Merge pull request #273 from pshipton/0.41

Merge tag 'jdk-17.0.9+9' into v0.41.0-release
ibmruntimes · Oct 18, 2023 · 83ba13c · 83ba13c
2 parents 7d08dd0 + ac6e98f
commit 83ba13c
Show file tree

Hide file tree

Showing 53 changed files with 1,312 additions and 347 deletions.
diff --git a/closed/openjdk-tag.gmk b/closed/openjdk-tag.gmk
@@ -1 +1 @@
-OPENJDK_TAG := jdk-17.0.9+7
+OPENJDK_TAG := jdk-17.0.9+9
diff --git a/make/conf/version-numbers.conf b/make/conf/version-numbers.conf
@@ -39,4 +39,4 @@ DEFAULT_VERSION_CLASSFILE_MINOR=0
 DEFAULT_VERSION_DOCS_API_SINCE=11
 DEFAULT_ACCEPTABLE_BOOT_VERSIONS="16 17"
 DEFAULT_JDK_SOURCE_TARGET_VERSION=17
-DEFAULT_PROMOTED_VERSION_PRE=ea
+DEFAULT_PROMOTED_VERSION_PRE=
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/DESKey.java b/src/java.base/share/classes/com/sun/crypto/provider/DESKey.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
 
 package com.sun.crypto.provider;
 
+import java.io.IOException;
+import java.io.InvalidObjectException;
 import java.lang.ref.Reference;
 import java.security.MessageDigest;
 import java.security.KeyRep;
@@ -44,7 +46,7 @@
 final class DESKey implements SecretKey {
 
  @java.io.Serial
- static final long serialVersionUID = 7724971015953279128L;
+ private static final long serialVersionUID = 7724971015953279128L;
 
  private byte[] key;
 
@@ -113,7 +115,7 @@ public int hashCode() {
  for (int i = 1; i < this.key.length; i++) {
  retval += this.key[i] * i;
  }
- return(retval ^= "des".hashCode());
+ return(retval ^ "des".hashCode());
  }
 
  public boolean equals(Object obj) {
@@ -134,15 +136,28 @@ public boolean equals(Object obj) {
  }
 
  /**
- * readObject is called to restore the state of this key from
- * a stream.
+ * Restores the state of this object from the stream.
+ *
+ * @param s the {@code ObjectInputStream} from which data is read
+ * @throws IOException if an I/O error occurs
+ * @throws ClassNotFoundException if a serialized class cannot be loaded
  */
  @java.io.Serial
  private void readObject(java.io.ObjectInputStream s)
- throws java.io.IOException, ClassNotFoundException
+ throws IOException, ClassNotFoundException
  {
  s.defaultReadObject();
+ if ((key == null) || (key.length != DESKeySpec.DES_KEY_LEN)) {
+ throw new InvalidObjectException("Wrong key size");
+ }
  key = key.clone();
+
+ DESKeyGenerator.setParityBit(key, 0);
+
+ // Use the cleaner to zero the key when no longer referenced
+ final byte[] k = key;
+ CleanerFactory.cleaner().register(this,
+ () -> java.util.Arrays.fill(k, (byte)0x00));
  }
 
  /**

diff --git a/src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java b/src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
 
 package com.sun.crypto.provider;
 
+import java.io.IOException;
+import java.io.InvalidObjectException;
 import java.lang.ref.Reference;
 import java.security.MessageDigest;
 import java.security.KeyRep;
@@ -44,7 +46,7 @@
 final class DESedeKey implements SecretKey {
 
  @java.io.Serial
- static final long serialVersionUID = 2463986565756745178L;
+ private static final long serialVersionUID = 2463986565756745178L;
 
  private byte[] key;
 
@@ -112,7 +114,7 @@ public int hashCode() {
  for (int i = 1; i < this.key.length; i++) {
  retval += this.key[i] * i;
  }
- return(retval ^= "desede".hashCode());
+ return(retval ^ "desede".hashCode());
  }
 
  public boolean equals(Object obj) {
@@ -134,15 +136,30 @@ public boolean equals(Object obj) {
  }
 
  /**
- * readObject is called to restore the state of this key from
- * a stream.
+ * Restores the state of this object from the stream.
+ *
+ * @param s the {@code ObjectInputStream} from which data is read
+ * @throws IOException if an I/O error occurs
+ * @throws ClassNotFoundException if a serialized class cannot be loaded
  */
  @java.io.Serial
  private void readObject(java.io.ObjectInputStream s)
- throws java.io.IOException, ClassNotFoundException
+ throws IOException, ClassNotFoundException
  {
  s.defaultReadObject();
+ if ((key == null) || (key.length != DESedeKeySpec.DES_EDE_KEY_LEN)) {
+ throw new InvalidObjectException("Wrong key size");
+ }
  key = key.clone();
+
+ DESKeyGenerator.setParityBit(key, 0);
+ DESKeyGenerator.setParityBit(key, 8);
+ DESKeyGenerator.setParityBit(key, 16);
+
+ // Use the cleaner to zero the key when no longer referenced
+ final byte[] k = key;
+ CleanerFactory.cleaner().register(this,
+ () -> java.util.Arrays.fill(k, (byte)0x00));
  }
 
  /**

diff --git a/src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java b/src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,16 +41,14 @@
  * algorithm.
  *
  * @author Jan Luehe
- *
- *
  * @see DHPublicKey
  * @see java.security.KeyAgreement
  */
 final class DHPrivateKey implements PrivateKey,
  javax.crypto.interfaces.DHPrivateKey, Serializable {
 
  @java.io.Serial
- static final long serialVersionUID = 7565477590005668886L;
+ private static final long serialVersionUID = 7565477590005668886L;
 
  // only supported version of PKCS#8 PrivateKeyInfo
  private static final BigInteger PKCS8_VERSION = BigInteger.ZERO;
@@ -65,10 +63,10 @@ final class DHPrivateKey implements PrivateKey,
  private byte[] encodedKey;
 
  // the prime modulus
- private BigInteger p;
+ private final BigInteger p;
 
  // the base generator
- private BigInteger g;
+ private final BigInteger g;
 
  // the private-value length (optional)
  private int l;
@@ -336,4 +334,28 @@ private Object writeReplace() throws java.io.ObjectStreamException {
  getFormat(),
  encodedKey);
  }
+
+ /**
+ * Restores the state of this object from the stream.
+ * <p>
+ * JDK 1.5+ objects use <code>KeyRep</code>s instead.
+ *
+ * @param stream the {@code ObjectInputStream} from which data is read
+ * @throws IOException if an I/O error occurs
+ * @throws ClassNotFoundException if a serialized class cannot be loaded
+ */
+ @java.io.Serial
+ private void readObject(ObjectInputStream stream)
+ throws IOException, ClassNotFoundException {
+ stream.defaultReadObject();
+ if ((key == null) || (key.length == 0)) {
+ throw new InvalidObjectException("key not deserializable");
+ }
+ this.key = key.clone();
+ if ((encodedKey == null) || (encodedKey.length == 0)) {
+ throw new InvalidObjectException(
+ "encoded key not deserializable");
+ }
+ this.encodedKey = encodedKey.clone();
+ }
 }
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java b/src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,16 +40,14 @@
  * A public key in X.509 format for the Diffie-Hellman key agreement algorithm.
  *
  * @author Jan Luehe
- *
- *
  * @see DHPrivateKey
  * @see javax.crypto.KeyAgreement
  */
 final class DHPublicKey implements PublicKey,
 javax.crypto.interfaces.DHPublicKey, Serializable {
 
  @java.io.Serial
- static final long serialVersionUID = 7647557958927458271L;
+ private static final long serialVersionUID = 7647557958927458271L;
 
  // the public key
  private BigInteger y;
@@ -61,10 +59,10 @@ final class DHPublicKey implements PublicKey,
  private byte[] encodedKey;
 
  // the prime modulus
- private BigInteger p;
+ private final BigInteger p;
 
  // the base generator
- private BigInteger g;
+ private final BigInteger g;
 
  // the private-value length (optional)
  private int l;
@@ -324,4 +322,28 @@ private Object writeReplace() throws java.io.ObjectStreamException {
  getFormat(),
  getEncoded());
  }
+
+ /**
+ * Restores the state of this object from the stream.
+ * <p>
+ * JDK 1.5+ objects use <code>KeyRep</code>s instead.
+ *
+ * @param stream the {@code ObjectInputStream} from which data is read
+ * @throws IOException if an I/O error occurs
+ * @throws ClassNotFoundException if a serialized class cannot be loaded
+ */
+ @java.io.Serial
+ private void readObject(ObjectInputStream stream)
+ throws IOException, ClassNotFoundException {
+ stream.defaultReadObject();
+ if ((key == null) || (key.length == 0)) {
+ throw new InvalidObjectException("key not deserializable");
+ }
+ this.key = key.clone();
+ if ((encodedKey == null) || (encodedKey.length == 0)) {
+ throw new InvalidObjectException(
+ "encoded key not deserializable");
+ }
+ this.encodedKey = encodedKey.clone();
+ }
 }
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java b/src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
 
 package com.sun.crypto.provider;
 
+import java.io.IOException;
+import java.io.InvalidObjectException;
 import java.lang.ref.Reference;
 import java.security.MessageDigest;
 import java.security.KeyRep;
@@ -45,11 +47,11 @@
 final class PBEKey implements SecretKey {
 
  @java.io.Serial
- static final long serialVersionUID = -2234768909660948176L;
+ private static final long serialVersionUID = -2234768909660948176L;
 
  private byte[] key;
 
- private String type;
+ private final String type;
 
  /**
  * Creates a PBE key from a given PBE key specification.
@@ -110,7 +112,7 @@ public int hashCode() {
  for (int i = 1; i < this.key.length; i++) {
  retval += this.key[i] * i;
  }
- return(retval ^= getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode());
+ return(retval ^ getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode());
  }
 
  public boolean equals(Object obj) {
@@ -144,15 +146,38 @@ public void destroy() {
  }
 
  /**
- * readObject is called to restore the state of this key from
- * a stream.
+ * Restores the state of this object from the stream.
+ *
+ * @param s the {@code ObjectInputStream} from which data is read
+ * @throws IOException if an I/O error occurs
+ * @throws ClassNotFoundException if a serialized class cannot be loaded
  */
  @java.io.Serial
  private void readObject(java.io.ObjectInputStream s)
- throws java.io.IOException, ClassNotFoundException
+ throws IOException, ClassNotFoundException
  {
  s.defaultReadObject();
+ if (key == null) {
+ throw new InvalidObjectException(
+ "PBEKey couldn't be deserialized");
+ }
  key = key.clone();
+
+ // Accept "\0" to signify "zero-length password with no terminator".
+ if (!(key.length == 1 && key[0] == 0)) {
+ for (int i = 0; i < key.length; i++) {
+ if ((key[i] < '\u0020') || (key[i] > '\u007E')) {
+ throw new InvalidObjectException(
+ "PBEKey had non-ASCII chars");
+ }
+ }
+ }
+
+ // Use the cleaner to zero the key when no longer referenced
+ final byte[] k = this.key;
+ CleanerFactory.cleaner().register(this,
+ () -> Arrays.fill(k, (byte) 0x00));
+
  }