From 4ba3297ffae28c19263f5e444550ef276a466fb3 Mon Sep 17 00:00:00 2001 From: Goetz Lindenmaier Date: Wed, 2 Dec 2020 08:18:48 +0100 Subject: [PATCH 01/10] Added tag jdk-11.0.10+5 for changeset 5f5c3544ccb4 --- .hgtags | 1 + 1 file changed, 1 insertion(+) diff --git a/.hgtags b/.hgtags index 4f2780eba24..3c351ab72b0 100644 --- a/.hgtags +++ b/.hgtags @@ -624,3 +624,4 @@ f3168de4eb0dd74bf8e81537f62742bde5e412c3 jdk-11.0.10+1 a35aa07b57bab3690224e3af939ee085d50eb476 jdk-11.0.10+2 bca12c00a776f8cee7a0eeaf788499b9eab9cf9d jdk-11.0.10+3 9504fa6f98f5aad0aa1ac36d5bff3260a32020c8 jdk-11.0.10+4 +5f5c3544ccb4d0bbc638e665524b292860dd9515 jdk-11.0.10+5 From ce8375eacdf94b97b02fc477e2711ecc4ac85343 Mon Sep 17 00:00:00 2001 From: Martin Balao Date: Tue, 1 Dec 2020 18:37:58 -0300 Subject: [PATCH 02/10] 8257545: SunJSSE FIPS regression in key exchange after JDK-8171279 11u backport Reviewed-by: aph, goetz --- .../sun/security/ssl/KAKeyDerivation.java | 4 +- .../classes/sun/security/ssl/NamedGroup.java | 10 +- .../sun/security/ssl/XDHKeyExchange.java | 4 +- .../pkcs11/fips/SunJSSEKeyExchangeFIPS.java | 328 ++++++++++++++++++ 4 files changed, 338 insertions(+), 8 deletions(-) create mode 100644 test/jdk/sun/security/pkcs11/fips/SunJSSEKeyExchangeFIPS.java diff --git a/src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java b/src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java index 7c791e85f77..03df87f1374 100644 --- a/src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java +++ b/src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java @@ -70,7 +70,7 @@ public SecretKey deriveKey(String algorithm, private SecretKey t12DeriveKey(String algorithm, AlgorithmParameterSpec params) throws IOException { try { - KeyAgreement ka = KeyAgreement.getInstance(algorithmName); + KeyAgreement ka = JsseJce.getKeyAgreement(algorithmName); ka.init(localPrivateKey); ka.doPhase(peerPublicKey, true); SecretKey preMasterSecret @@ -99,7 +99,7 @@ private SecretKey t12DeriveKey(String algorithm, private SecretKey t13DeriveKey(String algorithm, AlgorithmParameterSpec params) throws IOException { try { - KeyAgreement ka = KeyAgreement.getInstance(algorithmName); + KeyAgreement ka = JsseJce.getKeyAgreement(algorithmName); ka.init(localPrivateKey); ka.doPhase(peerPublicKey, true); SecretKey sharedSecret diff --git a/src/java.base/share/classes/sun/security/ssl/NamedGroup.java b/src/java.base/share/classes/sun/security/ssl/NamedGroup.java index 5ecba9ed261..7c80dcb3873 100644 --- a/src/java.base/share/classes/sun/security/ssl/NamedGroup.java +++ b/src/java.base/share/classes/sun/security/ssl/NamedGroup.java @@ -245,7 +245,7 @@ static NamedGroup valueOf(int id) { } static NamedGroup valueOf(ECParameterSpec params) { - String oid = ECUtil.getCurveName(null, params); + String oid = JsseJce.getNamedCurveOid(params); if ((oid != null) && (!oid.isEmpty())) { for (NamedGroup group : NamedGroup.values()) { if ((group.type == NamedGroupType.NAMED_GROUP_ECDHE) @@ -267,6 +267,8 @@ static NamedGroup valueOf(DHParameterSpec params) { DHParameterSpec ngParams = null; // functions is non-null for FFDHE type AlgorithmParameters aps = ng.functions.getParameters(ng); + if (aps == null) + continue; try { ngParams = aps.getParameterSpec(DHParameterSpec.class); } catch (InvalidParameterSpecException ipse) { @@ -627,7 +629,7 @@ protected Optional getParametersImpl( NamedGroup ng) { try { AlgorithmParameters params - = AlgorithmParameters.getInstance("DiffieHellman"); + = JsseJce.getAlgorithmParameters("DiffieHellman"); AlgorithmParameterSpec spec = getFFDHEDHParameterSpec(ng); params.init(spec); @@ -703,7 +705,7 @@ protected Optional getParametersImpl( NamedGroup ng) { try { AlgorithmParameters params - = AlgorithmParameters.getInstance("EC"); + = JsseJce.getAlgorithmParameters("EC"); AlgorithmParameterSpec spec = new ECGenParameterSpec(ng.oid); params.init(spec); @@ -767,7 +769,7 @@ public AlgorithmParameterSpec getParameterSpec(NamedGroup ng) { public boolean isAvailable(NamedGroup ng) { try { - KeyAgreement.getInstance(ng.algorithm); + JsseJce.getKeyAgreement(ng.algorithm); return true; } catch (NoSuchAlgorithmException ex) { return false; diff --git a/src/java.base/share/classes/sun/security/ssl/XDHKeyExchange.java b/src/java.base/share/classes/sun/security/ssl/XDHKeyExchange.java index d921b12dae0..58eeb90d872 100644 --- a/src/java.base/share/classes/sun/security/ssl/XDHKeyExchange.java +++ b/src/java.base/share/classes/sun/security/ssl/XDHKeyExchange.java @@ -83,7 +83,7 @@ static XDHECredentials valueOf(NamedGroup namedGroup, XECPublicKeySpec xecPublicKeySpec = new XECPublicKeySpec( new NamedParameterSpec(namedGroup.name), u); - KeyFactory factory = KeyFactory.getInstance(namedGroup.algorithm); + KeyFactory factory = JsseJce.getKeyFactory(namedGroup.algorithm); XECPublicKey publicKey = (XECPublicKey) factory.generatePublic( xecPublicKeySpec); @@ -100,7 +100,7 @@ static final class XDHEPossession implements NamedGroupPossession { XDHEPossession(NamedGroup namedGroup, SecureRandom random) { try { KeyPairGenerator kpg - = KeyPairGenerator.getInstance(namedGroup.algorithm); + = JsseJce.getKeyPairGenerator(namedGroup.algorithm); AlgorithmParameterSpec params = namedGroup.getParameterSpec(); kpg.initialize(params, random); KeyPair kp = kpg.generateKeyPair(); diff --git a/test/jdk/sun/security/pkcs11/fips/SunJSSEKeyExchangeFIPS.java b/test/jdk/sun/security/pkcs11/fips/SunJSSEKeyExchangeFIPS.java new file mode 100644 index 00000000000..700af6402c3 --- /dev/null +++ b/test/jdk/sun/security/pkcs11/fips/SunJSSEKeyExchangeFIPS.java @@ -0,0 +1,328 @@ +/* + * Copyright (c) 2020, Red Hat, Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8257545 + * @summary Test that SunJSSE uses FIPS during the key exchange (TLSv1.2) + * @modules java.base/com.sun.net.ssl.internal.ssl + * @library /test/lib .. + * @run main/othervm/timeout=120 SunJSSEKeyExchangeFIPS + */ + +import java.nio.ByteBuffer; + +import java.security.spec.AlgorithmParameterSpec; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.SecureRandom; +import java.security.Security; +import java.security.Provider.Service; + +import javax.crypto.KeyAgreementSpi; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.ShortBufferException; + +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLEngineResult; +import javax.net.ssl.SSLEngineResult.HandshakeStatus; + +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManagerFactory; + +public final class SunJSSEKeyExchangeFIPS extends SecmodTest { + + private static Provider sunPKCS11NSSProvider; + private static com.sun.net.ssl.internal.ssl.Provider jsseProvider; + private static KeyStore ks; + private static KeyStore ts; + private static char[] passphrase = "JAHshj131@@".toCharArray(); + + public static final class NonFIPSDH extends KeyAgreementSpi { + public NonFIPSDH() { + } + protected void engineInit(Key key, SecureRandom random) + throws InvalidKeyException { + } + protected void engineInit(Key key, AlgorithmParameterSpec params, + SecureRandom random) throws InvalidKeyException, + InvalidAlgorithmParameterException { + } + protected Key engineDoPhase(Key key, boolean lastPhase) + throws InvalidKeyException, IllegalStateException { + return null; + } + protected byte[] engineGenerateSecret() throws IllegalStateException { + return null; + } + protected int engineGenerateSecret(byte[] sharedSecret, int + offset) throws IllegalStateException, ShortBufferException { + return -1; + } + protected SecretKey engineGenerateSecret(String algorithm) + throws IllegalStateException, NoSuchAlgorithmException, + InvalidKeyException { + return null; + } + } + + static final class NonFIPSService extends Service { + public NonFIPSService(Provider p) { + super(p, "KeyAgreement", "DiffieHellman", + "SunJSSEKeyExchangeFIPS$NonFIPSDH", null, null); + } + } + + static final class NonFIPSProvider extends Provider { + public NonFIPSProvider() { + super("NonFIPSProvider", + System.getProperty("java.specification.version"), + "NonFIPSProvider"); + putService(new SunJSSEKeyExchangeFIPS.NonFIPSService(this)); + } + } + + public static void main(String[] args) throws Exception { + try { + initialize(); + } catch (Exception e) { + System.out.println("Test skipped: failure during" + + " initialization"); + return; + } + + if (shouldRun()) { + // Self-integrity test (complete TLS 1.2 communication) + new testTLS12SunPKCS11Communication().run(); + + System.out.println("Test PASS - OK"); + } else { + System.out.println("Test skipped: TLS 1.2 mechanisms" + + " not supported by current SunPKCS11 back-end"); + } + } + + private static boolean shouldRun() { + if (sunPKCS11NSSProvider == null) { + return false; + } + try { + KeyGenerator.getInstance("SunTls12MasterSecret", + sunPKCS11NSSProvider); + KeyGenerator.getInstance( + "SunTls12RsaPremasterSecret", sunPKCS11NSSProvider); + KeyGenerator.getInstance("SunTls12Prf", sunPKCS11NSSProvider); + } catch (NoSuchAlgorithmException e) { + return false; + } + return true; + } + + private static class testTLS12SunPKCS11Communication { + public static void run() throws Exception { + SSLEngine[][] enginesToTest = getSSLEnginesToTest(); + + for (SSLEngine[] engineToTest : enginesToTest) { + + SSLEngine clientSSLEngine = engineToTest[0]; + SSLEngine serverSSLEngine = engineToTest[1]; + + // SSLEngine code based on RedhandshakeFinished.java + + boolean dataDone = false; + + ByteBuffer clientOut = null; + ByteBuffer clientIn = null; + ByteBuffer serverOut = null; + ByteBuffer serverIn = null; + ByteBuffer cTOs; + ByteBuffer sTOc; + + SSLSession session = clientSSLEngine.getSession(); + int appBufferMax = session.getApplicationBufferSize(); + int netBufferMax = session.getPacketBufferSize(); + + clientIn = ByteBuffer.allocate(appBufferMax + 50); + serverIn = ByteBuffer.allocate(appBufferMax + 50); + + cTOs = ByteBuffer.allocateDirect(netBufferMax); + sTOc = ByteBuffer.allocateDirect(netBufferMax); + + clientOut = ByteBuffer.wrap( + "Hi Server, I'm Client".getBytes()); + serverOut = ByteBuffer.wrap( + "Hello Client, I'm Server".getBytes()); + + SSLEngineResult clientResult; + SSLEngineResult serverResult; + + while (!dataDone) { + clientResult = clientSSLEngine.wrap(clientOut, cTOs); + runDelegatedTasks(clientResult, clientSSLEngine); + serverResult = serverSSLEngine.wrap(serverOut, sTOc); + runDelegatedTasks(serverResult, serverSSLEngine); + cTOs.flip(); + sTOc.flip(); + + System.out.println("Client -> Network"); + printTlsNetworkPacket("", cTOs); + System.out.println(""); + System.out.println("Server -> Network"); + printTlsNetworkPacket("", sTOc); + System.out.println(""); + + clientResult = clientSSLEngine.unwrap(sTOc, clientIn); + runDelegatedTasks(clientResult, clientSSLEngine); + serverResult = serverSSLEngine.unwrap(cTOs, serverIn); + runDelegatedTasks(serverResult, serverSSLEngine); + + cTOs.compact(); + sTOc.compact(); + + if (!dataDone && + (clientOut.limit() == serverIn.position()) && + (serverOut.limit() == clientIn.position())) { + checkTransfer(serverOut, clientIn); + checkTransfer(clientOut, serverIn); + dataDone = true; + } + } + } + } + + static void printTlsNetworkPacket(String prefix, ByteBuffer bb) { + ByteBuffer slice = bb.slice(); + byte[] buffer = new byte[slice.remaining()]; + slice.get(buffer); + for (int i = 0; i < buffer.length; i++) { + System.out.printf("%02X, ", (byte)(buffer[i] & (byte)0xFF)); + if (i % 8 == 0 && i % 16 != 0) { + System.out.print(" "); + } + if (i % 16 == 0) { + System.out.println(""); + } + } + System.out.flush(); + } + + private static void checkTransfer(ByteBuffer a, ByteBuffer b) + throws Exception { + a.flip(); + b.flip(); + if (!a.equals(b)) { + throw new Exception("Data didn't transfer cleanly"); + } + a.position(a.limit()); + b.position(b.limit()); + a.limit(a.capacity()); + b.limit(b.capacity()); + } + + private static void runDelegatedTasks(SSLEngineResult result, + SSLEngine engine) throws Exception { + + if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { + Runnable runnable; + while ((runnable = engine.getDelegatedTask()) != null) { + runnable.run(); + } + HandshakeStatus hsStatus = engine.getHandshakeStatus(); + if (hsStatus == HandshakeStatus.NEED_TASK) { + throw new Exception( + "handshake shouldn't need additional tasks"); + } + } + } + + private static SSLEngine[][] getSSLEnginesToTest() throws Exception { + SSLEngine[][] enginesToTest = new SSLEngine[1][2]; + String[] preferredSuites = new String[] { + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + }; + for (int i = 0; i < enginesToTest.length; i++) { + enginesToTest[i][0] = createSSLEngine(true); + enginesToTest[i][1] = createSSLEngine(false); + enginesToTest[i][0].setEnabledCipherSuites(preferredSuites); + enginesToTest[i][1].setEnabledCipherSuites(preferredSuites); + } + return enginesToTest; + } + + static private SSLEngine createSSLEngine(boolean client) + throws Exception { + SSLEngine ssle; + KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX", + jsseProvider); + kmf.init(ks, passphrase); + + TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", + jsseProvider); + tmf.init(ts); + + SSLContext sslCtx = SSLContext.getInstance("TLSv1.2", + jsseProvider); + sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); + ssle = sslCtx.createSSLEngine("localhost", 443); + ssle.setUseClientMode(client); + SSLParameters sslParameters = ssle.getSSLParameters(); + ssle.setSSLParameters(sslParameters); + + return ssle; + } + } + + private static void initialize() throws Exception { + if (initSecmod() == false) { + return; + } + + // A non-FIPS provider is added first in order of preference. + // This provider must not be used by the SunJSSE TLS engine + // during the key exchange. + Security.addProvider(new SunJSSEKeyExchangeFIPS.NonFIPSProvider()); + + String configName = BASE + SEP + "fips.cfg"; + sunPKCS11NSSProvider = getSunPKCS11(configName); + System.out.println("SunPKCS11 provider: " + sunPKCS11NSSProvider); + Security.addProvider(sunPKCS11NSSProvider); + + Security.removeProvider("SunJSSE"); + jsseProvider =new com.sun.net.ssl.internal.ssl.Provider( + sunPKCS11NSSProvider); + Security.addProvider(jsseProvider); + System.out.println(jsseProvider.getInfo()); + + ks = KeyStore.getInstance("PKCS11", sunPKCS11NSSProvider); + ks.load(null, "test12".toCharArray()); + ts = ks; + } +} \ No newline at end of file From 2e33a85abfd1f99eda0eba4888ae3d86a427d0b2 Mon Sep 17 00:00:00 2001 From: Zhengyu Gu Date: Thu, 3 Dec 2020 18:42:42 +0000 Subject: [PATCH 03/10] 8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false Reviewed-by: shade --- src/hotspot/share/gc/shenandoah/shenandoahHeap.hpp | 1 + src/hotspot/share/gc/shenandoah/shenandoahUtils.hpp | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/hotspot/share/gc/shenandoah/shenandoahHeap.hpp b/src/hotspot/share/gc/shenandoah/shenandoahHeap.hpp index 1442dbbaf1f..6a51118cf2c 100644 --- a/src/hotspot/share/gc/shenandoah/shenandoahHeap.hpp +++ b/src/hotspot/share/gc/shenandoah/shenandoahHeap.hpp @@ -115,6 +115,7 @@ class ShenandoahHeap : public CollectedHeap { friend class VMStructs; friend class ShenandoahGCSession; friend class ShenandoahGCStateResetter; + friend class ShenandoahSafepoint; // ---------- Locks that guard important data structures in Heap // diff --git a/src/hotspot/share/gc/shenandoah/shenandoahUtils.hpp b/src/hotspot/share/gc/shenandoah/shenandoahUtils.hpp index 02420184f94..b85f4299ada 100644 --- a/src/hotspot/share/gc/shenandoah/shenandoahUtils.hpp +++ b/src/hotspot/share/gc/shenandoah/shenandoahUtils.hpp @@ -129,9 +129,15 @@ class ShenandoahSafepoint : public AllStatic { static inline bool is_at_shenandoah_safepoint() { if (!SafepointSynchronize::is_at_safepoint()) return false; + Thread* const thr = Thread::current(); + // Shenandoah GC specific safepoints are scheduled by control thread. + // So if we are enter here from control thread, then we are definitely not + // at Shenandoah safepoint, but at something else. + if (thr == ShenandoahHeap::heap()->control_thread()) return false; + // This is not VM thread, cannot see what VM thread is doing, // so pretend this is a proper Shenandoah safepoint - if (!Thread::current()->is_VM_thread()) return true; + if (!thr->is_VM_thread()) return true; // Otherwise check we are at proper operation type VM_Operation* vm_op = VMThread::vm_operation(); From c504c78ed5caa456cd71635d850aebd10decc8e0 Mon Sep 17 00:00:00 2001 From: Zhengyu Gu Date: Thu, 3 Dec 2020 19:58:58 +0000 Subject: [PATCH 04/10] 8257701: Shenandoah: objArrayKlass metadata is not marked with chunked arrays Reviewed-by: shade --- .../share/gc/shenandoah/shenandoahConcurrentMark.inline.hpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/hotspot/share/gc/shenandoah/shenandoahConcurrentMark.inline.hpp b/src/hotspot/share/gc/shenandoah/shenandoahConcurrentMark.inline.hpp index 9f5d4113bda..08b1766891a 100644 --- a/src/hotspot/share/gc/shenandoah/shenandoahConcurrentMark.inline.hpp +++ b/src/hotspot/share/gc/shenandoah/shenandoahConcurrentMark.inline.hpp @@ -101,6 +101,11 @@ inline void ShenandoahConcurrentMark::do_chunked_array_start(ShenandoahObjToScan objArrayOop array = objArrayOop(obj); int len = array->length(); + // Mark objArray klass metadata + if (Devirtualizer::do_metadata(cl)) { + Devirtualizer::do_klass(cl, array->klass()); + } + if (len <= (int) ObjArrayMarkingStride*2) { // A few slices only, process directly array->oop_iterate_range(cl, 0, len); From 706d936ebe9d0b85231c18ff1805325571456586 Mon Sep 17 00:00:00 2001 From: Prasanta Sadhukhan Date: Tue, 1 Dec 2020 03:21:57 +0000 Subject: [PATCH 05/10] 8257242: [macOS] Java app crashes while switching input methods Reviewed-by: serb --- src/java.desktop/macosx/native/libawt_lwawt/awt/AWTView.h | 3 --- src/java.desktop/macosx/native/libawt_lwawt/awt/AWTView.m | 7 +++++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/java.desktop/macosx/native/libawt_lwawt/awt/AWTView.h b/src/java.desktop/macosx/native/libawt_lwawt/awt/AWTView.h index 8757d2ec0ca..9f64001212c 100644 --- a/src/java.desktop/macosx/native/libawt_lwawt/awt/AWTView.h +++ b/src/java.desktop/macosx/native/libawt_lwawt/awt/AWTView.h @@ -37,9 +37,6 @@ // TODO: NSMenu *contextualMenu; - // Keyboard layout - NSString *kbdLayout; - // dnd support (see AppKit/NSDragging.h, NSDraggingSource/Destination): CDragSource *_dragSource; CDropTarget *_dropTarget; diff --git a/src/java.desktop/macosx/native/libawt_lwawt/awt/AWTView.m b/src/java.desktop/macosx/native/libawt_lwawt/awt/AWTView.m index 7b582c2b006..b8b3f424bca 100644 --- a/src/java.desktop/macosx/native/libawt_lwawt/awt/AWTView.m +++ b/src/java.desktop/macosx/native/libawt_lwawt/awt/AWTView.m @@ -37,6 +37,9 @@ #import #import +// keyboard layout +static NSString *kbdLayout; + @interface AWTView() @property (retain) CDropTarget *_dropTarget; @property (retain) CDragSource *_dragSource; @@ -1019,7 +1022,7 @@ - (void) insertText:(id)aString replacementRange:(NSRange)replacementRange [self abandonInput]; } -- (void)keyboardInputSourceChanged:(NSNotification *)notification ++ (void)keyboardInputSourceChanged:(NSNotification *)notification { #ifdef IM_DEBUG NSLog(@"keyboardInputSourceChangeNotification received"); @@ -1316,7 +1319,7 @@ static JNF_MEMBER_CACHE(jm_characterIndexForPoint, jc_CInputMethod, jint index = JNFCallIntMethod(env, fInputMethodLOCKABLE, jm_characterIndexForPoint, (jint)flippedLocation.x, (jint)flippedLocation.y); // AWT_THREADING Safe (AWTRunLoopMode) #ifdef IM_DEBUG - fprintf(stderr, "characterIndexForPoint returning %ld\n", index); + fprintf(stderr, "characterIndexForPoint returning %d\n", index); #endif // IM_DEBUG if (index == -1) { From 472fbf32a13ea4417470a943a92c4141dd1bf63b Mon Sep 17 00:00:00 2001 From: Goetz Lindenmaier Date: Wed, 9 Dec 2020 09:33:01 +0100 Subject: [PATCH 06/10] Added tag jdk-11.0.10+6 for changeset 4b9bc2a1dde0 --- .hgtags | 1 + 1 file changed, 1 insertion(+) diff --git a/.hgtags b/.hgtags index 3c351ab72b0..da89742a673 100644 --- a/.hgtags +++ b/.hgtags @@ -625,3 +625,4 @@ a35aa07b57bab3690224e3af939ee085d50eb476 jdk-11.0.10+2 bca12c00a776f8cee7a0eeaf788499b9eab9cf9d jdk-11.0.10+3 9504fa6f98f5aad0aa1ac36d5bff3260a32020c8 jdk-11.0.10+4 5f5c3544ccb4d0bbc638e665524b292860dd9515 jdk-11.0.10+5 +4b9bc2a1dde0631958393125997855382325964d jdk-11.0.10+6 From 46f5998ca15355a30b564cf6004cd69a392c44c8 Mon Sep 17 00:00:00 2001 From: Mikhailo Seledtsov Date: Fri, 4 Jan 2019 15:17:40 -0800 Subject: [PATCH 07/10] 8215583: Exclude runtime/handshake/HandshakeWalkSuspendExitTest.java Added test to problem list Reviewed-by: iignatyev --- test/hotspot/jtreg/ProblemList.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/hotspot/jtreg/ProblemList.txt b/test/hotspot/jtreg/ProblemList.txt index c1f9f46d313..f9925a7a4b4 100644 --- a/test/hotspot/jtreg/ProblemList.txt +++ b/test/hotspot/jtreg/ProblemList.txt @@ -1,5 +1,5 @@ # -# Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -94,6 +94,7 @@ gc/metaspace/CompressedClassSpaceSizeInJmapHeap.java 8193639 solaris-all # :hotspot_runtime runtime/CompressedOops/UseCompressedOops.java 8079353 generic-all +runtime/handshake/HandshakeWalkSuspendExitTest.java 8214174 generic-all runtime/SharedArchiveFile/SASymbolTableTest.java 8193639 solaris-all runtime/jni/terminatedThread/TestTerminatedThread.java 8219652 aix-ppc64 From 461518002d3ab302015780f6d4157015c802545a Mon Sep 17 00:00:00 2001 From: Christoph Langer Date: Mon, 14 Dec 2020 14:29:40 +0100 Subject: [PATCH 08/10] 8255050: Add pkcs11/KeyStore/ClientAuth.sh to Problem list Reviewed-by: mbaesken --- test/jdk/ProblemList.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/test/jdk/ProblemList.txt b/test/jdk/ProblemList.txt index a139dc386bf..32175432f9d 100644 --- a/test/jdk/ProblemList.txt +++ b/test/jdk/ProblemList.txt @@ -640,6 +640,7 @@ com/sun/nio/sctp/SctpChannel/SocketOptionTests.java 8141694 linux-al # jdk_security sun/security/pkcs11/ec/TestKeyFactory.java 8026976 generic-all +sun/security/pkcs11/KeyStore/ClientAuth.sh 8254806 solaris-all sun/security/pkcs11/Secmod/AddTrustedCert.java 8180837 generic-all sun/security/pkcs11/tls/TestKeyMaterial.java 8180837 generic-all sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java 8161536 generic-all From ed1740fe4eeb22653c97621bb40e4dbca225723d Mon Sep 17 00:00:00 2001 From: Goetz Lindenmaier Date: Wed, 16 Dec 2020 08:41:25 +0100 Subject: [PATCH 09/10] Added tag jdk-11.0.10+7 for changeset c45f74d45787 --- .hgtags | 1 + 1 file changed, 1 insertion(+) diff --git a/.hgtags b/.hgtags index da89742a673..d62759243b4 100644 --- a/.hgtags +++ b/.hgtags @@ -626,3 +626,4 @@ bca12c00a776f8cee7a0eeaf788499b9eab9cf9d jdk-11.0.10+3 9504fa6f98f5aad0aa1ac36d5bff3260a32020c8 jdk-11.0.10+4 5f5c3544ccb4d0bbc638e665524b292860dd9515 jdk-11.0.10+5 4b9bc2a1dde0631958393125997855382325964d jdk-11.0.10+6 +c45f74d45787a857d35b5a66c9b0304c91a9c5d0 jdk-11.0.10+7 From 5a3ad95175d0c383f0be8a07b4065c28dba9e71a Mon Sep 17 00:00:00 2001 From: Rajan Halade Date: Thu, 17 Dec 2020 20:27:25 +0000 Subject: [PATCH 10/10] 8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs 8258630: Add expiry exception for QuoVadis root certificate Reviewed-by: ascarpino --- test/jdk/sun/security/lib/cacerts/VerifyCACerts.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java index 9114d9154b3..540f353e6dd 100644 --- a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java +++ b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java @@ -27,6 +27,7 @@ * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 * 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136 * 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320 + * 8225072 8258630 * @summary Check root CA entries in cacerts file */ import java.io.ByteArrayInputStream; @@ -271,6 +272,10 @@ public class VerifyCACerts { add("verisigntsaca [jdk]"); // Valid until: Fri Jan 01 15:59:59 PST 2021 add("thawtepremiumserverca [jdk]"); + // Valid until: Wed Mar 17 02:51:37 PDT 2021 + add("luxtrustglobalrootca [jdk]"); + // Valid until: Wed Mar 17 11:33:33 PDT 2021 + add("quovadisrootca [jdk]"); } };