rpms
/
java-latest-openjdk
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

merge into: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:main-riscv64
rpms:f40-jdk20
rpms:f37
rpms:main
rpms:f35
rpms:f36
rpms:f33
rpms:f33-riscv64-jdk12
rpms:f33-riscv64
rpms:f34
rpms:epel7
rpms:epel8
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:epel8-playground
rpms:f28
...
pull from: rpms:epel8
Branches Tags
rpms:main-riscv64
rpms:f40-jdk20
rpms:f37
rpms:main
rpms:rawhide
rpms:f35
rpms:f36
rpms:f33
rpms:f33-riscv64-jdk12
rpms:f33-riscv64
rpms:f34
rpms:epel7
rpms:epel8
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:epel8-playground
rpms:f28

52 Commits
rawhide ... epel8

Author SHA1 Message Date
Petra Mikova d604769c32 Add forgotten changelog 2021-04-26 15:23:05 +02:00
Petra Mikova d5f20fce10 April CPU update 
Generated new sources and removed obsoleted patch
 2021-04-26 15:23:05 +02:00
Severin Gehwolf 423cfc1734 Perform static library build on a separate source tree with bundled image libraries 
Make static library build optional
Ported from java-11-openjdk. Work of Andrew Hughes.
 2021-04-26 15:23:05 +02:00
Jiri b7bfab7f11 bumped buildjdkver to build by itself - 16 2021-04-26 15:23:05 +02:00
Jiri a80730cd21 fixed suggests of wrong pcsc-lite-devel%{?_isa} to correct pcsc-lite-libs%{?_isa} 2021-03-11 08:42:18 +01:00
Andrew John Hughes fd75ad7e34 Update to jdk-16.0.0.0+36 
Update tarball generation script to use git following OpenJDK's move to github
Update tarball generation script to use PR3823 which handles JDK-8235710 changes
Use upstream default for version-pre rather than setting it to "ea" or ""
Drop libsunec.so which is no longer generated, thanks to JDK-8235710
Drop unnecessary compiler flags, dating back to work on GCC 6 & 10
Adapt RH1750419 alt-java patch to still apply after some variable re-naming in the makefiles
Update filever to remove any trailing zeros, as in the OpenJDK build, and use for source filename
Use system harfbuzz now this is supported.
Pass SOURCE_DATE_EPOCH to build for reproducible builds
 2021-03-11 08:42:06 +01:00
Andrew John Hughes 27a7385d3b Hardcode /usr/sbin/alternatives for Flatpak builds 
/usr/sbin/alternatives is not under the Flatpak build's %{_prefix},
which is set to /app.

(See <https://pagure.io/packaging-committee/issue/848> "Clarify the
use of path macros with respect to build dependencies").

Found when trying to do a LibreOffice Flatpak build from RHEL RPM
specs, which includes java-1.8.0-openjdk among its components.
 2021-03-11 08:31:05 +01:00
Fedora Release Engineering d483135a3b - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2021-03-11 08:31:02 +01:00
Andrew John Hughes 0111ae8b7f Update to jdk-15.0.2.0+7 
Add release notes for 15.0.1.0 & 15.0.2.0
Use JEP-322 Time-Based Versioning so we can handle a future 11.0.9.1-like release correctly.
Still use 15.0.x rather than 15.0.x.0 for file naming, as the trailing zero is omitted from tags.
Cleanup debug package descriptions and version number placement.
Remove unused patch files.
 2021-01-26 10:24:34 +01:00
Jiri 94a25f51fa Porting changes from master 
Replaced alt-java palceholder by real pathced alt-java
Fixes comment for speculative store bypass patch
Redeffined linux -> __linux__ and __x86_64 -> __x86_64__; should be backported to jdk11 and jdk8
moved wrongly placed icenses to acompany other ones
Fixed not-including fastdebugbuild in case of --without fastdebug
Added checks and restrictions around alt-java
many cosmetic changes taken from more maintained jdk11
Added few missing majorver into descriptions
removed lib-style provides for fastdebug_suffix_unquoted
fixed missing condition for fastdebug packages being counted as debug ones
Fixed typo in variable
Add BuildRequires: make
Use -march=i686 for x86 builds if -fcf-protection is detected (needs CMOV)
 2021-01-25 16:37:05 +01:00
Jiri a6907fc4f5 Create a copy of java as alt-java with alternatives and man pages 
- java-11-openjdk doesn't have a JRE tree, so don't try and copy alt-java there...
 2020-11-24 11:22:28 +01:00
Petra Mikova 4613d60fd6 October CPU 2020 update 2020-11-02 11:24:33 +01:00
Severin Gehwolf 50a5a44eb6 Fix directory ownership of static-libs sub-package 2020-11-02 11:24:23 +01:00
Jiri Vanek 809bc637e8 Build static-libs-image and add resulting files via -static-libs sub-package. 2020-11-02 11:24:11 +01:00
Petra Mikova ac6000db2b Change buildjdk ver to 15 2020-10-29 15:56:32 +01:00
Petra Mikova 6fe49cb9ec Add support for fastdebug builds on 64 bit architectures 2020-10-29 15:55:15 +01:00
Severin Gehwolf 05a0bfbd85 Update for JDK 15 GA 2020-09-29 19:13:48 +02:00
Petra Mikova b914e0cae0 Update to OpenJDK 15 
- Update to jdk 15.0.0.36 tag
- Modify rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
- Update vendor version string to 20.9
- Remove jjs binaries from files after JEP 372: Nashorn removal
- Remove rmic binaries from files after JDK-8225319
 2020-09-29 14:09:30 +02:00
Troy Dawson 268d319fb3 remove package.cfg per new epel-playground policy 2020-09-24 17:58:06 +00:00
Petra Mikova 4d5f44b953 July 2020 CPU 
Update to 14.0.2+12 sources
Remove upstreamed patch jdk8243059-build_fails_when_with_vendor_contains_comma.patch
 2020-07-23 13:32:15 +02:00
Petra Mikova b645e55acb Fix changes in Provides from system_jdk support. 
Re-introduce java-openjdk-src & java-openjdk-demo for system_jdk builds.
Fix accidental renaming of java-openjdk-devel to java-devel-openjdk.
 2020-07-10 11:24:39 +02:00
Petra Mikova 40e2a36009 Update generate_source_tarball script to new icedtea patch 2020-07-10 11:24:39 +02:00
Jiri bfeb847258 Moved vendor_version_string to better place 2020-04-28 14:38:52 +02:00
Severin Gehwolf ab83d337a9 Fix vendor version string 2020-04-27 11:46:35 +02:00
Petra Mikova 273ba2f081 CPU update to OpenJDK 14.0.1+7 2020-04-27 11:46:23 +02:00
Jiri 1f330e68ab Fxing build failure caused by "," in value of vendor property 
Removing the comma is fixing the build, trying with $(COMMA)
 2020-04-27 11:45:54 +02:00
Jiri 36e25b7e87 Added --with-vendor id and url family of switches 2020-04-27 11:38:22 +02:00
Petra Mikova 8dd4979470 Uploaded new src tarball 2020-04-09 15:32:11 +02:00
Petra Mikova 2d4ead07fc Fix devel postinstall script 
Removed a whitespace, causing failure of postinstall script
 2020-03-25 12:36:18 +01:00
Petra Mikova 9d9e831c1d Update to OpenJDK 14 
- update to jdk 14+36 ea build
- remove JDK-8224851 patch, as OpenJDK 14 already contains it
- removed pack200 and unpack200 binaries, slaves, manpages and libunpack.so library
- added listings for jpackage binary, manpages and added slave records to alternatives

Replace pr3755 patch with pr3782 from icedtea14

Replace all occurences in the generate_source_tarball.sh script.

Mark the builds as ga, as OpenJDK 14 was released today
 2020-03-20 12:41:10 +01:00
Petra Mikova cdc5987694 CPU sources update to 13.0.2+8 tag 
Removed obsoleted patches and uploaded new tarball
 2020-01-20 12:48:30 +01:00
Petra Mikova 57513b6a0c Renamed patches according to the convention 2019-10-25 19:57:33 +02:00
Petra Mikova a2d94fb62b Create new section for the patches that will be upstreamed in 13.0.2 2019-10-25 19:57:33 +02:00
Petra Mikova 76994afc96 Add shenandoah patches that did not make it to 13.0.1.9 
Also changed hardcoded version of source for macro
 2019-10-25 19:57:33 +02:00
Petra Mikova d6ab4da56d Updated to October 2019 CPU sources 2019-10-25 10:21:34 +02:00
Petra Mikova a75aa7e410 Changed rpmrelease to 3, replaced previously missed occurences of PR3681 with PR3755 2019-10-25 10:17:53 +02:00
Petra Mikova 74c95c448a Synced up patches and generate tarball script 
Removed pr2126 and regenerated sources with the updated script
 2019-10-25 10:17:52 +02:00
Andrew Hughes c7de311eab Switch to in-tree SunEC code, dropping NSS runtime dependencies and patches to link against it. 2019-10-25 10:17:52 +02:00
Andrew Hughes be225d5e62 Drop unnecessary build requirement on gtk3-devel, as OpenJDK searches for Gtk+ at runtime. 
Add missing build requirement for libXrender-devel, previously masked by Gtk3+ dependency
Add missing build requirement for libXrandr-devel, previously masked by Gtk3+ dependency
fontconfig build requirement should be fontconfig-devel, previously masked by Gtk3+ dependency
 2019-10-25 10:17:52 +02:00
Andrew Hughes 7c60a2b337 Obsolete javadoc-slowdebug and javadoc-slowdebug-zip packages via javadoc and javadoc-zip respectively. 2019-10-25 10:17:52 +02:00
Severin Gehwolf 4443a414b5 Don't produce unnecessary things for the debug variant 
This speeds up the build as no bootcycle image build is
being performed for the slowdebug variant. Also don't
produce a javadoc or javadoc-zip package for the slowdebug
variant as that is pointless.
 2019-10-25 10:17:52 +02:00
Severin Gehwolf edb3955aba Fix vendor version for JDK 13 2019-10-25 10:17:48 +02:00
Petra Mikova 883792a41b Updated to 13+33 sources 2019-09-19 13:29:03 +02:00
Petra Mikova 3cea0fb8d1 Removed jhsdb manpage for s390x arch 2019-09-19 13:28:49 +02:00
Petra Mikova f9155ca527 Update to 13+28 sources 2019-09-19 13:28:39 +02:00
Petra Mikova 5733358000 Backported patch related to ea designator from ojdk11 2019-09-19 13:28:24 +02:00
Petra Mikova eea6ae61b1 Update of the package to OpenJDK 13 
Adapted patches, spec and uploaded new sources
 2019-09-19 13:28:12 +02:00
Petra Mikova 0b3a8a5f4a Merge remote-tracking branch 'origin/f30' into epel8 2019-08-29 10:20:04 +02:00
Gwyn Ciesla 51b77a9387 "Adding package.cfg file" 2019-08-16 08:31:09 -05:00
Severin Gehwolf 2983f39cc6 Update to July 2019 CPU 2019-07-18 11:30:15 +02:00
Petra Mikova 1be922c14f Fixed requires/provides for non-system jdk (backport of RHBZ#1702324) 2019-05-26 09:30:15 +02:00
pmikova ad609b33e6 Updated sources to the latest CPU 2019-04-18 14:04:59 +02:00
14 changed files with 1393 additions and 1639 deletions
Show Stats Expand all files Collapse all files

16
.gitignore vendored
View File

@ -1,2 +1,18 @@
/jdk-jdk12-jdk-12+33.tar.xz
/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz
/jdk-updates-jdk12u-jdk-12.0.1+12.tar.xz
/jdk-updates-jdk12u-jdk-12.0.2+9.tar.xz
/jdk-jdk13-jdk-13+27.tar.xz
/jdk-jdk13-jdk-13+28.tar.xz
/jdk-jdk13-jdk-13+33.tar.xz
/jdk-updates-jdk13u-jdk-13.0.1+9.tar.xz
/jdk-updates-jdk13u-jdk-13.0.2+8.tar.xz
/jdk-jdk14-jdk-14+36.tar.xz
/jdk-updates-jdk14u-jdk-14.0.1+7.tar.xz
/jdk-updates-jdk14u-jdk-14.0.2+12.tar.xz
/jdk-jdk15-jdk-15+36.tar.xz
/jdk-updates-jdk15u-jdk-15.0.1+9.tar.xz
/tapsets-icedtea-3.15.0.tar.xz
/jdk-updates-jdk15u-jdk-15.0.2+7.tar.xz
/openjdk-jdk16-jdk-16+36.tar.xz
/openjdk-jdk16u-jdk-16.0.1+9.tar.xz

154
NEWS Normal file
View File

@ -0,0 +1,154 @@
Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 15.0.2 (2021-01-19):
===========================================
Live versions of these release notes can be found at:
* https://builds.shipilev.net/backports-monitor/release-notes-15.0.2.txt
* Security fixes
- JDK-8247619: Improve Direct Buffering of Characters
* Other changes
- JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
- JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
- JDK-8247741: Test test/hotspot/jtreg/runtime/7162488/TestUnrecognizedVmOption.java fails when -XX:+IgnoreUnrecognizedVMOptions is set
- JDK-8248411: [aarch64] Insufficient error handling when CodeBuffer is exhausted
- JDK-8248596: [TESTBUG] compiler/loopopts/PartialPeelingUnswitch.java times out with Graal enabled
- JDK-8248667: Need support for building native libraries located in the test/lib directory
- JDK-8249176: Update GlobalSignR6CA test certificates
- JDK-8249192: MonitorInfo stores raw oops across safepoints
- JDK-8249217: Unexpected StackOverflowError in "process reaper" thread still happens
- JDK-8249781: AArch64: AOT compiled code crashes if C2 allocates r27
- JDK-8250257: Bump release strings for JDK 15.0.2
- JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
- JDK-8251859: sun/security/validator/PKIXValAndRevCheckTests.java fails
- JDK-8253191: C2: Masked byte comparisons with large masks produce wrong result on x86
- JDK-8253375: OSX build fails with Xcode 12.0 (12A7209)
- JDK-8253566: clazz.isAssignableFrom will return false for interface implementors
- JDK-8253756: C2 CompilerThread0 crash in Node::add_req(Node*)
- JDK-8253791: Issue with useAppleColor check in CSystemColors.m
- JDK-8253960: Memory leak in Java_java_lang_ClassLoader_defineClass0()
- JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
- JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
- JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b
- JDK-8254319: Shenandoah: Interpreter native-LRB needs to activate during HAS_FORWARDED
- JDK-8254320: Shenandoah: C2 native LRB should activate for non-cset objects
- JDK-8254790: SIGSEGV in string_indexof_char and stringL_indexof_char intrinsics
- JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
- JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
- JDK-8255065: Zero: accessor_entry misses the IRIW case
- JDK-8255067: Restore Copyright line in file modified by 8253191
- JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
- JDK-8255599: Change jdk 15.0.2 milestone to fcs for build b04
- JDK-8255603: Memory/Performance regression after JDK-8210985
- JDK-8256051: nmethod_entry_barrier stub miscalculates xmm spill size on x86_32
- JDK-8256427: Test com/sun/jndi/dns/ConfigTests/PortUnreachable.java does not work on AIX
- JDK-8256618: Zero: Linux x86_32 build still fails
- JDK-8257181: s390x builds are very noisy with gc-sections messages
- JDK-8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false
- JDK-8257701: Shenandoah: objArrayKlass metadata is not marked with chunked arrays
Notes on individual issues:
===========================
core-libs/java.time:
JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
====================================================================
Following JDK's update to tzdata2020b, the long-obsolete files
pacificnew and systemv have been removed. As a result, the
"US/Pacific-New" zone name declared in the pacificnew data file is no
longer available for use.
Information regarding the update can be viewed at
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
New in release OpenJDK 15.0.1 (2020-10-20):
===========================================
Live versions of these release notes can be found at:
* https://builds.shipilev.net/backports-monitor/release-notes-15.0.1.txt
* Security fixes
- JDK-8233624: Enhance JNI linkage
- JDK-8236196: Improve string pooling
- JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
- JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
- JDK-8237995, CVE-2020-14782: Enhance certificate processing
- JDK-8240124: Better VM Interning
- JDK-8241114, CVE-2020-14792: Better range handling
- JDK-8242680, CVE-2020-14796: Improved URI Support
- JDK-8242685, CVE-2020-14797: Better Path Validation
- JDK-8242695, CVE-2020-14798: Enhanced buffer support
- JDK-8243302: Advanced class supports
- JDK-8244136, CVE-2020-14803: Improved Buffer supports
- JDK-8244479: Further constrain certificates
- JDK-8244955: Additional Fix for JDK-8240124
- JDK-8245407: Enhance zoning of times
- JDK-8245412: Better class definitions
- JDK-8245417: Improve certificate chain handling
- JDK-8248574: Improve jpeg processing
- JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
- JDK-8253019: Enhanced JPEG decoding
* Other changes
- JDK-8232114: JVM crashed at imjpapi.dll in native code
- JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp
- JDK-8247251: Assert '(_pcs_length == 0 || last_pc()->pc_offset() < pc_offset) failed: must specify a new, larger pc offset' failure
- JDK-8248495: [macos] zerovm is broken due to libffi headers location
- JDK-8248745: Add jarsigner and keytool tests for restricted algorithms
- JDK-8249165: Remove unneeded nops introduced by 8234160 changes
- JDK-8249183: JVM crash in "AwtFrame::WmSize" method
- JDK-8249266: Bump release strings for JDK 15.0.1
- JDK-8249266: Change jdk 15.0.1 milestone to fcs for build b02
- JDK-8250612: jvmciCompilerToVM.cpp declares jio_printf with "void" return type, should be "int"
- JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
- JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
- JDK-8250876: Fix issues with cross-compile on macos
- JDK-8250928: JFR: Improve hash algorithm for stack traces
- JDK-8251359: Shenandoah: filter null oops before calling enqueue/SATB barrier
- JDK-8251458: Parse::do_lookupswitch fails with "assert(_cnt >= 0) failed"
- JDK-8251859: sun/security/validator/PKIXValAndRevCheckTests.java fails
- JDK-8251910: Shenandoah: Handshake threads between weak-roots and reset phases
- JDK-8252120: compiler/oracle/TestCompileCommand.java misspells "occured"
- JDK-8252292: 8240795 may cause anti-dependence to be missed
- JDK-8252359: HotSpot Not Identifying it is Running in a Container
- JDK-8252367: Undo JDK-8245000: Windows GDI functions don't support large pages
- JDK-8252368: Undo JDK-8245002: Windows GDI functions don't support NUMA interleaving
- JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
- JDK-8252660: Shenandoah: support manageable SoftMaxHeapSize option
- JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
- JDK-8253222: Shenandoah: unused AlwaysTrueClosure after JDK-8246591
- JDK-8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues()
- JDK-8253226: Shenandoah: remove unimplemented ShenandoahStrDedupQueue::verify
- JDK-8253284: Zero OrderAccess barrier mappings are incorrect
- JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high
- JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly
- JDK-8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads
- JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
- JDK-8254560: Shenandoah: Concurrent Strong Roots logging is incorrect
Notes on individual issues:
===========================
security-libs/java.security:
JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
========================================================================
The Entrust root certificate has been added to the cacerts truststore:
Alias Name: entrustrootcag4
Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
JDK-8250860: Added 3 SSL Corporation Root CA Certificates
=========================================================
The following root certificates have been added to the cacerts truststore for the SSL Corporation:
Alias Name: sslrootrsaca
Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
Alias Name: sslrootevrsaca
Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
Alias Name: sslrooteccca
Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US

43
TestSecurityProperties.java Normal file
View File

@ -0,0 +1,43 @@
import java.io.File;
import java.io.FileInputStream;
import java.security.Security;
import java.util.Properties;
public class TestSecurityProperties {
// JDK 11
private static final String JDK_PROPS_FILE_JDK_11 = System.getProperty("java.home") + "/conf/security/java.security";
// JDK 8
private static final String JDK_PROPS_FILE_JDK_8 = System.getProperty("java.home") + "/lib/security/java.security";
public static void main(String[] args) {
Properties jdkProps = new Properties();
loadProperties(jdkProps);
for (Object key: jdkProps.keySet()) {
String sKey = (String)key;
String securityVal = Security.getProperty(sKey);
String jdkSecVal = jdkProps.getProperty(sKey);
if (!securityVal.equals(jdkSecVal)) {
String msg = "Expected value '" + jdkSecVal + "' for key '" +
sKey + "'" + " but got value '" + securityVal + "'";
throw new RuntimeException("Test failed! " + msg);
} else {
System.out.println("DEBUG: " + sKey + " = " + jdkSecVal + " as expected.");
}
}
System.out.println("TestSecurityProperties PASSED!");
}
private static void loadProperties(Properties props) {
String javaVersion = System.getProperty("java.version");
System.out.println("Debug: Java version is " + javaVersion);
String propsFile = JDK_PROPS_FILE_JDK_11;
if (javaVersion.startsWith("1.8.0")) {
propsFile = JDK_PROPS_FILE_JDK_8;
}
try (FileInputStream fin = new FileInputStream(new File(propsFile))) {
props.load(fin);
} catch (Exception e) {
throw new RuntimeException("Test failed!", e);
}
}
}

55
generate_source_tarball.sh Normal file → Executable file
View File

@ -3,13 +3,13 @@
#
# Example:
# When used from local repo set REPO_ROOT pointing to file:// with your repo
# if your local repo follows upstream forests conventions, you may be enough by setting OPENJDK_URL
# if you wont to use local copy of patch PR2126 set path to it to PR2126 variable
# If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL
# If you want to use a local copy of patch PR3788, set the path to it in the PR3788 variable
#
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
# PROJECT_NAME=jdk
# REPO_NAME=jdk
# VERSION=tip
# PROJECT_NAME=openjdk
# REPO_NAME=jdk16
# VERSION=HEAD
# or to eg prepare systemtap:
# icedtea7's jstack and other tapsets
# VERSION=6327cf1cea9e
@ -26,16 +26,16 @@
# level folder, name is created, based on parameter
#
if [ ! "x$PR2126" = "x" ] ; then
if [ ! -f "$PR2126" ] ; then
echo "You have specified PR2126 as $PR2126 but it does not exists. exiting"
if [ ! "x$PR3823" = "x" ] ; then
if [ ! -f "$PR3823" ] ; then
echo "You have specified PR3823 as $PR3823 but it does not exist. Exiting"
exit 1
fi
fi
set -e
OPENJDK_URL_DEFAULT=http://hg.openjdk.java.net
OPENJDK_URL_DEFAULT=https://github.com
COMPRESSION_DEFAULT=xz
if [ "x$1" = "xhelp" ] ; then
@ -46,9 +46,8 @@ if [ "x$1" = "xhelp" ] ; then
echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})"
echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})"
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
echo "TO_COMPRESS - what part of clone to pack (default is openjdk)"
echo "PR2126 - the path to the PR2126 patch to apply (optional; downloaded if unavailable)"
echo "PR3823 - the path to the PR3823 patch to apply (optional; downloaded if unavailable)"
exit 1;
fi
@ -91,7 +90,7 @@ if [ "x$FILE_NAME_ROOT" = "x" ] ; then
echo "No file name root specified; default to ${FILE_NAME_ROOT}"
fi
if [ "x$REPO_ROOT" = "x" ] ; then
REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}"
REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}.git"
echo "No repository root specified; default to ${REPO_ROOT}"
fi;
@ -108,7 +107,7 @@ else
mkdir "${FILE_NAME_ROOT}"
pushd "${FILE_NAME_ROOT}"
echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
hg clone ${REPO_ROOT} openjdk -r ${VERSION}
git clone -b ${VERSION} ${REPO_ROOT} openjdk
popd
fi
pushd "${FILE_NAME_ROOT}"
@ -116,17 +115,29 @@ pushd "${FILE_NAME_ROOT}"
pushd openjdk
echo "Removing EC source code we don't build"
CRYPTO_PATH=src/jdk.crypto.ec/share/native/libsunec/impl
rm -vrf $CRYPTO_PATH
rm -vf ${CRYPTO_PATH}/ec2.h
rm -vf ${CRYPTO_PATH}/ec2_163.c
rm -vf ${CRYPTO_PATH}/ec2_193.c
rm -vf ${CRYPTO_PATH}/ec2_233.c
rm -vf ${CRYPTO_PATH}/ec2_aff.c
rm -vf ${CRYPTO_PATH}/ec2_mont.c
rm -vf ${CRYPTO_PATH}/ecp_192.c
rm -vf ${CRYPTO_PATH}/ecp_224.c
echo "Syncing EC list with NSS"
if [ "x$PR2126" = "x" ] ; then
# orriginally for 8:
# get pr2126.patch (from http://icedtea.classpath.org/hg/icedtea?cmd=changeset;node=8d2c9a898f50) from most correct tag
# Do not push it or publish it (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2126)
# there is currnetly no "upstram version of this patch, hardcoding custom version
PR2126="../../pr2126-synchronise_elliptic_curves_in_sun_security_ec_namedcurve_with_those_listed_by_nss.patch"
if [ "x$PR3823" = "x" ] ; then
# originally for 8:
# get PR3823.patch (from http://icedtea.classpath.org/hg/icedtea16) from most correct tag
# Do not push it or publish it (see https://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3823)
echo "PR3823 not found. Downloading..."
wget https://icedtea.classpath.org/hg/icedtea16/raw-file/tip/patches/pr3823.patch
echo "Applying ${PWD}/pr3823.patch"
patch -Np1 < pr3823.patch
rm pr3823.patch
else
echo "Applying ${PR3823}"
patch -Np1 < $PR3823
fi;
echo "Applying ${PR2126}"
patch -Np1 < $PR2126
find . -name '*.orig' -exec rm -vf '{}' ';'
popd
fi

97
icedtea_sync.sh Executable file
View File

@ -0,0 +1,97 @@
#!/bin/bash
# Copyright (C) 2019 Red Hat, Inc.
# Written by Andrew John Hughes <gnu.andrew@redhat.com>.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ICEDTEA_VERSION=3.15.0
ICEDTEA_URL=https://icedtea.classpath.org/download/source
ICEDTEA_SIGNING_KEY=CFDA0F9B35964222
set -e
if test "x${WGET}" = "x"; then
WGET=$(which wget);
if test "x${WGET}" = "x"; then
echo "wget not found";
exit 1;
fi
fi
if test "x${CHECKSUM}" = "x"; then
CHECKSUM=$(which sha256sum)
if test "x${CHECKSUM}" = "x"; then
echo "sha256sum not found";
exit 2;
fi
fi
if test "x${PGP}" = "x"; then
PGP=$(which gpg)
if test "x${PGP}" = "x"; then
echo "gpg not found";
exit 3;
fi
fi
if test "x${TAR}" = "x"; then
TAR=$(which tar)
if test "x${TAR}" = "x"; then
echo "tar not found";
exit 4;
fi
fi
echo "Dependencies:";
echo -e "\tWGET: ${WGET}";
echo -e "\tCHECKSUM: ${CHECKSUM}";
echo -e "\tPGP: ${PGP}\n";
echo -e "\tTAR: ${TAR}\n";
echo "Checking for IcedTea signing key ${ICEDTEA_SIGNING_KEY}...";
if ! gpg --list-keys ${ICEDTEA_SIGNING_KEY}; then
echo "IcedTea signing key ${ICEDTEA_SIGNING_KEY} not installed.";
exit 5;
fi
echo "Downloading IcedTea release tarball...";
${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz
echo "Downloading IcedTea tarball signature...";
${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz.sig
echo "Downloading IcedTea tarball checksums...";
${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.sha256
echo "Verifying checksums...";
${CHECKSUM} --check --ignore-missing icedtea-${ICEDTEA_VERSION}.sha256
echo "Checking signature...";
${PGP} --verify icedtea-${ICEDTEA_VERSION}.tar.xz.sig
echo "Extracting files...";
${TAR} xJf icedtea-${ICEDTEA_VERSION}.tar.xz \
icedtea-${ICEDTEA_VERSION}/tapset \
icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in
echo "Replacing desktop files...";
mv -v icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in .
echo "Creating new tapset tarball...";
mv -v icedtea-${ICEDTEA_VERSION} openjdk
${TAR} cJf tapsets-icedtea-${ICEDTEA_VERSION}.tar.xz openjdk
rm -rvf openjdk
rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz
rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz.sig
rm -vf icedtea-${ICEDTEA_VERSION}.sha256

1144
java-latest-openjdk.spec
View File

File diff suppressed because it is too large Load Diff

649
pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk12.patch
View File

@ -1,649 +0,0 @@
diff --git a/make/autoconf/jdk-options.m4 b/make/autoconf/jdk-options.m4
--- a/make/autoconf/jdk-options.m4
+++ b/make/autoconf/jdk-options.m4
@@ -267,9 +267,10 @@
#
AC_DEFUN_ONCE([JDKOPT_DETECT_INTREE_EC],
[
+ AC_REQUIRE([LIB_SETUP_MISC_LIBS])
AC_MSG_CHECKING([if elliptic curve crypto implementation is present])
- if test -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then
+ if test "x${system_nss}" = "xyes" -o -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then
ENABLE_INTREE_EC=true
AC_MSG_RESULT([yes])
else
diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
--- a/make/autoconf/libraries.m4
+++ b/make/autoconf/libraries.m4
@@ -178,6 +178,48 @@
AC_SUBST(LIBDL)
LIBS="$save_LIBS"
+ ###############################################################################
+ #
+ # Check for the NSS libraries
+ #
+
+ AC_MSG_CHECKING([whether to build the Sun EC provider against the system NSS libraries])
+
+ # default is bundled
+ DEFAULT_SYSTEM_NSS=no
+
+ AC_ARG_ENABLE([system-nss], [AS_HELP_STRING([--enable-system-nss],
+ [build the SunEC provider using the system NSS libraries @<:@disabled@:>@])],
+ [
+ case "${enableval}" in
+ yes)
+ system_nss=yes
+ ;;
+ *)
+ system_nss=no
+ ;;
+ esac
+ ],
+ [
+ system_nss=${DEFAULT_SYSTEM_NSS}
+ ])
+ AC_MSG_RESULT([$system_nss])
+
+ if test "x${system_nss}" = "xyes"; then
+ PKG_CHECK_MODULES(NSS_SOFTTKN, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no])
+ PKG_CHECK_MODULES(NSS, nss >= 3.16.1, [NSS_FOUND=yes], [NSS_FOUND=no])
+ if test "x${NSS_SOFTOKN_FOUND}" = "xyes" -a "x${NSS_FOUND}" = "xyes"; then
+ NSS_LIBS="$NSS_SOFTOKN_LIBS $NSS_LIBS -lfreebl";
+ USE_EXTERNAL_NSS=true
+ else
+ AC_MSG_ERROR([--enable-system-nss specified, but NSS not found.])
+ fi
+ else
+ USE_EXTERNAL_NSS=false
+ fi
+ AC_SUBST(USE_EXTERNAL_NSS)
+
+
# Control if libzip can use mmap. Available for purposes of overriding.
LIBZIP_CAN_USE_MMAP=true
AC_SUBST(LIBZIP_CAN_USE_MMAP)
diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
--- a/make/autoconf/spec.gmk.in
+++ b/make/autoconf/spec.gmk.in
@@ -795,6 +795,10 @@
# Libraries
#
+USE_EXTERNAL_NSS:=@USE_EXTERNAL_NSS@
+NSS_LIBS:=@NSS_LIBS@
+NSS_CFLAGS:=@NSS_CFLAGS@
+
USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@
LCMS_CFLAGS:=@LCMS_CFLAGS@
LCMS_LIBS:=@LCMS_LIBS@
diff --git a/make/lib/Lib-jdk.crypto.ec.gmk b/make/lib/Lib-jdk.crypto.ec.gmk
--- a/make/lib/Lib-jdk.crypto.ec.gmk
+++ b/make/lib/Lib-jdk.crypto.ec.gmk
@@ -28,19 +28,26 @@
################################################################################
ifeq ($(ENABLE_INTREE_EC), true)
+ ifeq ($(USE_EXTERNAL_NSS), true)
+ BUILD_LIBSUNEC_CFLAGS_JDKLIB := $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC
+ BUILD_LIBSUNEC_CXXFLAGS_JDKLIB := $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC
+ endif
+
$(eval $(call SetupJdkLibrary, BUILD_LIBSUNEC, \
NAME := sunec, \
TOOLCHAIN := TOOLCHAIN_LINK_CXX, \
OPTIMIZATION := LOW, \
- CFLAGS := $(CFLAGS_JDKLIB) \
+ CFLAGS := $(BUILD_LIBSUNEC_CFLAGS_JDKLIB) $(CFLAGS_JDKLIB) \
-DMP_API_COMPATIBLE -DNSS_ECC_MORE_THAN_SUITE_B, \
- CXXFLAGS := $(CXXFLAGS_JDKLIB), \
+ CXXFLAGS := $(BUILD_LIBSUNEC_CXXFLAGS_JDKLIB) $(CXXFLAGS_JDKLIB), \
DISABLED_WARNINGS_gcc := sign-compare implicit-fallthrough unused-value, \
DISABLED_WARNINGS_clang := sign-compare, \
DISABLED_WARNINGS_microsoft := 4101 4244 4146 4018, \
- LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK), \
+ LDFLAGS := $(subst -Xlinker --as-needed,, \
+ $(subst -Wl$(COMMA)--as-needed,, $(LDFLAGS_JDKLIB))) $(LDFLAGS_CXX_JDK), \
LDFLAGS_macosx := $(call SET_SHARED_LIBRARY_ORIGIN), \
LIBS := $(LIBCXX), \
+ LIBS_linux := -lc $(NSS_LIBS), \
))
TARGETS += $(BUILD_LIBSUNEC)
diff --git a/src/java.base/unix/native/include/jni_md.h b/src/java.base/unix/native/include/jni_md.h
--- a/src/java.base/unix/native/include/jni_md.h
+++ b/src/java.base/unix/native/include/jni_md.h
@@ -41,6 +41,11 @@
#define JNIEXPORT
#define JNIIMPORT
#endif
+#if (defined(__GNUC__)) || __has_attribute(unused)
+ #define UNUSED(x) UNUSED_ ## x __attribute__((__unused__))
+#else
+ #define UNUSED(x) UNUSED_ ## x
+#endif
#define JNICALL
diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
@@ -61,6 +61,7 @@
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
System.loadLibrary("sunec"); // check for native library
+ initialize();
return null;
}
});
@@ -293,6 +294,11 @@
"ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS));
}
+ /**
+ * Initialize the native code.
+ */
+ private static native void initialize();
+
private void putXDHEntries() {
HashMap<String, String> ATTRS = new HashMap<>(1);
diff --git a/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp b/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
--- a/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
+++ b/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
@@ -25,7 +25,11 @@
#include <jni.h>
#include "jni_util.h"
+#ifdef SYSTEM_NSS
+#include "ecc_impl.h"
+#else
#include "impl/ecc_impl.h"
+#endif
#include "sun_security_ec_ECDHKeyAgreement.h"
#include "sun_security_ec_ECKeyPairGenerator.h"
#include "sun_security_ec_ECDSASignature.h"
@@ -33,6 +37,13 @@
#define INVALID_PARAMETER_EXCEPTION \
"java/security/InvalidParameterException"
#define KEY_EXCEPTION "java/security/KeyException"
+#define INTERNAL_ERROR "java/lang/InternalError"
+
+#ifdef SYSTEM_NSS
+#define SYSTEM_UNUSED(x) UNUSED(x)
+#else
+#define SYSTEM_UNUSED(x) x
+#endif
extern "C" {
@@ -55,8 +66,13 @@
/*
* Deep free of the ECParams struct
*/
-void FreeECParams(ECParams *ecparams, jboolean freeStruct)
+void FreeECParams(ECParams *ecparams, jboolean SYSTEM_UNUSED(freeStruct))
{
+#ifdef SYSTEM_NSS
+ // Needs to be freed using the matching method to the one
+ // that allocated it. PR_TRUE means the memory is zeroed.
+ PORT_FreeArena(ecparams->arena, PR_TRUE);
+#else
// Use B_FALSE to free the SECItem->data element, but not the SECItem itself
// Use B_TRUE to free both
@@ -70,6 +86,7 @@
SECITEM_FreeItem(&ecparams->curveOID, B_FALSE);
if (freeStruct)
free(ecparams);
+#endif
}
jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem)
@@ -139,7 +156,7 @@
*/
JNIEXPORT jobjectArray
JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair
- (JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed)
+ (JNIEnv *env, jclass UNUSED(clazz), jint UNUSED(keySize), jbyteArray encodedParams, jbyteArray seed)
{
ECPrivateKey *privKey = NULL; // contains both public and private values
ECParams *ecparams = NULL;
@@ -171,8 +188,17 @@
env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
// Generate the new keypair (using the supplied seed)
+#ifdef SYSTEM_NSS
+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+ != SECSuccess) {
+ ThrowException(env, KEY_EXCEPTION);
+ goto cleanup;
+ }
+ if (EC_NewKey(ecparams, &privKey) != SECSuccess) {
+#else
if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer,
jSeedLength, 0) != SECSuccess) {
+#endif
ThrowException(env, KEY_EXCEPTION);
goto cleanup;
}
@@ -219,10 +245,15 @@
}
if (privKey) {
FreeECParams(&privKey->ecParams, false);
+#ifndef SYSTEM_NSS
+ // The entire ECPrivateKey is allocated in the arena
+ // when using system NSS, so only the in-tree version
+ // needs to clear these manually.
SECITEM_FreeItem(&privKey->version, B_FALSE);
SECITEM_FreeItem(&privKey->privateValue, B_FALSE);
SECITEM_FreeItem(&privKey->publicValue, B_FALSE);
free(privKey);
+#endif
}
if (pSeedBuffer) {
@@ -240,7 +271,7 @@
*/
JNIEXPORT jbyteArray
JNICALL Java_sun_security_ec_ECDSASignature_signDigest
- (JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
{
jbyte* pDigestBuffer = NULL;
jint jDigestLength = env->GetArrayLength(digest);
@@ -299,8 +330,18 @@
env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
// Sign the digest (using the supplied seed)
+#ifdef SYSTEM_NSS
+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+ != SECSuccess) {
+ ThrowException(env, KEY_EXCEPTION);
+ goto cleanup;
+ }
+ if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item)
+ != SECSuccess) {
+#else
if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item,
(unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) {
+#endif
ThrowException(env, KEY_EXCEPTION);
goto cleanup;
}
@@ -349,7 +390,7 @@
*/
JNIEXPORT jboolean
JNICALL Java_sun_security_ec_ECDSASignature_verifySignedDigest
- (JNIEnv *env, jclass clazz, jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
{
jboolean isValid = false;
@@ -406,9 +447,10 @@
cleanup:
{
- if (params_item.data)
+ if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
+ }
if (pubKey.publicValue.data)
env->ReleaseByteArrayElements(publicKey,
@@ -434,7 +476,7 @@
*/
JNIEXPORT jbyteArray
JNICALL Java_sun_security_ec_ECDHKeyAgreement_deriveKey
- (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
{
jbyteArray jSecret = NULL;
ECParams *ecparams = NULL;
@@ -510,9 +552,10 @@
env->ReleaseByteArrayElements(publicKey,
(jbyte *) publicValue_item.data, JNI_ABORT);
- if (params_item.data)
+ if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
+ }
if (ecparams)
FreeECParams(ecparams, true);
@@ -521,4 +564,28 @@
return jSecret;
}
+JNIEXPORT void
+JNICALL Java_sun_security_ec_SunEC_initialize
+ (JNIEnv *env, jclass UNUSED(clazz))
+{
+#ifdef SYSTEM_NSS
+ if (SECOID_Init() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
+ if (RNG_RNGInit() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
+#endif
+}
+
+JNIEXPORT void
+JNICALL JNI_OnUnload
+ (JavaVM *vm, void *reserved)
+{
+#ifdef SYSTEM_NSS
+ RNG_RNGShutdown();
+ SECOID_Shutdown();
+#endif
+}
+
} /* extern "C" */
diff --git a/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h b/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h
new file mode 100644
--- /dev/null
+++ b/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h
@@ -0,0 +1,298 @@
+/*
+ * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Use is subject to license terms.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* *********************************************************************
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ * Dr Vipul Gupta <vipul.gupta@sun.com> and
+ * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Last Modified Date from the Original Code: May 2017
+ *********************************************************************** */
+
+#ifndef _ECC_IMPL_H
+#define _ECC_IMPL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <sys/types.h>
+
+#ifdef SYSTEM_NSS
+#include <secitem.h>
+#include <secerr.h>
+#include <keythi.h>
+#ifdef LEGACY_NSS
+#include <softoken.h>
+#else
+#include <blapi.h>
+#endif
+#else
+#include "ecl-exp.h"
+#endif
+
+/*
+ * Multi-platform definitions
+ */
+#ifdef __linux__
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+typedef enum { B_FALSE, B_TRUE } boolean_t;
+#endif /* __linux__ */
+
+#ifdef _ALLBSD_SOURCE
+#include <stdint.h>
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned long ulong_t;
+typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
+#endif /* _ALLBSD_SOURCE */
+
+#ifdef AIX
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+#endif /* AIX */
+
+#ifdef _WIN32
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
+#define strdup _strdup /* Replace POSIX name with ISO C++ name */
+#endif /* _WIN32 */
+
+#ifndef _KERNEL
+#include <stdlib.h>
+#endif /* _KERNEL */
+
+#define EC_MAX_DIGEST_LEN 1024 /* max digest that can be signed */
+#define EC_MAX_POINT_LEN 145 /* max len of DER encoded Q */
+#define EC_MAX_VALUE_LEN 72 /* max len of ANSI X9.62 private value d */
+#define EC_MAX_SIG_LEN 144 /* max signature len for supported curves */
+#define EC_MIN_KEY_LEN 112 /* min key length in bits */
+#define EC_MAX_KEY_LEN 571 /* max key length in bits */
+#define EC_MAX_OID_LEN 10 /* max length of OID buffer */
+
+/*
+ * Various structures and definitions from NSS are here.
+ */
+
+#ifndef SYSTEM_NSS
+#ifdef _KERNEL
+#define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f))
+#define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f))
+#define PORT_ArenaGrow(a, b, c, d) NULL
+#define PORT_ZAlloc(n, f) kmem_zalloc((n), (f))
+#define PORT_Alloc(n, f) kmem_alloc((n), (f))
+#else
+#define PORT_ArenaAlloc(a, n, f) malloc((n))
+#define PORT_ArenaZAlloc(a, n, f) calloc(1, (n))
+#define PORT_ArenaGrow(a, b, c, d) NULL
+#define PORT_ZAlloc(n, f) calloc(1, (n))
+#define PORT_Alloc(n, f) malloc((n))
+#endif
+
+#define PORT_NewArena(b) (char *)12345
+#define PORT_ArenaMark(a) NULL
+#define PORT_ArenaUnmark(a, b)
+#define PORT_ArenaRelease(a, m)
+#define PORT_FreeArena(a, b)
+#define PORT_Strlen(s) strlen((s))
+#define PORT_SetError(e)
+
+#define PRBool boolean_t
+#define PR_TRUE B_TRUE
+#define PR_FALSE B_FALSE
+
+#ifdef _KERNEL
+#define PORT_Assert ASSERT
+#define PORT_Memcpy(t, f, l) bcopy((f), (t), (l))
+#else
+#define PORT_Assert assert
+#define PORT_Memcpy(t, f, l) memcpy((t), (f), (l))
+#endif
+
+#endif
+
+#define CHECK_OK(func) if (func == NULL) goto cleanup
+#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
+
+#ifndef SYSTEM_NSS
+typedef enum {
+ siBuffer = 0,
+ siClearDataBuffer = 1,
+ siCipherDataBuffer = 2,
+ siDERCertBuffer = 3,
+ siEncodedCertBuffer = 4,
+ siDERNameBuffer = 5,
+ siEncodedNameBuffer = 6,
+ siAsciiNameString = 7,
+ siAsciiString = 8,
+ siDEROID = 9,
+ siUnsignedInteger = 10,
+ siUTCTime = 11,
+ siGeneralizedTime = 12
+} SECItemType;
+
+typedef struct SECItemStr SECItem;
+
+struct SECItemStr {
+ SECItemType type;
+ unsigned char *data;
+ unsigned int len;
+};
+
+typedef SECItem SECKEYECParams;
+
+typedef enum { ec_params_explicit,
+ ec_params_named
+} ECParamsType;
+
+typedef enum { ec_field_GFp = 1,
+ ec_field_GF2m
+} ECFieldType;
+
+struct ECFieldIDStr {
+ int size; /* field size in bits */
+ ECFieldType type;
+ union {
+ SECItem prime; /* prime p for (GFp) */
+ SECItem poly; /* irreducible binary polynomial for (GF2m) */
+ } u;
+ int k1; /* first coefficient of pentanomial or
+ * the only coefficient of trinomial
+ */
+ int k2; /* two remaining coefficients of pentanomial */
+ int k3;
+};
+typedef struct ECFieldIDStr ECFieldID;
+
+struct ECCurveStr {
+ SECItem a; /* contains octet stream encoding of
+ * field element (X9.62 section 4.3.3)
+ */
+ SECItem b;
+ SECItem seed;
+};
+typedef struct ECCurveStr ECCurve;
+
+typedef void PRArenaPool;
+
+struct ECParamsStr {
+ PRArenaPool * arena;
+ ECParamsType type;
+ ECFieldID fieldID;
+ ECCurve curve;
+ SECItem base;
+ SECItem order;
+ int cofactor;
+ SECItem DEREncoding;
+ ECCurveName name;
+ SECItem curveOID;
+};
+typedef struct ECParamsStr ECParams;
+
+struct ECPublicKeyStr {
+ ECParams ecParams;
+ SECItem publicValue; /* elliptic curve point encoded as
+ * octet stream.
+ */
+};
+typedef struct ECPublicKeyStr ECPublicKey;
+
+struct ECPrivateKeyStr {
+ ECParams ecParams;
+ SECItem publicValue; /* encoded ec point */
+ SECItem privateValue; /* private big integer */
+ SECItem version; /* As per SEC 1, Appendix C, Section C.4 */
+};
+typedef struct ECPrivateKeyStr ECPrivateKey;
+
+typedef enum _SECStatus {
+ SECBufferTooSmall = -3,
+ SECWouldBlock = -2,
+ SECFailure = -1,
+ SECSuccess = 0
+} SECStatus;
+#endif
+
+#ifdef _KERNEL
+#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l))
+#else
+/*
+ This function is no longer required because the random bytes are now
+ supplied by the caller. Force a failure.
+*/
+#ifndef SYSTEM_NSS
+#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
+#endif
+#endif
+#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
+#define MP_TO_SEC_ERROR(err)
+
+#define SECITEM_TO_MPINT(it, mp) \
+ CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len))
+
+extern int ecc_knzero_random_generator(uint8_t *, size_t);
+extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t);
+
+#ifdef SYSTEM_NSS
+#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
+#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
+#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
+#else
+extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int);
+
+extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int);
+extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *,
+ int);
+extern void SECITEM_FreeItem(SECItem *, boolean_t);
+
+/* This function has been modified to accept an array of random bytes */
+extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
+ const unsigned char* random, int randomlen, int);
+/* This function has been modified to accept an array of random bytes */
+extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *,
+ const unsigned char* random, int randomlen, int, int timing);
+extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *,
+ const SECItem *, int);
+extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t,
+ SECItem *, int);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _ECC_IMPL_H */

687
pr2126-synchronise_elliptic_curves_in_sun_security_ec_namedcurve_with_those_listed_by_nss.patch
View File

@ -1,687 +0,0 @@
diff --git a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
--- openjdk/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
+++ openjdk/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
@@ -180,72 +180,6 @@
// Elliptic Curves (RFC 4492)
//
// See sun.security.util.CurveDB for the OIDs
- // NIST K-163
- SECT163_K1 (0x0001, "sect163k1", "1.3.132.0.1", true,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECT163_R1 (0x0002, "sect163r1", "1.3.132.0.2", false,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST B-163
- SECT163_R2 (0x0003, "sect163r2", "1.3.132.0.15", true,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECT193_R1 (0x0004, "sect193r1", "1.3.132.0.24", false,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECT193_R2 (0x0005, "sect193r2", "1.3.132.0.25", false,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST K-233
- SECT233_K1 (0x0006, "sect233k1", "1.3.132.0.26", true,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST B-233
- SECT233_R1 (0x0007, "sect233r1", "1.3.132.0.27", true,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECT239_K1 (0x0008, "sect239k1", "1.3.132.0.3", false,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST K-283
- SECT283_K1 (0x0009, "sect283k1", "1.3.132.0.16", true,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST B-283
- SECT283_R1 (0x000A, "sect283r1", "1.3.132.0.17", true,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST K-409
- SECT409_K1 (0x000B, "sect409k1", "1.3.132.0.36", true,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST B-409
- SECT409_R1 (0x000C, "sect409r1", "1.3.132.0.37", true,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST K-571
- SECT571_K1 (0x000D, "sect571k1", "1.3.132.0.38", true,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST B-571
- SECT571_R1 (0x000E, "sect571r1", "1.3.132.0.39", true,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECP160_K1 (0x000F, "secp160k1", "1.3.132.0.9", false,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECP160_R1 (0x0010, "secp160r1", "1.3.132.0.8", false,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECP160_R2 (0x0011, "secp160r2", "1.3.132.0.30", false,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECP192_K1 (0x0012, "secp192k1", "1.3.132.0.31", false,
- ProtocolVersion.PROTOCOLS_TO_12),
-
- // NIST P-192
- SECP192_R1 (0x0013, "secp192r1", "1.2.840.10045.3.1.1", true,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECP224_K1 (0x0014, "secp224k1", "1.3.132.0.32", false,
- ProtocolVersion.PROTOCOLS_TO_12),
- // NIST P-224
- SECP224_R1 (0x0015, "secp224r1", "1.3.132.0.33", true,
- ProtocolVersion.PROTOCOLS_TO_12),
- SECP256_K1 (0x0016, "secp256k1", "1.3.132.0.10", false,
- ProtocolVersion.PROTOCOLS_TO_12),
// NIST P-256
SECP256_R1 (0x0017, "secp256r1", "1.2.840.10045.3.1.7", true,
@@ -116,12 +116,6 @@
NamedGroup.SECP256_R1,
NamedGroup.SECP384_R1,
NamedGroup.SECP521_R1,
- NamedGroup.SECT283_K1,
- NamedGroup.SECT283_R1,
- NamedGroup.SECT409_K1,
- NamedGroup.SECT409_R1,
- NamedGroup.SECT571_K1,
- NamedGroup.SECT571_R1,
// FFDHE 2048
NamedGroup.FFDHE_2048,
@@ -136,15 +130,6 @@
NamedGroup.SECP256_R1,
NamedGroup.SECP384_R1,
NamedGroup.SECP521_R1,
- NamedGroup.SECT283_K1,
- NamedGroup.SECT283_R1,
- NamedGroup.SECT409_K1,
- NamedGroup.SECT409_R1,
- NamedGroup.SECT571_K1,
- NamedGroup.SECT571_R1,
-
- // non-NIST curves
- NamedGroup.SECP256_K1,
// FFDHE 2048
NamedGroup.FFDHE_2048,
diff --git a/src/java.base/share/classes/sun/security/util/CurveDB.java b/src/java.base/share/classes/sun/security/util/CurveDB.java
--- openjdk/src/java.base/share/classes/sun/security/util/CurveDB.java
+++ openjdk/src/java.base/share/classes/sun/security/util/CurveDB.java
@@ -168,114 +168,6 @@
Pattern nameSplitPattern = Pattern.compile(SPLIT_PATTERN);
/* SEC2 prime curves */
- add("secp112r1", "1.3.132.0.6", P,
- "DB7C2ABF62E35E668076BEAD208B",
- "DB7C2ABF62E35E668076BEAD2088",
- "659EF8BA043916EEDE8911702B22",
- "09487239995A5EE76B55F9C2F098",
- "A89CE5AF8724C0A23E0E0FF77500",
- "DB7C2ABF62E35E7628DFAC6561C5",
- 1, nameSplitPattern);
-
- add("secp112r2", "1.3.132.0.7", P,
- "DB7C2ABF62E35E668076BEAD208B",
- "6127C24C05F38A0AAAF65C0EF02C",
- "51DEF1815DB5ED74FCC34C85D709",
- "4BA30AB5E892B4E1649DD0928643",
- "adcd46f5882e3747def36e956e97",
- "36DF0AAFD8B8D7597CA10520D04B",
- 4, nameSplitPattern);
-
- add("secp128r1", "1.3.132.0.28", P,
- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
- "E87579C11079F43DD824993C2CEE5ED3",
- "161FF7528B899B2D0C28607CA52C5B86",
- "CF5AC8395BAFEB13C02DA292DDED7A83",
- "FFFFFFFE0000000075A30D1B9038A115",
- 1, nameSplitPattern);
-
- add("secp128r2", "1.3.132.0.29", P,
- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
- "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
- "5EEEFCA380D02919DC2C6558BB6D8A5D",
- "7B6AA5D85E572983E6FB32A7CDEBC140",
- "27B6916A894D3AEE7106FE805FC34B44",
- "3FFFFFFF7FFFFFFFBE0024720613B5A3",
- 4, nameSplitPattern);
-
- add("secp160k1", "1.3.132.0.9", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
- "0000000000000000000000000000000000000000",
- "0000000000000000000000000000000000000007",
- "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
- "938CF935318FDCED6BC28286531733C3F03C4FEE",
- "0100000000000000000001B8FA16DFAB9ACA16B6B3",
- 1, nameSplitPattern);
-
- add("secp160r1", "1.3.132.0.8", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
- "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
- "4A96B5688EF573284664698968C38BB913CBFC82",
- "23A628553168947D59DCC912042351377AC5FB32",
- "0100000000000000000001F4C8F927AED3CA752257",
- 1, nameSplitPattern);
-
- add("secp160r2", "1.3.132.0.30", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
- "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
- "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
- "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
- "0100000000000000000000351EE786A818F3A1A16B",
- 1, nameSplitPattern);
-
- add("secp192k1", "1.3.132.0.31", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
- "000000000000000000000000000000000000000000000000",
- "000000000000000000000000000000000000000000000003",
- "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
- "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
- "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
- 1, nameSplitPattern);
-
- add("secp192r1 [NIST P-192, X9.62 prime192v1]", "1.2.840.10045.3.1.1", PD,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
- "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
- "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
- "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
- "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
- 1, nameSplitPattern);
-
- add("secp224k1", "1.3.132.0.32", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
- "00000000000000000000000000000000000000000000000000000000",
- "00000000000000000000000000000000000000000000000000000005",
- "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
- "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
- "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
- 1, nameSplitPattern);
-
- add("secp224r1 [NIST P-224]", "1.3.132.0.33", PD,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
- "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
- "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
- "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
- 1, nameSplitPattern);
-
- add("secp256k1", "1.3.132.0.10", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
- "0000000000000000000000000000000000000000000000000000000000000000",
- "0000000000000000000000000000000000000000000000000000000000000007",
- "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
- "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
- 1, nameSplitPattern);
-
add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD,
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
@@ -303,435 +195,6 @@
"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
1, nameSplitPattern);
- /* ANSI X9.62 prime curves */
- add("X9.62 prime192v2", "1.2.840.10045.3.1.2", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
- "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
- "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
- "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
- "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
- 1, nameSplitPattern);
-
- add("X9.62 prime192v3", "1.2.840.10045.3.1.3", P,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
- "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
- "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
- "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
- "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
- 1, nameSplitPattern);
-
- add("X9.62 prime239v1", "1.2.840.10045.3.1.4", P,
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
- "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
- "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
- "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
- 1, nameSplitPattern);
-
- add("X9.62 prime239v2", "1.2.840.10045.3.1.5", P,
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
- "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
- "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
- "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
- "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
- 1, nameSplitPattern);
-
- add("X9.62 prime239v3", "1.2.840.10045.3.1.6", P,
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
- "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
- "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
- "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
- 1, nameSplitPattern);
-
- /* SEC2 binary curves */
- add("sect113r1", "1.3.132.0.4", B,
- "020000000000000000000000000201",
- "003088250CA6E7C7FE649CE85820F7",
- "00E8BEE4D3E2260744188BE0E9C723",
- "009D73616F35F4AB1407D73562C10F",
- "00A52830277958EE84D1315ED31886",
- "0100000000000000D9CCEC8A39E56F",
- 2, nameSplitPattern);
-
- add("sect113r2", "1.3.132.0.5", B,
- "020000000000000000000000000201",
- "00689918DBEC7E5A0DD6DFC0AA55C7",
- "0095E9A9EC9B297BD4BF36E059184F",
- "01A57A6A7B26CA5EF52FCDB8164797",
- "00B3ADC94ED1FE674C06E695BABA1D",
- "010000000000000108789B2496AF93",
- 2, nameSplitPattern);
-
- add("sect131r1", "1.3.132.0.22", B,
- "080000000000000000000000000000010D",
- "07A11B09A76B562144418FF3FF8C2570B8",
- "0217C05610884B63B9C6C7291678F9D341",
- "0081BAF91FDF9833C40F9C181343638399",
- "078C6E7EA38C001F73C8134B1B4EF9E150",
- "0400000000000000023123953A9464B54D",
- 2, nameSplitPattern);
-
- add("sect131r2", "1.3.132.0.23", B,
- "080000000000000000000000000000010D",
- "03E5A88919D7CAFCBF415F07C2176573B2",
- "04B8266A46C55657AC734CE38F018F2192",
- "0356DCD8F2F95031AD652D23951BB366A8",
- "0648F06D867940A5366D9E265DE9EB240F",
- "0400000000000000016954A233049BA98F",
- 2, nameSplitPattern);
-
- add("sect163k1 [NIST K-163]", "1.3.132.0.1", BD,
- "0800000000000000000000000000000000000000C9",
- "000000000000000000000000000000000000000001",
- "000000000000000000000000000000000000000001",
- "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
- "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
- "04000000000000000000020108A2E0CC0D99F8A5EF",
- 2, nameSplitPattern);
-
- add("sect163r1", "1.3.132.0.2", B,
- "0800000000000000000000000000000000000000C9",
- "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
- "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
- "0369979697AB43897789566789567F787A7876A654",
- "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
- "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B",
- 2, nameSplitPattern);
-
- add("sect163r2 [NIST B-163]", "1.3.132.0.15", BD,
- "0800000000000000000000000000000000000000C9",
- "000000000000000000000000000000000000000001",
- "020A601907B8C953CA1481EB10512F78744A3205FD",
- "03F0EBA16286A2D57EA0991168D4994637E8343E36",
- "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
- "040000000000000000000292FE77E70C12A4234C33",
- 2, nameSplitPattern);
-
- add("sect193r1", "1.3.132.0.24", B,
- "02000000000000000000000000000000000000000000008001",
- "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
- "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
- "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
- "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
- "01000000000000000000000000C7F34A778F443ACC920EBA49",
- 2, nameSplitPattern);
-
- add("sect193r2", "1.3.132.0.25", B,
- "02000000000000000000000000000000000000000000008001",
- "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
- "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
- "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
- "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
- "010000000000000000000000015AAB561B005413CCD4EE99D5",
- 2, nameSplitPattern);
-
- add("sect233k1 [NIST K-233]", "1.3.132.0.26", BD,
- "020000000000000000000000000000000000000004000000000000000001",
- "000000000000000000000000000000000000000000000000000000000000",
- "000000000000000000000000000000000000000000000000000000000001",
- "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
- "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
- "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
- 4, nameSplitPattern);
-
- add("sect233r1 [NIST B-233]", "1.3.132.0.27", B,
- "020000000000000000000000000000000000000004000000000000000001",
- "000000000000000000000000000000000000000000000000000000000001",
- "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
- "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
- "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
- "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
- 2, nameSplitPattern);
-
- add("sect239k1", "1.3.132.0.3", B,
- "800000000000000000004000000000000000000000000000000000000001",
- "000000000000000000000000000000000000000000000000000000000000",
- "000000000000000000000000000000000000000000000000000000000001",
- "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
- "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
- "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5",
- 4, nameSplitPattern);
-
- add("sect283k1 [NIST K-283]", "1.3.132.0.16", BD,
- "0800000000000000000000000000000000000000000000000000000000000000000010A1",
- "000000000000000000000000000000000000000000000000000000000000000000000000",
- "000000000000000000000000000000000000000000000000000000000000000000000001",
- "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
- "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
- "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
- 4, nameSplitPattern);
-
- add("sect283r1 [NIST B-283]", "1.3.132.0.17", B,
- "0800000000000000000000000000000000000000000000000000000000000000000010A1",
- "000000000000000000000000000000000000000000000000000000000000000000000001",
- "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
- "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
- "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
- "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
- 2, nameSplitPattern);
-
- add("sect409k1 [NIST K-409]", "1.3.132.0.36", BD,
- "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
- "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
- "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
- "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
- "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
- "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
- 4, nameSplitPattern);
-
- add("sect409r1 [NIST B-409]", "1.3.132.0.37", B,
- "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
- "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
- "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
- "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
- "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
- "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
- 2, nameSplitPattern);
-
- add("sect571k1 [NIST K-571]", "1.3.132.0.38", BD,
- "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
- "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
- "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
- "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
- "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
- "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
- 4, nameSplitPattern);
-
- add("sect571r1 [NIST B-571]", "1.3.132.0.39", B,
- "080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
- "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
- "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
- "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
- "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
- "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
- 2, nameSplitPattern);
-
- /* ANSI X9.62 binary curves */
- add("X9.62 c2tnb191v1", "1.2.840.10045.3.0.5", B,
- "800000000000000000000000000000000000000000000201",
- "2866537B676752636A68F56554E12640276B649EF7526267",
- "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
- "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
- "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
- "40000000000000000000000004A20E90C39067C893BBB9A5",
- 2, nameSplitPattern);
-
- add("X9.62 c2tnb191v2", "1.2.840.10045.3.0.6", B,
- "800000000000000000000000000000000000000000000201",
- "401028774D7777C7B7666D1366EA432071274F89FF01E718",
- "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
- "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
- "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
- "20000000000000000000000050508CB89F652824E06B8173",
- 4, nameSplitPattern);
-
- add("X9.62 c2tnb191v3", "1.2.840.10045.3.0.7", B,
- "800000000000000000000000000000000000000000000201",
- "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
- "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
- "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
- "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
- "155555555555555555555555610C0B196812BFB6288A3EA3",
- 6, nameSplitPattern);
-
- add("X9.62 c2tnb239v1", "1.2.840.10045.3.0.11", B,
- "800000000000000000000000000000000000000000000000001000000001",
- "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
- "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
- "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
- "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
- "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447",
- 4, nameSplitPattern);
-
- add("X9.62 c2tnb239v2", "1.2.840.10045.3.0.12", B,
- "800000000000000000000000000000000000000000000000001000000001",
- "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
- "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
- "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
- "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
- "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D",
- 6, nameSplitPattern);
-
- add("X9.62 c2tnb239v3", "1.2.840.10045.3.0.13", B,
- "800000000000000000000000000000000000000000000000001000000001",
- "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
- "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
- "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
- "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
- "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF",
- 0xA, nameSplitPattern);
-
- add("X9.62 c2tnb359v1", "1.2.840.10045.3.0.18", B,
- "800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001",
- "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557",
- "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988",
- "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097",
- "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E4AE2DE211305A407104BD",
- "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B",
- 0x4C, nameSplitPattern);
-
- add("X9.62 c2tnb431r1", "1.2.840.10045.3.0.20", B,
- "800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001",
- "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F",
- "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618",
- "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
- "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
- "0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91",
- 0x2760, nameSplitPattern);
-
- /* ANSI X9.62 binary curves from the 1998 standard but forbidden
- * in the 2005 version of the standard.
- * We don't register them but leave them here for the time being in
- * case we need to support them after all.
- */
-/*
- add("X9.62 c2pnb163v1", "1.2.840.10045.3.0.1", B,
- "080000000000000000000000000000000000000107",
- "072546B5435234A422E0789675F432C89435DE5242",
- "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
- "07AF69989546103D79329FCC3D74880F33BBE803CB",
- "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
- "0400000000000000000001E60FC8821CC74DAEAFC1",
- 2, nameSplitPattern);
-
- add("X9.62 c2pnb163v2", "1.2.840.10045.3.0.2", B,
- "080000000000000000000000000000000000000107",
- "0108B39E77C4B108BED981ED0E890E117C511CF072",
- "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
- "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
- "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
- "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7",
- 2, nameSplitPattern);
-
- add("X9.62 c2pnb163v3", "1.2.840.10045.3.0.3", B,
- "080000000000000000000000000000000000000107",
- "07A526C63D3E25A256A007699F5447E32AE456B50E",
- "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
- "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
- "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
- "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309",
- 2, nameSplitPattern);
-
- add("X9.62 c2pnb176w1", "1.2.840.10045.3.0.4", B,
- "0100000000000000000000000000000000080000000007",
- "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
- "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
- "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
- "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
- "00010092537397ECA4F6145799D62B0A19CE06FE26AD",
- 0xFF6E, nameSplitPattern);
-
- add("X9.62 c2pnb208w1", "1.2.840.10045.3.0.10", B,
- "010000000000000000000000000000000800000000000000000007",
- "0000000000000000000000000000000000000000000000000000",
- "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
- "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
- "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
- "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D",
- 0xFE48, nameSplitPattern);
-
- add("X9.62 c2pnb272w1", "1.2.840.10045.3.0.16", B,
- "010000000000000000000000000000000000000000000000000000010000000000000B",
- "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
- "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
- "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
- "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
- "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
- 0xFF06, nameSplitPattern);
-
- add("X9.62 c2pnb304w1", "1.2.840.10045.3.0.17", B,
- "010000000000000000000000000000000000000000000000000000000000000000000000000807",
- "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681",
- "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE",
- "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614",
- "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1B92C03B",
- "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D",
- 0xFE2E, nameSplitPattern);
-
- add("X9.62 c2pnb368w1", "1.2.840.10045.3.0.19", B,
- "0100000000000000000000000000000000000000000000000000000000000000000000002000000000000000000007",
- "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D",
- "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A",
- "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F",
- "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855ADAA81E2A0750B80FDA2310",
- "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967",
- 0xFF70, nameSplitPattern);
-*/
-
- /*
- * Brainpool curves (RFC 5639)
- * (Twisted curves are not included)
- */
-
- add("brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1", P,
- "E95E4A5F737059DC60DFC7AD95B3D8139515620F",
- "340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
- "1E589A8595423412134FAA2DBDEC95C8D8675E58",
- "BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
- "1667CB477A1A8EC338F94741669C976316DA6321",
- "E95E4A5F737059DC60DF5991D45029409E60FC09",
- 1, nameSplitPattern);
-
- add("brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3", P,
- "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
- "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
- "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
- "C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
- "14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
- "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
- 1, nameSplitPattern);
-
- add("brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5", P,
- "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
- "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
- "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
- "0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
- "58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
- "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
- 1, nameSplitPattern);
-
- add("brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", P,
- "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
- "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
- "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
- "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
- "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
- "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
- 1, nameSplitPattern);
-
- add("brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9", P,
- "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
- "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
- "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
- "43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
- "14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
- "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
- 1, nameSplitPattern);
-
- add("brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", P,
- "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
- "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
- "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
- "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
- "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
- "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
- 1, nameSplitPattern);
-
- add("brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", P,
- "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
- "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
- "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
- "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
- "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
- "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
- 1, nameSplitPattern);
-
specCollection = Collections.unmodifiableCollection(oidMap.values());
}
}
diff --git a/test/jdk/sun/security/ec/TestEC.java b/test/jdk/sun/security/ec/TestEC.java
--- openjdk/test/jdk/sun/security/ec/TestEC.java
+++ openjdk/test/jdk/sun/security/ec/TestEC.java
@@ -35,8 +35,8 @@
* @library ../pkcs11/sslecc
* @library ../../../java/security/testlibrary
* @modules jdk.crypto.cryptoki/sun.security.pkcs11.wrapper
- * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1" TestEC
- * @run main/othervm/java.security.policy=TestEC.policy -Djdk.tls.namedGroups="secp256r1,sect193r1" TestEC
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1" TestEC
+ * @run main/othervm/java.security.policy=TestEC.policy -Djdk.tls.namedGroups="secp256r1" TestEC
*/
import java.security.NoSuchProviderException;
diff -r bd66ea2fdde3 test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
--- openjdk/test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Thu Jul 27 18:04:48 2017 +0000
+++ openjdk/test/jdk/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Fri Oct 06 13:18:47 2017 +0200
@@ -34,9 +34,9 @@
* @library ..
* @library ../../../../java/security/testlibrary
* @modules jdk.crypto.cryptoki
- * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1"
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1"
* ClientJSSEServerJSSE
- * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1"
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1"
* ClientJSSEServerJSSE sm policy
*/

34
remove-intree-libraries.sh
View File

@ -1,24 +1,52 @@
#!/bin/sh
# Arguments: <JDK TREE> <MINIMAL|FULL>
TREE=${1}
TYPE=${2}
ZIP_SRC=src/java.base/share/native/libzip/zlib/
JPEG_SRC=src/java.desktop/share/native/libjavajpeg/
GIF_SRC=src/java.desktop/share/native/libsplashscreen/giflib/
PNG_SRC=src/java.desktop/share/native/libsplashscreen/libpng/
LCMS_SRC=src/java.desktop/share/native/liblcms/
cd openjdk
if test "x${TREE}" = "x"; then
echo "$0 <JDK_TREE> (MINIMAL|FULL)";
exit 1;
fi
if test "x${TYPE}" = "x"; then
TYPE=minimal;
fi
if test "x${TYPE}" != "xminimal" -a "x${TYPE}" != "xfull"; then
echo "Type must be minimal or full";
exit 2;
fi
echo "Removing in-tree libraries from ${TREE}"
echo "Cleansing operation: ${TYPE}";
cd ${TREE}
echo "Removing built-in libs (they will be linked)"
# On full runs, allow for zlib having already been deleted by minimal
echo "Removing zlib"
if [ ! -d ${ZIP_SRC} ]; then
if [ "x${TYPE}" = "xminimal" -a ! -d ${ZIP_SRC} ]; then
echo "${ZIP_SRC} does not exist. Refusing to proceed."
exit 1
fi
rm -rvf ${ZIP_SRC}
# Minimal is limited to just zlib so finish here
if test "x${TYPE}" = "xminimal"; then
echo "Finished.";
exit 0;
fi
echo "Removing libjpeg"
if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that sound definitely exist
if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that should definitely exist
echo "${JPEG_SRC} does not contain jpeg sources. Refusing to proceed."
exit 1
fi

14
rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
View File

@ -1,10 +1,9 @@
diff -uNr openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java jdk8/jdk/src/java.desktop/share/classes/java/awt/Toolkit.java
--- openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java
+++ openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java
@@ -883,9 +883,13 @@
return null;
}
});
diff -r 618ad1237e73 src/java.desktop/share/classes/java/awt/Toolkit.java
--- a/src/java.desktop/share/classes/java/awt/Toolkit.java Thu Jun 13 19:37:49 2019 +0200
+++ b/src/java.desktop/share/classes/java/awt/Toolkit.java Thu Jul 04 10:35:42 2019 +0200
@@ -595,7 +595,11 @@
toolkit = new HeadlessToolkit(toolkit);
}
if (!GraphicsEnvironment.isHeadless()) {
- loadAssistiveTechnologies();
+ try {
@ -15,4 +14,3 @@ diff -uNr openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java jdk8/jdk/
}
}
return toolkit;
}

13
rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
View File

@ -1,10 +1,11 @@
diff -r 5b86f66575b7 src/share/lib/security/java.security-linux
--- openjdk/src/java.base/share/conf/security/java.security Tue May 16 13:29:05 2017 -0700
+++ openjdk/src/java.base/share/conf/security/java.security Tue Jun 06 14:05:12 2017 +0200
@@ -83,6 +83,7 @@
#ifndef solaris
security.provider.tbd=SunPKCS11
diff -r e3f940bd3c8f src/java.base/share/conf/security/java.security
--- openjdk/src/java.base/share/conf/security/java.security Thu Jun 11 21:54:51 2020 +0530
+++ openjdk/src/java.base/share/conf/security/java.security Mon Aug 24 10:14:31 2020 +0200
@@ -77,7 +77,7 @@
#ifdef macosx
security.provider.tbd=Apple
#endif
-security.provider.tbd=SunPKCS11
+#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
#

117
rh1750419-redhat_alt_java.patch Normal file
View File

@ -0,0 +1,117 @@
diff --git openjdk.orig/make/modules/java.base/Launcher.gmk openjdk/make/modules/java.base/Launcher.gmk
index 700ddefda49..2882de68eb2 100644
--- openjdk.orig/make/modules/java.base/Launcher.gmk
+++ openjdk/make/modules/java.base/Launcher.gmk
@@ -41,6 +41,14 @@ $(eval $(call SetupBuildLauncher, java, \
OPTIMIZATION := HIGH, \
))
+#Wno-error=cpp is present to allow commented warning in ifdef part of main.c
+$(eval $(call SetupBuildLauncher, alt-java, \
+ CFLAGS := -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES -DREDHAT_ALT_JAVA -Wno-error=cpp, \
+ EXTRA_RCFLAGS := $(JAVA_RCFLAGS), \
+ VERSION_INFO_RESOURCE := $(JAVA_VERSION_INFO_RESOURCE), \
+ OPTIMIZATION := HIGH, \
+))
+
ifeq ($(call isTargetOs, windows), true)
$(eval $(call SetupBuildLauncher, javaw, \
CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \
diff --git openjdk.orig/src/java.base/share/native/launcher/alt_main.h openjdk/src/java.base/share/native/launcher/alt_main.h
new file mode 100644
index 00000000000..697df2898ac
--- /dev/null
+++ openjdk/src/java.base/share/native/launcher/alt_main.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#ifdef REDHAT_ALT_JAVA
+
+#include <sys/prctl.h>
+
+
+/* Per task speculation control */
+#ifndef PR_GET_SPECULATION_CTRL
+# define PR_GET_SPECULATION_CTRL 52
+#endif
+#ifndef PR_SET_SPECULATION_CTRL
+# define PR_SET_SPECULATION_CTRL 53
+#endif
+/* Speculation control variants */
+#ifndef PR_SPEC_STORE_BYPASS
+# define PR_SPEC_STORE_BYPASS 0
+#endif
+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
+
+#ifndef PR_SPEC_NOT_AFFECTED
+# define PR_SPEC_NOT_AFFECTED 0
+#endif
+#ifndef PR_SPEC_PRCTL
+# define PR_SPEC_PRCTL (1UL << 0)
+#endif
+#ifndef PR_SPEC_ENABLE
+# define PR_SPEC_ENABLE (1UL << 1)
+#endif
+#ifndef PR_SPEC_DISABLE
+# define PR_SPEC_DISABLE (1UL << 2)
+#endif
+#ifndef PR_SPEC_FORCE_DISABLE
+# define PR_SPEC_FORCE_DISABLE (1UL << 3)
+#endif
+#ifndef PR_SPEC_DISABLE_NOEXEC
+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
+#endif
+
+static void set_speculation() __attribute__((constructor));
+static void set_speculation() {
+ if ( prctl(PR_SET_SPECULATION_CTRL,
+ PR_SPEC_STORE_BYPASS,
+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
+ return;
+ }
+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
+}
+
+#endif // REDHAT_ALT_JAVA
diff --git openjdk.orig/src/java.base/share/native/launcher/main.c openjdk/src/java.base/share/native/launcher/main.c
index b734fe2ba78..79dc8307650 100644
--- openjdk.orig/src/java.base/share/native/launcher/main.c
+++ openjdk/src/java.base/share/native/launcher/main.c
@@ -34,6 +34,14 @@
#include "jli_util.h"
#include "jni.h"
+#ifdef REDHAT_ALT_JAVA
+#if defined(__linux__) && defined(__x86_64__)
+#include "alt_main.h"
+#else
+#warning alt-java requested but SSB mitigation not available on this platform.
+#endif
+#endif
+
#ifdef _MSC_VER
#if _MSC_VER > 1400 && _MSC_VER < 1600

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (jdk-jdk12-jdk-12+33.tar.xz) = e2dea9585fe07ae87fb313d090e9850a547e2ba84a7447d42acd0a04874599ef240f7b6ccaa69955cab5d12f646711cb4467e1b24e090af476e9ff708cc168fe
SHA512 (systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz) = cf578221b77d8c7e019f69909bc86c419c5fb5e10bceba9592ff6e7f96887b0a7f07c9cefe90800975247a078785ca190fdec5c2d0f841bb447cee784b570f7d
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
SHA512 (openjdk-jdk16u-jdk-16.0.1+9.tar.xz) = ff06d5c97377cac4d5e8921766c61d4d96dc0c968913263b5371f0d3d0e98bb6a5ccf5b1cbb3ddaff3380bf4499ff6501e73f96e0e922b2294d1f7c1ec3eee23

5
update_package.sh
View File

@ -33,9 +33,8 @@ fi
# OpenJDK from Shenandoah project
export PROJECT_NAME="jdk"
export REPO_NAME="jdk12"
# warning, clonning without shenadnaoh suffix, you will clone pure jdk - thus without shenandaoh GC
export VERSION="jdk-12+25"
export REPO_NAME="jdk15"
export VERSION="jdk-15+36"
export COMPRESSION=xz
# unset tapsets overrides
export OPENJDK_URL=""