Mercurial > hg > openjdk > jdk8u > jdk
changeset 11968:820ef12b2a56 jdk8u112-b09
Merge
author | asaha |
---|---|
date | Tue, 16 Aug 2016 13:03:10 -0700 |
parents | edc6bcef9ec2 (current diff) 992a559512df (diff) |
children | e7fcd2c337c4 |
files | .hgtags |
diffstat | 21 files changed, 463 insertions(+), 36 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Mon Aug 08 13:19:15 2016 -0700 +++ b/.hgtags Tue Aug 16 13:03:10 2016 -0700 @@ -637,6 +637,7 @@ 6c822cce832523a5aee9632e28065f0c302187ed jdk8u111-b06 1afe84012d643b4092dbf25f1cbb761508c19ed2 jdk8u111-b07 9760ea9a63c0d48956392256bb7769ab40f2a2f7 jdk8u111-b08 +c959cff8f7accc5dc2a334a977a95fe1dcb9e812 jdk8u111-b09 47e20a90bdbb2327289e330606b73a9fe4dc857e jdk8u112-b00 96393e490afd4acba5b92c5ede68dc9bbb60a38e jdk8u112-b01 b44d695f738baba091370828b84ae2c4cd715c1b jdk8u112-b02
--- a/make/mapfiles/libjava/mapfile-vers Mon Aug 08 13:19:15 2016 -0700 +++ b/make/mapfiles/libjava/mapfile-vers Tue Aug 16 13:03:10 2016 -0700 @@ -56,6 +56,7 @@ JNU_ThrowArrayIndexOutOfBoundsException; JNU_ThrowByName; JNU_ThrowByNameWithLastError; + JNU_ThrowByNameWithMessageAndLastError; JNU_ThrowClassNotFoundException; JNU_ThrowIllegalAccessError; JNU_ThrowIllegalAccessException;
--- a/src/share/classes/sun/security/pkcs/SignerInfo.java Mon Aug 08 13:19:15 2016 -0700 +++ b/src/share/classes/sun/security/pkcs/SignerInfo.java Tue Aug 16 13:03:10 2016 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,20 +28,37 @@ import java.io.OutputStream; import java.io.IOException; import java.math.BigInteger; +import java.security.CryptoPrimitive; +import java.security.InvalidKeyException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.Principal; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; +import java.security.Timestamp; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.CertPath; import java.security.cert.X509Certificate; -import java.security.*; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; +import sun.misc.HexDumpEncoder; import sun.security.timestamp.TimestampToken; -import sun.security.util.*; +import sun.security.util.Debug; +import sun.security.util.DerEncoder; +import sun.security.util.DerInputStream; +import sun.security.util.DerOutputStream; +import sun.security.util.DerValue; +import sun.security.util.DisabledAlgorithmConstraints; +import sun.security.util.ObjectIdentifier; import sun.security.x509.AlgorithmId; import sun.security.x509.X500Name; import sun.security.x509.KeyUsageExtension; -import sun.misc.HexDumpEncoder; /** * A SignerInfo, as defined in PKCS#7's signedData type. @@ -50,6 +67,17 @@ */ public class SignerInfo implements DerEncoder { + // Digest and Signature restrictions + private static final Set<CryptoPrimitive> DIGEST_PRIMITIVE_SET = + Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.MESSAGE_DIGEST)); + + private static final Set<CryptoPrimitive> SIG_PRIMITIVE_SET = + Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE)); + + private static final DisabledAlgorithmConstraints JAR_DISABLED_CHECK = + new DisabledAlgorithmConstraints( + DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS); + BigInteger version; X500Name issuerName; BigInteger certificateSerialNumber; @@ -318,6 +346,13 @@ if (messageDigest == null) // fail if there is no message digest return null; + // check that algorithm is not restricted + if (!JAR_DISABLED_CHECK.permits(DIGEST_PRIMITIVE_SET, + digestAlgname, null)) { + throw new SignatureException("Digest check failed. " + + "Disabled algorithm used: " + digestAlgname); + } + MessageDigest md = MessageDigest.getInstance(digestAlgname); byte[] computedMessageDigest = md.digest(data); @@ -349,12 +384,24 @@ String algname = AlgorithmId.makeSigAlg( digestAlgname, encryptionAlgname); - Signature sig = Signature.getInstance(algname); + // check that algorithm is not restricted + if (!JAR_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, algname, null)) { + throw new SignatureException("Signature check failed. " + + "Disabled algorithm used: " + algname); + } + X509Certificate cert = getCertificate(block); - + PublicKey key = cert.getPublicKey(); if (cert == null) { return null; } + + // check if the public key is restricted + if (!JAR_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) { + throw new SignatureException("Public key check failed. " + + "Disabled algorithm used: " + key.getAlgorithm()); + } + if (cert.hasUnsupportedCriticalExtension()) { throw new SignatureException("Certificate has unsupported " + "critical extension(s)"); @@ -391,11 +438,9 @@ } } - PublicKey key = cert.getPublicKey(); + Signature sig = Signature.getInstance(algname); sig.initVerify(key); - sig.update(dataSigned); - if (sig.verify(encryptedDigest)) { return this; } @@ -515,9 +560,16 @@ */ private void verifyTimestamp(TimestampToken token) throws NoSuchAlgorithmException, SignatureException { + String digestAlgname = token.getHashAlgorithm().getName(); + // check that algorithm is not restricted + if (!JAR_DISABLED_CHECK.permits(DIGEST_PRIMITIVE_SET, digestAlgname, + null)) { + throw new SignatureException("Timestamp token digest check failed. " + + "Disabled algorithm used: " + digestAlgname); + } MessageDigest md = - MessageDigest.getInstance(token.getHashAlgorithm().getName()); + MessageDigest.getInstance(digestAlgname); if (!Arrays.equals(token.getHashedMessage(), md.digest(encryptedDigest))) {
--- a/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java Mon Aug 08 13:19:15 2016 -0700 +++ b/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java Tue Aug 16 13:03:10 2016 -0700 @@ -48,8 +48,12 @@ private static void loadAlgorithmsMap(Map<String, String[]> algorithmsMap, String propertyName) { String property = AccessController.doPrivileged( - (PrivilegedAction<String>) () -> Security.getProperty( - propertyName)); + new PrivilegedAction<String>() { + @Override + public String run() { + return Security.getProperty(propertyName); + } + }); String[] algorithmsInProperty = null; if (property != null && !property.isEmpty()) {
--- a/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Mon Aug 08 13:19:15 2016 -0700 +++ b/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Tue Aug 16 13:03:10 2016 -0700 @@ -58,6 +58,10 @@ private final static Map<String, KeySizeConstraints> keySizeConstraintsMap = new HashMap<>(); + // the known security property, jdk.jar.disabledAlgorithms + public static final String PROPERTY_JAR_DISABLED_ALGS = + "jdk.jar.disabledAlgorithms"; + private final String[] disabledAlgorithms; private final KeySizeConstraints keySizeConstraints; @@ -71,6 +75,14 @@ this(propertyName, new AlgorithmDecomposer()); } + /** + * Initialize algorithm constraints with the specified security property + * for a specific usage type. + * + * @param propertyName the security property name that define the disabled + * algorithm constraints + * @param decomposer an alternate AlgorithmDecomposer. + */ public DisabledAlgorithmConstraints(String propertyName, AlgorithmDecomposer decomposer) { super(decomposer);
--- a/src/share/classes/sun/security/util/SignatureFileVerifier.java Mon Aug 08 13:19:15 2016 -0700 +++ b/src/share/classes/sun/security/util/SignatureFileVerifier.java Tue Aug 16 13:03:10 2016 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,26 +25,49 @@ package sun.security.util; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.security.CodeSigner; +import java.security.CryptoPrimitive; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.SignatureException; import java.security.cert.CertPath; import java.security.cert.X509Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; -import java.security.*; -import java.io.*; -import java.util.*; -import java.util.jar.*; - -import sun.security.pkcs.*; +import java.util.ArrayList; import java.util.Base64; +import java.util.Collections; +import java.util.EnumSet; +import java.util.HashMap; +import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Set; +import java.util.jar.Attributes; +import java.util.jar.JarException; +import java.util.jar.JarFile; +import java.util.jar.Manifest; import sun.security.jca.Providers; +import sun.security.pkcs.PKCS7; +import sun.security.pkcs.SignerInfo; public class SignatureFileVerifier { /* Are we debugging ? */ private static final Debug debug = Debug.getInstance("jar"); - /* cache of CodeSigner objects */ + private static final Set<CryptoPrimitive> DIGEST_PRIMITIVE_SET = + Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.MESSAGE_DIGEST)); + + private static final DisabledAlgorithmConstraints JAR_DISABLED_CHECK = + new DisabledAlgorithmConstraints( + DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS); + private ArrayList<CodeSigner[]> signerCache; private static final String ATTR_DIGEST = @@ -200,8 +223,15 @@ /** get digest from cache */ - private MessageDigest getDigest(String algorithm) - { + private MessageDigest getDigest(String algorithm) throws SignatureException { + // check that algorithm is not restricted + if (!JAR_DISABLED_CHECK.permits(DIGEST_PRIMITIVE_SET, algorithm, null)) { + SignatureException e = + new SignatureException("SignatureFile check failed. " + + "Disabled algorithm used: " + algorithm); + throw e; + } + if (createdDigests == null) createdDigests = new HashMap<String, MessageDigest>(); @@ -321,7 +351,7 @@ private boolean verifyManifestHash(Manifest sf, ManifestDigester md, List<Object> manifestDigests) - throws IOException + throws IOException, SignatureException { Attributes mattr = sf.getMainAttributes(); boolean manifestSigned = false; @@ -365,7 +395,7 @@ private boolean verifyManifestMainAttrs(Manifest sf, ManifestDigester md) - throws IOException + throws IOException, SignatureException { Attributes mattr = sf.getMainAttributes(); boolean attrsVerified = true; @@ -431,14 +461,14 @@ private boolean verifySection(Attributes sfAttr, String name, ManifestDigester md) - throws IOException + throws IOException, SignatureException { boolean oneDigestVerified = false; ManifestDigester.Entry mde = md.get(name,block.isOldStyle()); if (mde == null) { throw new SecurityException( - "no manifiest section for signature file entry "+name); + "no manifest section for signature file entry "+name); } if (sfAttr != null) {
--- a/src/share/lib/security/java.security-aix Mon Aug 08 13:19:15 2016 -0700 +++ b/src/share/lib/security/java.security-aix Tue Aug 16 13:03:10 2016 -0700 @@ -624,3 +624,41 @@ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024
--- a/src/share/lib/security/java.security-linux Mon Aug 08 13:19:15 2016 -0700 +++ b/src/share/lib/security/java.security-linux Tue Aug 16 13:03:10 2016 -0700 @@ -624,3 +624,41 @@ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024
--- a/src/share/lib/security/java.security-macosx Mon Aug 08 13:19:15 2016 -0700 +++ b/src/share/lib/security/java.security-macosx Tue Aug 16 13:03:10 2016 -0700 @@ -627,3 +627,41 @@ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024
--- a/src/share/lib/security/java.security-solaris Mon Aug 08 13:19:15 2016 -0700 +++ b/src/share/lib/security/java.security-solaris Tue Aug 16 13:03:10 2016 -0700 @@ -626,3 +626,41 @@ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024
--- a/src/share/lib/security/java.security-windows Mon Aug 08 13:19:15 2016 -0700 +++ b/src/share/lib/security/java.security-windows Tue Aug 16 13:03:10 2016 -0700 @@ -627,3 +627,41 @@ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024
--- a/src/share/native/common/jni_util.c Mon Aug 08 13:19:15 2016 -0700 +++ b/src/share/native/common/jni_util.c Tue Aug 16 13:03:10 2016 -0700 @@ -148,6 +148,61 @@ } +/* + * Throw an exception by name, using a given message and the string + * returned by getLastErrorString to construct the detail string. + */ +JNIEXPORT void JNICALL +JNU_ThrowByNameWithMessageAndLastError + (JNIEnv *env, const char *name, const char *message) +{ + char buf[256]; + size_t n = getLastErrorString(buf, sizeof(buf)); + size_t messagelen = message == NULL ? 0 : strlen(message); + + if (n > 0) { + jstring s = JNU_NewStringPlatform(env, buf); + if (s != NULL) { + jobject x = NULL; + if (messagelen) { + jstring s2 = NULL; + size_t messageextlen = messagelen + 4; + char *str1 = (char *)malloc((messageextlen) * sizeof(char)); + if (str1 == 0) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } + jio_snprintf(str1, messageextlen, " (%s)", message); + s2 = (*env)->NewStringUTF(env, str1); + free(str1); + if (s2 != NULL) { + jstring s3 = JNU_CallMethodByName( + env, NULL, s, "concat", + "(Ljava/lang/String;)Ljava/lang/String;", + s2).l; + (*env)->DeleteLocalRef(env, s2); + if (s3 != NULL) { + (*env)->DeleteLocalRef(env, s); + s = s3; + } + } + } + x = JNU_NewObjectByName(env, name, "(Ljava/lang/String;)V", s); + if (x != NULL) { + (*env)->Throw(env, x); + } + } + } + + if (!(*env)->ExceptionOccurred(env)) { + if (messagelen) { + JNU_ThrowByName(env, name, message); + } else { + JNU_ThrowByName(env, name, "no further information"); + } + } +} + /* Throw an exception by name, using the string returned by * JVM_LastErrorString for the detail string. If the last-error * string is NULL, use the given default detail string.
--- a/src/share/native/common/jni_util.h Mon Aug 08 13:19:15 2016 -0700 +++ b/src/share/native/common/jni_util.h Tue Aug 16 13:03:10 2016 -0700 @@ -105,6 +105,13 @@ JNU_ThrowByNameWithLastError(JNIEnv *env, const char *name, const char *defaultMessage); +/* Throw an exception by name, using a given message and the string + * returned by getLastErrorString to construct the detail string. + */ +JNIEXPORT void JNICALL +JNU_ThrowByNameWithMessageAndLastError + (JNIEnv *env, const char *name, const char *message); + /* Throw an IOException, using the last-error string for the detail * string. If the last-error string is NULL, use the given default * detail string.
--- a/src/solaris/native/java/net/net_util_md.c Mon Aug 08 13:19:15 2016 -0700 +++ b/src/solaris/native/java/net/net_util_md.c Tue Aug 16 13:03:10 2016 -0700 @@ -106,6 +106,8 @@ int getDefaultScopeID(JNIEnv *env) { static jclass ni_class = NULL; static jfieldID ni_defaultIndexID; + int defaultIndex = 0; + if (ni_class == NULL) { jclass c = (*env)->FindClass(env, "java/net/NetworkInterface"); CHECK_NULL_RETURN(c, 0); @@ -116,7 +118,6 @@ CHECK_NULL_RETURN(ni_defaultIndexID, 0); ni_class = c; } - int defaultIndex = 0; defaultIndex = (*env)->GetStaticIntField(env, ni_class, ni_defaultIndexID); return defaultIndex; @@ -257,9 +258,7 @@ void NET_ThrowByNameWithLastError(JNIEnv *env, const char *name, const char *defaultDetail) { - char errmsg[255]; - sprintf(errmsg, "errno: %d, error: %s\n", errno, defaultDetail); - JNU_ThrowByNameWithLastError(env, name, errmsg); + JNU_ThrowByNameWithMessageAndLastError(env, name, defaultDetail); } void
--- a/src/windows/native/java/net/net_util_md.c Mon Aug 08 13:19:15 2016 -0700 +++ b/src/windows/native/java/net/net_util_md.c Tue Aug 16 13:03:10 2016 -0700 @@ -218,9 +218,7 @@ void NET_ThrowByNameWithLastError(JNIEnv *env, const char *name, const char *defaultDetail) { - char errmsg[255]; - sprintf(errmsg, "errno: %d, error: %s\n", WSAGetLastError(), defaultDetail); - JNU_ThrowByNameWithLastError(env, name, errmsg); + JNU_ThrowByNameWithMessageAndLastError(env, name, defaultDetail); } jfieldID
--- a/test/javax/crypto/SecretKeyFactory/FailOverTest.sh Mon Aug 08 13:19:15 2016 -0700 +++ b/test/javax/crypto/SecretKeyFactory/FailOverTest.sh Tue Aug 16 13:03:10 2016 -0700 @@ -88,6 +88,7 @@ ${TESTJAVA}${FS}bin${FS}java \ ${TESTVMOPTS} \ + -Djava.security.properties=${TESTSRC}${FS}security.properties \ -classpath "${TESTSRC}${FS}P1.jar${PS}${TESTSRC}${FS}P2.jar${PS}." \ FailOverTest result=$?
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/javax/crypto/SecretKeyFactory/security.properties Tue Aug 16 13:03:10 2016 -0700 @@ -0,0 +1,26 @@ +# +# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +jdk.security.provider.preferred= +jdk.jar.disabledAlgorithms= +
--- a/test/sun/security/pkcs/pkcs7/PKCS7VerifyTest.java Mon Aug 08 13:19:15 2016 -0700 +++ b/test/sun/security/pkcs/pkcs7/PKCS7VerifyTest.java Tue Aug 16 13:03:10 2016 -0700 @@ -26,8 +26,8 @@ * @bug 8048357 * @summary Read signed data in one or more PKCS7 objects from individual files, * verify SignerInfos and certificate chain. - * @run main PKCS7VerifyTest PKCS7TEST.DSA.base64 - * @run main PKCS7VerifyTest PKCS7TEST.DSA.base64 PKCS7TEST.SF + * @run main/othervm -Djava.security.properties=${test.src}/reenable.jar.alg.props PKCS7VerifyTest PKCS7TEST.DSA.base64 + * @run main/othervm -Djava.security.properties=${test.src}/reenable.jar.alg.props PKCS7VerifyTest PKCS7TEST.DSA.base64 PKCS7TEST.SF */ import java.io.ByteArrayInputStream; import java.io.File; @@ -35,6 +35,7 @@ import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.security.Security; import java.security.cert.X509Certificate; import java.util.Base64; import java.util.HashMap;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/pkcs/pkcs7/reenable.jar.alg.props Tue Aug 16 13:03:10 2016 -0700 @@ -0,0 +1,24 @@ +# +# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +jdk.jar.disabledAlgorithms=
--- a/test/sun/security/tools/jarsigner/JarSigningNonAscii.java Mon Aug 08 13:19:15 2016 -0700 +++ b/test/sun/security/tools/jarsigner/JarSigningNonAscii.java Tue Aug 16 13:03:10 2016 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,10 +25,12 @@ * @test * @bug 4924188 * @summary sign a JAR file that has entry names with non-ASCII characters. + * @run main/othervm -Djava.security.properties=${test.src}/reenable.jar.alg.props JarSigningNonAscii */ import sun.security.tools.*; import java.io.*; +import java.security.Security; import java.util.*; import java.util.jar.*; import java.security.cert.Certificate;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/reenable.jar.alg.props Tue Aug 16 13:03:10 2016 -0700 @@ -0,0 +1,24 @@ +# +# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +jdk.jar.disabledAlgorithms=