Merge

8d00a9c6 · asaha · 6729a639 · feb5c899 · 8d00a9c6 · 8d00a9c6
3 changed file
--- a/.hgtags
+++ b/.hgtags
@@ -630,6 +630,8 @@ e915a408ebf7ba05b36d1b714e166a1d9e5c7edd jdk8u102-b11
 222d3ac3aa1f99f16e31c1c4a10f916ce83ff759 jdk8u102-b31
 e3839fe291add6e0ea199457fb31c9312cc5dd77 jdk8u102-b32
 275fcb7d4e3e70a37ac70c33d087a805ba182f1e jdk8u102-b33
+d783f00bb04a6fff7ddf1555572c1f3cdfd21e59 jdk8u102-b34
+958684c9f1e73d9310511559c770823180d33e4b jdk8u102-b35
 ebc56c2e803597ef409a5296addc986b390d934d jdk8u111-b00
 c4f03717831993e4658b8366810ca4682ece952d jdk8u111-b01
 de1d09f09e571e38afdf1fb72984ec210e7c19e6 jdk8u111-b02
@@ -642,6 +644,9 @@ d689f7b806c89e535f784ba94bea1ae129ee0f19 jdk8u111-b05
 c959cff8f7accc5dc2a334a977a95fe1dcb9e812 jdk8u111-b09
 1f15a299d2bf9a8bed33a2bdf36745c8238aafbb jdk8u111-b10
 28e488c17b7a276e9ce00a0488bbc53094294e14 jdk8u111-b11
+b1304d71a2ec04ae6fa0a46120a5beba40a6f5ba jdk8u111-b12
+3f1a07c3a600abdc2eb204f9b67984e6b920846e jdk8u111-b13
+ab26fe28f9ed9c7d0a03ce47d1306427f86f27e9 jdk8u111-b14
 47e20a90bdbb2327289e330606b73a9fe4dc857e jdk8u112-b00
 96393e490afd4acba5b92c5ede68dc9bbb60a38e jdk8u112-b01
 b44d695f738baba091370828b84ae2c4cd715c1b jdk8u112-b02
@@ -654,6 +659,10 @@ c66f5a825a0f0b5fb833bc7f50f327aec43e213b jdk8u112-b07
 c86d82567b1200bdb2d2a757f676179a637c4244 jdk8u112-b10
 532df0329e8070a75ae229310aa87ae530fa1eee jdk8u112-b11
 2a44e743f1654e39109233322e639bcfeca42e8d jdk8u112-b12
+16c649b70dc3d437ab16ff8125a50125deda2bc9 jdk8u112-b13
+d2d8b67021a0f41e0eabd711bfd87a943dc0a8d5 jdk8u112-b14
+60767ec3909b3d0cb26dd7b3f952c62053719dda jdk8u112-b15
+5dd7e4bae5c2f1ee4f80c5570e7e3e2f715f7a32 jdk8u112-b16
 ab5ff8f1e52c5e3ca02e988f4d978af63ceca5b8 jdk8u121-b00
 5f0839ac7e0d25dd1ae705df496b12ca76c26d59 jdk8u121-b01
 f91e3aa155b3c6774afb456db15fb358313d5771 jdk8u121-b02
--- a/src/windows/native/java/net/Inet4AddressImpl.c
+++ b/src/windows/native/java/net/Inet4AddressImpl.c
@@ -33,6 +33,7 @@
 #include <process.h>
 #include <iphlpapi.h>
 #include <icmpapi.h>
+#include <WinError.h>

 #include "java_net_InetAddress.h"
 #include "java_net_Inet4AddressImpl.h"
@@ -481,7 +482,15 @@ ping4(JNIEnv *env,
    DWORD ReplySize = 0;
    jboolean ret = JNI_FALSE;

-    ReplySize = sizeof(ICMP_ECHO_REPLY) + sizeof(SendData);
+    // https://msdn.microsoft.com/en-us/library/windows/desktop/aa366051%28v=vs.85%29.aspx
+    ReplySize = sizeof(ICMP_ECHO_REPLY)   // The buffer should be large enough
+                                          // to hold at least one ICMP_ECHO_REPLY
+                                          // structure
+                + sizeof(SendData)        // plus RequestSize bytes of data.
+                + 8;                      // This buffer should also be large enough
+                                          // to also hold 8 more bytes of data
+                                          // (the size of an ICMP error message)
+
    ReplyBuffer = (VOID*) malloc(ReplySize);
    if (ReplyBuffer == NULL) {
        IcmpCloseHandle(hIcmpFile);
@@ -517,10 +526,45 @@ ping4(JNIEnv *env,
                                   (timeout < 1000) ? 1000 : timeout);   // DWORD Timeout
    }

-    if (dwRetVal != 0) {
+    if (dwRetVal == 0) { // if the call failed
+        TCHAR *buf;
+        DWORD err = WSAGetLastError();
+        switch (err) {
+            case ERROR_NO_NETWORK:
+            case ERROR_NETWORK_UNREACHABLE:
+            case ERROR_HOST_UNREACHABLE:
+            case ERROR_PROTOCOL_UNREACHABLE:
+            case ERROR_PORT_UNREACHABLE:
+            case ERROR_REQUEST_ABORTED:
+            case ERROR_INCORRECT_ADDRESS:
+            case ERROR_HOST_DOWN:
+            case WSAEHOSTUNREACH:   /* Host Unreachable */
+            case WSAENETUNREACH:    /* Network Unreachable */
+            case WSAENETDOWN:       /* Network is down */
+            case WSAEPFNOSUPPORT:   /* Protocol Family unsupported */
+            case IP_REQ_TIMED_OUT:
+                break;
+            default:
+                FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
+                        NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+                        (LPTSTR)&buf, 0, NULL);
+                NET_ThrowNew(env, err, buf);
+                LocalFree(buf);
+                break;
+        }
+    } else {
        PICMP_ECHO_REPLY pEchoReply = (PICMP_ECHO_REPLY)ReplyBuffer;
-        if ((int)pEchoReply->RoundTripTime <= timeout)
+
+        // This is to take into account the undocumented minimum
+        // timeout mentioned in the IcmpSendEcho call above.
+        // We perform an extra check to make sure that our
+        // roundtrip time was less than our desired timeout
+        // for cases where that timeout is < 1000ms.
+        if (pEchoReply->Status == IP_SUCCESS
+                && (int)pEchoReply->RoundTripTime <= timeout)
+        {
            ret = JNI_TRUE;
+        }
    }

    free(ReplyBuffer);

--- a/src/windows/native/sun/security/mscapi/security.cpp
+++ b/src/windows/native/sun/security/mscapi/security.cpp
@@ -352,38 +352,50 @@ JNIEXPORT void JNICALL Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateCh
            BOOL bHasNoPrivateKey = FALSE;
            DWORD dwPublicKeyLength = 0;

-            if (::CryptAcquireCertificatePrivateKey(pCertContext, NULL, NULL,
-                                                    &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE)
+            // First, probe it silently
+            if (::CryptAcquireCertificatePrivateKey(pCertContext, CRYPT_ACQUIRE_SILENT_FLAG, NULL,
+                    &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE
+                && GetLastError() != NTE_SILENT_CONTEXT)
            {
                bHasNoPrivateKey = TRUE;
+            }
+            else
+            {
+                if (bCallerFreeProv == TRUE) {
+                    ::CryptReleaseContext(hCryptProv, NULL);
+                    bCallerFreeProv = FALSE;
+                }

-            } else {
-                // Private key is available
-
-                BOOL bGetUserKey = ::CryptGetUserKey(hCryptProv, dwKeySpec, &hUserKey);
-
-                // Skip certificate if cannot find private key
-                if (bGetUserKey == FALSE)
+                // Second, acquire the key normally (not silently)
+                if (::CryptAcquireCertificatePrivateKey(pCertContext, 0, NULL,
+                        &hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE)
                {
-                    if (bCallerFreeProv)
-                        ::CryptReleaseContext(hCryptProv, NULL);
-
-                    continue;
+                    bHasNoPrivateKey = TRUE;
                }
+                else
+                {
+                    // Private key is available
+                    BOOL bGetUserKey = ::CryptGetUserKey(hCryptProv, dwKeySpec, &hUserKey);
+
+                    // Skip certificate if cannot find private key
+                    if (bGetUserKey == FALSE) {
+                        if (bCallerFreeProv)
+                            ::CryptReleaseContext(hCryptProv, NULL);
+                        continue;
+                    }

-                // Set cipher mode to ECB
-                DWORD dwCipherMode = CRYPT_MODE_ECB;
-                ::CryptSetKeyParam(hUserKey, KP_MODE, (BYTE*)&dwCipherMode, NULL);
-
-
-                // If the private key is present in smart card, we may not be able to
-                // determine the key length by using the private key handle. However,
-                // since public/private key pairs must have the same length, we could
-                // determine the key length of the private key by using the public key
-                // in the certificate.
-                dwPublicKeyLength = ::CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
-                        &(pCertContext->pCertInfo->SubjectPublicKeyInfo));
-
+                    // Set cipher mode to ECB
+                    DWORD dwCipherMode = CRYPT_MODE_ECB;
+                    ::CryptSetKeyParam(hUserKey, KP_MODE, (BYTE*)&dwCipherMode, NULL);
+
+                    // If the private key is present in smart card, we may not be able to
+                    // determine the key length by using the private key handle. However,
+                    // since public/private key pairs must have the same length, we could
+                    // determine the key length of the private key by using the public key
+                    // in the certificate.
+                    dwPublicKeyLength = ::CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+                            &(pCertContext->pCertInfo->SubjectPublicKeyInfo));
+                }
            }
            PCCERT_CHAIN_CONTEXT pCertChainContext = NULL;

@@ -392,8 +404,7 @@ JNIEXPORT void JNICALL Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateCh
            //
            if (GetCertificateChain(OID_EKU_ANY, pCertContext, &pCertChainContext))
            {
-
-                for (unsigned int i=0; i < pCertChainContext->cChain; i++)
+                for (DWORD i = 0; i < pCertChainContext->cChain; i++)
                {
                    // Found cert chain
                    PCERT_SIMPLE_CHAIN rgpChain =
@@ -443,6 +454,7 @@ JNIEXPORT void JNICALL Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateCh
                        // cert collection
                        env->CallVoidMethod(obj, mGenCert, byteArray, jArrayList);
                    }
+
                    if (bHasNoPrivateKey)
                    {
                        // Generate certificate chain and store into cert chain
@@ -1361,43 +1373,57 @@ JNIEXPORT jlong JNICALL Java_sun_security_mscapi_RSACipher_getKeyFromCert
    HCRYPTPROV hCryptProv = NULL;
    HCRYPTKEY hKey = NULL;
    DWORD dwKeySpec;
+    BOOL bCallerFreeProv = FALSE;
+    BOOL bRes;

    __try
    {
        if (usePrivateKey == JNI_TRUE) {
            // Locate the key container for the certificate's private key
-            if (!(::CryptAcquireCertificatePrivateKey(
-                (PCCERT_CONTEXT) pCertContext, 0, NULL, &hCryptProv,
-                &dwKeySpec, NULL))) {

+            // First, probe it silently
+            bRes = ::CryptAcquireCertificatePrivateKey(
+                    (PCCERT_CONTEXT) pCertContext, CRYPT_ACQUIRE_SILENT_FLAG,
+                    NULL, &hCryptProv, &dwKeySpec, &bCallerFreeProv);
+
+            if (bRes == FALSE && GetLastError() != NTE_SILENT_CONTEXT)
+            {
+                ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
+                __leave;
+            }
+
+            if (bCallerFreeProv == TRUE) {
+                ::CryptReleaseContext(hCryptProv, NULL);
+                bCallerFreeProv = FALSE;
+            }
+
+            // Now, do it normally (not silently)
+            if (::CryptAcquireCertificatePrivateKey(
+                    (PCCERT_CONTEXT) pCertContext, 0, NULL, &hCryptProv,
+                    &dwKeySpec, &bCallerFreeProv) == FALSE)
+            {
                ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
                __leave;
            }

            // Get a handle to the private key
-            if (!(::CryptGetUserKey(hCryptProv, dwKeySpec, &hKey))) {
+            if (::CryptGetUserKey(hCryptProv, dwKeySpec, &hKey) == FALSE) {
                ThrowException(env, KEY_EXCEPTION, GetLastError());
                __leave;
            }
-
-        } else { // use public key
+        }
+        else // use public key
+        {
+            bCallerFreeProv = TRUE;

            //  Acquire a CSP context.
-            if(::CryptAcquireContext(
-               &hCryptProv,
-               "J2SE",
-               NULL,
-               PROV_RSA_FULL,
-               0) == FALSE)
+            if (::CryptAcquireContext(&hCryptProv, "J2SE", NULL,
+                    PROV_RSA_FULL, 0) == FALSE)
            {
                // If CSP context hasn't been created, create one.
                //
-                if (::CryptAcquireContext(
-                    &hCryptProv,
-                    "J2SE",
-                    NULL,
-                    PROV_RSA_FULL,
-                    CRYPT_NEWKEYSET) == FALSE)
+                if (::CryptAcquireContext(&hCryptProv, "J2SE", NULL,
+                        PROV_RSA_FULL, CRYPT_NEWKEYSET) == FALSE)
                {
                    ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
                    __leave;
@@ -1405,10 +1431,10 @@ JNIEXPORT jlong JNICALL Java_sun_security_mscapi_RSACipher_getKeyFromCert
            }

            // Import the certificate's public key into the key container
-            if (!(::CryptImportPublicKeyInfo(hCryptProv, X509_ASN_ENCODING,
-                &(((PCCERT_CONTEXT) pCertContext)->pCertInfo->SubjectPublicKeyInfo),
-                &hKey))) {
-
+            if (::CryptImportPublicKeyInfo(hCryptProv, X509_ASN_ENCODING,
+                    &(((PCCERT_CONTEXT) pCertContext)->pCertInfo->SubjectPublicKeyInfo),
+                    &hKey) == FALSE)
+            {
                ThrowException(env, KEY_EXCEPTION, GetLastError());
                __leave;
            }
@@ -1419,7 +1445,7 @@ JNIEXPORT jlong JNICALL Java_sun_security_mscapi_RSACipher_getKeyFromCert
        //--------------------------------------------------------------------
        // Clean up.

-        if (hCryptProv)
+        if (bCallerFreeProv == TRUE && hCryptProv != NULL)
            ::CryptReleaseContext(hCryptProv, 0);
    }