rpms
/
java-openjdk
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Sync with rawhide

This commit is contained in:
Jiri Vanek 2018-04-20 19:39:49 +02:00
parent ebe7b33e5e
commit a421a46438
7 changed files with 707 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
*.rpm
/systemtap-tapset-3.6.0pre02.tar.xz
/jdk-jdk10-jdk-10+46.tar.xz
/jdk-updates-jdk10u-jdk-10.0.1+10.tar.xz

11
README.md Normal file
View File

@ -0,0 +1,11 @@
Rolling release of (usually) STSs OpenJDK
OpenJDK have release cadence of 6 months. but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbore them. Currently it is build on openJDK 10. LTSs (next is 11) will go as separate packages.
JDK10 is next major release of Java platform. It is bringing many cool improvements - http://openjdk.java.net/projects/jdk/10/ and is landing to your Fedora. Where it will be maintained for f27 and newer. Unluckily, it is STS (short term support) version. Between individual LTS will be always several STS. Again, please See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html and See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf . So this is rolling release of all STSs to come. Its fate during the release of fresh LTS is yet to be decided. You will always be allowed to install Used LTS in fedora build root, alongside with latest STS via alternatives.
See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html
See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=1557371#c0
https://fedoraproject.org/wiki/Changes/java-openjdk-10

67
java-openjdk.spec
View File

@ -143,14 +143,14 @@
# New Version-String scheme-style defines
%global majorver 10
%global securityver 0
%global securityver 1
# Standard JPackage naming and versioning defines
%global origin openjdk
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global minorver 0
%global buildver 46
%global buildver 10
# priority must be 7 digits in total
# setting to 1, so debug ones can have 0
%global priority 00000%{minorver}1
@ -524,6 +524,7 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/librmi.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsaproc.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsctp.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsunec.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libunpack.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libverify.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libzip.so
@ -696,16 +697,13 @@ OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release
Provides: java-%{javaver}-%{origin} = %{epoch}:%{version}-%{release}
# Standard JPackage base provides
Provides: jre-%{javaver}-%{origin}%{?1} = %{epoch}:%{version}-%{release}
Provides: jre = %{javaver}%{?1}
Provides: jre-%{origin}%{?1} = %{epoch}:%{version}-%{release}
Provides: jre-%{javaver}%{?1} = %{epoch}:%{version}-%{release}
Provides: jre-%{javaver}-%{origin}%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}%{?1} = %{epoch}:%{version}-%{release}
Provides: jre = %{javaver}%{?1}
Provides: java-%{origin}%{?1} = %{epoch}:%{version}-%{release}
Provides: java%{?1} = %{epoch}:%{javaver}
# Standard JPackage extensions provides
Provides: java-fonts%{?1} = %{epoch}:%{version}
}
%define java_headless_rpo() %{expand:
@ -735,24 +733,14 @@ Requires(postun): %{_sbindir}/alternatives
Requires(postun): chkconfig >= 1.7
# Standard JPackage base provides
Provides: jre-headless%{?1} = %{epoch}:%{javaver}
Provides: jre-%{javaver}-%{origin}-headless%{?1} = %{epoch}:%{version}-%{release}
Provides: jre-%{origin}-headless%{?1} = %{epoch}:%{version}-%{release}
Provides: jre-%{javaver}-headless%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-%{origin}-headless%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-headless%{?1} = %{epoch}:%{version}-%{release}
Provides: jre-headless%{?1} = %{epoch}:%{javaver}
Provides: java-%{origin}-headless%{?1} = %{epoch}:%{version}-%{release}
Provides: java-headless%{?1} = %{epoch}:%{javaver}
# Standard JPackage extensions provides
Provides: jndi%{?1} = %{epoch}:%{version}
Provides: jndi-ldap%{?1} = %{epoch}:%{version}
Provides: jndi-cos%{?1} = %{epoch}:%{version}
Provides: jndi-rmi%{?1} = %{epoch}:%{version}
Provides: jndi-dns%{?1} = %{epoch}:%{version}
Provides: jaas%{?1} = %{epoch}:%{version}
Provides: jsse%{?1} = %{epoch}:%{version}
Provides: jce%{?1} = %{epoch}:%{version}
Provides: jdbc-stdext%{?1} = 4.1
Provides: java-sasl%{?1} = %{epoch}:%{version}
# https://bugzilla.redhat.com/show_bug.cgi?id=1312019
Provides: /usr/bin/jjs
@ -778,6 +766,7 @@ Provides: java-sdk-%{javaver}%{?1} = %{epoch}:%{version}
#Provides: java-sdk-%%{origin}%%{?1} = %%{epoch}:%%{version}
#Provides: java-sdk%%{?1} = %%{epoch}:%%{javaver}
Provides: java-%{javaver}-devel%{?1} = %{epoch}:%{version}
Provides: java-%{javaver}-%{origin}-devel%{?1} = %{epoch}:%{version}
#Provides: java-devel-%%{origin}%%{?1} = %%{epoch}:%%{version}
#Provides: java-devel%%{?1} = %%{epoch}:%%{javaver}
@ -789,7 +778,9 @@ Provides: java-%{javaver}-devel%{?1} = %{epoch}:%{version}
Requires: %{name}-devel%{?1} = %{epoch}:%{version}-%{release}
OrderWithRequires: %{name}-headless%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-%{origin}-jmods = %{epoch}:%{version}-%{release}
Provides: java-jmods%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-jmods%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-%{origin}-jmods%{?1} = %{epoch}:%{version}-%{release}
}
@ -797,7 +788,9 @@ Provides: java-%{javaver}-%{origin}-jmods = %{epoch}:%{version}-%{release}
Requires: %{name}%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-%{origin}-demo = %{epoch}:%{version}-%{release}
Provides: java-demo%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-demo%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-%{origin}-demo%{?1} = %{epoch}:%{version}-%{release}
}
@ -832,7 +825,7 @@ Provides: java-%{javaver}-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
Name: java-%{origin}
Version: %{newjavaver}.%{buildver}
Release: 10%{?dist}
Release: 1%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@ -850,7 +843,7 @@ Group: Development/Languages
License: ASL 1.1 and ASL 2.0 and GPL+ and GPLv2 and GPLv2 with exceptions and GPL+ and LGPLv2 and MPLv1.0 and MPLv1.1 and Public Domain and W3C
URL: http://openjdk.java.net/
Source0: jdk-jdk%{majorver}-jdk-%{majorver}+%{buildver}.tar.xz
Source0: jdk-updates-jdk%{majorver}u-jdk-%{newjavaver}+%{buildver}.tar.xz
# Use 'generate_tarballs.sh' to generate the following tarballs
# They are based on code contained in the IcedTea7 project
@ -885,7 +878,7 @@ Patch3: java-atk-wrapper-security.patch
Patch4: PStack-808293.patch
# Allow multiple initialization of PKCS11 libraries
Patch5: multiple-pkcs11-library-init.patch
Patch12: removeSunEcProvider-RH1154143.patch
Patch12: system-nss-ec-rh1565658.patch
Patch13: libjpeg-turbo-1.4-compat.patch
# follow system wide crypto policy RHBZ#1249083
Patch14: systemCryptoPolicyPR3183.patch
@ -934,7 +927,7 @@ BuildRequires: nss-devel
BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
BuildRequires: java-9-openjdk-devel
BuildRequires: java-openjdk-devel
# Zero-assembler build requirement
%ifnarch %{jit_arches}
BuildRequires: libffi-devel
@ -1284,10 +1277,11 @@ bash ../configure \
--with-version-build=%{buildver} \
--with-version-pre="" \
--with-version-opt="" \
--with-boot-jdk=/usr/lib/jvm/java-9-openjdk \
--with-boot-jdk=/usr/lib/jvm/java-%{majorver}-openjdk \
--with-debug-level=$debugbuild \
--with-native-debug-symbols=internal \
--enable-unlimited-crypto \
--enable-system-nss \
--with-zlib=system \
--with-libjpeg=system \
--with-giflib=system \
@ -1351,8 +1345,7 @@ $JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLev
# Check ECC is working
$JAVA_HOME/bin/javac -d . %{SOURCE14}
# FIXME make it run after system NSS support?
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") || true
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
# Check debug symbols are present and can identify code
find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
@ -1495,7 +1488,7 @@ popd
# Install Javadoc documentation
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
cp -a %{buildoutputdir -- $suffix}/images/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
cp -a %{buildoutputdir -- $suffix}/bundles/jdk-%{majorver}+%{buildver}-docs.zip $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
cp -a %{buildoutputdir -- $suffix}/bundles/jdk-%{newjavaver}+%{buildver}-docs.zip $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
# Install icons and menu entries
for s in 16 24 32 48 ; do
@ -1735,8 +1728,22 @@ require "copy_jdk_configs.lua"
%changelog
* Fri Apr 20 2018 Jiri Vanek <jvanek@redhat.com> - 1:10.0.1.10-1
- updated to security update 1
- jexec unlinked from path
- used java-openjdk as boot jdk
- aligned provides/requires
- renamed zip javadoc
* Tue Apr 10 2018 Severin Gehwolf <sgehwolf@redhat.com> - 1:10.0.0.46-12
- Enable basic EC ciphers test in %check.
* Tue Apr 10 2018 Severin Gehwolf <sgehwolf@redhat.com> - 1:10.0.0.46-11
- Port Martin Balao's JDK 9 patch for system NSS support to JDK 10.
- Resolves RHBZ#1565658
* Mon Apr 09 2018 Jiri Vanek <jvanek@redhat.com> - 1:10.0.0.46-10
- fixed stap instal for i686(i386) and arm(armv7hl)
- jexec linked to path
* Fri Apr 06 2018 Jiri Vanek <jvanek@redhat.com> - 1:10.0.0.46-9
- subpackage(s) replaced by sub-package(s) and other cosmetic changes

19
removeSunEcProvider-RH1154143.patch
View File

@ -1,19 +0,0 @@
--- openjdk/src/java.base/share/conf/security/java.security.orig 2018-01-18 12:22:46.148339081 +0100
+++ openjdk/src/java.base/share/conf/security/java.security 2018-01-18 12:25:12.225469321 +0100
@@ -66,7 +66,6 @@
#endif
security.provider.tbd=SUN
security.provider.tbd=SunRsaSign
-security.provider.tbd=SunEC
security.provider.tbd=SunJSSE
security.provider.tbd=SunJCE
security.provider.tbd=SunJGSS
@@ -681,7 +680,7 @@
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
- EC keySize < 224, DES40_CBC, RC4_40
+ EC, ECDHE, ECDH, DES40_CBC, RC4_40
#
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)

2
sources
View File

@ -1,2 +1,2 @@
SHA512 (systemtap-tapset-3.6.0pre02.tar.xz) = 848f42ef7ca751e723fd50e3a6da14c0965ad4da37ea3331568658e27497b7a7e4b9aad3dedd264ad0bb5566c37a92302b905f10258a4e2c89dc4ba609e55481
SHA512 (jdk-jdk10-jdk-10+46.tar.xz) = 6412a0cf2cfcce0a6df35f9250964d2b1f9edc110534e905a9add4a036ba6884506f5f5990d1e1d1e2db406180dae8e20097c5cf44a15c7b7b60558b95049359
SHA512 (jdk-updates-jdk10u-jdk-10.0.1+10.tar.xz) = e57810a4208bb12a6b37f5e8313e30c489e6611ec6be8e7a8fb3c0ae9f1842803a3775bc7cc1f597064444fb4fabae5798a4447712fbf547f7021dd0da384613

654
system-nss-ec-rh1565658.patch Normal file
View File

@ -0,0 +1,654 @@
diff --git openjdk/make/autoconf/jdk-options.m4 openjdk/make/autoconf/jdk-options.m4
--- openjdk/make/autoconf/jdk-options.m4
+++ openjdk/make/autoconf/jdk-options.m4
@@ -264,9 +264,10 @@
#
AC_DEFUN_ONCE([JDKOPT_DETECT_INTREE_EC],
[
+ AC_REQUIRE([LIB_SETUP_MISC_LIBS])
AC_MSG_CHECKING([if elliptic curve crypto implementation is present])
- if test -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then
+ if test "x${system_nss}" = "xyes" -o -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then
ENABLE_INTREE_EC=true
AC_MSG_RESULT([yes])
else
diff --git openjdk/make/autoconf/libraries.m4 openjdk/make/autoconf/libraries.m4
--- openjdk/make/autoconf/libraries.m4
+++ openjdk/make/autoconf/libraries.m4
@@ -175,6 +175,48 @@
AC_SUBST(LIBDL)
LIBS="$save_LIBS"
+ ###############################################################################
+ #
+ # Check for the NSS libraries
+ #
+
+ AC_MSG_CHECKING([whether to build the Sun EC provider against the system NSS libraries])
+
+ # default is bundled
+ DEFAULT_SYSTEM_NSS=no
+
+ AC_ARG_ENABLE([system-nss], [AS_HELP_STRING([--enable-system-nss],
+ [build the SunEC provider using the system NSS libraries @<:@disabled@:>@])],
+ [
+ case "${enableval}" in
+ yes)
+ system_nss=yes
+ ;;
+ *)
+ system_nss=no
+ ;;
+ esac
+ ],
+ [
+ system_nss=${DEFAULT_SYSTEM_NSS}
+ ])
+ AC_MSG_RESULT([$system_nss])
+
+ if test "x${system_nss}" = "xyes"; then
+ PKG_CHECK_MODULES(NSS_SOFTTKN, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no])
+ PKG_CHECK_MODULES(NSS, nss >= 3.16.1, [NSS_FOUND=yes], [NSS_FOUND=no])
+ if test "x${NSS_SOFTOKN_FOUND}" = "xyes" -a "x${NSS_FOUND}" = "xyes"; then
+ NSS_LIBS="$NSS_SOFTOKN_LIBS $NSS_LIBS -lfreebl";
+ USE_EXTERNAL_NSS=true
+ else
+ AC_MSG_ERROR([--enable-system-nss specified, but NSS not found.])
+ fi
+ else
+ USE_EXTERNAL_NSS=false
+ fi
+ AC_SUBST(USE_EXTERNAL_NSS)
+
+
# Deprecated libraries, keep the flags for backwards compatibility
if test "x$OPENJDK_TARGET_OS" = "xwindows"; then
BASIC_DEPRECATED_ARG_WITH([dxsdk])
diff --git openjdk/make/autoconf/spec.gmk.in openjdk/make/autoconf/spec.gmk.in
--- openjdk/make/autoconf/spec.gmk.in
+++ openjdk/make/autoconf/spec.gmk.in
@@ -764,6 +764,10 @@
# Libraries
#
+USE_EXTERNAL_NSS:=@USE_EXTERNAL_NSS@
+NSS_LIBS:=@NSS_LIBS@
+NSS_CFLAGS:=@NSS_CFLAGS@
+
USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@
LCMS_CFLAGS:=@LCMS_CFLAGS@
LCMS_LIBS:=@LCMS_LIBS@
diff --git openjdk/make/lib/Lib-jdk.crypto.ec.gmk openjdk/make/lib/Lib-jdk.crypto.ec.gmk
--- openjdk/make/lib/Lib-jdk.crypto.ec.gmk
+++ openjdk/make/lib/Lib-jdk.crypto.ec.gmk
@@ -29,9 +29,15 @@
ifeq ($(ENABLE_INTREE_EC), true)
- LIBSUNEC_SRC := $(TOPDIR)/src/jdk.crypto.ec/share/native/libsunec
BUILD_LIBSUNEC_FLAGS := $(addprefix -I, $(SUNEC_SRC))
+ ifeq ($(USE_EXTERNAL_NSS), true)
+ LIBSUNEC_SRC := $(TOPDIR)/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
+ BUILD_LIBSUNEC_FLAGS += $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC
+ else
+ LIBSUNEC_SRC := $(TOPDIR)/src/jdk.crypto.ec/share/native/libsunec
+ endif
+
#
# On sol-sparc...all libraries are compiled with -xregs=no%appl
# (set in CFLAGS_REQUIRED_sparc)
@@ -60,7 +66,7 @@
LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK), \
LDFLAGS_macosx := $(call SET_SHARED_LIBRARY_ORIGIN), \
LIBS := $(LIBCXX), \
- LIBS_linux := -lc, \
+ LIBS_linux := -lc $(NSS_LIBS), \
LIBS_solaris := -lc, \
VERSIONINFO_RESOURCE := $(GLOBAL_VERSION_INFO_RESOURCE), \
RC_FLAGS := $(RC_FLAGS) \
diff --git openjdk/make/mapfiles/libsunec/mapfile-vers openjdk/make/mapfiles/libsunec/mapfile-vers
--- openjdk/make/mapfiles/libsunec/mapfile-vers
+++ openjdk/make/mapfiles/libsunec/mapfile-vers
@@ -31,6 +31,7 @@
Java_sun_security_ec_ECDSASignature_signDigest;
Java_sun_security_ec_ECDSASignature_verifySignedDigest;
Java_sun_security_ec_ECDHKeyAgreement_deriveKey;
+ Java_sun_security_ec_SunEC_initialize;
local:
*;
};
diff --git openjdk/src/java.base/unix/native/include/jni_md.h openjdk/src/java.base/unix/native/include/jni_md.h
--- openjdk/src/java.base/unix/native/include/jni_md.h
+++ openjdk/src/java.base/unix/native/include/jni_md.h
@@ -36,6 +36,11 @@
#define JNIEXPORT
#define JNIIMPORT
#endif
+#if (defined(__GNUC__)) || __has_attribute(unused)
+ #define UNUSED(x) UNUSED_ ## x __attribute__((__unused__))
+#else
+ #define UNUSED(x) UNUSED_ ## x
+#endif
#define JNICALL
diff --git openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
--- openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
+++ openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
@@ -61,6 +61,7 @@
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
System.loadLibrary("sunec"); // check for native library
+ initialize();
return null;
}
});
@@ -272,4 +273,9 @@
putService(new ProviderService(this, "KeyAgreement",
"ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS));
}
+
+ /**
+ * Initialize the native code.
+ */
+ private static native void initialize();
}
diff --git openjdk/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp openjdk/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
--- openjdk/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
+++ openjdk/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
@@ -25,7 +25,11 @@
#include <jni.h>
#include "jni_util.h"
+#ifdef SYSTEM_NSS
+#include "ecc_impl.h"
+#else
#include "impl/ecc_impl.h"
+#endif
#define ILLEGAL_STATE_EXCEPTION "java/lang/IllegalStateException"
#define INVALID_ALGORITHM_PARAMETER_EXCEPTION \
@@ -33,6 +37,13 @@
#define INVALID_PARAMETER_EXCEPTION \
"java/security/InvalidParameterException"
#define KEY_EXCEPTION "java/security/KeyException"
+#define INTERNAL_ERROR "java/lang/InternalError"
+
+#ifdef SYSTEM_NSS
+#define SYSTEM_UNUSED(x) UNUSED(x)
+#else
+#define SYSTEM_UNUSED(x) x
+#endif
extern "C" {
@@ -55,8 +66,13 @@
/*
* Deep free of the ECParams struct
*/
-void FreeECParams(ECParams *ecparams, jboolean freeStruct)
+void FreeECParams(ECParams *ecparams, jboolean SYSTEM_UNUSED(freeStruct))
{
+#ifdef SYSTEM_NSS
+ // Needs to be freed using the matching method to the one
+ // that allocated it. PR_TRUE means the memory is zeroed.
+ PORT_FreeArena(ecparams->arena, PR_TRUE);
+#else
// Use B_FALSE to free the SECItem->data element, but not the SECItem itself
// Use B_TRUE to free both
@@ -70,6 +86,7 @@
SECITEM_FreeItem(&ecparams->curveOID, B_FALSE);
if (freeStruct)
free(ecparams);
+#endif
}
jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem)
@@ -95,7 +112,7 @@
*/
JNIEXPORT jobjectArray
JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair
- (JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed)
+ (JNIEnv *env, jclass UNUSED(clazz), jint UNUSED(keySize), jbyteArray encodedParams, jbyteArray seed)
{
ECPrivateKey *privKey = NULL; // contains both public and private values
ECParams *ecparams = NULL;
@@ -127,8 +144,17 @@
env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
// Generate the new keypair (using the supplied seed)
+#ifdef SYSTEM_NSS
+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+ != SECSuccess) {
+ ThrowException(env, KEY_EXCEPTION);
+ goto cleanup;
+ }
+ if (EC_NewKey(ecparams, &privKey) != SECSuccess) {
+#else
if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer,
jSeedLength, 0) != SECSuccess) {
+#endif
ThrowException(env, KEY_EXCEPTION);
goto cleanup;
}
@@ -175,10 +201,15 @@
}
if (privKey) {
FreeECParams(&privKey->ecParams, false);
+#ifndef SYSTEM_NSS
+ // The entire ECPrivateKey is allocated in the arena
+ // when using system NSS, so only the in-tree version
+ // needs to clear these manually.
SECITEM_FreeItem(&privKey->version, B_FALSE);
SECITEM_FreeItem(&privKey->privateValue, B_FALSE);
SECITEM_FreeItem(&privKey->publicValue, B_FALSE);
free(privKey);
+#endif
}
if (pSeedBuffer) {
@@ -196,7 +227,7 @@
*/
JNIEXPORT jbyteArray
JNICALL Java_sun_security_ec_ECDSASignature_signDigest
- (JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
{
jbyte* pDigestBuffer = NULL;
jint jDigestLength = env->GetArrayLength(digest);
@@ -255,8 +286,18 @@
env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
// Sign the digest (using the supplied seed)
+#ifdef SYSTEM_NSS
+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+ != SECSuccess) {
+ ThrowException(env, KEY_EXCEPTION);
+ goto cleanup;
+ }
+ if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item)
+ != SECSuccess) {
+#else
if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item,
(unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) {
+#endif
ThrowException(env, KEY_EXCEPTION);
goto cleanup;
}
@@ -305,7 +346,7 @@
*/
JNIEXPORT jboolean
JNICALL Java_sun_security_ec_ECDSASignature_verifySignedDigest
- (JNIEnv *env, jclass clazz, jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
{
jboolean isValid = false;
@@ -362,9 +403,10 @@
cleanup:
{
- if (params_item.data)
+ if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
+ }
if (pubKey.publicValue.data)
env->ReleaseByteArrayElements(publicKey,
@@ -390,7 +432,7 @@
*/
JNIEXPORT jbyteArray
JNICALL Java_sun_security_ec_ECDHKeyAgreement_deriveKey
- (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
{
jbyteArray jSecret = NULL;
ECParams *ecparams = NULL;
@@ -466,9 +508,10 @@
env->ReleaseByteArrayElements(publicKey,
(jbyte *) publicValue_item.data, JNI_ABORT);
- if (params_item.data)
+ if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
+ }
if (ecparams)
FreeECParams(ecparams, true);
@@ -477,4 +520,28 @@
return jSecret;
}
+JNIEXPORT void
+JNICALL Java_sun_security_ec_SunEC_initialize
+ (JNIEnv *env, jclass UNUSED(clazz))
+{
+#ifdef SYSTEM_NSS
+ if (SECOID_Init() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
+ if (RNG_RNGInit() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
+#endif
+}
+
+JNIEXPORT void
+JNICALL JNI_OnUnload
+ (JavaVM *vm, void *reserved)
+{
+#ifdef SYSTEM_NSS
+ RNG_RNGShutdown();
+ SECOID_Shutdown();
+#endif
+}
+
} /* extern "C" */
diff --git openjdk/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h openjdk/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h
new file mode 100644
--- /dev/null
+++ openjdk/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h
@@ -0,0 +1,298 @@
+/*
+ * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Use is subject to license terms.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* *********************************************************************
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ * Dr Vipul Gupta <vipul.gupta@sun.com> and
+ * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Last Modified Date from the Original Code: May 2017
+ *********************************************************************** */
+
+#ifndef _ECC_IMPL_H
+#define _ECC_IMPL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <sys/types.h>
+
+#ifdef SYSTEM_NSS
+#include <secitem.h>
+#include <secerr.h>
+#include <keythi.h>
+#ifdef LEGACY_NSS
+#include <softoken.h>
+#else
+#include <blapi.h>
+#endif
+#else
+#include "ecl-exp.h"
+#endif
+
+/*
+ * Multi-platform definitions
+ */
+#ifdef __linux__
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+typedef enum { B_FALSE, B_TRUE } boolean_t;
+#endif /* __linux__ */
+
+#ifdef _ALLBSD_SOURCE
+#include <stdint.h>
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned long ulong_t;
+typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
+#endif /* _ALLBSD_SOURCE */
+
+#ifdef AIX
+#define B_FALSE FALSE
+#define B_TRUE TRUE
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+#endif /* AIX */
+
+#ifdef _WIN32
+typedef unsigned char uint8_t;
+typedef unsigned long ulong_t;
+typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
+#define strdup _strdup /* Replace POSIX name with ISO C++ name */
+#endif /* _WIN32 */
+
+#ifndef _KERNEL
+#include <stdlib.h>
+#endif /* _KERNEL */
+
+#define EC_MAX_DIGEST_LEN 1024 /* max digest that can be signed */
+#define EC_MAX_POINT_LEN 145 /* max len of DER encoded Q */
+#define EC_MAX_VALUE_LEN 72 /* max len of ANSI X9.62 private value d */
+#define EC_MAX_SIG_LEN 144 /* max signature len for supported curves */
+#define EC_MIN_KEY_LEN 112 /* min key length in bits */
+#define EC_MAX_KEY_LEN 571 /* max key length in bits */
+#define EC_MAX_OID_LEN 10 /* max length of OID buffer */
+
+/*
+ * Various structures and definitions from NSS are here.
+ */
+
+#ifndef SYSTEM_NSS
+#ifdef _KERNEL
+#define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f))
+#define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f))
+#define PORT_ArenaGrow(a, b, c, d) NULL
+#define PORT_ZAlloc(n, f) kmem_zalloc((n), (f))
+#define PORT_Alloc(n, f) kmem_alloc((n), (f))
+#else
+#define PORT_ArenaAlloc(a, n, f) malloc((n))
+#define PORT_ArenaZAlloc(a, n, f) calloc(1, (n))
+#define PORT_ArenaGrow(a, b, c, d) NULL
+#define PORT_ZAlloc(n, f) calloc(1, (n))
+#define PORT_Alloc(n, f) malloc((n))
+#endif
+
+#define PORT_NewArena(b) (char *)12345
+#define PORT_ArenaMark(a) NULL
+#define PORT_ArenaUnmark(a, b)
+#define PORT_ArenaRelease(a, m)
+#define PORT_FreeArena(a, b)
+#define PORT_Strlen(s) strlen((s))
+#define PORT_SetError(e)
+
+#define PRBool boolean_t
+#define PR_TRUE B_TRUE
+#define PR_FALSE B_FALSE
+
+#ifdef _KERNEL
+#define PORT_Assert ASSERT
+#define PORT_Memcpy(t, f, l) bcopy((f), (t), (l))
+#else
+#define PORT_Assert assert
+#define PORT_Memcpy(t, f, l) memcpy((t), (f), (l))
+#endif
+
+#endif
+
+#define CHECK_OK(func) if (func == NULL) goto cleanup
+#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
+
+#ifndef SYSTEM_NSS
+typedef enum {
+ siBuffer = 0,
+ siClearDataBuffer = 1,
+ siCipherDataBuffer = 2,
+ siDERCertBuffer = 3,
+ siEncodedCertBuffer = 4,
+ siDERNameBuffer = 5,
+ siEncodedNameBuffer = 6,
+ siAsciiNameString = 7,
+ siAsciiString = 8,
+ siDEROID = 9,
+ siUnsignedInteger = 10,
+ siUTCTime = 11,
+ siGeneralizedTime = 12
+} SECItemType;
+
+typedef struct SECItemStr SECItem;
+
+struct SECItemStr {
+ SECItemType type;
+ unsigned char *data;
+ unsigned int len;
+};
+
+typedef SECItem SECKEYECParams;
+
+typedef enum { ec_params_explicit,
+ ec_params_named
+} ECParamsType;
+
+typedef enum { ec_field_GFp = 1,
+ ec_field_GF2m
+} ECFieldType;
+
+struct ECFieldIDStr {
+ int size; /* field size in bits */
+ ECFieldType type;
+ union {
+ SECItem prime; /* prime p for (GFp) */
+ SECItem poly; /* irreducible binary polynomial for (GF2m) */
+ } u;
+ int k1; /* first coefficient of pentanomial or
+ * the only coefficient of trinomial
+ */
+ int k2; /* two remaining coefficients of pentanomial */
+ int k3;
+};
+typedef struct ECFieldIDStr ECFieldID;
+
+struct ECCurveStr {
+ SECItem a; /* contains octet stream encoding of
+ * field element (X9.62 section 4.3.3)
+ */
+ SECItem b;
+ SECItem seed;
+};
+typedef struct ECCurveStr ECCurve;
+
+typedef void PRArenaPool;
+
+struct ECParamsStr {
+ PRArenaPool * arena;
+ ECParamsType type;
+ ECFieldID fieldID;
+ ECCurve curve;
+ SECItem base;
+ SECItem order;
+ int cofactor;
+ SECItem DEREncoding;
+ ECCurveName name;
+ SECItem curveOID;
+};
+typedef struct ECParamsStr ECParams;
+
+struct ECPublicKeyStr {
+ ECParams ecParams;
+ SECItem publicValue; /* elliptic curve point encoded as
+ * octet stream.
+ */
+};
+typedef struct ECPublicKeyStr ECPublicKey;
+
+struct ECPrivateKeyStr {
+ ECParams ecParams;
+ SECItem publicValue; /* encoded ec point */
+ SECItem privateValue; /* private big integer */
+ SECItem version; /* As per SEC 1, Appendix C, Section C.4 */
+};
+typedef struct ECPrivateKeyStr ECPrivateKey;
+
+typedef enum _SECStatus {
+ SECBufferTooSmall = -3,
+ SECWouldBlock = -2,
+ SECFailure = -1,
+ SECSuccess = 0
+} SECStatus;
+#endif
+
+#ifdef _KERNEL
+#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l))
+#else
+/*
+ This function is no longer required because the random bytes are now
+ supplied by the caller. Force a failure.
+*/
+#ifndef SYSTEM_NSS
+#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
+#endif
+#endif
+#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
+#define MP_TO_SEC_ERROR(err)
+
+#define SECITEM_TO_MPINT(it, mp) \
+ CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len))
+
+extern int ecc_knzero_random_generator(uint8_t *, size_t);
+extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t);
+
+#ifdef SYSTEM_NSS
+#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
+#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
+#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
+#else
+extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int);
+
+extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int);
+extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *,
+ int);
+extern void SECITEM_FreeItem(SECItem *, boolean_t);
+
+/* This function has been modified to accept an array of random bytes */
+extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
+ const unsigned char* random, int randomlen, int);
+/* This function has been modified to accept an array of random bytes */
+extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *,
+ const unsigned char* random, int randomlen, int, int timing);
+extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *,
+ const SECItem *, int);
+extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t,
+ SECItem *, int);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _ECC_IMPL_H */

6
update_package.sh
View File

@ -25,13 +25,13 @@ fi
set -e
if [ "x$PROJECT_NAME" = "x" ] ; then
PROJECT_NAME="jdk"
PROJECT_NAME="jdk-updates"
fi
if [ "x$REPO_NAME" = "x" ] ; then
REPO_NAME="jdk10"
REPO_NAME="jdk10u"
fi
if [ "x$VERSION" = "x" ] ; then
VERSION="jdk-10+46"
VERSION="jdk-10.0.1+10"
fi
if [ "x$COMPRESSION" = "x" ] ; then