diff --git a/.hgtags b/.hgtags index 06d0fa21ec1c207153f60e26fa2dbbf6628ce615..9b6ab4f46f1fbddc640efb374d7ba08d97c9c460 100644 --- a/.hgtags +++ b/.hgtags @@ -637,6 +637,7 @@ d689f7b806c89e535f784ba94bea1ae129ee0f19 jdk8u111-b05 6c822cce832523a5aee9632e28065f0c302187ed jdk8u111-b06 1afe84012d643b4092dbf25f1cbb761508c19ed2 jdk8u111-b07 9760ea9a63c0d48956392256bb7769ab40f2a2f7 jdk8u111-b08 +c959cff8f7accc5dc2a334a977a95fe1dcb9e812 jdk8u111-b09 47e20a90bdbb2327289e330606b73a9fe4dc857e jdk8u112-b00 96393e490afd4acba5b92c5ede68dc9bbb60a38e jdk8u112-b01 b44d695f738baba091370828b84ae2c4cd715c1b jdk8u112-b02 diff --git a/make/mapfiles/libjava/mapfile-vers b/make/mapfiles/libjava/mapfile-vers index 618d50111735738532ec0fc2e8c4e6d0155f4cd7..1b371a2c61c4224f11ef5aa76b9f2676d64e7b3c 100644 --- a/make/mapfiles/libjava/mapfile-vers +++ b/make/mapfiles/libjava/mapfile-vers @@ -56,6 +56,7 @@ SUNWprivate_1.1 { JNU_ThrowArrayIndexOutOfBoundsException; JNU_ThrowByName; JNU_ThrowByNameWithLastError; + JNU_ThrowByNameWithMessageAndLastError; JNU_ThrowClassNotFoundException; JNU_ThrowIllegalAccessError; JNU_ThrowIllegalAccessException; diff --git a/src/share/classes/sun/security/pkcs/SignerInfo.java b/src/share/classes/sun/security/pkcs/SignerInfo.java index 8650474f1ca05f139ae828828d8475d39ee87682..5f131fcac6d03c49a665f0e7e04b23f1db8c4d97 100644 --- a/src/share/classes/sun/security/pkcs/SignerInfo.java +++ b/src/share/classes/sun/security/pkcs/SignerInfo.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,20 +28,37 @@ package sun.security.pkcs; import java.io.OutputStream; import java.io.IOException; import java.math.BigInteger; +import java.security.CryptoPrimitive; +import java.security.InvalidKeyException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.Principal; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; +import java.security.Timestamp; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.CertPath; import java.security.cert.X509Certificate; -import java.security.*; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; +import java.util.EnumSet; +import java.util.Set; +import sun.misc.HexDumpEncoder; import sun.security.timestamp.TimestampToken; -import sun.security.util.*; +import sun.security.util.Debug; +import sun.security.util.DerEncoder; +import sun.security.util.DerInputStream; +import sun.security.util.DerOutputStream; +import sun.security.util.DerValue; +import sun.security.util.DisabledAlgorithmConstraints; +import sun.security.util.ObjectIdentifier; import sun.security.x509.AlgorithmId; import sun.security.x509.X500Name; import sun.security.x509.KeyUsageExtension; -import sun.misc.HexDumpEncoder; /** * A SignerInfo, as defined in PKCS#7's signedData type. @@ -50,6 +67,17 @@ import sun.misc.HexDumpEncoder; */ public class SignerInfo implements DerEncoder { + // Digest and Signature restrictions + private static final Set DIGEST_PRIMITIVE_SET = + Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.MESSAGE_DIGEST)); + + private static final Set SIG_PRIMITIVE_SET = + Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE)); + + private static final DisabledAlgorithmConstraints JAR_DISABLED_CHECK = + new DisabledAlgorithmConstraints( + DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS); + BigInteger version; X500Name issuerName; BigInteger certificateSerialNumber; @@ -318,6 +346,13 @@ public class SignerInfo implements DerEncoder { if (messageDigest == null) // fail if there is no message digest return null; + // check that algorithm is not restricted + if (!JAR_DISABLED_CHECK.permits(DIGEST_PRIMITIVE_SET, + digestAlgname, null)) { + throw new SignatureException("Digest check failed. " + + "Disabled algorithm used: " + digestAlgname); + } + MessageDigest md = MessageDigest.getInstance(digestAlgname); byte[] computedMessageDigest = md.digest(data); @@ -349,12 +384,24 @@ public class SignerInfo implements DerEncoder { String algname = AlgorithmId.makeSigAlg( digestAlgname, encryptionAlgname); - Signature sig = Signature.getInstance(algname); - X509Certificate cert = getCertificate(block); + // check that algorithm is not restricted + if (!JAR_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, algname, null)) { + throw new SignatureException("Signature check failed. " + + "Disabled algorithm used: " + algname); + } + X509Certificate cert = getCertificate(block); + PublicKey key = cert.getPublicKey(); if (cert == null) { return null; } + + // check if the public key is restricted + if (!JAR_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) { + throw new SignatureException("Public key check failed. " + + "Disabled algorithm used: " + key.getAlgorithm()); + } + if (cert.hasUnsupportedCriticalExtension()) { throw new SignatureException("Certificate has unsupported " + "critical extension(s)"); @@ -391,11 +438,9 @@ public class SignerInfo implements DerEncoder { } } - PublicKey key = cert.getPublicKey(); + Signature sig = Signature.getInstance(algname); sig.initVerify(key); - sig.update(dataSigned); - if (sig.verify(encryptedDigest)) { return this; } @@ -515,9 +560,16 @@ public class SignerInfo implements DerEncoder { */ private void verifyTimestamp(TimestampToken token) throws NoSuchAlgorithmException, SignatureException { + String digestAlgname = token.getHashAlgorithm().getName(); + // check that algorithm is not restricted + if (!JAR_DISABLED_CHECK.permits(DIGEST_PRIMITIVE_SET, digestAlgname, + null)) { + throw new SignatureException("Timestamp token digest check failed. " + + "Disabled algorithm used: " + digestAlgname); + } MessageDigest md = - MessageDigest.getInstance(token.getHashAlgorithm().getName()); + MessageDigest.getInstance(digestAlgname); if (!Arrays.equals(token.getHashedMessage(), md.digest(encryptedDigest))) { diff --git a/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java b/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java index 94670e40324c074e292237029a99eb587e183261..6175fea569fcc482fb7be070ad5eb8a588d70e96 100644 --- a/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java +++ b/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java @@ -48,8 +48,12 @@ public abstract class AbstractAlgorithmConstraints private static void loadAlgorithmsMap(Map algorithmsMap, String propertyName) { String property = AccessController.doPrivileged( - (PrivilegedAction) () -> Security.getProperty( - propertyName)); + new PrivilegedAction() { + @Override + public String run() { + return Security.getProperty(propertyName); + } + }); String[] algorithmsInProperty = null; if (property != null && !property.isEmpty()) { diff --git a/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java b/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java index 28eeef0f77c8ed63d4b29c4b328a7ec154713b97..a102187c8ffd3f03222d5a61a4cbd08b13a031c0 100644 --- a/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java +++ b/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java @@ -58,6 +58,10 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints { private final static Map keySizeConstraintsMap = new HashMap<>(); + // the known security property, jdk.jar.disabledAlgorithms + public static final String PROPERTY_JAR_DISABLED_ALGS = + "jdk.jar.disabledAlgorithms"; + private final String[] disabledAlgorithms; private final KeySizeConstraints keySizeConstraints; @@ -71,6 +75,14 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints { this(propertyName, new AlgorithmDecomposer()); } + /** + * Initialize algorithm constraints with the specified security property + * for a specific usage type. + * + * @param propertyName the security property name that define the disabled + * algorithm constraints + * @param decomposer an alternate AlgorithmDecomposer. + */ public DisabledAlgorithmConstraints(String propertyName, AlgorithmDecomposer decomposer) { super(decomposer); diff --git a/src/share/classes/sun/security/util/SignatureFileVerifier.java b/src/share/classes/sun/security/util/SignatureFileVerifier.java index fa0f5301d0ea81ecb566ff7c4ce8d16732a43bcb..ed563dc7b2d6473d9a881ff9beec26610680234c 100644 --- a/src/share/classes/sun/security/util/SignatureFileVerifier.java +++ b/src/share/classes/sun/security/util/SignatureFileVerifier.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,26 +25,49 @@ package sun.security.util; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.security.CodeSigner; +import java.security.CryptoPrimitive; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.SignatureException; import java.security.cert.CertPath; import java.security.cert.X509Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; -import java.security.*; -import java.io.*; -import java.util.*; -import java.util.jar.*; - -import sun.security.pkcs.*; +import java.util.ArrayList; import java.util.Base64; +import java.util.Collections; +import java.util.EnumSet; +import java.util.HashMap; +import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Set; +import java.util.jar.Attributes; +import java.util.jar.JarException; +import java.util.jar.JarFile; +import java.util.jar.Manifest; import sun.security.jca.Providers; +import sun.security.pkcs.PKCS7; +import sun.security.pkcs.SignerInfo; public class SignatureFileVerifier { /* Are we debugging ? */ private static final Debug debug = Debug.getInstance("jar"); - /* cache of CodeSigner objects */ + private static final Set DIGEST_PRIMITIVE_SET = + Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.MESSAGE_DIGEST)); + + private static final DisabledAlgorithmConstraints JAR_DISABLED_CHECK = + new DisabledAlgorithmConstraints( + DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS); + private ArrayList signerCache; private static final String ATTR_DIGEST = @@ -200,8 +223,15 @@ public class SignatureFileVerifier { /** get digest from cache */ - private MessageDigest getDigest(String algorithm) - { + private MessageDigest getDigest(String algorithm) throws SignatureException { + // check that algorithm is not restricted + if (!JAR_DISABLED_CHECK.permits(DIGEST_PRIMITIVE_SET, algorithm, null)) { + SignatureException e = + new SignatureException("SignatureFile check failed. " + + "Disabled algorithm used: " + algorithm); + throw e; + } + if (createdDigests == null) createdDigests = new HashMap(); @@ -321,7 +351,7 @@ public class SignatureFileVerifier { private boolean verifyManifestHash(Manifest sf, ManifestDigester md, List manifestDigests) - throws IOException + throws IOException, SignatureException { Attributes mattr = sf.getMainAttributes(); boolean manifestSigned = false; @@ -365,7 +395,7 @@ public class SignatureFileVerifier { private boolean verifyManifestMainAttrs(Manifest sf, ManifestDigester md) - throws IOException + throws IOException, SignatureException { Attributes mattr = sf.getMainAttributes(); boolean attrsVerified = true; @@ -431,14 +461,14 @@ public class SignatureFileVerifier { private boolean verifySection(Attributes sfAttr, String name, ManifestDigester md) - throws IOException + throws IOException, SignatureException { boolean oneDigestVerified = false; ManifestDigester.Entry mde = md.get(name,block.isOldStyle()); if (mde == null) { throw new SecurityException( - "no manifiest section for signature file entry "+name); + "no manifest section for signature file entry "+name); } if (sfAttr != null) { diff --git a/src/share/lib/security/java.security-aix b/src/share/lib/security/java.security-aix index 6d3f56deeccad521713da4f3e1b0640dbdaae92e..51e7738f2b476e2435addb146f8e24fddbed4cec 100644 --- a/src/share/lib/security/java.security-aix +++ b/src/share/lib/security/java.security-aix @@ -624,3 +624,41 @@ jdk.tls.legacyAlgorithms= \ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024 diff --git a/src/share/lib/security/java.security-linux b/src/share/lib/security/java.security-linux index 6d3f56deeccad521713da4f3e1b0640dbdaae92e..51e7738f2b476e2435addb146f8e24fddbed4cec 100644 --- a/src/share/lib/security/java.security-linux +++ b/src/share/lib/security/java.security-linux @@ -624,3 +624,41 @@ jdk.tls.legacyAlgorithms= \ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024 diff --git a/src/share/lib/security/java.security-macosx b/src/share/lib/security/java.security-macosx index 51ff498cf7b242c2f854d9d4e77ab12be657e0d5..1025209ee119925a95a8bc7e8e81cb86e723f6d4 100644 --- a/src/share/lib/security/java.security-macosx +++ b/src/share/lib/security/java.security-macosx @@ -627,3 +627,41 @@ jdk.tls.legacyAlgorithms= \ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024 diff --git a/src/share/lib/security/java.security-solaris b/src/share/lib/security/java.security-solaris index 0a8e6c3178e207efb09aedc553cd5762a40d598b..464c38eae85b45b6dfe46a6f121342415a42e914 100644 --- a/src/share/lib/security/java.security-solaris +++ b/src/share/lib/security/java.security-solaris @@ -626,3 +626,41 @@ jdk.tls.legacyAlgorithms= \ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024 diff --git a/src/share/lib/security/java.security-windows b/src/share/lib/security/java.security-windows index 79de502bc6c23632df6650cd102045b897e76d9f..e674d1029d44ccacb045d44f4ed61fa06bd8ed2b 100644 --- a/src/share/lib/security/java.security-windows +++ b/src/share/lib/security/java.security-windows @@ -627,3 +627,41 @@ jdk.tls.legacyAlgorithms= \ # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} + +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024 diff --git a/src/share/native/common/jni_util.c b/src/share/native/common/jni_util.c index 3ef707f6079246a126b81dfe67c1bbeda6e13376..0d008970319d2e7f9a5abd518c1a80a420f32f37 100644 --- a/src/share/native/common/jni_util.c +++ b/src/share/native/common/jni_util.c @@ -148,6 +148,61 @@ JNU_ThrowInstantiationException(JNIEnv *env, const char *msg) } +/* + * Throw an exception by name, using a given message and the string + * returned by getLastErrorString to construct the detail string. + */ +JNIEXPORT void JNICALL +JNU_ThrowByNameWithMessageAndLastError + (JNIEnv *env, const char *name, const char *message) +{ + char buf[256]; + size_t n = getLastErrorString(buf, sizeof(buf)); + size_t messagelen = message == NULL ? 0 : strlen(message); + + if (n > 0) { + jstring s = JNU_NewStringPlatform(env, buf); + if (s != NULL) { + jobject x = NULL; + if (messagelen) { + jstring s2 = NULL; + size_t messageextlen = messagelen + 4; + char *str1 = (char *)malloc((messageextlen) * sizeof(char)); + if (str1 == 0) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } + jio_snprintf(str1, messageextlen, " (%s)", message); + s2 = (*env)->NewStringUTF(env, str1); + free(str1); + if (s2 != NULL) { + jstring s3 = JNU_CallMethodByName( + env, NULL, s, "concat", + "(Ljava/lang/String;)Ljava/lang/String;", + s2).l; + (*env)->DeleteLocalRef(env, s2); + if (s3 != NULL) { + (*env)->DeleteLocalRef(env, s); + s = s3; + } + } + } + x = JNU_NewObjectByName(env, name, "(Ljava/lang/String;)V", s); + if (x != NULL) { + (*env)->Throw(env, x); + } + } + } + + if (!(*env)->ExceptionOccurred(env)) { + if (messagelen) { + JNU_ThrowByName(env, name, message); + } else { + JNU_ThrowByName(env, name, "no further information"); + } + } +} + /* Throw an exception by name, using the string returned by * JVM_LastErrorString for the detail string. If the last-error * string is NULL, use the given default detail string. diff --git a/src/share/native/common/jni_util.h b/src/share/native/common/jni_util.h index cdfaa63dc0c263d06dc1c313cd32bc8f2f108fb5..7655eab639666cd138143f444bd8f9eebc22429f 100644 --- a/src/share/native/common/jni_util.h +++ b/src/share/native/common/jni_util.h @@ -105,6 +105,13 @@ JNIEXPORT void JNICALL JNU_ThrowByNameWithLastError(JNIEnv *env, const char *name, const char *defaultMessage); +/* Throw an exception by name, using a given message and the string + * returned by getLastErrorString to construct the detail string. + */ +JNIEXPORT void JNICALL +JNU_ThrowByNameWithMessageAndLastError + (JNIEnv *env, const char *name, const char *message); + /* Throw an IOException, using the last-error string for the detail * string. If the last-error string is NULL, use the given default * detail string. diff --git a/src/solaris/native/java/net/net_util_md.c b/src/solaris/native/java/net/net_util_md.c index c31d294432c949b1b176a84fdecd04948b2d3fae..a284fed280f682b55befbc91325e55b2d76ee75a 100644 --- a/src/solaris/native/java/net/net_util_md.c +++ b/src/solaris/native/java/net/net_util_md.c @@ -106,6 +106,8 @@ void setDefaultScopeID(JNIEnv *env, struct sockaddr *him) int getDefaultScopeID(JNIEnv *env) { static jclass ni_class = NULL; static jfieldID ni_defaultIndexID; + int defaultIndex = 0; + if (ni_class == NULL) { jclass c = (*env)->FindClass(env, "java/net/NetworkInterface"); CHECK_NULL_RETURN(c, 0); @@ -116,7 +118,6 @@ int getDefaultScopeID(JNIEnv *env) { CHECK_NULL_RETURN(ni_defaultIndexID, 0); ni_class = c; } - int defaultIndex = 0; defaultIndex = (*env)->GetStaticIntField(env, ni_class, ni_defaultIndexID); return defaultIndex; @@ -257,9 +258,7 @@ int cmpScopeID (unsigned int scope, struct sockaddr *him) { void NET_ThrowByNameWithLastError(JNIEnv *env, const char *name, const char *defaultDetail) { - char errmsg[255]; - sprintf(errmsg, "errno: %d, error: %s\n", errno, defaultDetail); - JNU_ThrowByNameWithLastError(env, name, errmsg); + JNU_ThrowByNameWithMessageAndLastError(env, name, defaultDetail); } void diff --git a/src/windows/native/java/net/net_util_md.c b/src/windows/native/java/net/net_util_md.c index 8a0f5c15275c8b961e33827c61a7e3e33d270b66..7d990bff9e9c9fab7f3988825eda758a4f7c192d 100644 --- a/src/windows/native/java/net/net_util_md.c +++ b/src/windows/native/java/net/net_util_md.c @@ -218,9 +218,7 @@ NET_ThrowSocketException(JNIEnv *env, char* msg) void NET_ThrowByNameWithLastError(JNIEnv *env, const char *name, const char *defaultDetail) { - char errmsg[255]; - sprintf(errmsg, "errno: %d, error: %s\n", WSAGetLastError(), defaultDetail); - JNU_ThrowByNameWithLastError(env, name, errmsg); + JNU_ThrowByNameWithMessageAndLastError(env, name, defaultDetail); } jfieldID diff --git a/test/javax/crypto/SecretKeyFactory/FailOverTest.sh b/test/javax/crypto/SecretKeyFactory/FailOverTest.sh index 6beb911b124bb9d45205d4ac8cfd8454e07b962c..b39efb0bd71145d12a87208e1d4a51efbdfc5ce4 100644 --- a/test/javax/crypto/SecretKeyFactory/FailOverTest.sh +++ b/test/javax/crypto/SecretKeyFactory/FailOverTest.sh @@ -88,6 +88,7 @@ fi ${TESTJAVA}${FS}bin${FS}java \ ${TESTVMOPTS} \ + -Djava.security.properties=${TESTSRC}${FS}security.properties \ -classpath "${TESTSRC}${FS}P1.jar${PS}${TESTSRC}${FS}P2.jar${PS}." \ FailOverTest result=$? diff --git a/test/javax/crypto/SecretKeyFactory/security.properties b/test/javax/crypto/SecretKeyFactory/security.properties new file mode 100644 index 0000000000000000000000000000000000000000..224dbf7ea7b39d4fe9ef094932eb815510b7fe77 --- /dev/null +++ b/test/javax/crypto/SecretKeyFactory/security.properties @@ -0,0 +1,26 @@ +# +# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +jdk.security.provider.preferred= +jdk.jar.disabledAlgorithms= + diff --git a/test/sun/security/pkcs/pkcs7/PKCS7VerifyTest.java b/test/sun/security/pkcs/pkcs7/PKCS7VerifyTest.java index 24cc111befa08831b0fe411dc58773a4d702e4e7..ec8359adbd9a023a80a19c2f01cb66a8c7fcda2f 100644 --- a/test/sun/security/pkcs/pkcs7/PKCS7VerifyTest.java +++ b/test/sun/security/pkcs/pkcs7/PKCS7VerifyTest.java @@ -26,8 +26,8 @@ * @bug 8048357 * @summary Read signed data in one or more PKCS7 objects from individual files, * verify SignerInfos and certificate chain. - * @run main PKCS7VerifyTest PKCS7TEST.DSA.base64 - * @run main PKCS7VerifyTest PKCS7TEST.DSA.base64 PKCS7TEST.SF + * @run main/othervm -Djava.security.properties=${test.src}/reenable.jar.alg.props PKCS7VerifyTest PKCS7TEST.DSA.base64 + * @run main/othervm -Djava.security.properties=${test.src}/reenable.jar.alg.props PKCS7VerifyTest PKCS7TEST.DSA.base64 PKCS7TEST.SF */ import java.io.ByteArrayInputStream; import java.io.File; @@ -35,6 +35,7 @@ import java.io.FileInputStream; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.security.Security; import java.security.cert.X509Certificate; import java.util.Base64; import java.util.HashMap; diff --git a/test/sun/security/pkcs/pkcs7/reenable.jar.alg.props b/test/sun/security/pkcs/pkcs7/reenable.jar.alg.props new file mode 100644 index 0000000000000000000000000000000000000000..98419437a53906ae9caa3582d7e54f6b8f006510 --- /dev/null +++ b/test/sun/security/pkcs/pkcs7/reenable.jar.alg.props @@ -0,0 +1,24 @@ +# +# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +jdk.jar.disabledAlgorithms= diff --git a/test/sun/security/tools/jarsigner/JarSigningNonAscii.java b/test/sun/security/tools/jarsigner/JarSigningNonAscii.java index 69bf09ed5bf5de7df27f4ebdeb4087b88580fdf7..d04ff573d16ce4df5507bc3d63c4a5ba444bb71b 100644 --- a/test/sun/security/tools/jarsigner/JarSigningNonAscii.java +++ b/test/sun/security/tools/jarsigner/JarSigningNonAscii.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,10 +25,12 @@ * @test * @bug 4924188 * @summary sign a JAR file that has entry names with non-ASCII characters. + * @run main/othervm -Djava.security.properties=${test.src}/reenable.jar.alg.props JarSigningNonAscii */ import sun.security.tools.*; import java.io.*; +import java.security.Security; import java.util.*; import java.util.jar.*; import java.security.cert.Certificate; diff --git a/test/sun/security/tools/jarsigner/reenable.jar.alg.props b/test/sun/security/tools/jarsigner/reenable.jar.alg.props new file mode 100644 index 0000000000000000000000000000000000000000..98419437a53906ae9caa3582d7e54f6b8f006510 --- /dev/null +++ b/test/sun/security/tools/jarsigner/reenable.jar.alg.props @@ -0,0 +1,24 @@ +# +# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +jdk.jar.disabledAlgorithms=