packages/openjdk-1.8.0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!58 I2A645: Add a license to this repo

Browse Source 
From: @jvmboy
Reviewed-by: @jdkboy
Signed-off-by: @jdkboy
This commit is contained in:
openeuler-ci-bot 2020-12-22 09:36:35 +08:00 committed by Gitee
commit 2a3056efce
5 changed files with 1265 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

376
8223940-Private-key-not-supported-by-chosen-signature.patch Executable file
View File

@ -0,0 +1,376 @@
From 0e369d21e25a6de07a5fb54b78dab0012add60c0 Mon Sep 17 00:00:00 2001
Date: Thu, 5 Nov 2020 19:36:14 +0800
Subject: [PATCH] 8223940: Private key not supported by chosen signature
algorithm
Summary: TLS1.3: If a client prefers RSA-PSS, but the provider does not support it, it will fail as above rather than falling back on other providers.
LLT: N/A
Bug url: https://bugs.openjdk.java.net/browse/JDK-8223940
---
.../sun/security/ssl/CertificateVerify.java | 54 +++++++++---------
.../sun/security/ssl/DHServerKeyExchange.java | 30 +++++-----
.../sun/security/ssl/ECDHServerKeyExchange.java | 28 ++++------
.../classes/sun/security/ssl/SignatureScheme.java | 64 +++++++++++++++++-----
4 files changed, 102 insertions(+), 74 deletions(-)
diff --git a/jdk/src/share/classes/sun/security/ssl/CertificateVerify.java b/jdk/src/share/classes/sun/security/ssl/CertificateVerify.java
index 323a7d995..409119c09 100644
--- a/jdk/src/share/classes/sun/security/ssl/CertificateVerify.java
+++ b/jdk/src/share/classes/sun/security/ssl/CertificateVerify.java
@@ -31,6 +31,7 @@ import java.security.*;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Locale;
+import java.util.Map;
import sun.security.ssl.SSLHandshake.HandshakeMessage;
import sun.security.ssl.X509Authentication.X509Credentials;
import sun.security.ssl.X509Authentication.X509Possession;
@@ -585,30 +586,27 @@ final class CertificateVerify {
// This happens in client side only.
ClientHandshakeContext chc = (ClientHandshakeContext)context;
- this.signatureScheme = SignatureScheme.getPreferableAlgorithm(
+ Map.Entry<SignatureScheme, Signature> schemeAndSigner =
+ SignatureScheme.getSignerOfPreferableAlgorithm(
chc.peerRequestedSignatureSchemes,
x509Possession,
chc.negotiatedProtocol);
- if (signatureScheme == null) {
+ if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
// selected the preferable signature algorithm properly.
throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
- "No preferred signature algorithm for CertificateVerify");
+ "No supported CertificateVerify signature algorithm for " +
+ x509Possession.popPrivateKey.getAlgorithm() +
+ " key");
}
+ this.signatureScheme = schemeAndSigner.getKey();
byte[] temproary = null;
try {
- Signature signer =
- signatureScheme.getSignature(x509Possession.popPrivateKey);
+ Signature signer = schemeAndSigner.getValue();
signer.update(chc.handshakeHash.archived());
temproary = signer.sign();
- } catch (NoSuchAlgorithmException |
- InvalidAlgorithmParameterException nsae) {
- throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
- "Unsupported signature algorithm (" +
- signatureScheme.name +
- ") used in CertificateVerify handshake message", nsae);
- } catch (InvalidKeyException | SignatureException ikse) {
+ } catch (SignatureException ikse) {
throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
"Cannot produce CertificateVerify signature", ikse);
}
@@ -668,7 +666,7 @@ final class CertificateVerify {
this.signature = Record.getBytes16(m);
try {
Signature signer =
- signatureScheme.getSignature(x509Credentials.popPublicKey);
+ signatureScheme.getVerifier(x509Credentials.popPublicKey);
signer.update(shc.handshakeHash.archived());
if (!signer.verify(signature)) {
throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
@@ -897,17 +895,22 @@ final class CertificateVerify {
X509Possession x509Possession) throws IOException {
super(context);
- this.signatureScheme = SignatureScheme.getPreferableAlgorithm(
- context.peerRequestedSignatureSchemes,
- x509Possession,
- context.negotiatedProtocol);
- if (signatureScheme == null) {
+ Map.Entry<SignatureScheme, Signature> schemeAndSigner =
+ SignatureScheme.getSignerOfPreferableAlgorithm(
+ context.peerRequestedSignatureSchemes,
+ x509Possession,
+ context.negotiatedProtocol);
+ if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
// selected the preferable signature algorithm properly.
throw context.conContext.fatal(Alert.INTERNAL_ERROR,
- "No preferred signature algorithm for CertificateVerify");
+ "No supported CertificateVerify signature algorithm for " +
+ x509Possession.popPrivateKey.getAlgorithm() +
+ " key");
}
+ this.signatureScheme = schemeAndSigner.getKey();
+
byte[] hashValue = context.handshakeHash.digest();
byte[] contentCovered;
if (context.sslConfig.isClientMode) {
@@ -924,17 +927,10 @@ final class CertificateVerify {
byte[] temproary = null;
try {
- Signature signer =
- signatureScheme.getSignature(x509Possession.popPrivateKey);
+ Signature signer = schemeAndSigner.getValue();
signer.update(contentCovered);
temproary = signer.sign();
- } catch (NoSuchAlgorithmException |
- InvalidAlgorithmParameterException nsae) {
- throw context.conContext.fatal(Alert.INTERNAL_ERROR,
- "Unsupported signature algorithm (" +
- signatureScheme.name +
- ") used in CertificateVerify handshake message", nsae);
- } catch (InvalidKeyException | SignatureException ikse) {
+ } catch (SignatureException ikse) {
throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
"Cannot produce CertificateVerify signature", ikse);
}
@@ -1005,7 +1001,7 @@ final class CertificateVerify {
try {
Signature signer =
- signatureScheme.getSignature(x509Credentials.popPublicKey);
+ signatureScheme.getVerifier(x509Credentials.popPublicKey);
signer.update(contentCovered);
if (!signer.verify(signature)) {
throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
diff --git a/jdk/src/share/classes/sun/security/ssl/DHServerKeyExchange.java b/jdk/src/share/classes/sun/security/ssl/DHServerKeyExchange.java
index 48ca870ed..3245482d7 100644
--- a/jdk/src/share/classes/sun/security/ssl/DHServerKeyExchange.java
+++ b/jdk/src/share/classes/sun/security/ssl/DHServerKeyExchange.java
@@ -42,6 +42,7 @@ import java.security.SignatureException;
import java.text.MessageFormat;
import java.util.EnumSet;
import java.util.Locale;
+import java.util.Map;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
@@ -125,24 +126,21 @@ final class DHServerKeyExchange {
shc.negotiatedProtocol.useTLS12PlusSpec();
Signature signer = null;
if (useExplicitSigAlgorithm) {
- signatureScheme = SignatureScheme.getPreferableAlgorithm(
- shc.peerRequestedSignatureSchemes,
- x509Possession,
- shc.negotiatedProtocol);
- if (signatureScheme == null) {
+ Map.Entry<SignatureScheme, Signature> schemeAndSigner =
+ SignatureScheme.getSignerOfPreferableAlgorithm(
+ shc.peerRequestedSignatureSchemes,
+ x509Possession,
+ shc.negotiatedProtocol);
+ if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
// selected the preferable signature algorithm properly.
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
- "No preferred signature algorithm");
- }
- try {
- signer = signatureScheme.getSignature(
- x509Possession.popPrivateKey);
- } catch (NoSuchAlgorithmException | InvalidKeyException |
- InvalidAlgorithmParameterException nsae) {
- throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
- "Unsupported signature algorithm: " +
- signatureScheme.name, nsae);
+ "No supported signature algorithm for " +
+ x509Possession.popPrivateKey.getAlgorithm() +
+ " key");
+ } else {
+ signatureScheme = schemeAndSigner.getKey();
+ signer = schemeAndSigner.getValue();
}
} else {
signatureScheme = null;
@@ -241,7 +239,7 @@ final class DHServerKeyExchange {
Signature signer;
if (useExplicitSigAlgorithm) {
try {
- signer = signatureScheme.getSignature(
+ signer = signatureScheme.getVerifier(
x509Credentials.popPublicKey);
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {
diff --git a/jdk/src/share/classes/sun/security/ssl/ECDHServerKeyExchange.java b/jdk/src/share/classes/sun/security/ssl/ECDHServerKeyExchange.java
index 8c23e3546..2e1cc02c9 100644
--- a/jdk/src/share/classes/sun/security/ssl/ECDHServerKeyExchange.java
+++ b/jdk/src/share/classes/sun/security/ssl/ECDHServerKeyExchange.java
@@ -45,6 +45,7 @@ import java.security.spec.InvalidKeySpecException;
import java.text.MessageFormat;
import java.util.EnumSet;
import java.util.Locale;
+import java.util.Map;
import sun.security.ssl.ECDHKeyExchange.ECDHECredentials;
import sun.security.ssl.ECDHKeyExchange.ECDHEPossession;
import sun.security.ssl.SSLHandshake.HandshakeMessage;
@@ -139,26 +140,21 @@ final class ECDHServerKeyExchange {
shc.negotiatedProtocol.useTLS12PlusSpec();
Signature signer = null;
if (useExplicitSigAlgorithm) {
- signatureScheme = SignatureScheme.getPreferableAlgorithm(
- shc.peerRequestedSignatureSchemes,
- x509Possession,
- shc.negotiatedProtocol);
- if (signatureScheme == null) {
+ Map.Entry<SignatureScheme, Signature> schemeAndSigner =
+ SignatureScheme.getSignerOfPreferableAlgorithm(
+ shc.peerRequestedSignatureSchemes,
+ x509Possession,
+ shc.negotiatedProtocol);
+ if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
// selected the preferable signature algorithm properly.
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
- "No preferred signature algorithm for " +
+ "No supported signature algorithm for " +
x509Possession.popPrivateKey.getAlgorithm() +
" key");
- }
- try {
- signer = signatureScheme.getSignature(
- x509Possession.popPrivateKey);
- } catch (NoSuchAlgorithmException | InvalidKeyException |
- InvalidAlgorithmParameterException nsae) {
- throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
- "Unsupported signature algorithm: " +
- signatureScheme.name, nsae);
+ } else {
+ signatureScheme = schemeAndSigner.getKey();
+ signer = schemeAndSigner.getValue();
}
} else {
signatureScheme = null;
@@ -295,7 +291,7 @@ final class ECDHServerKeyExchange {
Signature signer;
if (useExplicitSigAlgorithm) {
try {
- signer = signatureScheme.getSignature(
+ signer = signatureScheme.getVerifier(
x509Credentials.popPublicKey);
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {
diff --git a/jdk/src/share/classes/sun/security/ssl/SignatureScheme.java b/jdk/src/share/classes/sun/security/ssl/SignatureScheme.java
index 93f5473da..9fd9707ba 100644
--- a/jdk/src/share/classes/sun/security/ssl/SignatureScheme.java
+++ b/jdk/src/share/classes/sun/security/ssl/SignatureScheme.java
@@ -31,6 +31,7 @@ import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
+import java.util.AbstractMap.SimpleImmutableEntry;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -38,6 +39,7 @@ import java.util.Collections;
import java.util.EnumSet;
import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
@@ -427,7 +429,7 @@ enum SignatureScheme {
return null;
}
- static SignatureScheme getPreferableAlgorithm(
+ static Map.Entry<SignatureScheme, Signature> getSignerOfPreferableAlgorithm(
List<SignatureScheme> schemes,
X509Possession x509Possession,
ProtocolVersion version) {
@@ -452,7 +454,10 @@ enum SignatureScheme {
x509Possession.getECParameterSpec();
if (params != null &&
ss.namedGroup == NamedGroup.valueOf(params)) {
- return ss;
+ Signature signer = ss.getSigner(signingKey);
+ if (signer != null) {
+ return new SimpleImmutableEntry<>(ss, signer);
+ }
}
if (SSLLogger.isOn &&
@@ -477,7 +482,10 @@ enum SignatureScheme {
NamedGroup keyGroup = NamedGroup.valueOf(params);
if (keyGroup != null &&
SupportedGroups.isSupported(keyGroup)) {
- return ss;
+ Signature signer = ss.getSigner(signingKey);
+ if (signer != null) {
+ return new SimpleImmutableEntry<>(ss, signer);
+ }
}
}
@@ -488,7 +496,10 @@ enum SignatureScheme {
"), unsupported EC parameter spec: " + params);
}
} else {
- return ss;
+ Signature signer = ss.getSigner(signingKey);
+ if (signer != null) {
+ return new SimpleImmutableEntry<>(ss, signer);
+ }
}
}
}
@@ -509,21 +520,48 @@ enum SignatureScheme {
return new String[0];
}
- Signature getSignature(Key key) throws NoSuchAlgorithmException,
+ // This method is used to get the signature instance of this signature
+ // scheme for the specific public key. Unlike getSigner(), the exception
+ // is bubbled up. If the public key does not support this signature
+ // scheme, it normally means the TLS handshaking cannot continue and
+ // the connection should be terminated.
+ Signature getVerifier(PublicKey publicKey) throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException, InvalidKeyException {
if (!isAvailable) {
return null;
}
- Signature signer = JsseJce.getSignature(algorithm);
- if (key instanceof PublicKey) {
- SignatureUtil.initVerifyWithParam(signer, (PublicKey)key,
- signAlgParameter);
- } else {
- SignatureUtil.initSignWithParam(signer, (PrivateKey)key,
- signAlgParameter, null);
+ Signature verifier = Signature.getInstance(algorithm);
+ SignatureUtil.initVerifyWithParam(verifier, publicKey, signAlgParameter);
+
+ return verifier;
+ }
+
+ // This method is also used to choose preferable signature scheme for the
+ // specific private key. If the private key does not support the signature
+ // scheme, {@code null} is returned, and the caller may fail back to next
+ // available signature scheme.
+ private Signature getSigner(PrivateKey privateKey) {
+ if (!isAvailable) {
+ return null;
}
- return signer;
+ try {
+ Signature signer = Signature.getInstance(algorithm);
+ SignatureUtil.initSignWithParam(signer, privateKey,
+ signAlgParameter,
+ null);
+ return signer;
+ } catch (NoSuchAlgorithmException | InvalidKeyException |
+ InvalidAlgorithmParameterException nsae) {
+ if (SSLLogger.isOn &&
+ SSLLogger.isOn("ssl,handshake,verbose")) {
+ SSLLogger.finest(
+ "Ignore unsupported signature algorithm (" +
+ this.name + ")", nsae);
+ }
+ }
+
+ return null;
}
}
--
2.12.3

489
8236512-PKCS11-Connection-closed-after-Cipher.doFinal-and-NoPadding.patch Executable file
View File

@ -0,0 +1,489 @@
From 67c2c66d6befca1236a92c68ed9a0ba55c3a3eb6 Mon Sep 17 00:00:00 2001
Date: Thu, 5 Nov 2020 22:28:14 +0800
Subject: [PATCH] 8236512: PKCS11 Connection closed after Cipher.doFinal and
NoPadding
Summary: security-libs : Removed killSession() calls in certain impl classes when cancelling operations
LLT: N/A
Bug url: https://bugs.openjdk.java.net/browse/JDK-8236512
---
.../classes/sun/security/pkcs11/P11AEADCipher.java | 38 +++++-----
.../classes/sun/security/pkcs11/P11Cipher.java | 31 ++++----
.../share/classes/sun/security/pkcs11/P11Mac.java | 20 +++---
.../sun/security/pkcs11/P11PSSSignature.java | 30 ++++----
.../classes/sun/security/pkcs11/P11RSACipher.java | 60 ++++++++--------
.../classes/sun/security/pkcs11/P11Signature.java | 82 ++++++++++------------
6 files changed, 127 insertions(+), 134 deletions(-)
diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11AEADCipher.java b/jdk/src/share/classes/sun/security/pkcs11/P11AEADCipher.java
index bfd00046c..5af9c8aef 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/P11AEADCipher.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11AEADCipher.java
@@ -1,4 +1,5 @@
-/* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+/*
+ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -331,25 +332,25 @@ final class P11AEADCipher extends CipherSpi {
}
private void cancelOperation() {
+ // cancel operation by finishing it; avoid killSession as some
+ // hardware vendors may require re-login
+ int bufLen = doFinalLength(0);
+ byte[] buffer = new byte[bufLen];
+ byte[] in = dataBuffer.toByteArray();
+ int inLen = in.length;
try {
- if (session.hasObjects() == false) {
- session = token.killSession(session);
- return;
+ if (encrypt) {
+ token.p11.C_Encrypt(session.id(), 0, in, 0, inLen,
+ 0, buffer, 0, bufLen);
} else {
- // cancel operation by finishing it
- int bufLen = doFinalLength(0);
- byte[] buffer = new byte[bufLen];
-
- if (encrypt) {
- token.p11.C_Encrypt(session.id(), 0, buffer, 0, bufLen,
- 0, buffer, 0, bufLen);
- } else {
- token.p11.C_Decrypt(session.id(), 0, buffer, 0, bufLen,
- 0, buffer, 0, bufLen);
- }
+ token.p11.C_Decrypt(session.id(), 0, in, 0, inLen,
+ 0, buffer, 0, bufLen);
}
} catch (PKCS11Exception e) {
- throw new ProviderException("Cancel failed", e);
+ if (encrypt) {
+ throw new ProviderException("Cancel failed", e);
+ }
+ // ignore failure for decryption
}
}
@@ -432,18 +433,21 @@ final class P11AEADCipher extends CipherSpi {
if (!initialized) {
return;
}
+ initialized = false;
+
try {
if (session == null) {
return;
}
+
if (doCancel && token.explicitCancel) {
cancelOperation();
}
} finally {
p11Key.releaseKeyID();
session = token.releaseSession(session);
+ dataBuffer.reset();
}
- initialized = false;
}
// see JCE spec
diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java b/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java
index 9837f12a5..8f2620e13 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -409,10 +409,12 @@ final class P11Cipher extends CipherSpi {
return;
}
initialized = false;
+
try {
if (session == null) {
return;
}
+
if (doCancel && token.explicitCancel) {
cancelOperation();
}
@@ -426,22 +428,21 @@ final class P11Cipher extends CipherSpi {
private void cancelOperation() {
token.ensureValid();
- if (session.hasObjects() == false) {
- session = token.killSession(session);
- return;
- } else {
- try {
- // cancel operation by finishing it
- int bufLen = doFinalLength(0);
- byte[] buffer = new byte[bufLen];
- if (encrypt) {
- token.p11.C_EncryptFinal(session.id(), 0, buffer, 0, bufLen);
- } else {
- token.p11.C_DecryptFinal(session.id(), 0, buffer, 0, bufLen);
- }
- } catch (PKCS11Exception e) {
+ // cancel operation by finishing it; avoid killSession as some
+ // hardware vendors may require re-login
+ try {
+ int bufLen = doFinalLength(0);
+ byte[] buffer = new byte[bufLen];
+ if (encrypt) {
+ token.p11.C_EncryptFinal(session.id(), 0, buffer, 0, bufLen);
+ } else {
+ token.p11.C_DecryptFinal(session.id(), 0, buffer, 0, bufLen);
+ }
+ } catch (PKCS11Exception e) {
+ if (encrypt) {
throw new ProviderException("Cancel failed", e);
}
+ // ignore failure for decryption
}
}
diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java b/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java
index 56d0b1c70..7d80bcb90 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11Mac.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -122,10 +122,12 @@ final class P11Mac extends MacSpi {
return;
}
initialized = false;
+
try {
if (session == null) {
return;
}
+
if (doCancel && token.explicitCancel) {
cancelOperation();
}
@@ -137,15 +139,12 @@ final class P11Mac extends MacSpi {
private void cancelOperation() {
token.ensureValid();
- if (session.hasObjects() == false) {
- session = token.killSession(session);
- return;
- } else {
- try {
- token.p11.C_SignFinal(session.id(), 0);
- } catch (PKCS11Exception e) {
- throw new ProviderException("Cancel failed", e);
- }
+ // cancel operation by finishing it; avoid killSession as some
+ // hardware vendors may require re-login
+ try {
+ token.p11.C_SignFinal(session.id(), 0);
+ } catch (PKCS11Exception e) {
+ throw new ProviderException("Cancel failed", e);
}
}
@@ -207,7 +206,6 @@ final class P11Mac extends MacSpi {
ensureInitialized();
return token.p11.C_SignFinal(session.id(), 0);
} catch (PKCS11Exception e) {
- reset(true);
throw new ProviderException("doFinal() failed", e);
} finally {
reset(false);
diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11PSSSignature.java b/jdk/src/share/classes/sun/security/pkcs11/P11PSSSignature.java
index c0f48715d..d172108fc 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/P11PSSSignature.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11PSSSignature.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -223,10 +223,12 @@ final class P11PSSSignature extends SignatureSpi {
return;
}
initialized = false;
+
try {
if (session == null) {
return;
}
+
if (doCancel && token.explicitCancel) {
cancelOperation();
}
@@ -242,14 +244,10 @@ final class P11PSSSignature extends SignatureSpi {
token.ensureValid();
if (DEBUG) System.out.print("Cancelling operation");
- if (session.hasObjects() == false) {
- if (DEBUG) System.out.println(" by killing session");
- session = token.killSession(session);
- return;
- }
- // "cancel" operation by finishing it
- if (mode == M_SIGN) {
- try {
+ // cancel operation by finishing it; avoid killSession as some
+ // hardware vendors may require re-login
+ try {
+ if (mode == M_SIGN) {
if (type == T_UPDATE) {
if (DEBUG) System.out.println(" by C_SignFinal");
token.p11.C_SignFinal(session.id(), 0);
@@ -259,11 +257,7 @@ final class P11PSSSignature extends SignatureSpi {
if (DEBUG) System.out.println(" by C_Sign");
token.p11.C_Sign(session.id(), digest);
}
- } catch (PKCS11Exception e) {
- throw new ProviderException("cancel failed", e);
- }
- } else { // M_VERIFY
- try {
+ } else { // M_VERIFY
byte[] signature =
new byte[(p11Key.length() + 7) >> 3];
if (type == T_UPDATE) {
@@ -275,10 +269,12 @@ final class P11PSSSignature extends SignatureSpi {
if (DEBUG) System.out.println(" by C_Verify");
token.p11.C_Verify(session.id(), digest, signature);
}
- } catch (PKCS11Exception e) {
- // will fail since the signature is incorrect
- // XXX check error code
}
+ } catch (PKCS11Exception e) {
+ if (mode == M_SIGN) {
+ throw new ProviderException("cancel failed", e);
+ }
+ // ignore failure for verification
}
}
diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11RSACipher.java b/jdk/src/share/classes/sun/security/pkcs11/P11RSACipher.java
index 421a16285..4bb629dbf 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/P11RSACipher.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11RSACipher.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -246,10 +246,12 @@ final class P11RSACipher extends CipherSpi {
return;
}
initialized = false;
+
try {
if (session == null) {
return;
}
+
if (doCancel && token.explicitCancel) {
cancelOperation();
}
@@ -263,36 +265,33 @@ final class P11RSACipher extends CipherSpi {
// state variables such as "initialized"
private void cancelOperation() {
token.ensureValid();
- if (session.hasObjects() == false) {
- session = token.killSession(session);
- return;
- } else {
- try {
- PKCS11 p11 = token.p11;
- int inLen = maxInputSize;
- int outLen = buffer.length;
- long sessId = session.id();
- switch (mode) {
- case MODE_ENCRYPT:
- p11.C_Encrypt(sessId, 0, buffer, 0, inLen, 0, buffer, 0, outLen);
- break;
- case MODE_DECRYPT:
- p11.C_Decrypt(sessId, 0, buffer, 0, inLen, 0, buffer, 0, outLen);
- break;
- case MODE_SIGN:
- byte[] tmpBuffer = new byte[maxInputSize];
- p11.C_Sign(sessId, tmpBuffer);
- break;
- case MODE_VERIFY:
- p11.C_VerifyRecover(sessId, buffer, 0, inLen, buffer,
- 0, outLen);
- break;
- default:
- throw new ProviderException("internal error");
- }
- } catch (PKCS11Exception e) {
- // XXX ensure this always works, ignore error
+ // cancel operation by finishing it; avoid killSession as some
+ // hardware vendors may require re-login
+ try {
+ PKCS11 p11 = token.p11;
+ int inLen = maxInputSize;
+ int outLen = buffer.length;
+ long sessId = session.id();
+ switch (mode) {
+ case MODE_ENCRYPT:
+ p11.C_Encrypt(sessId, 0, buffer, 0, inLen, 0, buffer, 0, outLen);
+ break;
+ case MODE_DECRYPT:
+ p11.C_Decrypt(sessId, 0, buffer, 0, inLen, 0, buffer, 0, outLen);
+ break;
+ case MODE_SIGN:
+ byte[] tmpBuffer = new byte[maxInputSize];
+ p11.C_Sign(sessId, tmpBuffer);
+ break;
+ case MODE_VERIFY:
+ p11.C_VerifyRecover(sessId, buffer, 0, inLen, buffer,
+ 0, outLen);
+ break;
+ default:
+ throw new ProviderException("internal error");
}
+ } catch (PKCS11Exception e) {
+ // XXX ensure this always works, ignore error
}
}
@@ -361,6 +360,7 @@ final class P11RSACipher extends CipherSpi {
private int implDoFinal(byte[] out, int outOfs, int outLen)
throws BadPaddingException, IllegalBlockSizeException {
if (bufOfs > maxInputSize) {
+ reset(true);
throw new IllegalBlockSizeException("Data must not be longer "
+ "than " + maxInputSize + " bytes");
}
diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java b/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
index 48a49f66b..844a23d1a 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
@@ -245,10 +245,12 @@ final class P11Signature extends SignatureSpi {
return;
}
initialized = false;
+
try {
if (session == null) {
return;
}
+
if (doCancel && token.explicitCancel) {
cancelOperation();
}
@@ -259,59 +261,51 @@ final class P11Signature extends SignatureSpi {
}
private void cancelOperation() {
-
token.ensureValid();
- if (session.hasObjects() == false) {
- session = token.killSession(session);
- return;
- } else {
- // "cancel" operation by finishing it
- // XXX make sure all this always works correctly
+ // cancel operation by finishing it; avoid killSession as some
+ // hardware vendors may require re-login
+ try {
if (mode == M_SIGN) {
- try {
- if (type == T_UPDATE) {
- token.p11.C_SignFinal(session.id(), 0);
- } else {
- byte[] digest;
- if (type == T_DIGEST) {
- digest = md.digest();
- } else { // T_RAW
- digest = buffer;
- }
- token.p11.C_Sign(session.id(), digest);
+ if (type == T_UPDATE) {
+ token.p11.C_SignFinal(session.id(), 0);
+ } else {
+ byte[] digest;
+ if (type == T_DIGEST) {
+ digest = md.digest();
+ } else { // T_RAW
+ digest = buffer;
}
- } catch (PKCS11Exception e) {
- throw new ProviderException("cancel failed", e);
+ token.p11.C_Sign(session.id(), digest);
}
} else { // M_VERIFY
byte[] signature;
- try {
- if (keyAlgorithm.equals("DSA")) {
- signature = new byte[40];
- } else {
- signature = new byte[(p11Key.length() + 7) >> 3];
- }
- if (type == T_UPDATE) {
- token.p11.C_VerifyFinal(session.id(), signature);
- } else {
- byte[] digest;
- if (type == T_DIGEST) {
- digest = md.digest();
- } else { // T_RAW
- digest = buffer;
- }
- token.p11.C_Verify(session.id(), digest, signature);
- }
- } catch (PKCS11Exception e) {
- long errorCode = e.getErrorCode();
- if ((errorCode == CKR_SIGNATURE_INVALID) ||
- (errorCode == CKR_SIGNATURE_LEN_RANGE)) {
- // expected since signature is incorrect
- return;
+ if (keyAlgorithm.equals("DSA")) {
+ signature = new byte[40];
+ } else {
+ signature = new byte[(p11Key.length() + 7) >> 3];
+ }
+ if (type == T_UPDATE) {
+ token.p11.C_VerifyFinal(session.id(), signature);
+ } else {
+ byte[] digest;
+ if (type == T_DIGEST) {
+ digest = md.digest();
+ } else { // T_RAW
+ digest = buffer;
}
- throw new ProviderException("cancel failed", e);
+ token.p11.C_Verify(session.id(), digest, signature);
+ }
+ }
+ } catch (PKCS11Exception e) {
+ if (mode == M_VERIFY) {
+ long errorCode = e.getErrorCode();
+ if ((errorCode == CKR_SIGNATURE_INVALID) ||
+ (errorCode == CKR_SIGNATURE_LEN_RANGE)) {
+ // expected since signature is incorrect
+ return;
}
}
+ throw new ProviderException("cancel failed", e);
}
}
--
2.12.3

36
8250861-Crash-in-MinINode-Ideal-PhaseGVN-bool.patch Executable file
View File

@ -0,0 +1,36 @@
From 32271b8bfd2325ebb0d7fd338f3454be7dd1f998 Mon Sep 17 00:00:00 2001
Date: Fri, 30 Oct 2020 18:15:32 +0800
Subject: [PATCH] 8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
Summary: C2: Added missing NULL checks.
LLT: N/A
Bug url: https://bugs.openjdk.java.net/browse/JDK-8250861
---
hotspot/src/share/vm/opto/addnode.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hotspot/src/share/vm/opto/addnode.cpp b/hotspot/src/share/vm/opto/addnode.cpp
index 7bfa6e404..61b376e9b 100644
--- a/hotspot/src/share/vm/opto/addnode.cpp
+++ b/hotspot/src/share/vm/opto/addnode.cpp
@@ -921,7 +921,7 @@ Node *MinINode::Ideal(PhaseGVN *phase, bool can_reshape) {
// Transform MIN2(x + c0, MIN2(x + c1, z)) into MIN2(x + MIN2(c0, c1), z)
// if x == y and the additions can't overflow.
- if (phase->eqv(x,y) &&
+ if (phase->eqv(x,y) && tx != NULL &&
!can_overflow(tx, x_off) &&
!can_overflow(tx, y_off)) {
return new (phase->C) MinINode(phase->transform(new (phase->C) AddINode(x, phase->intcon(MIN2(x_off, y_off)))), r->in(2));
@@ -929,7 +929,7 @@ Node *MinINode::Ideal(PhaseGVN *phase, bool can_reshape) {
} else {
// Transform MIN2(x + c0, y + c1) into x + MIN2(c0, c1)
// if x == y and the additions can't overflow.
- if (phase->eqv(x,y) &&
+ if (phase->eqv(x,y) && tx != NULL &&
!can_overflow(tx, x_off) &&
!can_overflow(tx, y_off)) {
return new (phase->C) AddINode(x,phase->intcon(MIN2(x_off,y_off)));
--
2.12.3

347
LICENSE Normal file
View File

@ -0,0 +1,347 @@
The GNU General Public License (GPL)
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your freedom to share
and change it. By contrast, the GNU General Public License is intended to
guarantee your freedom to share and change free software--to make sure the
software is free for all its users. This General Public License applies to
most of the Free Software Foundation's software and to any other program whose
authors commit to using it. (Some other Free Software Foundation software is
covered by the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not price. Our
General Public Licenses are designed to make sure that you have the freedom to
distribute copies of free software (and charge for this service if you wish),
that you receive source code or can get it if you want it, that you can change
the software or use pieces of it in new free programs; and that you know you
can do these things.
To protect your rights, we need to make restrictions that forbid anyone to deny
you these rights or to ask you to surrender the rights. These restrictions
translate to certain responsibilities for you if you distribute copies of the
software, or if you modify it.
For example, if you distribute copies of such a program, whether gratis or for
a fee, you must give the recipients all the rights that you have. You must
make sure that they, too, receive or can get the source code. And you must
show them these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and (2)
offer you this license which gives you legal permission to copy, distribute
and/or modify the software.
Also, for each author's protection and ours, we want to make certain that
everyone understands that there is no warranty for this free software. If the
software is modified by someone else and passed on, we want its recipients to
know that what they have is not the original, so that any problems introduced
by others will not reflect on the original authors' reputations.
Finally, any free program is threatened constantly by software patents. We
wish to avoid the danger that redistributors of a free program will
individually obtain patent licenses, in effect making the program proprietary.
To prevent this, we have made it clear that any patent must be licensed for
everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and modification
follow.
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains a notice
placed by the copyright holder saying it may be distributed under the terms of
this General Public License. The "Program", below, refers to any such program
or work, and a "work based on the Program" means either the Program or any
derivative work under copyright law: that is to say, a work containing the
Program or a portion of it, either verbatim or with modifications and/or
translated into another language. (Hereinafter, translation is included
without limitation in the term "modification".) Each licensee is addressed as
"you".
Activities other than copying, distribution and modification are not covered by
this License; they are outside its scope. The act of running the Program is
not restricted, and the output from the Program is covered only if its contents
constitute a work based on the Program (independent of having been made by
running the Program). Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's source code as
you receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice and
disclaimer of warranty; keep intact all the notices that refer to this License
and to the absence of any warranty; and give any other recipients of the
Program a copy of this License along with the Program.
You may charge a fee for the physical act of transferring a copy, and you may
at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion of it, thus
forming a work based on the Program, and copy and distribute such modifications
or work under the terms of Section 1 above, provided that you also meet all of
these conditions:
a) You must cause the modified files to carry prominent notices stating
that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in whole or
in part contains or is derived from the Program or any part thereof, to be
licensed as a whole at no charge to all third parties under the terms of
this License.
c) If the modified program normally reads commands interactively when run,
you must cause it, when started running for such interactive use in the
most ordinary way, to print or display an announcement including an
appropriate copyright notice and a notice that there is no warranty (or
else, saying that you provide a warranty) and that users may redistribute
the program under these conditions, and telling the user how to view a copy
of this License. (Exception: if the Program itself is interactive but does
not normally print such an announcement, your work based on the Program is
not required to print an announcement.)
These requirements apply to the modified work as a whole. If identifiable
sections of that work are not derived from the Program, and can be reasonably
considered independent and separate works in themselves, then this License, and
its terms, do not apply to those sections when you distribute them as separate
works. But when you distribute the same sections as part of a whole which is a
work based on the Program, the distribution of the whole must be on the terms
of this License, whose permissions for other licensees extend to the entire
whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest your
rights to work written entirely by you; rather, the intent is to exercise the
right to control the distribution of derivative or collective works based on
the Program.
In addition, mere aggregation of another work not based on the Program with the
Program (or with a work based on the Program) on a volume of a storage or
distribution medium does not bring the other work under the scope of this
License.
3. You may copy and distribute the Program (or a work based on it, under
Section 2) in object code or executable form under the terms of Sections 1 and
2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable source
code, which must be distributed under the terms of Sections 1 and 2 above
on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three years, to
give any third party, for a charge no more than your cost of physically
performing source distribution, a complete machine-readable copy of the
corresponding source code, to be distributed under the terms of Sections 1
and 2 above on a medium customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer to
distribute corresponding source code. (This alternative is allowed only
for noncommercial distribution and only if you received the program in
object code or executable form with such an offer, in accord with
Subsection b above.)
The source code for a work means the preferred form of the work for making
modifications to it. For an executable work, complete source code means all
the source code for all modules it contains, plus any associated interface
definition files, plus the scripts used to control compilation and installation
of the executable. However, as a special exception, the source code
distributed need not include anything that is normally distributed (in either
source or binary form) with the major components (compiler, kernel, and so on)
of the operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering access to copy
from a designated place, then offering equivalent access to copy the source
code from the same place counts as distribution of the source code, even though
third parties are not compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program except as
expressly provided under this License. Any attempt otherwise to copy, modify,
sublicense or distribute the Program is void, and will automatically terminate
your rights under this License. However, parties who have received copies, or
rights, from you under this License will not have their licenses terminated so
long as such parties remain in full compliance.
5. You are not required to accept this License, since you have not signed it.
However, nothing else grants you permission to modify or distribute the Program
or its derivative works. These actions are prohibited by law if you do not
accept this License. Therefore, by modifying or distributing the Program (or
any work based on the Program), you indicate your acceptance of this License to
do so, and all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the Program),
the recipient automatically receives a license from the original licensor to
copy, distribute or modify the Program subject to these terms and conditions.
You may not impose any further restrictions on the recipients' exercise of the
rights granted herein. You are not responsible for enforcing compliance by
third parties to this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues), conditions
are imposed on you (whether by court order, agreement or otherwise) that
contradict the conditions of this License, they do not excuse you from the
conditions of this License. If you cannot distribute so as to satisfy
simultaneously your obligations under this License and any other pertinent
obligations, then as a consequence you may not distribute the Program at all.
For example, if a patent license would not permit royalty-free redistribution
of the Program by all those who receive copies directly or indirectly through
you, then the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under any
particular circumstance, the balance of the section is intended to apply and
the section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any patents or
other property right claims or to contest validity of any such claims; this
section has the sole purpose of protecting the integrity of the free software
distribution system, which is implemented by public license practices. Many
people have made generous contributions to the wide range of software
distributed through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing to
distribute software through any other system and a licensee cannot impose that
choice.
This section is intended to make thoroughly clear what is believed to be a
consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in certain
countries either by patents or by copyrighted interfaces, the original
copyright holder who places the Program under this License may add an explicit
geographical distribution limitation excluding those countries, so that
distribution is permitted only in or among countries not thus excluded. In
such case, this License incorporates the limitation as if written in the body
of this License.
9. The Free Software Foundation may publish revised and/or new versions of the
General Public License from time to time. Such new versions will be similar in
spirit to the present version, but may differ in detail to address new problems
or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any later
version", you have the option of following the terms and conditions either of
that version or of any later version published by the Free Software Foundation.
If the Program does not specify a version number of this License, you may
choose any version ever published by the Free Software Foundation.
10. If you wish to incorporate parts of the Program into other free programs
whose distribution conditions are different, write to the author to ask for
permission. For software which is copyrighted by the Free Software Foundation,
write to the Free Software Foundation; we sometimes make exceptions for this.
Our decision will be guided by the two goals of preserving the free status of
all derivatives of our free software and of promoting the sharing and reuse of
software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR
THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE
STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE
PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE,
YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL
ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE
PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA
BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER
OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest possible
use to the public, the best way to achieve this is to make it free software
which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest to attach
them to the start of each source file to most effectively convey the exclusion
of warranty; and each file should have at least the "copyright" line and a
pointer to where the full notice is found.
One line to give the program's name and a brief idea of what it does.
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this when it
starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author Gnomovision comes
with ABSOLUTELY NO WARRANTY; for details type 'show w'. This is free
software, and you are welcome to redistribute it under certain conditions;
type 'show c' for details.
The hypothetical commands 'show w' and 'show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may be
called something other than 'show w' and 'show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your school,
if any, to sign a "copyright disclaimer" for the program, if necessary. Here
is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
'Gnomovision' (which makes passes at compilers) written by James Hacker.
signature of Ty Coon, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General Public
License instead of this License.
"CLASSPATH" EXCEPTION TO THE GPL
Certain source files distributed by Oracle America and/or its affiliates are
subject to the following clarification and special exception to the GPL, but
only where Oracle has expressly included in the particular source file's header
the words "Oracle designates this particular file as subject to the "Classpath"
exception as provided by Oracle in the LICENSE file that accompanied this code."
Linking this library statically or dynamically with other modules is making
a combined work based on this library. Thus, the terms and conditions of
the GNU General Public License cover the whole combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent modules,
and to copy and distribute the resulting executable under terms of your
choice, provided that you also meet, for each linked independent module,
the terms and conditions of the license of that module. An independent
module is a module which is not derived from or based on this library. If
you modify this library, you may extend this exception to your version of
the library, but you are not obligated to do so. If you do not wish to do
so, delete this exception statement from your version.

18
java-1.8.0-openjdk.spec
View File

@ -915,7 +915,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}.%{buildver}
Release: 4
Release: 7
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@ -1060,6 +1060,9 @@ Patch131: 8166583-Add-oopDesc-klass_or_null_acquire.patch
Patch132: 8166862-CMS-needs-klass_or_null_acquire.patch
Patch133: 8160369.patch
Patch134: PS-GC-adding-acquire_size-method-for-PSParallelCompa.patch
Patch135: 8223940-Private-key-not-supported-by-chosen-signature.patch
Patch136: 8236512-PKCS11-Connection-closed-after-Cipher.doFinal-and-NoPadding.patch
Patch137: 8250861-Crash-in-MinINode-Ideal-PhaseGVN-bool.patch
#############################################
#
@ -1475,6 +1478,9 @@ pushd %{top_level_dir_name}
%patch132 -p1
%patch133 -p1
%patch134 -p1
%patch135 -p1
%patch136 -p1
%patch137 -p1
popd
@ -2091,6 +2097,16 @@ require "copy_jdk_configs.lua"
%endif
%changelog
* Mon Dec 21 2020 noah <hedongbo@huawei.com> - 1:1.8.0.272-b10.7
- add a license to this repo
* Tue Nov 10 2020 ow_wo <fengshijie2@huawei.com> - 1:1.8.0.272-b10.6
- add 8236512-PKCS11-Connection-closed-after-Cipher.doFinal-and-NoPadding.patch
- add 8250861-Crash-in-MinINode-Ideal-PhaseGVN-bool.patch
* Mon Nov 09 2020 ow_wo <fengshijie2@huawei.com> - 1:1.8.0.272-b10.5
- add 8223940-Private-key-not-supported-by-chosen-signature.patch
* Fri Nov 06 2020 jdkboy <guoge1@huawei.com> - 1:1.8.0.272-b10.4
- add 8165808-Add-release-barriers-when-allocating-objects-with-concurrent-collection.patch
- add 8166583-Add-oopDesc-klass_or_null_acquire.patch