Merge

7de29b88 · asaha · 707f49e9 · f08199a9 · 7de29b88 · 7de29b88
8 changed file
--- a/.hgtags
+++ b/.hgtags
@@ -358,6 +358,7 @@ a21dd7999d1e4ba612c951c2c78504d23eb7243a jdk8u31-b11
 ced84cf3eebc69f7e04b0098d85dcb3a6b872586 jdk8u31-b31
 46338075c4262057099e57638e0758817052da0d jdk8u31-b32
 a1c3099e1b90230435e890ca56adc8a5aa5149ff jdk8u31-b33
+35dfb86684554685d6efd2fc7fd5eb9b7d4545c5 jdk8u31-b34
 e6ed015afbbf3459ba3297e270b4f3170e989c80 jdk8u40-b00
 6e223d48080ef40f4ec11ecbcd19b4a20813b9eb jdk8u40-b01
 4797cd0713b44b009525f1276d571ade7e24f3f5 jdk8u40-b02
@@ -429,6 +430,8 @@ b7403e15864dc0c1f9740d66af91bddb3e2215e8 jdk8u51-b14
 192bda44c0c463104c96058bb815a546b282ca43 jdk8u51-b15
 ee86422973691bb7efae58d201e5a382ea0bb150 jdk8u51-b16
 f94ea276f608b22d78281d70361092ba4864038e jdk8u51-b31
+887dde3afb3bb233958775de22eafb3328af6437 jdk8u51-b32
+dc7b827522bc3a804f7e8951cc27414f19a7c427 jdk8u51-b33
 5c31204d19e5976f025026db3d5c17331e8c44db jdk8u60-b00
 c46daef6edb5385d11876ed40f292a4b62e96867 jdk8u60-b01
 c10fd784956cc7099657181029ac3e790267b678 jdk8u60-b02
@@ -457,6 +460,8 @@ d433f5fd8910bee1f2c295b65cf03977034fe0ea jdk8u60-b24
 c8cfbe57bcd5042d2fef42dcef14d73dd4bdc416 jdk8u60-b25
 0d6a8a9b26a37678b420ff540b5a622c3f4fd44c jdk8u60-b26
 afbc08ea922bf6e5e14d2eea24a2f94f37627ea7 jdk8u60-b27
+1450696a76c667e6f189d026408182a002b93fa7 jdk8u60-b31
+fe24fa1e6d995390df6491975352a15634981b35 jdk8u60-b32
 286b9a885fcc6245fdf2b20697473ec3b35f2538 jdk8u65-b00
 80a796d0db958f49a4b0713818227eda8e5efbb9 jdk8u65-b01
 77d48e6d111faec236c8678997ae4311151cfee4 jdk8u65-b02
@@ -470,6 +475,8 @@ e9de15763a5a3cef64ef1d4bc40a018d4d572325 jdk8u65-b09
 ed9e7ba6a419a80cbcdc60f4634388af054bdc76 jdk8u65-b10
 22ae2d11ff54b758b648b5fcd6ea90e03a4c6781 jdk8u65-b11
 7eb9c6cf007cc6176ccb700f995a3e9b81746bfd jdk8u65-b12
+64ac5b0b4b9e7a587fc0606fada354c6fa4a7a86 jdk8u65-b13
+d26fd80f684d44fd9b16e84e585dda3757d4a19c jdk8u65-b14
 e9f82302d5fdef8a0976640e09363895e9dcde3c jdk8u66-b00
 64d7bd4e98150447916f210e3bfd6875a4c2728a jdk8u66-b01
 d8210091911b14930192abd3138ee37c281fb632 jdk8u66-b02
@@ -479,4 +486,6 @@ b3773a2b6bf64c1df4db2b94f822b5ffb17eacc9 jdk8u66-b07
 fe6a3b134c1d4288a5bcb6152632edca1833ab58 jdk8u66-b10
 e77c306d8ce409a65166813cc3b5e9403f96246b jdk8u66-b11
 6f5b22ffd9626ea1bb2879cfe93f4baafce3d644 jdk8u66-b12
+e951c898bb6ca7be2ce49ac23f8442c0bccad4e9 jdk8u66-b13
+371fc17e38ccf9a729e34c518f6942162ba6c225 jdk8u66-b14
 9a2747ef337bdee71bc8225dea77eb403cca1179 jdk8u71-b00
--- a/make/CompileJavaClasses.gmk
+++ b/make/CompileJavaClasses.gmk
@@ -393,7 +393,7 @@ $(JDK_OUTPUTDIR)/classes/META-INF/services/com.sun.tools.xjc.Plugin:
          JAVAC_FLAGS := -cp $(JDK_OUTPUTDIR)/classes, \
          SRC := $(JDK_OUTPUTDIR)/gensrc_ab/legacy, \
          BIN := $(JDK_OUTPUTDIR)/classes_ab/legacy, \
-          HEADERS := $(JDK_OUTPUTDIR)/gensrc_headers_ab/legacy))
+          HEADERS := $(JDK_OUTPUTDIR)/gensrc_headers_ab/LEGACY))

      $(BUILD_ACCESSBRIDGE_LEGACY): $(BUILD_JDK)


--- a/make/lib/PlatformLibraries.gmk
+++ b/make/lib/PlatformLibraries.gmk
@@ -219,7 +219,7 @@ endif

    ifeq ($(OPENJDK_TARGET_CPU_BITS), 32)
      $(eval $(call SetupAccessBridge,-32,I386,32))
-      $(eval $(call SetupAccessBridge,,I386,legacy))
+      $(eval $(call SetupAccessBridge,,I386,LEGACY))
    else
      $(eval $(call SetupAccessBridge,-64,X64,64))
    endif

--- a/make/mapfiles/libj2ucrypto/mapfile-vers
+++ b/make/mapfiles/libj2ucrypto/mapfile-vers
 #
-# Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,7 @@ SUNWprivate_1.1 {
 		Java_com_oracle_security_ucrypto_NativeCipher_nativeUpdate;
 		Java_com_oracle_security_ucrypto_NativeCipher_nativeFinal;
                Java_com_oracle_security_ucrypto_NativeKey_nativeFree;
+                Java_com_oracle_security_ucrypto_NativeKey_00024RSAPrivate_nativeInit;
                Java_com_oracle_security_ucrypto_NativeKey_00024RSAPrivateCrt_nativeInit;
                Java_com_oracle_security_ucrypto_NativeKey_00024RSAPublic_nativeInit;
 		Java_com_oracle_security_ucrypto_NativeRSASignature_nativeInit;
@@ -56,6 +57,7 @@ SUNWprivate_1.1 {
                JavaCritical_com_oracle_security_ucrypto_NativeCipher_nativeUpdate;
                JavaCritical_com_oracle_security_ucrypto_NativeCipher_nativeFinal;
                JavaCritical_com_oracle_security_ucrypto_NativeKey_nativeFree;
+                JavaCritical_com_oracle_security_ucrypto_NativeKey_00024RSAPrivate_nativeInit;
                JavaCritical_com_oracle_security_ucrypto_NativeKey_00024RSAPrivateCrt_nativeInit;
                JavaCritical_com_oracle_security_ucrypto_NativeKey_00024RSAPublic_nativeInit;
 		JavaCritical_com_oracle_security_ucrypto_NativeRSASignature_nativeInit;

--- a/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java
+++ b/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java
@@ -74,11 +74,14 @@ public final class TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
                "TlsRsaPremasterSecretGenerator must be initialized");
        }

-        if (random == null) {
-            random = new SecureRandom();
+        byte[] b = spec.getEncodedSecret();
+        if (b == null) {
+            if (random == null) {
+                random = new SecureRandom();
+            }
+            b = new byte[48];
+            random.nextBytes(b);
        }
-        byte[] b = new byte[48];
-        random.nextBytes(b);
        b[0] = (byte)spec.getMajorVersion();
        b[1] = (byte)spec.getMinorVersion();


--- a/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java
+++ b/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java
@@ -43,6 +43,8 @@ import java.security.PrivilegedAction;
 public class TlsRsaPremasterSecretParameterSpec
        implements AlgorithmParameterSpec {

+    private final byte[] encodedSecret;
+
    /*
     * The TLS spec says that the version in the RSA premaster secret must
     * be the maximum version supported by the client (i.e. the version it
@@ -89,6 +91,33 @@ public class TlsRsaPremasterSecretParameterSpec

        this.clientVersion = checkVersion(clientVersion);
        this.serverVersion = checkVersion(serverVersion);
+        this.encodedSecret = null;
+    }
+
+    /**
+     * Constructs a new TlsRsaPremasterSecretParameterSpec.
+     *
+     * @param clientVersion the version of the TLS protocol by which the
+     *        client wishes to communicate during this session
+     * @param serverVersion the negotiated version of the TLS protocol which
+     *        contains the lower of that suggested by the client in the client
+     *        hello and the highest supported by the server.
+     * @param encodedSecret the encoded secret key
+     *
+     * @throws IllegalArgumentException if clientVersion or serverVersion are
+     *   negative or larger than (2^16 - 1) or if encodedSecret is not
+     *   exactly 48 bytes
+     */
+    public TlsRsaPremasterSecretParameterSpec(
+            int clientVersion, int serverVersion, byte[] encodedSecret) {
+
+        this.clientVersion = checkVersion(clientVersion);
+        this.serverVersion = checkVersion(serverVersion);
+        if (encodedSecret == null || encodedSecret.length != 48) {
+            throw new IllegalArgumentException(
+                        "Encoded secret is not exactly 48 bytes");
+        }
+        this.encodedSecret = encodedSecret.clone();
    }

    /**
@@ -147,4 +176,13 @@ public class TlsRsaPremasterSecretParameterSpec
        }
        return version;
    }
+
+    /**
+     * Returns the encoded secret.
+     *
+     * @return the encoded secret, may be null if no encoded secret.
+     */
+    public byte[] getEncodedSecret() {
+        return encodedSecret == null ? null : encodedSecret.clone();
+    }
 }
--- a/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java
+++ b/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java
@@ -111,14 +111,41 @@ final class RSAClientKeyExchange extends HandshakeMessage {
            }
        }

+        boolean needFailover = false;
+        byte[] encoded = null;
        try {
            Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1);
-            cipher.init(Cipher.UNWRAP_MODE, privateKey,
-                    new TlsRsaPremasterSecretParameterSpec(
-                            maxVersion.v, currentVersion.v),
-                    generator);
-            preMaster = (SecretKey)cipher.unwrap(encrypted,
-                                "TlsRsaPremasterSecret", Cipher.SECRET_KEY);
+            needFailover = !KeyUtil.isOracleJCEProvider(
+                                        cipher.getProvider().getName());
+            if (needFailover) {
+                cipher.init(Cipher.DECRYPT_MODE, privateKey);
+                encoded = cipher.doFinal(encrypted);
+                encoded = KeyUtil.checkTlsPreMasterSecretKey(
+                                maxVersion.v, currentVersion.v,
+                                generator, encoded, false);
+                preMaster = generatePreMasterSecret(
+                                maxVersion.v, currentVersion.v,
+                                encoded, generator);
+            } else {
+                cipher.init(Cipher.UNWRAP_MODE, privateKey,
+                        new TlsRsaPremasterSecretParameterSpec(
+                                maxVersion.v, currentVersion.v),
+                        generator);
+                preMaster = (SecretKey)cipher.unwrap(encrypted,
+                        "TlsRsaPremasterSecret", Cipher.SECRET_KEY);
+            }
+        } catch (BadPaddingException bpe) {
+            if (needFailover) {
+                encoded = KeyUtil.checkTlsPreMasterSecretKey(
+                                maxVersion.v, currentVersion.v,
+                                generator, null, false);
+                preMaster = generatePreMasterSecret(
+                                maxVersion.v, currentVersion.v,
+                                encoded, generator);
+            } else {
+                //  Otherwise, unlikely to happen
+                throw new RuntimeException("Unexpected exception", bpe);
+            }
        } catch (InvalidKeyException ibk) {
            // the message is too big to process with RSA
            throw new SSLProtocolException(
@@ -133,6 +160,35 @@ final class RSAClientKeyExchange extends HandshakeMessage {
        }
    }

+    // generate a premaster secret with the specified version number
+    @SuppressWarnings("deprecation")
+    private static SecretKey generatePreMasterSecret(
+            int clientVersion, int serverVersion,
+            byte[] encodedSecret, SecureRandom generator) {
+
+        if (debug != null && Debug.isOn("handshake")) {
+            System.out.println("Generating a premaster secret");
+        }
+
+        try {
+            String s = ((clientVersion >= ProtocolVersion.TLS12.v) ?
+                "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
+            KeyGenerator kg = JsseJce.getKeyGenerator(s);
+            kg.init(new TlsRsaPremasterSecretParameterSpec(
+                    clientVersion, serverVersion, encodedSecret),
+                    generator);
+            return kg.generateKey();
+        } catch (InvalidAlgorithmParameterException |
+                NoSuchAlgorithmException iae) {
+            // unlikely to happen, otherwise, must be a provider exception
+            if (debug != null && Debug.isOn("handshake")) {
+                System.out.println("RSA premaster secret generation error:");
+                iae.printStackTrace(System.out);
+            }
+            throw new RuntimeException("Could not generate premaster secret", iae);
+        }
+    }
+
    @Override
    int messageType() {
        return ht_client_key_exchange;

--- a/src/share/classes/sun/security/util/KeyUtil.java
+++ b/src/share/classes/sun/security/util/KeyUtil.java
@@ -144,8 +144,6 @@ public final class KeyUtil {

    /**
     * Returns whether the specified provider is Oracle provider or not.
-     * <P>
-     * Note that this method is only apply to SunJCE and SunPKCS11 at present.
     *
     * @param  providerName
     *         the provider name
@@ -153,8 +151,11 @@ public final class KeyUtil {
     *         {@code providerName} is Oracle provider
     */
    public static final boolean isOracleJCEProvider(String providerName) {
-        return providerName != null && (providerName.equals("SunJCE") ||
-                                        providerName.startsWith("SunPKCS11"));
+        return providerName != null &&
+                (providerName.equals("SunJCE") ||
+                    providerName.equals("SunMSCAPI") ||
+                    providerName.equals("OracleUcrypto") ||
+                    providerName.startsWith("SunPKCS11"));
    }

    /**