diff options
| author | lana <none@none> | 2014-05-07 21:32:03 -0700 |
|---|---|---|
| committer | lana <none@none> | 2014-05-07 21:32:03 -0700 |
| commit | 90b06d8cce2aaf3c14ff5bd0dffbfe1ee03b9364 (patch) | |
| tree | 13bb3e6d108a14570f4c760a9e3f1e7a2ded6b02 | |
| parent | c737517bd80691ef89761c554d4e6fe0164e6535 (diff) | |
| parent | 2eed0a129bb200b3da55f8da69056ce41ed9121d (diff) | |
Merge
33 files changed, 1386 insertions, 780 deletions
diff --git a/src/share/classes/com/sun/crypto/provider/RSACipher.java b/src/share/classes/com/sun/crypto/provider/RSACipher.java index 6902d4b8b..d1d8cf3ef 100644 --- a/src/share/classes/com/sun/crypto/provider/RSACipher.java +++ b/src/share/classes/com/sun/crypto/provider/RSACipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,6 +39,8 @@ import javax.crypto.spec.OAEPParameterSpec; import sun.security.rsa.*; import sun.security.jca.Providers; +import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; +import sun.security.util.KeyUtil; /** * RSA cipher implementation. Supports RSA en/decryption and signing/verifying @@ -91,8 +93,8 @@ public final class RSACipher extends CipherSpi { // padding object private RSAPadding padding; - // cipher parameter for OAEP padding - private OAEPParameterSpec spec = null; + // cipher parameter for OAEP padding and TLS RSA premaster secret + private AlgorithmParameterSpec spec = null; // buffer for the data private byte[] buffer; @@ -110,6 +112,9 @@ public final class RSACipher extends CipherSpi { // hash algorithm for OAEP private String oaepHashAlgorithm = "SHA-1"; + // the source of randomness + private SecureRandom random; + public RSACipher() { paddingType = PAD_PKCS1; } @@ -175,7 +180,7 @@ public final class RSACipher extends CipherSpi { // see JCE spec protected AlgorithmParameters engineGetParameters() { - if (spec != null) { + if (spec != null && spec instanceof OAEPParameterSpec) { try { AlgorithmParameters params = AlgorithmParameters.getInstance("OAEP", @@ -276,8 +281,13 @@ public final class RSACipher extends CipherSpi { buffer = new byte[n]; } else if (paddingType == PAD_PKCS1) { if (params != null) { - throw new InvalidAlgorithmParameterException - ("Parameters not supported"); + if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { + throw new InvalidAlgorithmParameterException( + "Parameters not supported"); + } + + spec = params; + this.random = random; // for TLS RSA premaster secret } int blockType = (mode <= MODE_DECRYPT) ? RSAPadding.PAD_BLOCKTYPE_2 : RSAPadding.PAD_BLOCKTYPE_1; @@ -293,19 +303,18 @@ public final class RSACipher extends CipherSpi { throw new InvalidKeyException ("OAEP cannot be used to sign or verify signatures"); } - OAEPParameterSpec myParams; if (params != null) { if (!(params instanceof OAEPParameterSpec)) { throw new InvalidAlgorithmParameterException ("Wrong Parameters for OAEP Padding"); } - myParams = (OAEPParameterSpec) params; + spec = params; } else { - myParams = new OAEPParameterSpec(oaepHashAlgorithm, "MGF1", + spec = new OAEPParameterSpec(oaepHashAlgorithm, "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); } padding = RSAPadding.getInstance(RSAPadding.PAD_OAEP_MGF1, n, - random, myParams); + random, (OAEPParameterSpec)spec); if (encrypt) { int k = padding.getMaxDataSize(); buffer = new byte[k]; @@ -420,17 +429,40 @@ public final class RSACipher extends CipherSpi { if (wrappedKey.length > buffer.length) { throw new InvalidKeyException("Key is too long for unwrapping"); } + + boolean isTlsRsaPremasterSecret = + algorithm.equals("TlsRsaPremasterSecret"); + Exception failover = null; + byte[] encoded = null; + update(wrappedKey, 0, wrappedKey.length); try { - byte[] encoded = doFinal(); - return ConstructKeys.constructKey(encoded, algorithm, type); + encoded = doFinal(); } catch (BadPaddingException e) { - // should not occur - throw new InvalidKeyException("Unwrapping failed", e); + if (isTlsRsaPremasterSecret) { + failover = e; + } else { + throw new InvalidKeyException("Unwrapping failed", e); + } } catch (IllegalBlockSizeException e) { // should not occur, handled with length check above throw new InvalidKeyException("Unwrapping failed", e); } + + if (isTlsRsaPremasterSecret) { + if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) { + throw new IllegalStateException( + "No TlsRsaPremasterSecretParameterSpec specified"); + } + + // polish the TLS premaster secret + encoded = KeyUtil.checkTlsPreMasterSecretKey( + ((TlsRsaPremasterSecretParameterSpec)spec).getClientVersion(), + ((TlsRsaPremasterSecretParameterSpec)spec).getServerVersion(), + random, encoded, (failover != null)); + } + + return ConstructKeys.constructKey(encoded, algorithm, type); } // see JCE spec @@ -438,5 +470,4 @@ public final class RSACipher extends CipherSpi { RSAKey rsaKey = RSAKeyFactory.toRSAKey(key); return rsaKey.getModulus().bitLength(); } - } diff --git a/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java b/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java index ef9098f24..2a25cb64d 100644 --- a/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java +++ b/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -56,7 +56,7 @@ public final class TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi { protected void engineInit(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException { - if (params instanceof TlsRsaPremasterSecretParameterSpec == false) { + if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { throw new InvalidAlgorithmParameterException(MSG); } this.spec = (TlsRsaPremasterSecretParameterSpec)params; @@ -67,21 +67,20 @@ public final class TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi { throw new InvalidParameterException(MSG); } + // Only can be used in client side to generate TLS RSA premaster secret. protected SecretKey engineGenerateKey() { if (spec == null) { throw new IllegalStateException( "TlsRsaPremasterSecretGenerator must be initialized"); } - byte[] b = spec.getEncodedSecret(); - if (b == null) { - if (random == null) { - random = new SecureRandom(); - } - b = new byte[48]; - random.nextBytes(b); - b[0] = (byte)spec.getMajorVersion(); - b[1] = (byte)spec.getMinorVersion(); + + if (random == null) { + random = new SecureRandom(); } + byte[] b = new byte[48]; + random.nextBytes(b); + b[0] = (byte)spec.getMajorVersion(); + b[1] = (byte)spec.getMinorVersion(); return new SecretKeySpec(b, "TlsRsaPremasterSecret"); } diff --git a/src/share/classes/javax/swing/JComponent.java b/src/share/classes/javax/swing/JComponent.java index d6f35ac3f..8a1bc1826 100644 --- a/src/share/classes/javax/swing/JComponent.java +++ b/src/share/classes/javax/swing/JComponent.java @@ -3985,6 +3985,17 @@ public abstract class JComponent extends Container implements Serializable, * @since 1.4 */ public AccessibleKeyBinding getAccessibleKeyBinding() { + // Try to get the linked label's mnemonic if it exists + Object o = getClientProperty(JLabel.LABELED_BY_PROPERTY); + if (o instanceof Accessible){ + AccessibleContext ac = ((Accessible) o).getAccessibleContext(); + if (ac != null){ + AccessibleComponent comp = ac.getAccessibleComponent(); + if (! (comp instanceof AccessibleExtendedComponent)) + return null; + return ((AccessibleExtendedComponent)comp).getAccessibleKeyBinding(); + } + } return null; } } // inner class AccessibleJComponent diff --git a/src/share/classes/sun/net/InetAddressCachePolicy.java b/src/share/classes/sun/net/InetAddressCachePolicy.java index 8437a1d52..31578b50d 100644 --- a/src/share/classes/sun/net/InetAddressCachePolicy.java +++ b/src/share/classes/sun/net/InetAddressCachePolicy.java @@ -84,19 +84,31 @@ public final class InetAddressCachePolicy { * Initialize */ static { - Integer tmp = null; - - try { - tmp = new Integer( - java.security.AccessController.doPrivileged ( - new PrivilegedAction<String>() { - public String run() { - return Security.getProperty(cachePolicyProp); - } - })); - } catch (NumberFormatException e) { - // ignore - } + + Integer tmp = java.security.AccessController.doPrivileged( + new PrivilegedAction<Integer>() { + public Integer run() { + try { + String tmpString = Security.getProperty(cachePolicyProp); + if (tmpString != null) { + return Integer.valueOf(tmpString); + } + } catch (NumberFormatException ignored) { + // Ignore + } + + try { + String tmpString = System.getProperty(cachePolicyPropFallback); + if (tmpString != null) { + return Integer.decode(tmpString); + } + } catch (NumberFormatException ignored) { + // Ignore + } + return null; + } + }); + if (tmp != null) { cachePolicy = tmp.intValue(); if (cachePolicy < 0) { @@ -104,35 +116,36 @@ public final class InetAddressCachePolicy { } propertySet = true; } else { - tmp = java.security.AccessController.doPrivileged - (new sun.security.action.GetIntegerAction(cachePolicyPropFallback)); - if (tmp != null) { - cachePolicy = tmp.intValue(); - if (cachePolicy < 0) { - cachePolicy = FOREVER; - } - propertySet = true; - } else { - /* No properties defined for positive caching. If there is no - * security manager then use the default positive cache value. - */ - if (System.getSecurityManager() == null) { - cachePolicy = DEFAULT_POSITIVE; - } + /* No properties defined for positive caching. If there is no + * security manager then use the default positive cache value. + */ + if (System.getSecurityManager() == null) { + cachePolicy = DEFAULT_POSITIVE; } } + tmp = java.security.AccessController.doPrivileged ( + new PrivilegedAction<Integer>() { + public Integer run() { + try { + String tmpString = Security.getProperty(negativeCachePolicyProp); + if (tmpString != null) { + return Integer.valueOf(tmpString); + } + } catch (NumberFormatException ignored) { + // Ignore + } - try { - tmp = new Integer( - java.security.AccessController.doPrivileged ( - new PrivilegedAction<String>() { - public String run() { - return Security.getProperty(negativeCachePolicyProp); - } - })); - } catch (NumberFormatException e) { - // ignore - } + try { + String tmpString = System.getProperty(negativeCachePolicyPropFallback); + if (tmpString != null) { + return Integer.decode(tmpString); + } + } catch (NumberFormatException ignored) { + // Ignore + } + return null; + } + }); if (tmp != null) { negativeCachePolicy = tmp.intValue(); @@ -140,16 +153,6 @@ public final class InetAddressCachePolicy { negativeCachePolicy = FOREVER; } propertyNegativeSet = true; - } else { - tmp = java.security.AccessController.doPrivileged - (new sun.security.action.GetIntegerAction(negativeCachePolicyPropFallback)); - if (tmp != null) { - negativeCachePolicy = tmp.intValue(); - if (negativeCachePolicy < 0) { - negativeCachePolicy = FOREVER; - } - propertyNegativeSet = true; - } } } diff --git a/src/share/classes/sun/net/util/IPAddressUtil.java b/src/share/classes/sun/net/util/IPAddressUtil.java index 4cef8ab04..4dafa8a1d 100644 --- a/src/share/classes/sun/net/util/IPAddressUtil.java +++ b/src/share/classes/sun/net/util/IPAddressUtil.java @@ -37,90 +37,73 @@ public class IPAddressUtil { * @param src a String representing an IPv4 address in standard format * @return a byte array representing the IPv4 numeric address */ + @SuppressWarnings("fallthrough") public static byte[] textToNumericFormatV4(String src) { - if (src.length() == 0) { - return null; - } - byte[] res = new byte[INADDR4SZ]; - String[] s = src.split("\\.", -1); - long val; - try { - switch(s.length) { - case 1: - /* - * When only one part is given, the value is stored directly in - * the network address without any byte rearrangement. - */ - val = Long.parseLong(s[0]); - if (val < 0 || val > 0xffffffffL) - return null; - res[0] = (byte) ((val >> 24) & 0xff); - res[1] = (byte) (((val & 0xffffff) >> 16) & 0xff); - res[2] = (byte) (((val & 0xffff) >> 8) & 0xff); - res[3] = (byte) (val & 0xff); - break; - case 2: - /* - * When a two part address is supplied, the last part is - * interpreted as a 24-bit quantity and placed in the right - * most three bytes of the network address. This makes the - * two part address format convenient for specifying Class A - * network addresses as net.host. - */ + long tmpValue = 0; + int currByte = 0; - val = Integer.parseInt(s[0]); - if (val < 0 || val > 0xff) - return null; - res[0] = (byte) (val & 0xff); - val = Integer.parseInt(s[1]); - if (val < 0 || val > 0xffffff) + int len = src.length(); + if (len == 0 || len > 15) { + return null; + } + /* + * When only one part is given, the value is stored directly in + * the network address without any byte rearrangement. + * + * When a two part address is supplied, the last part is + * interpreted as a 24-bit quantity and placed in the right + * most three bytes of the network address. This makes the + * two part address format convenient for specifying Class A + * network addresses as net.host. + * + * When a three part address is specified, the last part is + * interpreted as a 16-bit quantity and placed in the right + * most two bytes of the network address. This makes the + * three part address format convenient for specifying + * Class B net- work addresses as 128.net.host. + * + * When four parts are specified, each is interpreted as a + * byte of data and assigned, from left to right, to the + * four bytes of an IPv4 address. + * + * We determine and parse the leading parts, if any, as single + * byte values in one pass directly into the resulting byte[], + * then the remainder is treated as a 8-to-32-bit entity and + * translated into the remaining bytes in the array. + */ + for (int i = 0; i < len; i++) { + char c = src.charAt(i); + if (c == '.') { + if (tmpValue < 0 || tmpValue > 0xff || currByte == 3) { return null; - res[1] = (byte) ((val >> 16) & 0xff); - res[2] = (byte) (((val & 0xffff) >> 8) &0xff); - res[3] = (byte) (val & 0xff); - break; - case 3: - /* - * When a three part address is specified, the last part is - * interpreted as a 16-bit quantity and placed in the right - * most two bytes of the network address. This makes the - * three part address format convenient for specifying - * Class B net- work addresses as 128.net.host. - */ - for (int i = 0; i < 2; i++) { - val = Integer.parseInt(s[i]); - if (val < 0 || val > 0xff) - return null; - res[i] = (byte) (val & 0xff); } - val = Integer.parseInt(s[2]); - if (val < 0 || val > 0xffff) + res[currByte++] = (byte) (tmpValue & 0xff); + tmpValue = 0; + } else { + int digit = Character.digit(c, 10); + if (digit < 0) { return null; - res[2] = (byte) ((val >> 8) & 0xff); - res[3] = (byte) (val & 0xff); - break; - case 4: - /* - * When four parts are specified, each is interpreted as a - * byte of data and assigned, from left to right, to the - * four bytes of an IPv4 address. - */ - for (int i = 0; i < 4; i++) { - val = Integer.parseInt(s[i]); - if (val < 0 || val > 0xff) - return null; - res[i] = (byte) (val & 0xff); } - break; - default: - return null; + tmpValue *= 10; + tmpValue += digit; } - } catch(NumberFormatException e) { + } + if (tmpValue < 0 || tmpValue >= (1L << ((4 - currByte) * 8))) { return null; } + switch (currByte) { + case 0: + res[0] = (byte) ((tmpValue >> 24) & 0xff); + case 1: + res[1] = (byte) ((tmpValue >> 16) & 0xff); + case 2: + res[2] = (byte) ((tmpValue >> 8) & 0xff); + case 3: + res[3] = (byte) ((tmpValue >> 0) & 0xff); + } return res; } diff --git a/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java b/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java index a38a7faec..0741499b9 100644 --- a/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java +++ b/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java @@ -26,11 +26,11 @@ package sun.security.internal.spec; import java.security.spec.AlgorithmParameterSpec; +import java.security.AccessController; +import java.security.PrivilegedAction; /** - * Parameters for SSL/TLS RSA Premaster secret generation. - * This class is used by SSL/TLS client to initialize KeyGenerators of the - * type "TlsRsaPremasterSecret". + * Parameters for SSL/TLS RSA premaster secret. * * <p>Instances of this class are immutable. * @@ -43,90 +43,108 @@ import java.security.spec.AlgorithmParameterSpec; public class TlsRsaPremasterSecretParameterSpec implements AlgorithmParameterSpec { - private final int majorVersion; - private final int minorVersion; - private final byte[] encodedSecret; + /* + * The TLS spec says that the version in the RSA premaster secret must + * be the maximum version supported by the client (i.e. the version it + * requested in its client hello version). However, we (and other + * implementations) used to send the active negotiated version. The + * system property below allows to toggle the behavior. + */ + private final static String PROP_NAME = + "com.sun.net.ssl.rsaPreMasterSecretFix"; + + /* + * Default is "false" (old behavior) for compatibility reasons in + * SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property. + */ + private final static boolean rsaPreMasterSecretFix = + AccessController.doPrivileged(new PrivilegedAction<Boolean>() { + public Boolean run() { + String value = System.getProperty(PROP_NAME); + if (value != null && value.equalsIgnoreCase("true")) { + return Boolean.TRUE; + } + + return Boolean.FALSE; + } + }); + + private final int clientVersion; + private final int serverVersion; /** * Constructs a new TlsRsaPremasterSecretParameterSpec. - * <P> - * The version numbers will be placed inside the premaster secret to - * detect version rollbacks attacks as described in the TLS specification. - * Note that they do not indicate the protocol version negotiated for - * the handshake. * - * @param majorVersion the major number of the protocol version - * @param minorVersion the minor number of the protocol version + * @param clientVersion the version of the TLS protocol by which the + * client wishes to communicate during this session + * @param serverVersion the negotiated version of the TLS protocol which + * contains the lower of that suggested by the client in the client + * hello and the highest supported by the server. * - * @throws IllegalArgumentException if minorVersion or majorVersion are - * negative or larger than 255 + * @throws IllegalArgumentException if clientVersion or serverVersion are + * negative or larger than (2^16 - 1) */ - public TlsRsaPremasterSecretParameterSpec(int majorVersion, - int minorVersion) { - this.majorVersion = - TlsMasterSecretParameterSpec.checkVersion(majorVersion); - this.minorVersion = - TlsMasterSecretParameterSpec.checkVersion(minorVersion); - this.encodedSecret = null; + public TlsRsaPremasterSecretParameterSpec( + int clientVersion, int serverVersion) { + + this.clientVersion = checkVersion(clientVersion); + this.serverVersion = checkVersion(serverVersion); } /** - * Constructs a new TlsRsaPremasterSecretParameterSpec. - * <P> - * The version numbers will be placed inside the premaster secret to - * detect version rollbacks attacks as described in the TLS specification. - * Note that they do not indicate the protocol version negotiated for - * the handshake. - * <P> - * Usually, the encoded secret key is a random number that acts as - * dummy pre_master_secret to avoid vulnerabilities described by - * section 7.4.7.1, RFC 5246. - * - * @param majorVersion the major number of the protocol version - * @param minorVersion the minor number of the protocol version - * @param encodedSecret the encoded secret key + * Returns the version of the TLS protocol by which the client wishes to + * communicate during this session. * - * @throws IllegalArgumentException if minorVersion or majorVersion are - * negative or larger than 255, or encodedSecret is not exactly 48 bytes. + * @return the version of the TLS protocol in ClientHello message */ - public TlsRsaPremasterSecretParameterSpec(int majorVersion, - int minorVersion, byte[] encodedSecret) { - this.majorVersion = - TlsMasterSecretParameterSpec.checkVersion(majorVersion); - this.minorVersion = - TlsMasterSecretParameterSpec.checkVersion(minorVersion); - - if (encodedSecret == null || encodedSecret.length != 48) { - throw new IllegalArgumentException( - "Encoded secret is not exactly 48 bytes"); - } - this.encodedSecret = encodedSecret.clone(); + public int getClientVersion() { + return clientVersion; } /** - * Returns the major version. + * Returns the negotiated version of the TLS protocol which contains the + * lower of that suggested by the client in the client hello and the + * highest supported by the server. * - * @return the major version. + * @return the negotiated version of the TLS protocol in ServerHello message */ - public int getMajorVersion() { - return majorVersion; + public int getServerVersion() { + return serverVersion; } /** - * Returns the minor version. + * Returns the major version used in RSA premaster secret. * - * @return the minor version. + * @return the major version used in RSA premaster secret. */ - public int getMinorVersion() { - return minorVersion; + public int getMajorVersion() { + if (rsaPreMasterSecretFix || clientVersion >= 0x0302) { + // 0x0302: TLSv1.1 + return (clientVersion >>> 8) & 0xFF; + } + + return (serverVersion >>> 8) & 0xFF; } /** - * Returns the encoded secret. + * Returns the minor version used in RSA premaster secret. * - * @return the encoded secret, may be null if no encoded secret. + * @return the minor version used in RSA premaster secret. */ - public byte[] getEncodedSecret() { - return encodedSecret == null ? null : encodedSecret.clone(); + public int getMinorVersion() { + if (rsaPreMasterSecretFix || clientVersion >= 0x0302) { + // 0x0302: TLSv1.1 + return clientVersion & 0xFF; + } + + return serverVersion & 0xFF; + } + + private int checkVersion(int version) { + if ((version < 0) || (version > 0xFFFF)) { + throw new IllegalArgumentException( + "Version must be between 0 and 65,535"); + } + return version; } } diff --git a/src/share/classes/sun/security/pkcs11/P11RSACipher.java b/src/share/classes/sun/security/pkcs11/P11RSACipher.java index e2ff0fc73..253b8913a 100644 --- a/src/share/classes/sun/security/pkcs11/P11RSACipher.java +++ b/src/share/classes/sun/security/pkcs11/P11RSACipher.java @@ -37,6 +37,8 @@ import javax.crypto.spec.*; import static sun.security.pkcs11.TemplateManager.*; import sun.security.pkcs11.wrapper.*; import static sun.security.pkcs11.wrapper.PKCS11Constants.*; +import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; +import sun.security.util.KeyUtil; /** * RSA Cipher implementation class. We currently only support @@ -102,6 +104,12 @@ final class P11RSACipher extends CipherSpi { // maximum output size. this is the length of the key private int outputSize; + // cipher parameter for TLS RSA premaster secret + private AlgorithmParameterSpec spec = null; + + // the source of randomness + private SecureRandom random; + P11RSACipher(Token token, String algorithm, long mechanism) throws PKCS11Exception { super(); @@ -165,8 +173,12 @@ final class P11RSACipher extends CipherSpi { AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { if (params != null) { - throw new InvalidAlgorithmParameterException - ("Parameters not supported"); + if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { + throw new InvalidAlgorithmParameterException( + "Parameters not supported"); + } + spec = params; + this.random = random; // for TLS RSA premaster secret } implInit(opmode, key); } @@ -176,8 +188,8 @@ final class P11RSACipher extends CipherSpi { SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { if (params != null) { - throw new InvalidAlgorithmParameterException - ("Parameters not supported"); + throw new InvalidAlgorithmParameterException( + "Parameters not supported"); } implInit(opmode, key); } @@ -452,21 +464,101 @@ final class P11RSACipher extends CipherSpi { protected Key engineUnwrap(byte[] wrappedKey, String algorithm, int type) throws InvalidKeyException, NoSuchAlgorithmException { - // XXX implement unwrap using C_Unwrap() for all keys - implInit(Cipher.DECRYPT_MODE, p11Key); - if (wrappedKey.length > maxInputSize) { - throw new InvalidKeyException("Key is too long for unwrapping"); + boolean isTlsRsaPremasterSecret = + algorithm.equals("TlsRsaPremasterSecret"); + Exception failover = null; + + SecureRandom secureRandom = random; + if (secureRandom == null && isTlsRsaPremasterSecret) { + secureRandom = new SecureRandom(); } - implUpdate(wrappedKey, 0, wrappedKey.length); - try { - byte[] encoded = doFinal(); + + // Should C_Unwrap be preferred for non-TLS RSA premaster secret? + if (token.supportsRawSecretKeyImport()) { + // XXX implement unwrap using C_Unwrap() for all keys + implInit(Cipher.DECRYPT_MODE, p11Key); + if (wrappedKey.length > maxInputSize) { + throw new InvalidKeyException("Key is too long for unwrapping"); + } + + byte[] encoded = null; + implUpdate(wrappedKey, 0, wrappedKey.length); + try { + encoded = doFinal(); + } catch (BadPaddingException e) { + if (isTlsRsaPremasterSecret) { + failover = e; + } else { + throw new InvalidKeyException("Unwrapping failed", e); + } + } catch (IllegalBlockSizeException e) { + // should not occur, handled with length check above + throw new InvalidKeyException("Unwrapping failed", e); + } + + if (isTlsRsaPremasterSecret) { + if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) { + throw new IllegalStateException( + "No TlsRsaPremasterSecretParameterSpec specified"); + } + + // polish the TLS premaster secret + TlsRsaPremasterSecretParameterSpec psps = + (TlsRsaPremasterSecretParameterSpec)spec; + encoded = KeyUtil.checkTlsPreMasterSecretKey( + psps.getClientVersion(), psps.getServerVersion(), + secureRandom, encoded, (failover != null)); + } + return ConstructKeys.constructKey(encoded, algorithm, type); - } catch (BadPaddingException e) { - // should not occur - throw new InvalidKeyException("Unwrapping failed", e); - } catch (IllegalBlockSizeException e) { - // should not occur, handled with length check above - throw new InvalidKeyException("Unwrapping failed", e); + } else { + Session s = null; + SecretKey secretKey = null; + try { + try { + s = token.getObjSession(); + long keyType = CKK_GENERIC_SECRET; + CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { + new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), + new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType), + }; + attributes = token.getAttributes( + O_IMPORT, CKO_SECRET_KEY, keyType, attributes); + long keyID = token.p11.C_UnwrapKey(s.id(), + new CK_MECHANISM(mechanism), p11Key.keyID, + wrappedKey, attributes); + secretKey = P11Key.secretKey(s, keyID, + algorithm, 48 << 3, attributes); + } catch (PKCS11Exception e) { + if (isTlsRsaPremasterSecret) { + failover = e; + } else { + throw new InvalidKeyException("unwrap() failed", e); + } + } + + if (isTlsRsaPremasterSecret) { + byte[] replacer = new byte[48]; + if (failover == null) { + // Does smart compiler dispose this operation? + secureRandom.nextBytes(replacer); + } + + TlsRsaPremasterSecretParameterSpec psps = + (TlsRsaPremasterSecretParameterSpec)spec; + + // Please use the tricky failover and replacer byte array + // as the parameters so that smart compiler won't dispose + // the unused variable . + secretKey = polishPreMasterSecretKey(token, s, + failover, replacer, secretKey, + psps.getClientVersion(), psps.getServerVersion()); + } + + return secretKey; + } finally { + token.releaseSession(s); + } } } @@ -475,6 +567,34 @@ final class P11RSACipher extends CipherSpi { int n = P11KeyFactory.convertKey(token, key, algorithm).length(); return n; } + + private static SecretKey polishPreMasterSecretKey( + Token token, Session session, + Exception failover, byte[] replacer, SecretKey secretKey, + int clientVersion, int serverVersion) { + + if (failover != null) { + CK_VERSION version = new CK_VERSION( + (clientVersion >>> 8) & 0xFF, clientVersion & 0xFF); + try { + CK_ATTRIBUTE[] attributes = token.getAttributes( + O_GENERATE, CKO_SECRET_KEY, + CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); + long keyID = token.p11.C_GenerateKey(session.id(), + // new CK_MECHANISM(CKM_TLS_PRE_MASTER_KEY_GEN, version), + new CK_MECHANISM(CKM_SSL3_PRE_MASTER_KEY_GEN, version), + attributes); + return P11Key.secretKey(session, + keyID, "TlsRsaPremasterSecret", 48 << 3, attributes); + } catch (PKCS11Exception e) { + throw new ProviderException( + "Could not generate premaster secret", e); + } + } + + return secretKey; + } + } final class ConstructKeys { diff --git a/src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java b/src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java index ff9b183ee..21c853794 100644 --- a/src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java +++ b/src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java @@ -73,7 +73,7 @@ final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi { protected void engineInit(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException { - if (params instanceof TlsRsaPremasterSecretParameterSpec == false) { + if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { throw new InvalidAlgorithmParameterException(MSG); } this.spec = (TlsRsaPremasterSecretParameterSpec)params; @@ -83,38 +83,32 @@ final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi { throw new InvalidParameterException(MSG); } + // Only can be used in client side to generate TLS RSA premaster secret. protected SecretKey engineGenerateKey() { if (spec == null) { throw new IllegalStateException ("TlsRsaPremasterSecretGenerator must be initialized"); } - byte[] b = spec.getEncodedSecret(); - if (b == null) { - CK_VERSION version = new CK_VERSION( + CK_VERSION version = new CK_VERSION( spec.getMajorVersion(), spec.getMinorVersion()); - Session session = null; - try { - session = token.getObjSession(); - CK_ATTRIBUTE[] attributes = token.getAttributes( - O_GENERATE, CKO_SECRET_KEY, - CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); - long keyID = token.p11.C_GenerateKey(session.id(), - new CK_MECHANISM(mechanism, version), attributes); - SecretKey key = P11Key.secretKey(session, - keyID, "TlsRsaPremasterSecret", 48 << 3, attributes); - return key; - } catch (PKCS11Exception e) { - throw new ProviderException( - "Could not generate premaster secret", e); - } finally { - token.releaseSession(session); - } + Session session = null; + try { + session = token.getObjSession(); + CK_ATTRIBUTE[] attributes = token.getAttributes( + O_GENERATE, CKO_SECRET_KEY, + CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]); + long keyID = token.p11.C_GenerateKey(session.id(), + new CK_MECHANISM(mechanism, version), attributes); + SecretKey key = P11Key.secretKey(session, + keyID, "TlsRsaPremasterSecret", 48 << 3, attributes); + return key; + } catch (PKCS11Exception e) { + throw new ProviderException( + "Could not generate premaster secret", e); + } finally { + token.releaseSession(session); } - - // Won't worry, the TlsRsaPremasterSecret will be soon converted to - // TlsMasterSecret. - return new SecretKeySpec(b, "TlsRsaPremasterSecret"); } } diff --git a/src/share/classes/sun/security/pkcs11/Token.java b/src/share/classes/sun/security/pkcs11/Token.java index b97ab0cc9..39d301ae7 100644 --- a/src/share/classes/sun/security/pkcs11/Token.java +++ b/src/share/classes/sun/security/pkcs11/Token.java @@ -36,6 +36,7 @@ import javax.security.auth.login.LoginException; import sun.security.jca.JCAUtil; import sun.security.pkcs11.wrapper.*; +import static sun.security.pkcs11.TemplateManager.*; import static sun.security.pkcs11.wrapper.PKCS11Constants.*; /** @@ -122,6 +123,9 @@ class Token implements Serializable { private final static CK_MECHANISM_INFO INVALID_MECH = new CK_MECHANISM_INFO(0, 0, 0); + // flag indicating whether the token supports raw secret key material import + private Boolean supportsRawSecretKeyImport; + Token(SunPKCS11 provider) throws PKCS11Exception { this.provider = provider; this.removable = provider.removable; @@ -160,6 +164,36 @@ class Token implements Serializable { return writeProtected; } + // return whether the token supports raw secret key material import + boolean supportsRawSecretKeyImport() { + if (supportsRawSecretKeyImport == null) { + SecureRandom random = JCAUtil.getSecureRandom(); + byte[] encoded = new byte[48]; + random.nextBytes(encoded); + + CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[3]; + attributes[0] = new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY); + attributes[1] = new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET); + attributes[2] = new CK_ATTRIBUTE(CKA_VALUE, encoded); + + Session session = null; + try { + attributes = getAttributes(O_IMPORT, + CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes); + session = getObjSession(); + long keyID = p11.C_CreateObject(session.id(), attributes); + + supportsRawSecretKeyImport = Boolean.TRUE; + } catch (PKCS11Exception e) { + supportsRawSecretKeyImport = Boolean.FALSE; + } finally { + releaseSession(session); + } + } + + return supportsRawSecretKeyImport; + } + // return whether we are logged in // uses cached result if current. session is optional and may be null boolean isLoggedIn(Session session) throws PKCS11Exception { diff --git a/src/share/classes/sun/security/ssl/ByteBufferInputStream.java b/src/share/classes/sun/security/ssl/ByteBufferInputStream.java index dde186966..05107988a 100644 --- a/src/share/classes/sun/security/ssl/ByteBufferInputStream.java +++ b/src/share/classes/sun/security/ssl/ByteBufferInputStream.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -60,7 +60,8 @@ class ByteBufferInputStream extends InputStream { if (bb.remaining() == 0) { return -1; } - return bb.get(); + + return (bb.get() & 0xFF); // need to be in the range 0 to 255 } /** diff --git a/src/share/classes/sun/security/ssl/EngineInputRecord.java b/src/share/classes/sun/security/ssl/EngineInputRecord.java index 55931da09..d980b1629 100644 --- a/src/share/classes/sun/security/ssl/EngineInputRecord.java +++ b/src/share/classes/sun/security/ssl/EngineInputRecord.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -109,14 +109,8 @@ final class EngineInputRecord extends InputRecord { ProtocolVersion recordVersion = ProtocolVersion.valueOf(buf.get(pos + 1), buf.get(pos + 2)); - // Check if too old (currently not possible) - // or if the major version does not match. - // The actual version negotiation is in the handshaker classes - if ((recordVersion.v < ProtocolVersion.MIN.v) - || (recordVersion.major > ProtocolVersion.MAX.major)) { - throw new SSLException( - "Unsupported record version " + recordVersion); - } + // check the record version + checkRecordVersion(recordVersion, false); /* * Reasonably sure this is a V3, disable further checks. @@ -147,18 +141,8 @@ final class EngineInputRecord extends InputRecord { ProtocolVersion recordVersion = ProtocolVersion.valueOf(buf.get(pos + 3), buf.get(pos + 4)); - // Check if too old (currently not possible) - // or if the major version does not match. - // The actual version negotiation is in the handshaker classes - if ((recordVersion.v < ProtocolVersion.MIN.v) - || (recordVersion.major > ProtocolVersion.MAX.major)) { - - // if it's not SSLv2, we're out of here. - if (recordVersion.v != ProtocolVersion.SSL20Hello.v) { - throw new SSLException( - "Unsupported record version " + recordVersion); - } - } + // check the record version + checkRecordVersion(recordVersion, true); /* * Client or Server Hello @@ -406,14 +390,9 @@ final class EngineInputRecord extends InputRecord { ProtocolVersion recordVersion = ProtocolVersion.valueOf( srcBB.get(srcPos + 1), srcBB.get(srcPos + 2)); - // Check if too old (currently not possible) - // or if the major version does not match. - // The actual version negotiation is in the handshaker classes - if ((recordVersion.v < ProtocolVersion.MIN.v) - || (recordVersion.major > ProtocolVersion.MAX.major)) { - throw new SSLException( - "Unsupported record version " + recordVersion); - } + + // check the record version + checkRecordVersion(recordVersion, false); /* * It's really application data. How much to consume? diff --git a/src/share/classes/sun/security/ssl/InputRecord.java b/src/share/classes/sun/security/ssl/InputRecord.java index ca56be7ec..b4d97c7f3 100644 --- a/src/share/classes/sun/security/ssl/InputRecord.java +++ b/src/share/classes/sun/security/ssl/InputRecord.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -534,19 +534,35 @@ class InputRecord extends ByteArrayInputStream implements Record { } /** + * Return true if the specified record protocol version is out of the + * range of the possible supported versions. + */ + static void checkRecordVersion(ProtocolVersion version, + boolean allowSSL20Hello) throws SSLException { + // Check if the record version is too old (currently not possible) + // or if the major version does not match. + // + // The actual version negotiation is in the handshaker classes + if ((version.v < ProtocolVersion.MIN.v) || + ((version.major & 0xFF) > (ProtocolVersion.MAX.major & 0xFF))) { + + // if it's not SSLv2, we're out of here. + if (!allowSSL20Hello || + (version.v != ProtocolVersion.SSL20Hello.v)) { + throw new SSLException("Unsupported record version " + version); + } + } + } + + /** * Read a SSL/TLS record. Throw an IOException if the format is invalid. */ private void readV3Record(InputStream s, OutputStream o) throws IOException { ProtocolVersion recordVersion = ProtocolVersion.valueOf(buf[1], buf[2]); - // Check if too old (currently not possible) - // or if the major version does not match. - // The actual version negotiation is in the handshaker classes - if ((recordVersion.v < ProtocolVersion.MIN.v) - || (recordVersion.major > ProtocolVersion.MAX.major)) { - throw new SSLException( - "Unsupported record version " + recordVersion); - } + + // check the record version + checkRecordVersion(recordVersion, false); /* * Get and check length, then the data. diff --git a/src/share/classes/sun/security/ssl/ProtocolVersion.java b/src/share/classes/sun/security/ssl/ProtocolVersion.java index 20ea5860c..fb476416a 100644 --- a/src/share/classes/sun/security/ssl/ProtocolVersion.java +++ b/src/share/classes/sun/security/ssl/ProtocolVersion.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -101,7 +101,7 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> { this.v = v; this.name = name; major = (byte)(v >>> 8); - minor = (byte)(v & 0xff); + minor = (byte)(v & 0xFF); } // private @@ -117,8 +117,8 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> { } else if (v == SSL20Hello.v) { return SSL20Hello; } else { - int major = (v >>> 8) & 0xff; - int minor = v & 0xff; + int major = (v >>> 8) & 0xFF; + int minor = v & 0xFF; return new ProtocolVersion(v, "Unknown-" + major + "." + minor); } } @@ -128,10 +128,7 @@ public final class ProtocolVersion implements Comparable<ProtocolVersion> { * numbers. Never throws exceptions. */ public static ProtocolVersion valueOf(int major, int minor) { - major &= 0xff; - minor &= 0xff; - int v = (major << 8) | minor; - return valueOf(v); + return valueOf(((major & 0xFF) << 8) | (minor & 0xFF)); } /** diff --git a/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java b/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java index 36e4310fe..870d3ea3d 100644 --- a/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java +++ b/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java @@ -48,23 +48,6 @@ import sun.security.util.KeyUtil; */ final class RSAClientKeyExchange extends HandshakeMessage { - /** - * The TLS spec says that the version in the RSA premaster secret must - * be the maximum version supported by the client (i.e. the version it - * requested in its client hello version). However, we (and other - * implementations) used to send the active negotiated version. The - * system property below allows to toggle the behavior. - */ - private final static String PROP_NAME = - "com.sun.net.ssl.rsaPreMasterSecretFix"; - - /* - * Default is "false" (old behavior) for compatibility reasons in - * SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property. - */ - private final static boolean rsaPreMasterSecretFix = - Debug.getBooleanProperty(PROP_NAME, false); - /* * The following field values were encrypted with the server's public * key (or temp key from server key exchange msg) and are presented @@ -88,22 +71,12 @@ final class RSAClientKeyExchange extends HandshakeMessage { } this.protocolVersion = protocolVersion; - int major, minor; - - if (rsaPreMasterSecretFix || maxVersion.v >= ProtocolVersion.TLS11.v) { - major = maxVersion.major; - minor = maxVersion.minor; - } else { - major = protocolVersion.major; - minor = protocolVersion.minor; - } - try { String s = ((protocolVersion.v >= ProtocolVersion.TLS12.v) ? "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret"); KeyGenerator kg = JsseJce.getKeyGenerator(s); - kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor), - generator); + kg.init(new TlsRsaPremasterSecretParameterSpec( + maxVersion.v, protocolVersion.v), generator); preMaster = kg.generateKey(); Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1); @@ -138,18 +111,16 @@ final class RSAClientKeyExchange extends HandshakeMessage { } } - Exception failover = null; - byte[] encoded = null; try { Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1); - // Cannot generate key here, please don't use Cipher.UNWRAP_MODE! - cipher.init(Cipher.DECRYPT_MODE, privateKey); - encoded = cipher.doFinal(encrypted); - } catch (BadPaddingException bpe) { - failover = bpe; - encoded = null; - } catch (IllegalBlockSizeException ibse) { - // the message it too big to process with RSA + cipher.init(Cipher.UNWRAP_MODE, privateKey, + new TlsRsaPremasterSecretParameterSpec( + maxVersion.v, currentVersion.v), + generator); + preMaster = (SecretKey)cipher.unwrap(encrypted, + "TlsRsaPremasterSecret", Cipher.SECRET_KEY); + } catch (InvalidKeyException ibk) { + // the message is too big to process with RSA throw new SSLProtocolException( "Unable to process PreMasterSecret, may be too big"); } catch (Exception e) { @@ -160,124 +131,6 @@ final class RSAClientKeyExchange extends HandshakeMessage { } throw new RuntimeException("Could not generate dummy secret", e); } - - // polish the premaster secret - preMaster = polishPreMasterSecretKey( - currentVersion, maxVersion, generator, encoded, failover); - } - - /** - * To avoid vulnerabilities described by section 7.4.7.1, RFC 5246, - * treating incorrectly formatted message blocks and/or mismatched - * version numbers in a manner indistinguishable from correctly - * formatted RSA blocks. - * - * RFC 5246 describes the approach as : - * - * 1. Generate a string R of 48 random bytes - * - * 2. Decrypt the message to recover the plaintext M - * - * 3. If the PKCS#1 padding is not correct, or the length of message - * M is not exactly 48 bytes: - * pre_master_secret = R - * else If ClientHello.client_version <= TLS 1.0, and version - * number check is explicitly disabled: - * premaster secret = M - * else If M[0..1] != ClientHello.client_version: - * premaster secret = R - * else: - * premaster secret = M - * - * Note that #2 has completed before the call of this method. - */ - private SecretKey polishPreMasterSecretKey(ProtocolVersion currentVersion, - ProtocolVersion clientHelloVersion, SecureRandom generator, - byte[] encoded, Exception failoverException) { - - this.protocolVersion = clientHelloVersion; - if (generator == null) { - generator = new SecureRandom(); - } - byte[] random = new byte[48]; - generator.nextBytes(random); - - if (failoverException == null && encoded != null) { - // check the length - if (encoded.length != 48) { - if (debug != null && Debug.isOn("handshake")) { - System.out.println( - "incorrect length of premaster secret: " + - encoded.length); - } - - return generatePreMasterSecret( - clientHelloVersion, random, generator); - } - - if (clientHelloVersion.major != encoded[0] || - clientHelloVersion.minor != encoded[1]) { - - if (clientHelloVersion.v <= ProtocolVersion.TLS10.v && - currentVersion.major == encoded[0] && - currentVersion.minor == encoded[1]) { - /* - * For compatibility, we maintain the behavior that the - * version in pre_master_secret can be the negotiated - * version for TLS v1.0 and SSL v3.0. - */ - this.protocolVersion = currentVersion; - } else { - if (debug != null && Debug.isOn("handshake")) { - System.out.println("Mismatching Protocol Versions, " + - "ClientHello.client_version is " + - clientHelloVersion + - ", while PreMasterSecret.client_version is " + - ProtocolVersion.valueOf(encoded[0], encoded[1])); - } - - encoded = random; - } - } - - return generatePreMasterSecret( - clientHelloVersion, encoded, generator); - } - - if (debug != null && Debug.isOn("handshake") && - failoverException != null) { - System.out.println("Error decrypting premaster secret:"); - failoverException.printStackTrace(System.out); - } - - return generatePreMasterSecret(clientHelloVersion, random, generator); - } - - // generate a premaster secret with the specified version number - private static SecretKey generatePreMasterSecret( - ProtocolVersion version, byte[] encodedSecret, - SecureRandom generator) { - - if (debug != null && Debug.isOn("handshake")) { - System.out.println("Generating a random fake premaster secret"); - } - - try { - String s = ((version.v >= ProtocolVersion.TLS12.v) ? - "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret"); - KeyGenerator kg = JsseJce.getKeyGenerator(s); - kg.init(new TlsRsaPremasterSecretParameterSpec( - version.major, version.minor, encodedSecret), generator); - return kg.generateKey(); - } catch (InvalidAlgorithmParameterException | - NoSuchAlgorithmException iae) { - // unlikely to happen, otherwise, must be a provider exception - if (debug != null && Debug.isOn("handshake")) { - System.out.println("RSA premaster secret generation error:"); - iae.printStackTrace(System.out); - } - throw new RuntimeException("Could not generate dummy secret", iae); - } } @Override diff --git a/src/share/classes/sun/security/util/KeyUtil.java b/src/share/classes/sun/security/util/KeyUtil.java index cbaa8a5e2..9c881b803 100644 --- a/src/share/classes/sun/security/util/KeyUtil.java +++ b/src/share/classes/sun/security/util/KeyUtil.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,6 +32,7 @@ import java.security.InvalidKeyException; import java.security.interfaces.ECKey; import java.security.interfaces.RSAKey; import java.security.interfaces.DSAKey; +import java.security.SecureRandom; import java.security.spec.KeySpec; import javax.crypto.SecretKey; import javax.crypto.interfaces.DHKey; @@ -157,6 +158,79 @@ public final class KeyUtil { } /** + * Check the format of TLS PreMasterSecret. + * <P> + * To avoid vulnerabilities described by section 7.4.7.1, RFC 5246, + * treating incorrectly formatted message blocks and/or mismatched + * version numbers in a manner indistinguishable from correctly + * formatted RSA blocks. + * + * RFC 5246 describes the approach as : + * + * 1. Generate a string R of 48 random bytes + * + * 2. Decrypt the message to recover the plaintext M + * + * 3. If the PKCS#1 padding is not correct, or the length of message + * M is not exactly 48 bytes: + * pre_master_secret = R + * else If ClientHello.client_version <= TLS 1.0, and version + * number check is explicitly disabled: + * premaster secret = M + * else If M[0..1] != ClientHello.client_version: + * premaster secret = R + * else: + * premaster secret = M + * + * Note that #2 should have completed before the call to this method. + * + * @param clientVersion the version of the TLS protocol by which the + * client wishes to communicate during this session + * @param serverVersion the negotiated version of the TLS protocol which + * contains the lower of that suggested by the client in the client + * hello and the highest supported by the server. + * @param encoded the encoded key in its "RAW" encoding format + * @param isFailover whether or not the previous decryption of the + * encrypted PreMasterSecret message run into problem + * @return the polished PreMasterSecret key in its "RAW" encoding format + */ + public static byte[] checkTlsPreMasterSecretKey( + int clientVersion, int serverVersion, SecureRandom random, + byte[] encoded, boolean isFailOver) { + + if (random == null) { + random = new SecureRandom(); + } + byte[] replacer = new byte[48]; + random.nextBytes(replacer); + + if (!isFailOver && (encoded != null)) { + // check the length + if (encoded.length != 48) { + // private, don't need to clone the byte array. + return replacer; + } + + int encodedVersion = + ((encoded[0] & 0xFF) << 8) | (encoded[1] & 0xFF); + if (clientVersion != encodedVersion) { + if (clientVersion > 0x0301 || // 0x0301: TLSv1 + serverVersion != encodedVersion) { + encoded = replacer; + } // Otherwise, For compatibility, we maintain the behavior + // that the version in pre_master_secret can be the + // negotiated version for TLS v1.0 and SSL v3.0. + } + + // private, don't need to clone the byte array. + return encoded; + } + + // private, don't need to clone the byte array. + return replacer; + } + + /** * Returns whether the Diffie-Hellman public key is valid or not. * * Per RFC 2631 and NIST SP800-56A, the following algorithm is used to diff --git a/src/solaris/native/sun/awt/awt_util.c b/src/solaris/native/sun/awt/awt_util.c index a0fcea2a5..13ba37796 100644 --- a/src/solaris/native/sun/awt/awt_util.c +++ b/src/solaris/native/sun/awt/awt_util.c @@ -62,7 +62,7 @@ static Atom decor_list[9]; #define MIN(a,b) ((a) < (b) ? (a) : (b)) #endif -void +jboolean awtJNI_ThreadYield(JNIEnv *env) { static jclass threadClass = NULL; @@ -76,7 +76,7 @@ awtJNI_ThreadYield(JNIEnv *env) { Boolean err = FALSE; if (threadClass == NULL) { jclass tc = (*env)->FindClass(env, "java/lang/Thread"); - CHECK_NULL(tc); + CHECK_NULL_RETURN(tc, JNI_FALSE); threadClass = (*env)->NewGlobalRef(env, tc); (*env)->DeleteLocalRef(env, tc); if (threadClass != NULL) { @@ -92,10 +92,11 @@ awtJNI_ThreadYield(JNIEnv *env) { err = TRUE; } if (err) { - return; + return JNI_FALSE; } } /* threadClass == NULL*/ (*env)->CallStaticVoidMethod(env, threadClass, yieldMethodID); DASSERT(!((*env)->ExceptionOccurred(env))); + return JNI_TRUE; } /* awtJNI_ThreadYield() */ diff --git a/src/solaris/native/sun/awt/awt_util.h b/src/solaris/native/sun/awt/awt_util.h index 56781f5ec..dd0be2282 100644 --- a/src/solaris/native/sun/awt/awt_util.h +++ b/src/solaris/native/sun/awt/awt_util.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -78,7 +78,7 @@ struct DPos { int32_t echoC; }; -extern void awtJNI_ThreadYield(JNIEnv *env); +extern jboolean awtJNI_ThreadYield(JNIEnv *env); /* * Functions for accessing fields by name and signature diff --git a/src/solaris/native/sun/xawt/XToolkit.c b/src/solaris/native/sun/xawt/XToolkit.c index fc42f4236..77a6af85b 100644 --- a/src/solaris/native/sun/xawt/XToolkit.c +++ b/src/solaris/native/sun/xawt/XToolkit.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -40,6 +40,7 @@ #include "awt_Component.h" #include "awt_MenuComponent.h" #include "awt_Font.h" +#include "awt_util.h" #include "sun_awt_X11_XToolkit.h" #include "java_awt_SystemColor.h" @@ -76,6 +77,8 @@ struct MenuComponentIDs menuComponentIDs; #ifndef HEADLESS extern Display* awt_init_Display(JNIEnv *env, jobject this); +extern void freeNativeStringArray(char **array, long length); +extern char** stringArrayToNative(JNIEnv *env, jobjectArray array, jsize * ret_length); struct XFontPeerIDs xFontPeerIDs; @@ -103,9 +106,11 @@ Java_sun_awt_X11_XToolkit_initIDs (JNIEnv *env, jclass clazz) { jfieldID fid = (*env)->GetStaticFieldID(env, clazz, "numLockMask", "I"); + CHECK_NULL(fid); awt_NumLockMask = (*env)->GetStaticIntField(env, clazz, fid); DTRACE_PRINTLN1("awt_NumLockMask = %u", awt_NumLockMask); fid = (*env)->GetStaticFieldID(env, clazz, "modLockIsShiftLock", "I"); + CHECK_NULL(fid); awt_ModLockIsShiftLock = (*env)->GetStaticIntField(env, clazz, fid) != 0 ? True : False; } @@ -173,21 +178,31 @@ Java_java_awt_Component_initIDs componentIDs.x = (*env)->GetFieldID(env, cls, "x", "I"); + CHECK_NULL(componentIDs.x); componentIDs.y = (*env)->GetFieldID(env, cls, "y", "I"); + CHECK_NULL(componentIDs.y); componentIDs.width = (*env)->GetFieldID(env, cls, "width", "I"); + CHECK_NULL(componentIDs.width); componentIDs.height = (*env)->GetFieldID(env, cls, "height", "I"); + CHECK_NULL(componentIDs.height); componentIDs.isPacked = (*env)->GetFieldID(env, cls, "isPacked", "Z"); + CHECK_NULL(componentIDs.isPacked); componentIDs.peer = (*env)->GetFieldID(env, cls, "peer", "Ljava/awt/peer/ComponentPeer;"); + CHECK_NULL(componentIDs.peer); componentIDs.background = (*env)->GetFieldID(env, cls, "background", "Ljava/awt/Color;"); + CHECK_NULL(componentIDs.background); componentIDs.foreground = (*env)->GetFieldID(env, cls, "foreground", "Ljava/awt/Color;"); + CHECK_NULL(componentIDs.foreground); componentIDs.graphicsConfig = (*env)->GetFieldID(env, cls, "graphicsConfig", "Ljava/awt/GraphicsConfiguration;"); + CHECK_NULL(componentIDs.graphicsConfig); componentIDs.name = (*env)->GetFieldID(env, cls, "name", "Ljava/lang/String;"); + CHECK_NULL(componentIDs.name); /* Use _NoClientCode() methods for trusted methods, so that we * know that we are not invoking client code on trusted threads @@ -195,19 +210,20 @@ Java_java_awt_Component_initIDs componentIDs.getParent = (*env)->GetMethodID(env, cls, "getParent_NoClientCode", "()Ljava/awt/Container;"); + CHECK_NULL(componentIDs.getParent); componentIDs.getLocationOnScreen = (*env)->GetMethodID(env, cls, "getLocationOnScreen_NoTreeLock", "()Ljava/awt/Point;"); + CHECK_NULL(componentIDs.getLocationOnScreen); keyclass = (*env)->FindClass(env, "java/awt/event/KeyEvent"); - if (JNU_IsNull(env, keyclass)) { - return; - } + CHECK_NULL(keyclass); componentIDs.isProxyActive = (*env)->GetFieldID(env, keyclass, "isProxyActive", "Z"); + CHECK_NULL(componentIDs.isProxyActive); componentIDs.appContext = (*env)->GetFieldID(env, cls, "appContext", @@ -339,7 +355,7 @@ JNIEXPORT void JNICALL Java_java_awt_Dialog_initIDs (JNIEnv *env, jclass cls) static void waitForEvents(JNIEnv *, jlong); static void awt_pipe_init(); static void processOneEvent(XtInputMask iMask); -static void performPoll(JNIEnv *, jlong); +static Boolean performPoll(JNIEnv *, jlong); static void wakeUp(); static void update_poll_timeout(int timeout_control); static uint32_t get_poll_timeout(jlong nextTaskTime); @@ -608,11 +624,13 @@ static uint32_t get_poll_timeout(jlong nextTaskTime) */ void waitForEvents(JNIEnv *env, jlong nextTaskTime) { - performPoll(env, nextTaskTime); - if ((awt_next_flush_time > 0) && (awtJNI_TimeMillis() >= awt_next_flush_time)) { - XFlush(awt_display); - awt_last_flush_time = awt_next_flush_time; - awt_next_flush_time = 0LL; + if (performPoll(env, nextTaskTime) + && (awt_next_flush_time > 0) + && (awtJNI_TimeMillis() >= awt_next_flush_time)) { + + XFlush(awt_display); + awt_last_flush_time = awt_next_flush_time; + awt_next_flush_time = 0LL; } } /* waitForEvents() */ @@ -646,7 +664,7 @@ JNIEXPORT void JNICALL Java_sun_awt_X11_XToolkit_wakeup_1poll (JNIEnv *env, jcla * * The fdAWTPipe will be empty when this returns. */ -static void +static Boolean performPoll(JNIEnv *env, jlong nextTaskTime) { static Bool pollFdsInited = False; static char read_buf[AWT_POLL_BUFSIZE + 1]; /* dummy buf to empty pipe */ @@ -673,7 +691,9 @@ performPoll(JNIEnv *env, jlong nextTaskTime) { /* ACTUALLY DO THE POLL() */ if (timeout == 0) { // be sure other threads get a chance - awtJNI_ThreadYield(env); + if (!awtJNI_ThreadYield(env)) { + return FALSE; + } } if (tracing) poll_sleep_time = awtJNI_TimeMillis(); @@ -701,7 +721,7 @@ performPoll(JNIEnv *env, jlong nextTaskTime) { update_poll_timeout(TIMEOUT_EVENTS); PRINT2("performPoll(): TIMEOUT_EVENTS curPollTimeout = %ld \n", curPollTimeout); } - return; + return TRUE; } /* performPoll() */ @@ -856,23 +876,25 @@ Java_sun_awt_motif_XsessionWMcommand(JNIEnv *env, jobject this, xawt_root_window = get_xawt_root_shell(env); if ( xawt_root_window == None ) { - JNU_ThrowNullPointerException(env, "AWT root shell is unrealized"); AWT_UNLOCK(); + JNU_ThrowNullPointerException(env, "AWT root shell is unrealized"); return; } command = (char *) JNU_GetStringPlatformChars(env, jcommand, NULL); - c[0] = (char *)command; - status = XmbTextListToTextProperty(awt_display, c, 1, - XStdICCTextStyle, &text_prop); - - if (status == Success || status > 0) { - XSetTextProperty(awt_display, xawt_root_window, - &text_prop, XA_WM_COMMAND); - if (text_prop.value != NULL) - XFree(text_prop.value); + if (command != NULL) { + c[0] = (char *)command; + status = XmbTextListToTextProperty(awt_display, c, 1, + XStdICCTextStyle, &text_prop); + + if (status == Success || status > 0) { + XSetTextProperty(awt_display, xawt_root_window, + &text_prop, XA_WM_COMMAND); + if (text_prop.value != NULL) + XFree(text_prop.value); + } + JNU_ReleaseStringPlatformChars(env, jcommand, command); } - JNU_ReleaseStringPlatformChars(env, jcommand, command); AWT_UNLOCK(); } @@ -886,96 +908,56 @@ Java_sun_awt_motif_XsessionWMcommand(JNIEnv *env, jobject this, * name. It's not! It's just a plain function. */ JNIEXPORT void JNICALL -Java_sun_awt_motif_XsessionWMcommand_New(JNIEnv *env, jobjectArray jargv) +Java_sun_awt_motif_XsessionWMcommand_New(JNIEnv *env, jobjectArray jarray) { - static const char empty[] = ""; - - int argc; - const char **cargv; + jsize length; + char ** array; XTextProperty text_prop; int status; - int i; Window xawt_root_window; AWT_LOCK(); xawt_root_window = get_xawt_root_shell(env); if (xawt_root_window == None) { - JNU_ThrowNullPointerException(env, "AWT root shell is unrealized"); AWT_UNLOCK(); + JNU_ThrowNullPointerException(env, "AWT root shell is unrealized"); return; } - argc = (int)(*env)->GetArrayLength(env, jargv); - if (argc == 0) { - AWT_UNLOCK(); - return; - } - - /* array of C strings */ - cargv = (const char **)calloc(argc, sizeof(char *)); - if (cargv == NULL) { - JNU_ThrowOutOfMemoryError(env, "Unable to allocate cargv"); - AWT_UNLOCK(); - return; - } + array = stringArrayToNative(env, jarray, &length); - /* fill C array with platform chars of java strings */ - for (i = 0; i < argc; ++i) { - jstring js; - const char *cs; - - cs = NULL; - js = (*env)->GetObjectArrayElement(env, jargv, i); - if (js != NULL) { - cs = JNU_GetStringPlatformChars(env, js, NULL); - } - if (cs == NULL) { - cs = empty; - } - cargv[i] = cs; - (*env)->DeleteLocalRef(env, js); - } - - /* grr, X prototype doesn't declare cargv as const, thought it really is */ - status = XmbTextListToTextProperty(awt_display, (char **)cargv, argc, - XStdICCTextStyle, &text_prop); - if (status < 0) { - switch (status) { - case XNoMemory: - JNU_ThrowOutOfMemoryError(env, - "XmbTextListToTextProperty: XNoMemory"); - break; - case XLocaleNotSupported: - JNU_ThrowInternalError(env, - "XmbTextListToTextProperty: XLocaleNotSupported"); - break; - case XConverterNotFound: - JNU_ThrowNullPointerException(env, - "XmbTextListToTextProperty: XConverterNotFound"); - break; - default: - JNU_ThrowInternalError(env, - "XmbTextListToTextProperty: unknown error"); + if (array != NULL) { + status = XmbTextListToTextProperty(awt_display, array, length, + XStdICCTextStyle, &text_prop); + if (status < 0) { + switch (status) { + case XNoMemory: + JNU_ThrowOutOfMemoryError(env, + "XmbTextListToTextProperty: XNoMemory"); + break; + case XLocaleNotSupported: + JNU_ThrowInternalError(env, + "XmbTextListToTextProperty: XLocaleNotSupported"); + break; + case XConverterNotFound: + JNU_ThrowNullPointerException(env, + "XmbTextListToTextProperty: XConverterNotFound"); + break; + default: + JNU_ThrowInternalError(env, + "XmbTextListToTextProperty: unknown error"); + } + } else { + XSetTextProperty(awt_display, xawt_root_window, + &text_prop, XA_WM_COMMAND); } - } else { - XSetTextProperty(awt_display, xawt_root_window, - &text_prop, XA_WM_COMMAND); - } - - for (i = 0; i < argc; ++i) { - jstring js; - - if (cargv[i] == empty) - continue; + if (text_prop.value != NULL) + XFree(text_prop.value); - js = (*env)->GetObjectArrayElement(env, jargv, i); - JNU_ReleaseStringPlatformChars(env, js, cargv[i]); - (*env)->DeleteLocalRef(env, js); + freeNativeStringArray(array, length); } - if (text_prop.value != NULL) - XFree(text_prop.value); AWT_UNLOCK(); } diff --git a/src/solaris/native/sun/xawt/XWindow.c b/src/solaris/native/sun/xawt/XWindow.c index 8cdebc7fc..9ac7ee12d 100644 --- a/src/solaris/native/sun/xawt/XWindow.c +++ b/src/solaris/native/sun/xawt/XWindow.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1242,9 +1242,13 @@ Java_sun_awt_X11_XWindow_initIDs { char *ptr = NULL; windowID = (*env)->GetFieldID(env, clazz, "window", "J"); + CHECK_NULL(windowID); targetID = (*env)->GetFieldID(env, clazz, "target", "Ljava/awt/Component;"); + CHECK_NULL(targetID); graphicsConfigID = (*env)->GetFieldID(env, clazz, "graphicsConfig", "Lsun/awt/X11GraphicsConfig;"); + CHECK_NULL(graphicsConfigID); drawStateID = (*env)->GetFieldID(env, clazz, "drawState", "I"); + CHECK_NULL(drawStateID); ptr = getenv("_AWT_USE_TYPE4_PATCH"); if( ptr != NULL && ptr[0] != 0 ) { if( strncmp("true", ptr, 4) == 0 ) { diff --git a/src/solaris/native/sun/xawt/XlibWrapper.c b/src/solaris/native/sun/xawt/XlibWrapper.c index cf3474d0e..09b8a00c2 100644 --- a/src/solaris/native/sun/xawt/XlibWrapper.c +++ b/src/solaris/native/sun/xawt/XlibWrapper.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -48,6 +48,7 @@ #include "utility/rect.h" #include <X11/XKBlib.h> + #if defined(DEBUG) || defined(INTERNAL_BUILD) static jmethodID lockIsHeldMID = NULL; @@ -59,17 +60,94 @@ CheckHaveAWTLock(JNIEnv *env) lockIsHeldMID = (*env)->GetStaticMethodID(env, tkClass, "isAWTLockHeldByCurrentThread", "()Z"); + if (lockIsHeldMID == NULL) return; } if (!(*env)->CallStaticBooleanMethod(env, tkClass, lockIsHeldMID)) { JNU_ThrowInternalError(env, "Current thread does not hold AWT_LOCK!"); } } -#define AWT_CHECK_HAVE_LOCK() CheckHaveAWTLock(env) +#define AWT_CHECK_HAVE_LOCK() \ + do { \ + CheckHaveAWTLock(env); \ + if ((*env)->ExceptionCheck(env)) { \ + return; \ + } \ + } while (0); \ + +#define AWT_CHECK_HAVE_LOCK_RETURN(ret) \ + do { \ + CheckHaveAWTLock(env); \ + if ((*env)->ExceptionCheck(env)) { \ + return (ret); \ + } \ + } while (0); \ + #else #define AWT_CHECK_HAVE_LOCK() +#define AWT_CHECK_HAVE_LOCK_RETURN(ret) #endif +void freeNativeStringArray(char **array, jsize length) { + int i; + if (array == NULL) { + return; + } + for (i = 0; i < length; i++) { + free(array[i]); + } + free(array); +} + +char** stringArrayToNative(JNIEnv *env, jobjectArray array, jsize * ret_length) { + Bool err = FALSE; + char ** strings; + int index, str_index = 0; + jsize length = (*env)->GetArrayLength(env, array); + + if (length == 0) { + return NULL; + } + + strings = (char**) calloc(length, sizeof (char*)); + + if (strings == NULL) { + JNU_ThrowOutOfMemoryError(env, ""); + return NULL; + } + + for (index = 0; index < length; index++) { + jstring str = (*env)->GetObjectArrayElement(env, array, index); + if (str != NULL) { + const char * str_char = JNU_GetStringPlatformChars(env, str, NULL); + if (str_char != NULL) { + char * dup_str = strdup(str_char); + if (dup_str != NULL) { + strings[str_index++] = dup_str; + } else { + JNU_ThrowOutOfMemoryError(env, ""); + err = TRUE; + } + JNU_ReleaseStringPlatformChars(env, str, str_char); + } else { + err = TRUE; + } + (*env)->DeleteLocalRef(env, str); + if (err) { + break; + } + } + } + + if (err) { + freeNativeStringArray(strings, str_index); + strings = NULL; + str_index = -1; + } + *ret_length = str_index; + + return strings; +} /* * Class: XlibWrapper @@ -81,7 +159,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XOpenDisplay (JNIEnv *env, jclass clazz, jlong display_name) { Display *dp; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); dp = XOpenDisplay((char *) jlong_to_ptr(display_name)); return ptr_to_jlong(dp); @@ -97,7 +175,7 @@ Java_sun_awt_X11_XlibWrapper_XCloseDisplay(JNIEnv *env, jclass clazz, JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XDisplayString(JNIEnv *env, jclass clazz, jlong display) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return ptr_to_jlong(XDisplayString((Display*) jlong_to_ptr(display))); } @@ -115,7 +193,7 @@ Java_sun_awt_X11_XlibWrapper_XSetCloseDownMode(JNIEnv *env, jclass clazz, */ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_DefaultScreen (JNIEnv *env, jclass clazz, jlong display) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return (jlong) DefaultScreen((Display *) jlong_to_ptr(display)); } @@ -125,7 +203,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_DefaultScreen (JNIEnv *env, * Signature: (JJ)J */ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_ScreenOfDisplay(JNIEnv *env, jclass clazz, jlong display, jlong screen_number) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return ptr_to_jlong(ScreenOfDisplay((Display *) jlong_to_ptr(display), screen_number)); } @@ -136,7 +214,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_ScreenOfDisplay(JNIEnv *env * Signature: (J)I */ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_DoesBackingStore(JNIEnv *env, jclass clazz, jlong screen) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return (jint) DoesBackingStore((Screen*) jlong_to_ptr(screen)); } @@ -148,7 +226,7 @@ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_DoesBackingStore(JNIEnv *env JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_DisplayWidth (JNIEnv *env, jclass clazz, jlong display, jlong screen) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return (jlong) DisplayWidth((Display *) jlong_to_ptr(display),screen); } @@ -160,7 +238,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_DisplayWidth */ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_DisplayWidthMM (JNIEnv *env, jclass clazz, jlong display, jlong screen) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return (jlong) DisplayWidthMM((Display *) jlong_to_ptr(display),screen); } @@ -172,7 +250,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_DisplayWidthMM JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_DisplayHeight (JNIEnv *env, jclass clazz, jlong display, jlong screen) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return (jlong) DisplayHeight((Display *) jlong_to_ptr(display),screen); } /* @@ -182,7 +260,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_DisplayHeight */ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_DisplayHeightMM (JNIEnv *env, jclass clazz, jlong display, jlong screen) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return (jlong) DisplayHeightMM((Display *) jlong_to_ptr(display),screen); } @@ -193,7 +271,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_DisplayHeightMM */ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_RootWindow (JNIEnv *env , jclass clazz, jlong display, jlong screen_number) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return (jlong) RootWindow((Display *) jlong_to_ptr(display), screen_number); } @@ -203,7 +281,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_RootWindow */ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_ScreenCount (JNIEnv *env , jclass clazz, jlong display) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return ScreenCount((Display *) jlong_to_ptr(display)); } @@ -218,7 +296,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XCreateWindow jint x, jint y, jint w, jint h , jint border_width, jint depth, jlong wclass, jlong visual, jlong valuemask, jlong attributes) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XCreateWindow((Display *) jlong_to_ptr(display),(Window) window, x, y, w, h, border_width, depth, wclass, (Visual *) jlong_to_ptr(visual), valuemask, (XSetWindowAttributes *) jlong_to_ptr(attributes)); @@ -360,7 +438,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XGetInputFocus Window focusOwner; int revert_to; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); XGetInputFocus( (Display *)jlong_to_ptr(display), &focusOwner, &revert_to); return focusOwner; } @@ -383,7 +461,7 @@ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XGrabPointer jint owner_events, jint event_mask, jint pointer_mode, jint keyboard_mode, jlong confine_to, jlong cursor, jlong time) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XGrabPointer( (Display *)jlong_to_ptr(display), (Window) window, (Bool) owner_events, (unsigned int) event_mask, (int) pointer_mode, (int) keyboard_mode, (Window) confine_to, (Cursor) cursor, (Time) time); @@ -401,7 +479,7 @@ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XGrabKeyboard jint owner_events, jint pointer_mode, jint keyboard_mode, jlong time) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XGrabKeyboard( (Display *)jlong_to_ptr(display), (Window) window, (Bool) owner_events, (int) pointer_mode, (int) keyboard_mode, (Time) time); @@ -474,7 +552,7 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_XkbQueryExtension (JNIEnv *env, jclass clazz, jlong display, jlong opcode_rtrn, jlong event_rtrn, jlong error_rtrn, jlong major_in_out, jlong minor_in_out) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); return XkbQueryExtension( (Display *) jlong_to_ptr(display), (int *) jlong_to_ptr(opcode_rtrn), (int *) jlong_to_ptr(event_rtrn), @@ -485,7 +563,7 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_XkbQueryExtension JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_XkbLibraryVersion (JNIEnv *env, jclass clazz, jlong lib_major_in_out, jlong lib_minor_in_out) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); *((int *)jlong_to_ptr(lib_major_in_out)) = XkbMajorVersion; *((int *)jlong_to_ptr(lib_minor_in_out)) = XkbMinorVersion; return XkbLibraryVersion((int *)jlong_to_ptr(lib_major_in_out), (int *)jlong_to_ptr(lib_minor_in_out)); @@ -494,7 +572,7 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_XkbLibraryVersion JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XkbGetMap (JNIEnv *env, jclass clazz, jlong display, jlong which, jlong device_spec) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return (jlong) XkbGetMap( (Display *) jlong_to_ptr(display), (unsigned int) which, (unsigned int) device_spec); @@ -502,7 +580,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XkbGetMap JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XkbGetUpdatedMap (JNIEnv *env, jclass clazz, jlong display, jlong which, jlong xkb) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return (jlong) XkbGetUpdatedMap( (Display *) jlong_to_ptr(display), (unsigned int) which, (XkbDescPtr) jlong_to_ptr(xkb)); @@ -516,6 +594,7 @@ JNIEXPORT void JNICALL Java_sun_awt_X11_XlibWrapper_XkbFreeKeyboard JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_XkbTranslateKeyCode (JNIEnv *env, jclass clazz, jlong xkb, jint keycode, jlong mods, jlong mods_rtrn, jlong keysym_rtrn) { + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); Bool b; b = XkbTranslateKeyCode((XkbDescPtr)xkb, (unsigned int)keycode, (unsigned int)mods, (unsigned int *)jlong_to_ptr(mods_rtrn), @@ -578,7 +657,7 @@ JNIEXPORT void JNICALL Java_sun_awt_X11_XlibWrapper_XWindowEvent JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_XFilterEvent (JNIEnv *env, jclass clazz, jlong ptr, jlong window) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); return (jboolean) XFilterEvent((XEvent *) jlong_to_ptr(ptr), (Window) window); } @@ -590,7 +669,7 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_XFilterEvent JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_XSupportsLocale (JNIEnv *env, jclass clazz) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); return (jboolean)XSupportsLocale(); } @@ -607,9 +686,10 @@ JNIEXPORT jstring JNICALL Java_sun_awt_X11_XlibWrapper_XSetLocaleModifiers if (!JNU_IsNull(env, jstr)) { modifier_list = (char *)JNU_GetStringPlatformChars(env, jstr, NULL); + CHECK_NULL_RETURN(modifier_list, NULL); } - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(NULL); if (modifier_list) { ret = XSetLocaleModifiers(modifier_list); JNU_ReleaseStringPlatformChars(env, jstr, (const char *) modifier_list); @@ -722,7 +802,7 @@ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XTranslateCoordinates jlong src_x, jlong src_y, jlong dest_x_return, jlong dest_y_return, jlong child_return) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XTranslateCoordinates( (Display *) jlong_to_ptr(display), src_w, dest_w, src_x, src_y, (int *) jlong_to_ptr(dest_x_return), @@ -733,7 +813,7 @@ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XTranslateCoordinates JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XEventsQueued (JNIEnv *env, jclass clazz, jlong display, jint mode) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XEventsQueued((Display *) jlong_to_ptr(display), mode); } @@ -758,6 +838,7 @@ JNIEXPORT void JNICALL Java_sun_awt_X11_XlibWrapper_SetProperty #else cname = (char *) JNU_GetStringPlatformChars(env, jstr, NULL); #endif + CHECK_NULL(cname); } else { cname = ""; } @@ -814,8 +895,9 @@ JNIEXPORT void JNICALL Java_sun_awt_X11_XlibWrapper_XChangePropertyS( jlong type, jint format, jint mode, jstring value) { jboolean iscopy; - const char * chars = JNU_GetStringPlatformChars(env, value, &iscopy); AWT_CHECK_HAVE_LOCK(); + const char * chars = JNU_GetStringPlatformChars(env, value, &iscopy); + CHECK_NULL(chars); XChangeProperty((Display*)jlong_to_ptr(display), window, (Atom)property, (Atom)type, format, mode, (unsigned char*)chars, strlen(chars)); if (iscopy) { @@ -833,7 +915,7 @@ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XGetWindowProperty jlong long_length, jlong delete, jlong req_type, jlong actual_type, jlong actual_format, jlong nitems_ptr, jlong bytes_after, jlong data_ptr) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XGetWindowProperty((Display*) jlong_to_ptr(display), window, property, long_offset, long_length, delete, (Atom) req_type, (Atom*) jlong_to_ptr(actual_type), (int *) jlong_to_ptr(actual_format), (unsigned long *) jlong_to_ptr(nitems_ptr), @@ -857,23 +939,22 @@ JNIEXPORT jstring JNICALL Java_sun_awt_X11_XlibWrapper_GetProperty unsigned long nitems; unsigned long bytes_after; unsigned char * string; - jstring res; - AWT_CHECK_HAVE_LOCK(); + jstring res = NULL; + AWT_CHECK_HAVE_LOCK_RETURN(NULL); status = XGetWindowProperty((Display*)jlong_to_ptr(display), window, atom, 0, 0xFFFF, False, XA_STRING, &actual_type, &actual_format, &nitems, &bytes_after, &string); + if (status != Success || string == NULL) { - return NULL; + return NULL; } - if (actual_type != XA_STRING || actual_format != 8) { - XFree(string); - return NULL; + if (actual_type == XA_STRING && actual_format == 8) { + res = JNU_NewStringPlatform(env,(char*) string); } - - // Memory leak??? - return JNU_NewStringPlatform(env,(char*) string); + XFree(string); + return res; } /* @@ -887,13 +968,15 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_InternAtom char *cname; unsigned long atom; + AWT_CHECK_HAVE_LOCK_RETURN(0); + if (!JNU_IsNull(env, jstr)) { cname = (char *)JNU_GetStringPlatformChars(env, jstr, NULL); + CHECK_NULL_RETURN(cname, 0); } else { cname = ""; } - AWT_CHECK_HAVE_LOCK(); atom = XInternAtom((Display *) jlong_to_ptr(display), cname, ife); if (!JNU_IsNull(env, jstr)) { @@ -906,7 +989,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_InternAtom JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XCreateFontCursor (JNIEnv *env, jclass clazz, jlong display, jint shape) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XCreateFontCursor((Display *) jlong_to_ptr(display), (int) shape); } @@ -919,7 +1002,7 @@ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XCreateFontCursor JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XCreatePixmapCursor (JNIEnv *env , jclass clazz, jlong display, jlong source, jlong mask, jlong fore, jlong back, jint x , jint y) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return (jlong) XCreatePixmapCursor((Display *) jlong_to_ptr(display), (Pixmap) source, (Pixmap) mask, (XColor *) jlong_to_ptr(fore), (XColor *) jlong_to_ptr(back), x, y); } @@ -935,7 +1018,7 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_XQueryBestCursor Status status; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); status = XQueryBestCursor((Display *) jlong_to_ptr(display), (Drawable) drawable, width,height, (unsigned int *) jlong_to_ptr(width_return), (unsigned int *) jlong_to_ptr(height_return)); @@ -966,15 +1049,14 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_XQueryPointer Bool b; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); b = XQueryPointer((Display *) jlong_to_ptr(display), (Window) w, (Window *) jlong_to_ptr(root_return), (Window *) jlong_to_ptr(child_return), (int *) jlong_to_ptr(root_x_return), (int *) jlong_to_ptr(root_y_return), (int *) jlong_to_ptr(win_x_return), (int *) jlong_to_ptr(win_y_return), (unsigned int *) jlong_to_ptr(mask_return)); - if (b == True) return JNI_TRUE; - else return JNI_FALSE; + return b ? JNI_TRUE : JNI_FALSE; } /* @@ -1042,7 +1124,7 @@ JNIEXPORT void JNICALL Java_sun_awt_X11_XlibWrapper_XGetWMHints JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XGetPointerMapping (JNIEnv *env, jclass clazz, jlong display, jlong map, jint buttonNumber) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XGetPointerMapping((Display*)jlong_to_ptr(display), (unsigned char*) jlong_to_ptr(map), buttonNumber); } @@ -1061,31 +1143,26 @@ JNIEXPORT jstring JNICALL Java_sun_awt_X11_XlibWrapper_XGetDefault if (!JNU_IsNull(env, program)) { c_program = (char *)JNU_GetStringPlatformChars(env, program, NULL); } + CHECK_NULL_RETURN(c_program, NULL); + if (!JNU_IsNull(env, option)) { c_option = (char *)JNU_GetStringPlatformChars(env, option, NULL); } - if (c_program == NULL || c_option == NULL) { - if (!JNU_IsNull(env, program)) { - JNU_ReleaseStringPlatformChars(env, program, (const char *) c_program); - } - if (!JNU_IsNull(env, option)) { - JNU_ReleaseStringPlatformChars(env, option, (const char *) c_option); - } + if (c_option == NULL) { + JNU_ReleaseStringPlatformChars(env, program, (const char *) c_program); return NULL; } - AWT_CHECK_HAVE_LOCK(); + + AWT_CHECK_HAVE_LOCK_RETURN(NULL); c_res = XGetDefault((Display*)jlong_to_ptr(display), c_program, c_option); + // The strings returned by XGetDefault() are owned by Xlib and + // should not be modified or freed by the client. - if (!JNU_IsNull(env, program)) { - JNU_ReleaseStringPlatformChars(env, program, (const char *) c_program); - } - if (!JNU_IsNull(env, option)) { - JNU_ReleaseStringPlatformChars(env, option, (const char *) c_option); - } + JNU_ReleaseStringPlatformChars(env, program, (const char *) c_program); + JNU_ReleaseStringPlatformChars(env, option, (const char *) c_option); if (c_res != NULL) { - // Memory leak??? return JNU_NewStringPlatform(env, c_res); } else { return NULL; @@ -1103,7 +1180,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_getScreenOfWindow { XWindowAttributes attrs; memset(&attrs, 0, sizeof(attrs)); - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); XGetWindowAttributes((Display *) jlong_to_ptr(display), window, &attrs); return ptr_to_jlong(attrs.screen); } @@ -1116,7 +1193,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_getScreenOfWindow JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XScreenNumberOfScreen (JNIEnv *env, jclass clazz, jlong screen) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(-1); if(jlong_to_ptr(screen) == NULL) { return -1; } @@ -1131,7 +1208,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XScreenNumberOfScreen JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XIconifyWindow (JNIEnv *env, jclass clazz, jlong display, jlong window, jlong screenNumber) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XIconifyWindow((Display*) jlong_to_ptr(display), window, screenNumber); } @@ -1158,6 +1235,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_awt_X11_XlibWrapper_getStringBytes unsigned char * str = (unsigned char*) jlong_to_ptr(str_ptr); long length = strlen((char*)str); jbyteArray res = (*env)->NewByteArray(env, length); + CHECK_NULL_RETURN(res, NULL); void * storage = malloc(length+1); memcpy(storage, str, length+1); (*env)->SetByteArrayRegion(env, res, 0, length, @@ -1174,7 +1252,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_awt_X11_XlibWrapper_getStringBytes JNIEXPORT jstring JNICALL Java_sun_awt_X11_XlibWrapper_ServerVendor (JNIEnv *env, jclass clazz, jlong display) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(NULL); return JNU_NewStringPlatform(env, ServerVendor((Display*)jlong_to_ptr(display))); } /* @@ -1185,7 +1263,7 @@ JNIEXPORT jstring JNICALL Java_sun_awt_X11_XlibWrapper_ServerVendor JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_VendorRelease (JNIEnv *env, jclass clazz, jlong display) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return VendorRelease((Display*)jlong_to_ptr(display)); } /* @@ -1203,7 +1281,7 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_IsXsunKPBehavior // second, in which place in the keysymarray is XK_KP_7 // using XKeycodeToKeysym. int kc7; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); kc7 = XKeysymToKeycode((Display*)jlong_to_ptr(display), XK_KP_7); if( !kc7 ) { // keycode is not defined. Why, it's a reduced keyboard perhaps: @@ -1226,7 +1304,7 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_IsSunKeyboard (JNIEnv *env, jclass clazz, jlong display) { int xx; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); xx = XKeysymToKeycode((Display*)jlong_to_ptr(display), SunXK_F37); return (!xx) ? JNI_FALSE : JNI_TRUE; } @@ -1242,7 +1320,7 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_IsKanaKeyboard int32_t i; int32_t kanaCount = 0; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); // There's no direct way to determine whether the keyboard has // a kana lock key. From available keyboard mapping tables, it looks @@ -1289,8 +1367,10 @@ static int ToolkitErrorHandler(Display * dpy, XErrorEvent * event) { JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_SetToolkitErrorHandler (JNIEnv *env, jclass clazz) { - (*env)->GetJavaVM(env, &jvm); - AWT_CHECK_HAVE_LOCK(); + if ((*env)->GetJavaVM(env, &jvm) < 0) { + return 0; + } + AWT_CHECK_HAVE_LOCK_RETURN(0); return ptr_to_jlong(XSetErrorHandler(ToolkitErrorHandler)); } @@ -1350,28 +1430,14 @@ JNIEXPORT void JNICALL Java_sun_awt_X11_XlibWrapper_PrintXErrorEvent JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XInternAtoms (JNIEnv *env, jclass clazz, jlong display, jobjectArray names_arr, jboolean only_if_exists, jlong atoms) { - int length = (*env)->GetArrayLength(env, names_arr); - char ** names = (char**)malloc(length*sizeof(char*)); - jboolean copy; - int index, name_index = 0; - int status; - - AWT_CHECK_HAVE_LOCK(); - - for (index = 0; index < length; index++) { - jstring str = (*env)->GetObjectArrayElement(env, names_arr, index); - if (!JNU_IsNull(env, str)) { - const char * str_char = JNU_GetStringPlatformChars(env, str, NULL); - names[name_index++] = strdup(str_char); - JNU_ReleaseStringPlatformChars(env, str, str_char); - (*env)->DeleteLocalRef(env, str); - } - } - status = XInternAtoms((Display*)jlong_to_ptr(display), names, name_index, only_if_exists, (Atom*) jlong_to_ptr(atoms)); - for (index = 0; index < length; index++) { - free(names[index]); + int status = 0; + AWT_CHECK_HAVE_LOCK_RETURN(0); + jsize length; + char** names = stringArrayToNative(env, names_arr, &length); + if (names) { + status = XInternAtoms((Display*)jlong_to_ptr(display), names, length, only_if_exists, (Atom*) jlong_to_ptr(atoms)); + freeNativeStringArray(names, length); } - free(names); return status; } @@ -1386,7 +1452,7 @@ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XGetWindowAttributes (JNIEnv *env, jclass clazz, jlong display, jlong window, jlong attr_ptr) { jint status; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); memset((XWindowAttributes*) jlong_to_ptr(attr_ptr), 0, sizeof(XWindowAttributes)); status = XGetWindowAttributes((Display*)jlong_to_ptr(display), window, (XWindowAttributes*) jlong_to_ptr(attr_ptr)); return status; @@ -1404,7 +1470,7 @@ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XGetGeometry jlong border_width_return, jlong depth_return) { jint status; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); status = XGetGeometry((Display *)jlong_to_ptr(display), (Drawable)drawable, (Window *)jlong_to_ptr(root_return), (int *)jlong_to_ptr(x_return), (int *)jlong_to_ptr(y_return), @@ -1423,7 +1489,7 @@ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XGetGeometry JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XGetWMNormalHints (JNIEnv *env, jclass clazz, jlong display, jlong window, jlong hints, jlong supplied_return) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XGetWMNormalHints((Display*) jlong_to_ptr(display), window, (XSizeHints*) jlong_to_ptr(hints), @@ -1462,7 +1528,7 @@ JNIEXPORT void JNICALL Java_sun_awt_X11_XlibWrapper_XDeleteProperty JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XSendEvent (JNIEnv *env, jclass clazz, jlong display, jlong window, jboolean propagate, jlong event_mask, jlong event) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XSendEvent((Display*) jlong_to_ptr(display), window, propagate==JNI_TRUE?True:False, @@ -1479,7 +1545,7 @@ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XSendEvent JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XQueryTree (JNIEnv *env, jclass clazz, jlong display, jlong window, jlong root_return, jlong parent_return, jlong children_return, jlong nchildren_return) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XQueryTree((Display*) jlong_to_ptr(display), window, (Window *) jlong_to_ptr(root_return), @@ -1524,7 +1590,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XGetVisualInfo (JNIEnv *env, jclass clazz, jlong display, jlong vinfo_mask, jlong vinfo_template, jlong nitems_return) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return ptr_to_jlong(XGetVisualInfo((Display*) jlong_to_ptr(display), (long) vinfo_mask, (XVisualInfo*) jlong_to_ptr(vinfo_template), @@ -1534,7 +1600,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XGetVisualInfo JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XAllocSizeHints (JNIEnv *env, jclass clazz) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return ptr_to_jlong(XAllocSizeHints()); } @@ -1560,7 +1626,7 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_XAllocColor (JNIEnv *env, jclass clazz, jlong display , jlong colormap, jlong xcolor) { Status status; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); status = XAllocColor((Display *) jlong_to_ptr(display), (Colormap) colormap, (XColor *) jlong_to_ptr(xcolor)); if (status == 0) return JNI_FALSE; @@ -1575,7 +1641,7 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_XAllocColor */ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XCreateBitmapFromData (JNIEnv *env, jclass clazz, jlong display, jlong drawable, jlong data, jint width, jint height) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return (jlong) XCreateBitmapFromData((Display *) jlong_to_ptr(display), (Drawable) drawable, (char *) jlong_to_ptr(data), width, height); @@ -1640,7 +1706,7 @@ Java_sun_awt_X11_XlibWrapper_XSetSelectionOwner(JNIEnv *env, jclass clazz, JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XGetSelectionOwner(JNIEnv *env, jclass clazz, jlong display, jlong selection) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return (jlong)XGetSelectionOwner((Display*)jlong_to_ptr(display), selection); } @@ -1655,7 +1721,7 @@ Java_sun_awt_X11_XlibWrapper_XGetAtomName(JNIEnv *env, jclass clazz, { jstring string = NULL; char* name; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(NULL); name = (char*) XGetAtomName((Display*)jlong_to_ptr(display), atom); if (name == NULL) { @@ -1679,21 +1745,21 @@ Java_sun_awt_X11_XlibWrapper_XGetAtomName(JNIEnv *env, jclass clazz, JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XMaxRequestSize(JNIEnv *env, jclass clazz, jlong display) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XMaxRequestSize((Display*) jlong_to_ptr(display)); } JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XAllocWMHints(JNIEnv *env, jclass clazz) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return ptr_to_jlong(XAllocWMHints()); } JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XCreatePixmap(JNIEnv *env, jclass clazz, jlong display, jlong drawable, jint width, jint height, jint depth) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XCreatePixmap((Display*)jlong_to_ptr(display), (Drawable)drawable, width, height, depth); } JNIEXPORT jlong JNICALL @@ -1702,7 +1768,7 @@ Java_sun_awt_X11_XlibWrapper_XCreateImage jint depth, jint format, jint offset, jlong data, jint width, jint height, jint bitmap_pad, jint bytes_per_line) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return ptr_to_jlong(XCreateImage((Display*) jlong_to_ptr(display), (Visual*) jlong_to_ptr(visual_ptr), depth, format, offset, (char*) jlong_to_ptr(data), width, height, bitmap_pad, bytes_per_line)); @@ -1712,7 +1778,7 @@ Java_sun_awt_X11_XlibWrapper_XCreateGC (JNIEnv *env, jclass clazz, jlong display, jlong drawable, jlong valuemask, jlong values) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return ptr_to_jlong(XCreateGC((Display*) jlong_to_ptr(display), (Drawable)drawable, valuemask, (XGCValues*) jlong_to_ptr(values))); } @@ -1762,7 +1828,7 @@ Java_sun_awt_X11_XlibWrapper_XGetIconSizes(JNIEnv *env, jclass clazz, jlong disp XIconSize** psize = (XIconSize**) jlong_to_ptr(ret_sizes); int * pcount = (int *) jlong_to_ptr(ret_count); Status res; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); res = XGetIconSizes((Display*) jlong_to_ptr(display), (Window)window, psize, pcount); return res; } @@ -1771,7 +1837,7 @@ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XdbeQueryExtension (JNIEnv *env, jclass clazz, jlong display, jlong major_version_return, jlong minor_version_return) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XdbeQueryExtension((Display*) jlong_to_ptr(display), (int *) jlong_to_ptr(major_version_return), (int *) jlong_to_ptr(minor_version_return)); } @@ -1784,11 +1850,12 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_XQueryExtension Boolean bu; if (!JNU_IsNull(env, jstr)) { cname = (char *)JNU_GetStringPlatformChars(env, jstr, NULL); + CHECK_NULL_RETURN(cname, JNI_FALSE); } else { cname = ""; } - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); bu = XQueryExtension((Display*) jlong_to_ptr(display), cname, (int *) jlong_to_ptr(mop_return), (int *) jlong_to_ptr(feve_return), (int *) jlong_to_ptr(err_return)); if (!JNU_IsNull(env, jstr)) { @@ -1800,7 +1867,7 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_XQueryExtension JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_IsKeypadKey (JNIEnv *env, jclass clazz, jlong keysym) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); if(IsKeypadKey(keysym)) { return JNI_TRUE; } @@ -1810,7 +1877,7 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XlibWrapper_IsKeypadKey JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XdbeAllocateBackBufferName (JNIEnv *env, jclass clazz, jlong display, jlong window, jint swap_action) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XdbeAllocateBackBufferName((Display*) jlong_to_ptr(display), (Window) window, (XdbeSwapAction) swap_action); } @@ -1818,28 +1885,28 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XdbeAllocateBackBufferName JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XdbeDeallocateBackBufferName (JNIEnv *env, jclass clazz, jlong display, jlong buffer) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XdbeDeallocateBackBufferName((Display*) jlong_to_ptr(display), (XdbeBackBuffer) buffer); } JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XdbeBeginIdiom (JNIEnv *env, jclass clazz, jlong display) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XdbeBeginIdiom((Display*) jlong_to_ptr(display)); } JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XdbeEndIdiom (JNIEnv *env, jclass clazz, jlong display) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XdbeEndIdiom((Display*) jlong_to_ptr(display)); } JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XdbeSwapBuffers (JNIEnv *env, jclass clazz, jlong display, jlong swap_info, jint num_windows) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XdbeSwapBuffers((Display*) jlong_to_ptr(display), (XdbeSwapInfo *) jlong_to_ptr(swap_info), num_windows); } JNIEXPORT void JNICALL Java_sun_awt_X11_XlibWrapper_XQueryKeymap @@ -1854,7 +1921,7 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XKeycodeToKeysym(JNIEnv *env, jclass clazz, jlong display, jint keycode, jint index) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XKeycodeToKeysym((Display*) jlong_to_ptr(display), (unsigned int)keycode, (int)index); } @@ -1862,7 +1929,7 @@ JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XkbGetEffectiveGroup(JNIEnv *env, jclass clazz, jlong display) { XkbStateRec sr; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); memset(&sr, 0, sizeof(XkbStateRec)); XkbGetState((Display*) jlong_to_ptr(display), XkbUseCoreKbd, &sr); // printf("-------------------------------------VVVV\n"); @@ -1887,21 +1954,21 @@ JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XkbKeycodeToKeysym(JNIEnv *env, jclass clazz, jlong display, jint keycode, jint group, jint level) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XkbKeycodeToKeysym((Display*) jlong_to_ptr(display), (unsigned int)keycode, (unsigned int)group, (unsigned int)level); } JNIEXPORT jint JNICALL Java_sun_awt_X11_XlibWrapper_XKeysymToKeycode(JNIEnv *env, jclass clazz, jlong display, jlong keysym) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return XKeysymToKeycode((Display*) jlong_to_ptr(display), (KeySym)keysym); } JNIEXPORT jlong JNICALL Java_sun_awt_X11_XlibWrapper_XGetModifierMapping(JNIEnv *env, jclass clazz, jlong display) { - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(0); return ptr_to_jlong(XGetModifierMapping((Display*) jlong_to_ptr(display))); } @@ -1958,7 +2025,7 @@ Java_sun_awt_X11_XlibWrapper_XNextSecondaryLoopEvent(JNIEnv *env, jclass clazz, jlong display, jlong ptr) { uint32_t timeout = 1; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); exitSecondaryLoop = False; while (!exitSecondaryLoop) { if (XCheckIfEvent((Display*) jlong_to_ptr(display), (XEvent*) jlong_to_ptr(ptr), secondary_loop_event, NULL)) { @@ -1996,7 +2063,7 @@ Java_sun_awt_X11_XlibWrapper_XTextPropertyToStringList(JNIEnv *env, static jclass stringClass = NULL; jclass stringClassLocal = NULL; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(NULL); if (JNU_IsNull(env, stringClass)) { stringClassLocal = (*env)->FindClass(env, "java/lang/String"); @@ -2148,7 +2215,7 @@ Java_sun_awt_X11_XlibWrapper_XShapeQueryExtension { jboolean status; - AWT_CHECK_HAVE_LOCK(); + AWT_CHECK_HAVE_LOCK_RETURN(JNI_FALSE); status = XShapeQueryExtension((Display *)jlong_to_ptr(display), (int *)jlong_to_ptr(event_base_return), (int *)jlong_to_ptr(error_base_return)); diff --git a/src/solaris/native/sun/xawt/awt_Desktop.c b/src/solaris/native/sun/xawt/awt_Desktop.c index 16c50eae7..0c41daee3 100644 --- a/src/solaris/native/sun/xawt/awt_Desktop.c +++ b/src/solaris/native/sun/xawt/awt_Desktop.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,6 +23,7 @@ * questions. */ +#include "jni_util.h" #include "gtk2_interface.h" #include "gnome_interface.h" @@ -65,6 +66,12 @@ JNIEXPORT jboolean JNICALL Java_sun_awt_X11_XDesktopPeer_gnome_1url_1show const gchar* url_c; url_c = (char*)(*env)->GetByteArrayElements(env, url_j, NULL); + if (url_c == NULL) { + if (!(*env)->ExceptionCheck(env)) { + JNU_ThrowOutOfMemoryError(env, 0); + } + return JNI_FALSE; + } if (gtk_has_been_loaded) { fp_gdk_threads_enter(); diff --git a/src/windows/classes/sun/security/mscapi/RSACipher.java b/src/windows/classes/sun/security/mscapi/RSACipher.java index 7ab29629a..023725b62 100644 --- a/src/windows/classes/sun/security/mscapi/RSACipher.java +++ b/src/windows/classes/sun/security/mscapi/RSACipher.java @@ -35,6 +35,8 @@ import javax.crypto.*; import javax.crypto.spec.*; import sun.security.rsa.RSAKeyFactory; +import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; +import sun.security.util.KeyUtil; /** * RSA cipher implementation using the Microsoft Crypto API. @@ -92,9 +94,16 @@ public final class RSACipher extends CipherSpi { // the public key, if we were initialized using a public key private sun.security.mscapi.Key publicKey; + // the private key, if we were initialized using a private key private sun.security.mscapi.Key privateKey; + // cipher parameter for TLS RSA premaster secret + private AlgorithmParameterSpec spec = null; + + // the source of randomness + private SecureRandom random; + public RSACipher() { paddingType = PAD_PKCS1; } @@ -155,8 +164,12 @@ public final class RSACipher extends CipherSpi { throws InvalidKeyException, InvalidAlgorithmParameterException { if (params != null) { - throw new InvalidAlgorithmParameterException - ("Parameters not supported"); + if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) { + throw new InvalidAlgorithmParameterException( + "Parameters not supported"); + } + spec = params; + this.random = random; // for TLS RSA premaster secret } init(opmode, key); } @@ -356,39 +369,47 @@ public final class RSACipher extends CipherSpi { } // see JCE spec - protected java.security.Key engineUnwrap(byte[] wrappedKey, String algorithm, + protected java.security.Key engineUnwrap(byte[] wrappedKey, + String algorithm, int type) throws InvalidKeyException, NoSuchAlgorithmException { if (wrappedKey.length > buffer.length) { throw new InvalidKeyException("Key is too long for unwrapping"); } - update(wrappedKey, 0, wrappedKey.length); - try { - byte[] encoding = doFinal(); - - switch (type) { - case Cipher.PUBLIC_KEY: - return constructPublicKey(encoding, algorithm); - - case Cipher.PRIVATE_KEY: - return constructPrivateKey(encoding, algorithm); - - case Cipher.SECRET_KEY: - return constructSecretKey(encoding, algorithm); - - default: - throw new InvalidKeyException("Unknown key type " + type); - } + boolean isTlsRsaPremasterSecret = + algorithm.equals("TlsRsaPremasterSecret"); + Exception failover = null; + byte[] encoded = null; + update(wrappedKey, 0, wrappedKey.length); + try { + encoded = doFinal(); } catch (BadPaddingException e) { - // should not occur - throw new InvalidKeyException("Unwrapping failed", e); - + if (isTlsRsaPremasterSecret) { + failover = e; + } else { + throw new InvalidKeyException("Unwrapping failed", e); + } } catch (IllegalBlockSizeException e) { // should not occur, handled with length check above throw new InvalidKeyException("Unwrapping failed", e); } + + if (isTlsRsaPremasterSecret) { + if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) { + throw new IllegalStateException( + "No TlsRsaPremasterSecretParameterSpec specified"); + } + + // polish the TLS premaster secret + encoded = KeyUtil.checkTlsPreMasterSecretKey( + ((TlsRsaPremasterSecretParameterSpec)spec).getClientVersion(), + ((TlsRsaPremasterSecretParameterSpec)spec).getServerVersion(), + random, encoded, (failover != null)); + } + + return constructKey(encoded, algorithm, type); } // see JCE spec @@ -452,6 +473,22 @@ public final class RSACipher extends CipherSpi { return new SecretKeySpec(encodedKey, encodedKeyAlgorithm); } + private static Key constructKey(byte[] encodedKey, + String encodedKeyAlgorithm, + int keyType) throws InvalidKeyException, NoSuchAlgorithmException { + + switch (keyType) { + case Cipher.PUBLIC_KEY: + return constructPublicKey(encodedKey, encodedKeyAlgorithm); + case Cipher.PRIVATE_KEY: + return constructPrivateKey(encodedKey, encodedKeyAlgorithm); + case Cipher.SECRET_KEY: + return constructSecretKey(encodedKey, encodedKeyAlgorithm); + default: + throw new InvalidKeyException("Unknown key type " + keyType); + } + } + /* * Encrypt/decrypt a data buffer using Microsoft Crypto API with HCRYPTKEY. * It expects and returns ciphertext data in big-endian form. diff --git a/src/windows/native/sun/windows/awt_Frame.cpp b/src/windows/native/sun/windows/awt_Frame.cpp index a4d50fac2..6822a0978 100644 --- a/src/windows/native/sun/windows/awt_Frame.cpp +++ b/src/windows/native/sun/windows/awt_Frame.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -173,8 +173,11 @@ AwtFrame* AwtFrame::Create(jobject self, jobject parent) BOOL isEmbeddedInstance = FALSE; BOOL isEmbedded = FALSE; cls = env->FindClass("sun/awt/EmbeddedFrame"); + if (cls) { isEmbeddedInstance = env->IsInstanceOf(target, cls); + } else { + throw std::bad_alloc(); } INT_PTR handle; if (isEmbeddedInstance) { @@ -189,6 +192,8 @@ AwtFrame* AwtFrame::Create(jobject self, jobject parent) cls = env->FindClass("sun/awt/LightweightFrame"); if (cls) { isLightweight = env->IsInstanceOf(target, cls); + } else { + throw std::bad_alloc(); } frame->m_isLightweight = isLightweight; @@ -260,7 +265,11 @@ AwtFrame* AwtFrame::Create(jobject self, jobject parent) // for input method windows, use minimal decorations inputMethodWindowCls = env->FindClass("sun/awt/im/InputMethodWindow"); - if ((inputMethodWindowCls != NULL) && env->IsInstanceOf(target, inputMethodWindowCls)) { + if (inputMethodWindowCls == NULL) { + throw std::bad_alloc(); + } + + if (env->IsInstanceOf(target, inputMethodWindowCls)) { //for below-the-spot composition window, use no decoration if (env->GetBooleanField(target, AwtFrame::undecoratedID) == JNI_TRUE){ exStyle = 0; @@ -1611,9 +1620,10 @@ Java_sun_awt_windows_WFramePeer_initIDs(JNIEnv *env, jclass cls) TRY; AwtFrame::setExtendedStateMID = env->GetMethodID(cls, "setExtendedState", "(I)V"); - AwtFrame::getExtendedStateMID = env->GetMethodID(cls, "getExtendedState", "()I"); - DASSERT(AwtFrame::setExtendedStateMID); + CHECK_NULL(AwtFrame::setExtendedStateMID); + + AwtFrame::getExtendedStateMID = env->GetMethodID(cls, "getExtendedState", "()I"); DASSERT(AwtFrame::getExtendedStateMID); CATCH_BAD_ALLOC; @@ -1787,35 +1797,6 @@ Java_sun_awt_windows_WFramePeer_pSetIMMOption(JNIEnv *env, jobject self, /************************************************************************ - * EmbeddedFrame native methods - */ - -extern "C" { - -/* - * Class: sun_awt_EmbeddedFrame - * Method: setPeer - * Signature: (Ljava/awt/peer/ComponentPeer;)V - */ -JNIEXPORT void JNICALL -Java_sun_awt_EmbeddedFrame_setPeer(JNIEnv *env, jobject self, jobject lpeer) -{ - TRY; - - jclass cls; - jfieldID fid; - - cls = env->GetObjectClass(self); - fid = env->GetFieldID(cls, "peer", "Ljava/awt/peer/ComponentPeer;"); - env->SetObjectField(self, fid, lpeer); - - CATCH_BAD_ALLOC; -} - -} /* extern "C" */ - - -/************************************************************************ * WEmbeddedFrame native methods */ @@ -1833,6 +1814,7 @@ Java_sun_awt_windows_WEmbeddedFrame_initIDs(JNIEnv *env, jclass cls) AwtFrame::handleID = env->GetFieldID(cls, "handle", "J"); DASSERT(AwtFrame::handleID != NULL); + CHECK_NULL(AwtFrame::handleID); AwtFrame::activateEmbeddingTopLevelMID = env->GetMethodID(cls, "activateEmbeddingTopLevel", "()V"); DASSERT(AwtFrame::activateEmbeddingTopLevelMID != NULL); diff --git a/test/com/sun/crypto/provider/TLS/TestPremaster.java b/test/com/sun/crypto/provider/TLS/TestPremaster.java index bbbfbb6bd..f19e7546d 100644 --- a/test/com/sun/crypto/provider/TLS/TestPremaster.java +++ b/test/com/sun/crypto/provider/TLS/TestPremaster.java @@ -33,6 +33,7 @@ import java.security.Provider; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; +import java.util.Formatter; import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; @@ -52,27 +53,51 @@ public class TestPremaster { System.out.println("OK: " + e); } - test(kg, 3, 0); - test(kg, 3, 1); - test(kg, 3, 2); - test(kg, 4, 0); + int[] protocolVersions = {0x0300, 0x0301, 0x0302, 0x0400}; + for (int clientVersion : protocolVersions) { + for (int serverVersion : protocolVersions) { + test(kg, clientVersion, serverVersion); + if (serverVersion >= clientVersion) { + break; + } + } + } System.out.println("Done."); } - private static void test(KeyGenerator kg, int major, int minor) - throws Exception { + private static void test(KeyGenerator kg, + int clientVersion, int serverVersion) throws Exception { + + System.out.printf( + "Testing RSA pre-master secret key generation between " + + "client (0x%04X) and server(0x%04X)%n", + clientVersion, serverVersion); + kg.init(new TlsRsaPremasterSecretParameterSpec( + clientVersion, serverVersion)); - kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor)); SecretKey key = kg.generateKey(); byte[] encoded = key.getEncoded(); - if (encoded.length != 48) { - throw new Exception("length: " + encoded.length); - } - if ((encoded[0] != major) || (encoded[1] != minor)) { - throw new Exception("version mismatch: " + encoded[0] + - "." + encoded[1]); - } - System.out.println("OK: " + major + "." + minor); + if (encoded != null) { // raw key material may be not extractable + if (encoded.length != 48) { + throw new Exception("length: " + encoded.length); + } + int v = versionOf(encoded[0], encoded[1]); + if (clientVersion != v) { + if (serverVersion != v || clientVersion >= 0x0302) { + throw new Exception(String.format( + "version mismatch: (0x%04X) rather than (0x%04X) " + + "is used in pre-master secret", v, clientVersion)); + } + System.out.printf("Use compatible version (0x%04X)%n", v); + } + System.out.println("Passed, version matches!"); + } else { + System.out.println("Raw key material is not extractable"); + } + } + + private static int versionOf(int major, int minor) { + return ((major & 0xFF) << 8) | (minor & 0xFF); } } diff --git a/test/java/net/Inet4Address/DummyNameService.java b/test/java/net/Inet4Address/DummyNameService.java new file mode 100644 index 000000000..8d813ac40 --- /dev/null +++ b/test/java/net/Inet4Address/DummyNameService.java @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * A simple name service which throws an exception when invoked + */ + +import java.net.UnknownHostException; +import java.net.InetAddress; +import sun.net.spi.nameservice.*; +import java.util.*; + +public final class DummyNameService implements NameService { + + public DummyNameService() throws Exception { + } + + public InetAddress[] lookupAllHostAddr(String host) throws UnknownHostException { + throw new UnknownHostException("Dummy name service"); + } + + public String getHostByAddr(byte[] addr) throws UnknownHostException { + throw new UnknownHostException("Dummy name service"); + } +} diff --git a/test/java/net/Inet4Address/DummyNameServiceDescriptor.java b/test/java/net/Inet4Address/DummyNameServiceDescriptor.java new file mode 100644 index 000000000..fd2ba233e --- /dev/null +++ b/test/java/net/Inet4Address/DummyNameServiceDescriptor.java @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * Descriptor for the dummy name service + */ + +import sun.net.spi.nameservice.*; + +public final class DummyNameServiceDescriptor implements NameServiceDescriptor { + + /** + * Create a new instance of the corresponding name service. + */ + public NameService createNameService() throws Exception { + return new DummyNameService(); + } + + /** + * Returns this service provider's name + * + */ + public String getProviderName() { + return "oracle"; + } + + /** + * Returns this name service type + * "dns" "nis" etc + */ + public String getType() { + return "dummy"; + } +} diff --git a/test/java/net/Inet4Address/META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor b/test/java/net/Inet4Address/META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor new file mode 100644 index 000000000..e12414994 --- /dev/null +++ b/test/java/net/Inet4Address/META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor @@ -0,0 +1,22 @@ +# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. + +DummyNameServiceDescriptor # name service provider descriptor diff --git a/test/java/net/Inet4Address/textToNumericFormat.java b/test/java/net/Inet4Address/textToNumericFormat.java index 8a74ba507..be5d8ab3e 100644 --- a/test/java/net/Inet4Address/textToNumericFormat.java +++ b/test/java/net/Inet4Address/textToNumericFormat.java @@ -25,8 +25,18 @@ * @test * @bug 4749938 * @summary Bug in the parsing IPv4 literal addresses + * @compile -XDignore.symbol.file=true DummyNameService.java DummyNameServiceDescriptor.java + * @run main/othervm -Dsun.net.spi.nameservice.provider.1=dummy,oracle textToNumericFormat */ +/** + * We use a dummy name service which throws UHE any time it is called. + * We do this because the "good" tests here should parse correctly + * without needing to call the name service, and the bad tests will + * not parse and then invoke the name service, where we expect + * the exception. + */ + import java.net.InetAddress; import java.net.UnknownHostException; import java.util.*; @@ -34,19 +44,25 @@ import java.util.*; public class textToNumericFormat { public static void main(String[] args) throws UnknownHostException { - List goodList = new ArrayList(); - List badList = new ArrayList(); + List<String> goodList = new ArrayList<>(); + List<String> badList = new ArrayList<>(); String goodAddrs[] = { "224.0.1.0", "238.255.255.255", - "239.255.255.255" }; + "239.255.255.255", + "239.255.65535", + "239.16777215", + "4294967295" }; String badAddrs[] = { "238.255.255.2550", "256.255.255.255", "238.255.2550.255", "238.2550.255.255", - "2380.255.255.255"}; + "2380.255.255.255", + "239.255.65536", + "239.16777216", + "4294967296" }; for (int i=0; i<goodAddrs.length; i++) { try { diff --git a/test/javax/net/ssl/SSLEngine/IllegalRecordVersion.java b/test/javax/net/ssl/SSLEngine/IllegalRecordVersion.java new file mode 100644 index 000000000..cab265287 --- /dev/null +++ b/test/javax/net/ssl/SSLEngine/IllegalRecordVersion.java @@ -0,0 +1,77 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +// This test case relies on updated static security property, no way to re-use +// security property in samevm/agentvm mode. + +/* + * @test + * @bug 8042449 + * @summary Issue for negative byte major record version + * + * @run main/othervm IllegalRecordVersion + */ + +import javax.net.ssl.*; +import javax.net.ssl.SSLEngineResult.*; +import java.io.*; +import java.security.*; +import java.nio.*; + +public class IllegalRecordVersion { + + public static void main(String args[]) throws Exception { + SSLContext context = SSLContext.getDefault(); + + SSLEngine cliEngine = context.createSSLEngine(); + cliEngine.setUseClientMode(true); + SSLEngine srvEngine = context.createSSLEngine(); + srvEngine.setUseClientMode(false); + + SSLSession session = cliEngine.getSession(); + int netBufferMax = session.getPacketBufferSize(); + int appBufferMax = session.getApplicationBufferSize(); + + ByteBuffer cliToSrv = ByteBuffer.allocateDirect(netBufferMax); + ByteBuffer srvIBuff = ByteBuffer.allocateDirect(appBufferMax + 50); + ByteBuffer cliOBuff = ByteBuffer.wrap("I'm client".getBytes()); + + + System.out.println("client hello (record version(0xa9, 0xa2))"); + SSLEngineResult cliRes = cliEngine.wrap(cliOBuff, cliToSrv); + System.out.println("Client wrap result: " + cliRes); + cliToSrv.flip(); + if (cliToSrv.limit() > 5) { + cliToSrv.put(1, (byte)0xa9); + cliToSrv.put(2, (byte)0xa2); + } + + try { + srvEngine.unwrap(cliToSrv, srvIBuff); + throw new Exception( + "Cannot catch the unsupported record version issue"); + } catch (SSLException e) { + // get the expected exception + } + } +} diff --git a/test/javax/swing/JTextField/8036819/bug8036819.java b/test/javax/swing/JTextField/8036819/bug8036819.java new file mode 100644 index 000000000..558be4c97 --- /dev/null +++ b/test/javax/swing/JTextField/8036819/bug8036819.java @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @library ../../regtesthelpers + * @build Util + * @bug 8036819 + * @summary JAB: mnemonics not read for textboxes + * @author Vivi An + * @run main bug8036819 + */ + +import javax.swing.*; +import javax.swing.event.*; +import java.awt.event.*; +import java.awt.*; +import sun.awt.SunToolkit; +import javax.accessibility.*; + +public class bug8036819 { + + public static volatile Boolean passed = false; + + public static void main(String args[]) throws Throwable { + SwingUtilities.invokeAndWait(new Runnable() { + public void run() { + createAndShowGUI(); + } + }); + + SunToolkit toolkit = (SunToolkit) Toolkit.getDefaultToolkit(); + toolkit.realSync(); + + Robot robo = new Robot(); + robo.setAutoDelay(300); + + // Using mnemonic key to focus on the textfield + Util.hitMnemonics(robo, KeyEvent.VK_P); + toolkit.realSync(); + + if (!passed){ + throw new RuntimeException("Test failed."); + } + } + + private static void createAndShowGUI() { + JFrame mainFrame = new JFrame("bug 8036819"); + + JLabel usernameLabel = new JLabel("Username: "); + JTextField usernameField = new JTextField(20); + usernameLabel.setDisplayedMnemonic(KeyEvent.VK_U); + usernameLabel.setLabelFor(usernameField); + + JLabel pwdLabel = new JLabel("Password: "); + JTextField pwdField = new JTextField(20); + pwdLabel.setDisplayedMnemonic(KeyEvent.VK_P); + pwdLabel.setLabelFor(pwdField); + + pwdField.addKeyListener( + new KeyListener(){ + @Override + public void keyPressed(KeyEvent keyEvent) { + } + + @Override + public void keyTyped(KeyEvent keyEvent) { + } + + @Override + public void keyReleased(KeyEvent keyEvent){ + JComponent comp = (JComponent) pwdField; + AccessibleContext ac = comp.getAccessibleContext(); + AccessibleExtendedComponent aec = (AccessibleExtendedComponent)ac.getAccessibleComponent(); + AccessibleKeyBinding akb = aec.getAccessibleKeyBinding(); + if (akb != null){ + int count = akb.getAccessibleKeyBindingCount(); + if (count != 1){ + passed = false; + return; + } + + // there is 1 accessible key for the text field + System.out.println("Retrieved AccessibleKeyBinding for textfield " + count); + + // the key code is KeyEvent.VK_P + Object o = akb.getAccessibleKeyBinding(0); + if (o instanceof KeyStroke){ + javax.swing.KeyStroke key = (javax.swing.KeyStroke)o; + System.out.println("keystroke is " + key.getKeyCode()); + if (key.getKeyCode() == KeyEvent.VK_P) + passed = true; + } + } + } + } + ); + + mainFrame.getContentPane().add(usernameLabel); + mainFrame.getContentPane().add(usernameField); + mainFrame.getContentPane().add(pwdLabel); + mainFrame.getContentPane().add(pwdField); + + mainFrame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); + mainFrame.setLayout(new FlowLayout(FlowLayout.LEFT)); + + mainFrame.setSize(200, 200); + mainFrame.setLocation(200, 200); + mainFrame.setVisible(true); + mainFrame.toFront(); + } + } diff --git a/test/sun/security/pkcs11/fips/CipherTest.java b/test/sun/security/pkcs11/fips/CipherTest.java index e85a3a685..dd627d356 100644 --- a/test/sun/security/pkcs11/fips/CipherTest.java +++ b/test/sun/security/pkcs11/fips/CipherTest.java @@ -472,8 +472,21 @@ public class CipherTest { return false; } + // No ECDH-capable certificate in key store. May restructure + // this in the future. + if (cipherSuite.contains("ECDHE_ECDSA") || + cipherSuite.contains("ECDH_ECDSA") || + cipherSuite.contains("ECDH_RSA")) { + System.out.println("Skipping unsupported test for " + + cipherSuite + " of " + protocol); + return false; + } + // skip SSLv2Hello protocol - if (protocol.equals("SSLv2Hello")) { + // + // skip TLSv1.2 protocol, we have not implement "SunTls12Prf" and + // SunTls12RsaPremasterSecret in SunPKCS11 provider + if (protocol.equals("SSLv2Hello") || protocol.equals("TLSv1.2")) { System.out.println("Skipping unsupported test for " + cipherSuite + " of " + protocol); return false; diff --git a/test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java b/test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java index 98dbdeea5..483e36f29 100644 --- a/test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java +++ b/test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /* * @test - * @bug 6313675 6323647 + * @bug 6313675 6323647 8028192 * @summary Verify that all ciphersuites work in FIPS mode * @library .. * @ignore JSSE supported cipher suites are changed with CR 6916074, @@ -44,9 +44,13 @@ public class ClientJSSEServerJSSE extends SecmodTest { return; } - if ("sparc".equals(System.getProperty("os.arch")) == false) { - // we have not updated other platforms with the proper NSS libraries yet - System.out.println("Test currently works only on solaris-sparc, skipping"); + String arch = System.getProperty("os.arch"); + if (!("sparc".equals(arch) || "sparcv9".equals(arch))) { + // we have not updated other platforms with the proper NSS + // libraries yet + System.out.println( + "Test currently works only on solaris-sparc " + + "and solaris-sparcv9. Skipping on " + arch); return; } diff --git a/test/sun/security/pkcs11/tls/TestPremaster.java b/test/sun/security/pkcs11/tls/TestPremaster.java index f7a51041e..05e8efb0f 100644 --- a/test/sun/security/pkcs11/tls/TestPremaster.java +++ b/test/sun/security/pkcs11/tls/TestPremaster.java @@ -34,6 +34,7 @@ import java.security.Provider; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; +import java.util.Formatter; import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; @@ -59,27 +60,51 @@ public class TestPremaster extends PKCS11Test { System.out.println("OK: " + e); } - test(kg, 3, 0); - test(kg, 3, 1); - test(kg, 3, 2); - test(kg, 4, 0); + int[] protocolVersions = {0x0300, 0x0301, 0x0302, 0x0400}; + for (int clientVersion : protocolVersions) { + for (int serverVersion : protocolVersions) { + test(kg, clientVersion, serverVersion); + if (serverVersion >= clientVersion) { + break; + } + } + } System.out.println("Done."); } - private static void test(KeyGenerator kg, int major, int minor) - throws Exception { + private static void test(KeyGenerator kg, + int clientVersion, int serverVersion) throws Exception { - kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor)); + System.out.printf( + "Testing RSA pre-master secret key generation between " + + "client (0x%04X) and server(0x%04X)%n", + clientVersion, serverVersion); + kg.init(new TlsRsaPremasterSecretParameterSpec( + clientVersion, serverVersion)); SecretKey key = kg.generateKey(); byte[] encoded = key.getEncoded(); - if (encoded.length != 48) { - throw new Exception("length: " + encoded.length); - } - if ((encoded[0] != major) || (encoded[1] != minor)) { - throw new Exception("version mismatch: " + encoded[0] + - "." + encoded[1]); - } - System.out.println("OK: " + major + "." + minor); + if (encoded != null) { // raw key material may be not extractable + if (encoded.length != 48) { + throw new Exception("length: " + encoded.length); + } + int v = versionOf(encoded[0], encoded[1]); + if (clientVersion != v) { + if (serverVersion != v || clientVersion >= 0x0302) { + throw new Exception(String.format( + "version mismatch: (0x%04X) rather than (0x%04X) " + + "is used in pre-master secret", v, clientVersion)); + } + System.out.printf("Use compatible version (0x%04X)%n", v); + } + System.out.println("Passed, version matches!"); + } else { + System.out.println("Raw key material is not extractable"); + } } + + private static int versionOf(int major, int minor) { + return ((major & 0xFF) << 8) | (minor & 0xFF); + } + } |