Merge master jdk8u402-b06 into openj9-staging

Signed-off-by: J9 Build <j9build@ca.ibm.com>

jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -98,6 +98,7 @@ public final class RSACipher extends CipherSpi {
 
  // cipher parameter for OAEP padding and TLS RSA premaster secret
  private AlgorithmParameterSpec spec = null;
+ private boolean forTlsPremasterSecret = false;
 
  // buffer for the data
  private byte[] buffer;
@@ -290,6 +291,7 @@ private void init(int opmode, Key key, SecureRandom random,
  }
 
  spec = params;
+ forTlsPremasterSecret = true;
  this.random = random; // for TLS RSA premaster secret
  }
  int blockType = (mode <= MODE_DECRYPT) ? RSAPadding.PAD_BLOCKTYPE_2
@@ -353,21 +355,38 @@ private byte[] doFinal() throws BadPaddingException,
  switch (mode) {
  case MODE_SIGN:
  paddingCopy = padding.pad(buffer, 0, bufOfs);
- result = RSACore.rsa(paddingCopy, privateKey, true);
+ if (paddingCopy != null) {
+ result = RSACore.rsa(paddingCopy, privateKey, true);
+ } else {
+ throw new BadPaddingException("Padding error in signing");
+ }
  break;
  case MODE_VERIFY:
  byte[] verifyBuffer = RSACore.convert(buffer, 0, bufOfs);
  paddingCopy = RSACore.rsa(verifyBuffer, publicKey);
  result = padding.unpad(paddingCopy);
+ if (result == null) {
+ throw new BadPaddingException
+ ("Padding error in verification");
+ }
  break;
  case MODE_ENCRYPT:
  paddingCopy = padding.pad(buffer, 0, bufOfs);
- result = RSACore.rsa(paddingCopy, publicKey);
+ if (paddingCopy != null) {
+ result = RSACore.rsa(paddingCopy, publicKey);
+ } else {
+ throw new BadPaddingException
+ ("Padding error in encryption");
+ }
  break;
  case MODE_DECRYPT:
  byte[] decryptBuffer = RSACore.convert(buffer, 0, bufOfs);
  paddingCopy = RSACore.rsa(decryptBuffer, privateKey, false);
  result = padding.unpad(paddingCopy);
+ if (result == null && !forTlsPremasterSecret) {
+ throw new BadPaddingException
+ ("Padding error in decryption");
+ }
  break;
  default:
  throw new AssertionError("Internal error");
@@ -376,9 +395,9 @@ private byte[] doFinal() throws BadPaddingException,
  } finally {
  Arrays.fill(buffer, 0, bufOfs, (byte)0);
  bufOfs = 0;
- if (paddingCopy != null // will not happen
+ if (paddingCopy != null
  && paddingCopy != buffer // already cleaned
- && paddingCopy != result) { // DO NOT CLEAN, THIS IS RESULT!
+ && paddingCopy != result) { // DO NOT CLEAN, THIS IS RESULT
  Arrays.fill(paddingCopy, (byte)0);
  }
  }
@@ -452,26 +471,22 @@ protected Key engineUnwrap(byte[] wrappedKey, String algorithm,
 
  boolean isTlsRsaPremasterSecret =
  algorithm.equals("TlsRsaPremasterSecret");
- Exception failover = null;
  byte[] encoded = null;
 
  update(wrappedKey, 0, wrappedKey.length);
  try {
  encoded = doFinal();
- } catch (BadPaddingException e) {
- if (isTlsRsaPremasterSecret) {
- failover = e;
- } else {
- throw new InvalidKeyException("Unwrapping failed", e);
- }
- } catch (IllegalBlockSizeException e) {
- // should not occur, handled with length check above
+ } catch (BadPaddingException | IllegalBlockSizeException e) {
+ // BadPaddingException cannot happen for TLS RSA unwrap.
+ // In that case, padding error is indicated by returning null.
+ // IllegalBlockSizeException cannot happen in any case,
+ // because of the length check above.
  throw new InvalidKeyException("Unwrapping failed", e);
  }
 
  try {
  if (isTlsRsaPremasterSecret) {
- if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) {
+ if (!forTlsPremasterSecret) {
  throw new IllegalStateException(
  "No TlsRsaPremasterSecretParameterSpec specified");
  }
@@ -480,7 +495,7 @@ protected Key engineUnwrap(byte[] wrappedKey, String algorithm,
  encoded = KeyUtil.checkTlsPreMasterSecretKey(
  ((TlsRsaPremasterSecretParameterSpec) spec).getClientVersion(),
  ((TlsRsaPremasterSecretParameterSpec) spec).getServerVersion(),
- random, encoded, (failover != null));
+ random, encoded, encoded == null);
  }
 
  return ConstructKeys.constructKey(encoded, algorithm, type);

jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java

@@ -312,7 +312,6 @@ byte[] sign(Key key, SignedInfo si, XMLSignContext context)
  }
  signature.initSign((PrivateKey)key);
  LOG.debug("Signature provider: {}", signature.getProvider());
- LOG.debug("Signing with key: {}", key);
  LOG.debug("JCA Algorithm: {}", getJCAAlgorithm());
 
  try (SignerOutputStream outputStream = new SignerOutputStream(signature)) {

jdk/src/share/classes/sun/security/pkcs11/P11Signature.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -728,9 +728,12 @@ private byte[] pkcs1Pad(byte[] data) {
  int len = (p11Key.length() + 7) >> 3;
  RSAPadding padding = RSAPadding.getInstance
  (RSAPadding.PAD_BLOCKTYPE_1, len);
- byte[] padded = padding.pad(data);
- return padded;
- } catch (GeneralSecurityException e) {
+ byte[] result = padding.pad(data);
+ if (result == null) {
+ throw new ProviderException("Error padding data");
+ }
+ return result;
+ } catch (InvalidKeyException | InvalidAlgorithmParameterException e) {
  throw new ProviderException(e);
  }
  }

jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java

@@ -336,8 +336,11 @@ private void getMatchingCACerts(ForwardState currentState,
  }
  }
 
+ // Thread-local gate to prevent recursive provider lookups
+ private static ThreadLocal<Object> gate = new ThreadLocal<>();
+
  /**
- * Download Certificates from the given AIA and add them to the
+ * Download certificates from the given AIA and add them to the
  * specified Collection.
  */
  // cs.getCertificates(caSelector) returns a collection of X509Certificate's
@@ -349,32 +352,47 @@ private boolean getCerts(AuthorityInfoAccessExtension aiaExt,
  if (Builder.USE_AIA == false) {
  return false;
  }
+
  List<AccessDescription> adList = aiaExt.getAccessDescriptions();
  if (adList == null || adList.isEmpty()) {
  return false;
  }
 
- boolean add = false;
- for (AccessDescription ad : adList) {
- CertStore cs = URICertStore.getInstance(ad);
- if (cs != null) {
- try {
- if (certs.addAll((Collection<X509Certificate>)
- cs.getCertificates(caSelector))) {
- add = true;
- if (!searchAllCertStores) {
- return true;
+ if (gate.get() != null) {
+ // Avoid recursive fetching of certificates
+ if (debug != null) {
+ debug.println("Recursive fetching of certs via the AIA " +
+ "extension detected");
+ }
+ return false;
+ }
+
+ gate.set(gate);
+ try {
+ boolean add = false;
+ for (AccessDescription ad : adList) {
+ CertStore cs = URICertStore.getInstance(ad);
+ if (cs != null) {
+ try {
+ if (certs.addAll((Collection<X509Certificate>)
+ cs.getCertificates(caSelector))) {
+ add = true;
+ if (!searchAllCertStores) {
+ return true;
+ }
+ }
+ } catch (CertStoreException cse) {
+ if (debug != null) {
+ debug.println("exception getting certs from CertStore:");
+ cse.printStackTrace();
  }
- }
- } catch (CertStoreException cse) {
- if (debug != null) {
- debug.println("exception getting certs from CertStore:");
- cse.printStackTrace();
  }
  }
  }
+ return add;
+ } finally {
+ gate.set(null);
  }
- return add;
  }
 
  /**

jdk/src/share/classes/sun/security/rsa/RSAPadding.java

@@ -30,7 +30,6 @@
 import java.security.*;
 import java.security.spec.*;
 
-import javax.crypto.BadPaddingException;
 import javax.crypto.spec.PSource;
 import javax.crypto.spec.OAEPParameterSpec;
 
@@ -236,24 +235,22 @@ public int getMaxDataSize() {
  }
 
  /**
- * Pad the data and return the padded block.
+ * Pad the data and return the result or null if error occurred.
  */
- public byte[] pad(byte[] data) throws BadPaddingException {
+ public byte[] pad(byte[] data) {
  return pad(data, 0, data.length);
  }
 
  /**
- * Pad the data and return the padded block.
+ * Pad the data and return the result or null if error occurred.
  */
- public byte[] pad(byte[] data, int ofs, int len)
- throws BadPaddingException {
+ public byte[] pad(byte[] data, int ofs, int len) {
  if (len > maxDataSize) {
- throw new BadPaddingException("Data must be shorter than "
- + (maxDataSize + 1) + " bytes but received "
- + len + " bytes.");
+ return null;
  }
  switch (type) {
  case PAD_NONE:
+ // assert len == paddedSize and data.length - ofs > len?
  return RSACore.convert(data, ofs, len);
  case PAD_BLOCKTYPE_1:
  case PAD_BLOCKTYPE_2:
@@ -266,31 +263,30 @@ public byte[] pad(byte[] data, int ofs, int len)
  }
 
  /**
- * Unpad the padded block and return the data.
+ * Unpad the padded block and return the result or null if error occurred.
  */
- public byte[] unpad(byte[] padded) throws BadPaddingException {
- if (padded.length != paddedSize) {
- throw new BadPaddingException("Decryption error." +
- "The padded array length (" + padded.length +
- ") is not the specified padded size (" + paddedSize + ")");
- }
- switch (type) {
- case PAD_NONE:
- return padded;
- case PAD_BLOCKTYPE_1:
- case PAD_BLOCKTYPE_2:
- return unpadV15(padded);
- case PAD_OAEP_MGF1:
- return unpadOAEP(padded);
- default:
- throw new AssertionError();
+ public byte[] unpad(byte[] padded) {
+ if (padded.length == paddedSize) {
+ switch (type) {
+ case PAD_NONE:
+ return padded;
+ case PAD_BLOCKTYPE_1:
+ case PAD_BLOCKTYPE_2:
+ return unpadV15(padded);
+ case PAD_OAEP_MGF1:
+ return unpadOAEP(padded);
+ default:
+ throw new AssertionError();
+ }
+ } else {
+ return null;
  }
  }
 
  /**
  * PKCS#1 v1.5 padding (blocktype 1 and 2).
  */
- private byte[] padV15(byte[] data, int ofs, int len) throws BadPaddingException {
+ private byte[] padV15(byte[] data, int ofs, int len) {
  byte[] padded = new byte[paddedSize];
  System.arraycopy(data, ofs, padded, paddedSize - len, len);
  int psSize = paddedSize - 3 - len;
@@ -328,10 +324,10 @@ private byte[] padV15(byte[] data, int ofs, int len) throws BadPaddingException
 
  /**
  * PKCS#1 v1.5 unpadding (blocktype 1 (signature) and 2 (encryption)).
- *
+ * Return the result or null if error occurred.
  * Note that we want to make it a constant-time operation
  */
- private byte[] unpadV15(byte[] padded) throws BadPaddingException {
+ private byte[] unpadV15(byte[] padded) {
  int k = 0;
  boolean bp = false;
 
@@ -367,10 +363,8 @@ private byte[] unpadV15(byte[] padded) throws BadPaddingException {
  byte[] data = new byte[n];
  System.arraycopy(padded, p, data, 0, n);
 
- BadPaddingException bpe = new BadPaddingException("Decryption error");
-
  if (bp) {
- throw bpe;
+ return null;
  } else {
  return data;
  }
@@ -379,8 +373,9 @@ private byte[] unpadV15(byte[] padded) throws BadPaddingException {
  /**
  * PKCS#1 v2.0 OAEP padding (MGF1).
  * Paragraph references refer to PKCS#1 v2.1 (June 14, 2002)
+ * Return the result or null if error occurred.
  */
- private byte[] padOAEP(byte[] M, int ofs, int len) throws BadPaddingException {
+ private byte[] padOAEP(byte[] M, int ofs, int len) {
  if (random == null) {
  random = JCAUtil.getSecureRandom();
  }
@@ -429,8 +424,9 @@ private byte[] padOAEP(byte[] M, int ofs, int len) throws BadPaddingException {
 
  /**
  * PKCS#1 v2.1 OAEP unpadding (MGF1).
+ * Return the result or null if error occurred.
  */
- private byte[] unpadOAEP(byte[] padded) throws BadPaddingException {
+ private byte[] unpadOAEP(byte[] padded) {
  byte[] EM = padded;
  boolean bp = false;
  int hLen = lHash.length;
@@ -486,12 +482,6 @@ private byte[] unpadOAEP(byte[] padded) throws BadPaddingException {
  byte [] m = new byte[EM.length - mStart];
  System.arraycopy(EM, mStart, m, 0, m.length);
 
- BadPaddingException bpe = new BadPaddingException("Decryption error");
-
- if (bp) {
- throw bpe;
- } else {
- return m;
- }
+ return (bp? null : m);
  }
 }