Mercurial > hg > openjdk > jdk8u > jdk
changeset 12983:076daed81c0a jdk8u172-b05
Merge
author | asaha |
---|---|
date | Tue, 06 Feb 2018 11:06:30 -0800 |
parents | 412b77573557 (current diff) e9f80469c8f1 (diff) |
children | 1fc8d9f8ca5b |
files | .hgtags |
diffstat | 11 files changed, 53 insertions(+), 27 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Fri Jan 26 17:44:24 2018 +0000 +++ b/.hgtags Tue Feb 06 11:06:30 2018 -0800 @@ -862,6 +862,7 @@ cac020298633fc736f5e21afddf00145665ef0a7 jdk8u171-b02 c260afc0c5a13407aad4f066f81fba814bb0cbae jdk8u171-b03 ac700f67341a20ddae093c319da1c65e41edcacd jdk8u171-b04 +863ef3413aa42c15fbdc14fef6732f2741f97046 jdk8u171-b05 64df143be721d3ef031d765d86277c1e114d627a jdk8u172-b00 25f7b0cd25cf13106783050fc8e6f4a78487a7bd jdk8u172-b01 db8272cb8c99eea536a66c4c368c4bf2bf013a81 jdk8u172-b02
--- a/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java Fri Jan 26 17:44:24 2018 +0000 +++ b/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java Tue Feb 06 11:06:30 2018 -0800 @@ -473,6 +473,9 @@ } catch (InvalidKeyException ike) { // should never happen throw new RuntimeException("Internal cipher key is corrupted"); + } catch (InvalidAlgorithmParameterException iape) { + // should never happen + throw new RuntimeException("Internal cipher IV is invalid"); } byte[] out2 = new byte[out.length]; cipher.encrypt(out, 0, out.length, out2, 0); @@ -484,6 +487,9 @@ } catch (InvalidKeyException ike) { // should never happen throw new RuntimeException("Internal cipher key is corrupted"); + } catch (InvalidAlgorithmParameterException iape) { + // should never happen + throw new RuntimeException("Internal cipher IV is invalid"); } return out2; } @@ -527,8 +533,12 @@ } iv = new byte[IV_LEN]; System.arraycopy(buffer, 0, iv, 0, iv.length); - cipher.init(true, cipherKey.getAlgorithm(), cipherKey.getEncoded(), + try { + cipher.init(true, cipherKey.getAlgorithm(), cipherKey.getEncoded(), iv); + } catch (InvalidAlgorithmParameterException iape) { + throw new InvalidKeyException("IV in wrapped key is invalid"); + } byte[] buffer2 = new byte[buffer.length - iv.length]; cipher.decrypt(buffer, iv.length, buffer2.length, buffer2, 0); @@ -541,8 +551,12 @@ } } // restore cipher state to prior to this call - cipher.init(decrypting, cipherKey.getAlgorithm(), + try { + cipher.init(decrypting, cipherKey.getAlgorithm(), cipherKey.getEncoded(), IV2); + } catch (InvalidAlgorithmParameterException iape) { + throw new InvalidKeyException("IV in wrapped key is invalid"); + } byte[] out = new byte[keyValLen]; System.arraycopy(buffer2, 0, out, 0, keyValLen); return ConstructKeys.constructKey(out, wrappedKeyAlgorithm,
--- a/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java Fri Jan 26 17:44:24 2018 +0000 +++ b/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java Tue Feb 06 11:06:30 2018 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ package com.sun.crypto.provider; import java.security.InvalidKeyException; +import java.security.InvalidAlgorithmParameterException; import javax.crypto.*; /** @@ -99,7 +100,8 @@ * initializing this cipher */ abstract void init(boolean decrypting, String algorithm, byte[] key, - byte[] iv) throws InvalidKeyException; + byte[] iv) throws InvalidKeyException, + InvalidAlgorithmParameterException; /** * Gets the initialization vector.
--- a/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java Fri Jan 26 17:44:24 2018 +0000 +++ b/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java Tue Feb 06 11:06:30 2018 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -262,8 +262,9 @@ * @exception InvalidKeyException if the given key is inappropriate for * initializing this cipher */ + @Override void init(boolean decrypting, String algorithm, byte[] key, byte[] iv) - throws InvalidKeyException { + throws InvalidKeyException, InvalidAlgorithmParameterException { init(decrypting, algorithm, key, iv, DEFAULT_TAG_LEN); } @@ -282,10 +283,16 @@ */ void init(boolean decrypting, String algorithm, byte[] keyValue, byte[] ivValue, int tagLenBytes) - throws InvalidKeyException { - if (keyValue == null || ivValue == null) { + throws InvalidKeyException, InvalidAlgorithmParameterException { + if (keyValue == null) { throw new InvalidKeyException("Internal error"); } + if (ivValue == null) { + throw new InvalidAlgorithmParameterException("Internal error"); + } + if (ivValue.length == 0) { + throw new InvalidAlgorithmParameterException("IV is empty"); + } // always encrypt mode for embedded cipher this.embeddedCipher.init(false, algorithm, keyValue);
--- a/src/share/lib/security/java.security-aix Fri Jan 26 17:44:24 2018 +0000 +++ b/src/share/lib/security/java.security-aix Tue Feb 06 11:06:30 2018 -0800 @@ -620,7 +620,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-linux Fri Jan 26 17:44:24 2018 +0000 +++ b/src/share/lib/security/java.security-linux Tue Feb 06 11:06:30 2018 -0800 @@ -620,7 +620,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-macosx Fri Jan 26 17:44:24 2018 +0000 +++ b/src/share/lib/security/java.security-macosx Tue Feb 06 11:06:30 2018 -0800 @@ -623,7 +623,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-solaris Fri Jan 26 17:44:24 2018 +0000 +++ b/src/share/lib/security/java.security-solaris Tue Feb 06 11:06:30 2018 -0800 @@ -622,7 +622,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/src/share/lib/security/java.security-windows Fri Jan 26 17:44:24 2018 +0000 +++ b/src/share/lib/security/java.security-windows Tue Feb 06 11:06:30 2018 -0800 @@ -623,7 +623,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224, DES40_CBC, RC4_40 + EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation.
--- a/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java Fri Jan 26 17:44:24 2018 +0000 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java Tue Feb 06 11:06:30 2018 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,21 +21,20 @@ * questions. */ +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + /* * @test - * @bug 4474255 - * @test 1.1 01/06/27 - * @bug 4484246 + * @bug 4474255 4484246 * @summary When an application enables anonymous SSL cipher suite, * Hostname verification is not required * @run main/othervm ComHostnameVerifier - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. */ import java.io.*; import java.net.*; +import java.security.Security; import javax.net.ssl.*; import javax.security.cert.*; import com.sun.net.ssl.HostnameVerifier; @@ -249,6 +248,8 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // re-enable 3DES + Security.setProperty("jdk.tls.disabledAlgorithms", ""); if (debug) System.setProperty("javax.net.debug", "all");
--- a/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java Fri Jan 26 17:44:24 2018 +0000 +++ b/test/sun/security/ssl/sun/net/www/protocol/https/NewImpl/JavaxHostnameVerifier.java Tue Feb 06 11:06:30 2018 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,21 +21,20 @@ * questions. */ +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. + /* * @test - * @bug 4474255 - * @test 1.1 01/06/27 - * @bug 4484246 + * @bug 4474255 4484246 * @summary When an application enables anonymous SSL cipher suite, * Hostname verification is not required * @run main/othervm JavaxHostnameVerifier - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. */ import java.io.*; import java.net.*; +import java.security.Security; import java.security.cert.*; import javax.net.ssl.*; @@ -244,6 +243,8 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // re-enable 3DES + Security.setProperty("jdk.tls.disabledAlgorithms", ""); if (debug) System.setProperty("javax.net.debug", "all");