTIME; -+ inherited = false; - } - } - -@@ -140,7 +158,7 @@ - * the specified type (which is assumed to be a legal member type - * for an annotation). - */ -- public static Class invocationHandlerReturnType(Class type) { -+ public static Class<?> invocationHandlerReturnType(Class<?> type) { - // Translate primitives to wrappers - if (type == byte.class) - return Byte.class; -@@ -167,7 +185,7 @@ - * Returns member types for this annotation type - * (member name -> type mapping). - */ -- public Map<String, Class> memberTypes() { -+ public Map<String, Class<?>> memberTypes() { - return memberTypes; - } - -@@ -205,11 +223,10 @@ - * For debugging. - */ - public String toString() { -- StringBuffer s = new StringBuffer("Annotation Type:" + "\n"); -- s.append(" Member types: " + memberTypes + "\n"); -- s.append(" Member defaults: " + memberDefaults + "\n"); -- s.append(" Retention policy: " + retention + "\n"); -- s.append(" Inherited: " + inherited); -- return s.toString(); -+ return "Annotation Type:\n" + -+ " Member types: " + memberTypes + "\n" + -+ " Member defaults: " + memberDefaults + "\n" + -+ " Retention policy: " + retention + "\n" + -+ " Inherited: " + inherited; - } - } -diff -Nru openjdk.orig/jdk/src/share/classes/sun/reflect/ReflectionFactory.java openjdk/jdk/src/share/classes/sun/reflect/ReflectionFactory.java ---- openjdk.orig/jdk/src/share/classes/sun/reflect/ReflectionFactory.java 2013-08-21 20:33:02.284299976 +0100 -+++ openjdk/jdk/src/share/classes/sun/reflect/ReflectionFactory.java 2014-10-23 21:49:38.072708619 +0100 -@@ -84,8 +84,8 @@ - * <code>AccessController.doPrivileged</code>. - */ - public static final class GetReflectionFactoryAction -- implements PrivilegedAction { -- public Object run() { -+ implements PrivilegedAction<ReflectionFactory> { -+ public ReflectionFactory run() { - return getReflectionFactory(); - } - } -@@ -164,7 +164,7 @@ - public ConstructorAccessor newConstructorAccessor(Constructor c) { - checkInitted(); - -- Class declaringClass = c.getDeclaringClass(); -+ Class<?> declaringClass = c.getDeclaringClass(); - if (Modifier.isAbstract(declaringClass.getModifiers())) { - return new InstantiationExceptionConstructorAccessorImpl(null); - } -@@ -203,10 +203,10 @@ - // - - /** Creates a new java.lang.reflect.Field. Access checks as per -- java.lang.reflect.AccessibleObject are not overridden. */ -- public Field newField(Class declaringClass, -+ java.lang.reflect.AccessibleObject are not overridden. */ -+ public Field newField(Class<?> declaringClass, - String name, -- Class type, -+ Class<?> type, - int modifiers, - int slot, - String signature, -@@ -223,11 +223,11 @@ - - /** Creates a new java.lang.reflect.Method. Access checks as per - java.lang.reflect.AccessibleObject are not overridden. */ -- public Method newMethod(Class declaringClass, -+ public Method newMethod(Class<?> declaringClass, - String name, -- Class[] parameterTypes, -- Class returnType, -- Class[] checkedExceptions, -+ Class<?>[] parameterTypes, -+ Class<?> returnType, -+ Class<?>[] checkedExceptions, - int modifiers, - int slot, - String signature, -@@ -250,9 +250,9 @@ - - /** Creates a new java.lang.reflect.Constructor. Access checks as - per java.lang.reflect.AccessibleObject are not overridden. */ -- public Constructor newConstructor(Class declaringClass, -- Class[] parameterTypes, -- Class[] checkedExceptions, -+ public Constructor newConstructor(Class<?> declaringClass, -+ Class<?>[] parameterTypes, -+ Class<?>[] checkedExceptions, - int modifiers, - int slot, - String signature, -@@ -310,7 +310,7 @@ - /** Makes a copy of the passed constructor. The returned - constructor is a "child" of the passed one; see the comments - in Constructor.java for details. */ -- public Constructor copyConstructor(Constructor arg) { -+ public <T> Constructor<T> copyConstructor(Constructor<T> arg) { - return langReflectAccess().copyConstructor(arg); - } - -@@ -321,7 +321,7 @@ - // - - public Constructor newConstructorForSerialization -- (Class classToInstantiate, Constructor constructorToCall) -+ (Class<?> classToInstantiate, Constructor constructorToCall) - { - // Fast path - if (constructorToCall.getDeclaringClass() == classToInstantiate) { -@@ -366,8 +366,9 @@ - run, before the system properties are set up. */ - private static void checkInitted() { - if (initted) return; -- AccessController.doPrivileged(new PrivilegedAction() { -- public Object run() { -+ AccessController.doPrivileged( -+ new PrivilegedAction<Void>() { -+ public Void run() { - // Tests to ensure the system properties table is fully - // initialized. This is needed because reflection code is - // called very early in the initialization process (before -diff -Nru openjdk.orig/jdk/test/java/lang/annotation/AnnotationType/AnnotationTypeDeadlockTest.java openjdk/jdk/test/java/lang/annotation/AnnotationType/AnnotationTypeDeadlockTest.java ---- openjdk.orig/jdk/test/java/lang/annotation/AnnotationType/AnnotationTypeDeadlockTest.java 1970-01-01 01:00:00.000000000 +0100 -+++ openjdk/jdk/test/java/lang/annotation/AnnotationType/AnnotationTypeDeadlockTest.java 2014-10-23 21:49:38.076708685 +0100 -@@ -0,0 +1,101 @@ -+/* -+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+/* -+ * @test -+ * @bug 7122142 -+ * @summary Test deadlock situation when recursive annotations are parsed -+ */ -+ -+import java.lang.annotation.Retention; -+import java.lang.management.ManagementFactory; -+import java.lang.management.ThreadInfo; -+import java.lang.management.ThreadMXBean; -+import java.util.concurrent.CountDownLatch; -+import java.util.concurrent.atomic.AtomicInteger; -+ -+import static java.lang.annotation.RetentionPolicy.RUNTIME; -+ -+public class AnnotationTypeDeadlockTest { -+ -+ @Retention(RUNTIME) -+ @AnnB -+ public @interface AnnA { -+ } -+ -+ @Retention(RUNTIME) -+ @AnnA -+ public @interface AnnB { -+ } -+ -+ static class Task extends Thread { -+ final CountDownLatch prepareLatch; -+ final AtomicInteger goLatch; -+ final Class<?> clazz; -+ -+ Task(CountDownLatch prepareLatch, AtomicInteger goLatch, Class<?> clazz) { -+ super(clazz.getSimpleName()); -+ setDaemon(true); // in case it deadlocks -+ this.prepareLatch = prepareLatch; -+ this.goLatch = goLatch; -+ this.clazz = clazz; -+ } -+ -+ @Override -+ public void run() { -+ prepareLatch.countDown(); // notify we are prepared -+ while (goLatch.get() > 0); // spin-wait before go -+ clazz.getDeclaredAnnotations(); -+ } -+ } -+ -+ public static void main(String[] args) throws Exception { -+ CountDownLatch prepareLatch = new CountDownLatch(2); -+ AtomicInteger goLatch = new AtomicInteger(1); -+ Task taskA = new Task(prepareLatch, goLatch, AnnA.class); -+ Task taskB = new Task(prepareLatch, goLatch, AnnB.class); -+ taskA.start(); -+ taskB.start(); -+ // wait until both threads start-up -+ prepareLatch.await(); -+ // let them go -+ goLatch.set(0); -+ // obtain ThreadMXBean -+ ThreadMXBean threadBean = ManagementFactory.getThreadMXBean(); -+ // wait for threads to finish or dead-lock -+ while (taskA.isAlive() || taskB.isAlive()) { -+ // attempt to join threads -+ taskA.join(500L); -+ taskB.join(500L); -+ // detect dead-lock -+ long[] deadlockedIds = threadBean.findMonitorDeadlockedThreads(); -+ if (deadlockedIds != null && deadlockedIds.length > 0) { -+ StringBuilder sb = new StringBuilder("deadlock detected:\n\n"); -+ for (ThreadInfo ti : threadBean.getThreadInfo(deadlockedIds, Integer.MAX_VALUE)) { -+ sb.append(ti); -+ } -+ throw new IllegalStateException(sb.toString()); -+ } -+ } -+ } -+} -diff -Nru openjdk.orig/jdk/test/java/lang/annotation/AnnotationType/AnnotationTypeRuntimeAssumptionTest.java openjdk/jdk/test/java/lang/annotation/AnnotationType/AnnotationTypeRuntimeAssumptionTest.java ---- openjdk.orig/jdk/test/java/lang/annotation/AnnotationType/AnnotationTypeRuntimeAssumptionTest.java 1970-01-01 01:00:00.000000000 +0100 -+++ openjdk/jdk/test/java/lang/annotation/AnnotationType/AnnotationTypeRuntimeAssumptionTest.java 2014-10-23 21:49:38.076708685 +0100 -@@ -0,0 +1,187 @@ -+/* -+ * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+/* -+ * @test -+ * @bug 7122142 -+ * @summary Test consistent parsing of ex-RUNTIME annotations that -+ * were changed and separately compiled to have CLASS retention -+ */ -+ -+import sun.misc.IOUtils; -+ -+import java.io.IOException; -+import java.io.InputStream; -+import java.lang.annotation.Annotation; -+import java.lang.annotation.Retention; -+import java.lang.annotation.RetentionPolicy; -+ -+import static java.lang.annotation.RetentionPolicy.CLASS; -+import static java.lang.annotation.RetentionPolicy.RUNTIME; -+ -+/** -+ * This test simulates a situation where there are two mutually recursive -+ * {@link RetentionPolicy#RUNTIME RUNTIME} annotations {@link AnnA_v1 AnnA_v1} -+ * and {@link AnnB AnnB} and then the first is changed to have -+ * {@link RetentionPolicy#CLASS CLASS} retention and separately compiled. -+ * When {@link AnnA_v1 AnnA_v1} annotation is looked-up on {@link AnnB AnnB} -+ * it still appears to have {@link RetentionPolicy#RUNTIME RUNTIME} retention. -+ */ -+public class AnnotationTypeRuntimeAssumptionTest { -+ -+ @Retention(RUNTIME) -+ @AnnB -+ public @interface AnnA_v1 { -+ } -+ -+ // An alternative version of AnnA_v1 with CLASS retention instead. -+ // Used to simulate separate compilation (see AltClassLoader below). -+ @Retention(CLASS) -+ @AnnB -+ public @interface AnnA_v2 { -+ } -+ -+ @Retention(RUNTIME) -+ @AnnA_v1 -+ public @interface AnnB { -+ } -+ -+ @AnnA_v1 -+ public static class TestTask implements Runnable { -+ @Override -+ public void run() { -+ AnnA_v1 ann1 = getDeclaredAnnotation(TestTask.class, AnnA_v1.class); -+ if (ann1 != null) { -+ throw new IllegalStateException( -+ "@" + ann1.annotationType().getSimpleName() + -+ " found on: " + TestTask.class.getName() + -+ " should not be visible at runtime"); -+ } -+ AnnA_v1 ann2 = getDeclaredAnnotation(AnnB.class, AnnA_v1.class); -+ if (ann2 != null) { -+ throw new IllegalStateException( -+ "@" + ann2.annotationType().getSimpleName() + -+ " found on: " + AnnB.class.getName() + -+ " should not be visible at runtime"); -+ } -+ } -+ -+ private static <A extends Annotation> A getDeclaredAnnotation(Class<?> clazz, Class<A> annotationClass) { -+ for (Annotation ann : clazz.getDeclaredAnnotations()) { -+ if (ann.annotationType() == annotationClass) { -+ return annotationClass.cast(ann); -+ } -+ } -+ return null; -+ } -+ } -+ -+ public static void main(String[] args) throws Exception { -+ ClassLoader altLoader = new AltClassLoader( -+ AnnotationTypeRuntimeAssumptionTest.class.getClassLoader()); -+ -+ Runnable altTask = (Runnable) Class.forName( -+ TestTask.class.getName(), -+ true, -+ altLoader).newInstance(); -+ -+ altTask.run(); -+ } -+ -+ /** -+ * A ClassLoader implementation that loads alternative implementations of -+ * classes. If class name ends with "_v1" it locates instead a class with -+ * name ending with "_v2" and loads that class instead. -+ */ -+ static class AltClassLoader extends ClassLoader { -+ AltClassLoader(ClassLoader parent) { -+ super(parent); -+ } -+ -+ @Override -+ protected Class<?> loadClass(String name, boolean resolve) -+ throws ClassNotFoundException { -+ if (name.indexOf('.') < 0) { // root package is our class -+ synchronized (getClassLoadingLock(name)) { -+ // First, check if the class has already been loaded -+ Class<?> c = findLoadedClass(name); -+ if (c == null) { -+ c = findClass(name); -+ } -+ if (resolve) { -+ resolveClass(c); -+ } -+ return c; -+ } -+ } -+ else { // not our class -+ return super.loadClass(name, resolve); -+ } -+ } -+ -+ @Override -+ protected Class<?> findClass(String name) -+ throws ClassNotFoundException { -+ // special class name -> replace it with alternative name -+ if (name.endsWith("_v1")) { -+ String altName = name.substring(0, name.length() - 3) + "_v2"; -+ String altPath = altName.replace('.', '/').concat(".class"); -+ try (InputStream is = getResourceAsStream(altPath)) { -+ if (is != null) { -+ byte[] bytes = IOUtils.readFully(is, -1, true); -+ // patch class bytes to contain original name -+ for (int i = 0; i < bytes.length - 2; i++) { -+ if (bytes[i] == '_' && -+ bytes[i + 1] == 'v' && -+ bytes[i + 2] == '2') { -+ bytes[i + 2] = '1'; -+ } -+ } -+ return defineClass(name, bytes, 0, bytes.length); -+ } -+ else { -+ throw new ClassNotFoundException(name); -+ } -+ } -+ catch (IOException e) { -+ throw new ClassNotFoundException(name, e); -+ } -+ } -+ else { // not special class name -> just load the class -+ String path = name.replace('.', '/').concat(".class"); -+ try (InputStream is = getResourceAsStream(path)) { -+ if (is != null) { -+ byte[] bytes = IOUtils.readFully(is, -1, true); -+ return defineClass(name, bytes, 0, bytes.length); -+ } -+ else { -+ throw new ClassNotFoundException(name); -+ } -+ } -+ catch (IOException e) { -+ throw new ClassNotFoundException(name, e); -+ } -+ } -+ } -+ } -+}
--- a/patches/openjdk/7161796-wrong_fetch_in_fetch_static_field.patch Wed Dec 24 18:48:30 2014 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,40 +0,0 @@ -# HG changeset patch -# User never -# Date 1334790514 25200 -# Wed Apr 18 16:08:34 2012 -0700 -# Node ID df3d4a91f7f6fa003ca8e2c6a0b73b01eb0fb8fa -# Parent 847da049d62fd7a6c619788e50a57e6b8ffef80f -7161796: PhaseStringOpts::fetch_static_field tries to fetch field from the Klass instead of the mirror -Reviewed-by: twisti - -diff -r 847da049d62f -r df3d4a91f7f6 src/share/vm/opto/stringopts.cpp ---- openjdk/hotspot/src/share/vm/opto/stringopts.cpp Tue Apr 17 11:04:22 2012 -0700 -+++ openjdk/hotspot/src/share/vm/opto/stringopts.cpp Wed Apr 18 16:08:34 2012 -0700 -@@ -897,8 +897,8 @@ - } - - Node* PhaseStringOpts::fetch_static_field(GraphKit& kit, ciField* field) { -- const TypeKlassPtr* klass_type = TypeKlassPtr::make(field->holder()); -- Node* klass_node = __ makecon(klass_type); -+ const TypeInstPtr* mirror_type = TypeInstPtr::make(field->holder()->java_mirror()); -+ Node* klass_node = __ makecon(mirror_type); - BasicType bt = field->layout_type(); - ciType* field_klass = field->type(); - -@@ -913,6 +913,7 @@ - // and may yield a vacuous result if the field is of interface type. - type = TypeOopPtr::make_from_constant(con, true)->isa_oopptr(); - assert(type != NULL, "field singleton type must be consistent"); -+ return __ makecon(type); - } else { - type = TypeOopPtr::make_from_klass(field_klass->as_klass()); - } -@@ -922,7 +923,7 @@ - - return kit.make_load(NULL, kit.basic_plus_adr(klass_node, field->offset_in_bytes()), - type, T_OBJECT, -- C->get_alias_index(klass_type->add_offset(field->offset_in_bytes()))); -+ C->get_alias_index(mirror_type->add_offset(field->offset_in_bytes()))); - } - - Node* PhaseStringOpts::int_stringSize(GraphKit& kit, Node* arg) {
--- a/patches/openjdk/8006935-long_keys_in_hmac_prf.patch Wed Dec 24 18:48:30 2014 +0000 +++ b/patches/openjdk/8006935-long_keys_in_hmac_prf.patch Mon Jan 19 17:52:30 2015 +0000 @@ -3,7 +3,7 @@ +++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java 2014-10-08 23:47:13.825128435 +0100 @@ -1,5 +1,5 @@ /* -- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved. +- * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. *
--- a/patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch Wed Dec 24 18:48:30 2014 +0000 +++ b/patches/openjdk/p11cipher-4898461-support_ecb_and_cbc.patch Mon Jan 19 17:52:30 2015 +0000 @@ -852,13 +852,6 @@ diff -Nru openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java --- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java 2012-09-21 20:03:48.000000000 +0100 +++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java 2012-10-23 18:09:25.964291180 +0100 -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it @@ -601,14 +601,26 @@ // XXX attributes for Ciphers (supported modes, padding) d(CIP, "ARCFOUR", P11Cipher, s("RC4"),
--- a/patches/openjdk/p11cipher-6604496-support_ckm_aes_ctr.patch Wed Dec 24 18:48:30 2014 +0000 +++ b/patches/openjdk/p11cipher-6604496-support_ckm_aes_ctr.patch Mon Jan 19 17:52:30 2015 +0000 @@ -102,7 +102,7 @@ +++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java 2012-10-24 03:20:31.807709327 +0100 @@ -1,5 +1,5 @@ /* -- * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. +- * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. *