Skip to content

Commit

Permalink
Merge branch 'master' of https://github.com/openjdk/jdk into JDK-8260282
Browse files Browse the repository at this point in the history
  • Loading branch information
@schmelter-sap
schmelter-sap committed Jan 25, 2021
2 parents 86478e2 + 12ccd21 commit 3bf0268
Show file tree
Hide file tree
Showing 11 changed files with 315 additions and 32 deletions.
10 changes: 6 additions & 4 deletions make/common/Modules.gmk
View file
@@ -1,5 +1,5 @@
#
# Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2014, 2021, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
Expand All @@ -26,9 +26,6 @@
ifndef _MODULES_GMK
_MODULES_GMK := 1

# Hook to include the corresponding custom file, if present.
$(eval $(call IncludeCustomExtension, common/Modules.gmk))

################################################################################
# Setup module sets for classloaders

Expand All @@ -48,6 +45,11 @@ include $(TOPDIR)/make/conf/docs-modules.conf

include $(TOPDIR)/make/conf/build-module-sets.conf

################################################################################
# Hook to include the corresponding custom file, if present.
# Allowing MODULE list extensions setup above.
$(eval $(call IncludeCustomExtension, common/Modules.gmk))

################################################################################
# Depending on the configuration, we might need to filter out some modules that
# normally should have been included
Expand Down
6 changes: 3 additions & 3 deletions src/java.base/share/classes/java/math/MutableBigInteger.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -1166,7 +1166,7 @@ MutableBigInteger divideKnuth(MutableBigInteger b, MutableBigInteger quotient) {
* Calculates the quotient of this div b and places the quotient in the
* provided MutableBigInteger objects and the remainder object is returned.
*
* Uses Algorithm D in Knuth section 4.3.1.
* Uses Algorithm D from Knuth TAOCP Vol. 2, 3rd edition, section 4.3.1.
* Many optimizations to that algorithm have been adapted from the Colin
* Plumb C library.
* It special cases one word divisors for speed. The content of b is not
Expand Down Expand Up @@ -1980,7 +1980,7 @@ MutableBigInteger hybridGCD(MutableBigInteger b) {
* Assumes that this and v are not zero.
*/
private MutableBigInteger binaryGCD(MutableBigInteger v) {
// Algorithm B from Knuth section 4.5.2
// Algorithm B from Knuth TAOCP Vol. 2, 3rd edition, section 4.5.2
MutableBigInteger u = this;
MutableBigInteger r = new MutableBigInteger();

Expand Down
17 changes: 9 additions & 8 deletions src/java.base/share/classes/java/util/Random.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1995, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -39,8 +39,9 @@
/**
* An instance of this class is used to generate a stream of
* pseudorandom numbers. The class uses a 48-bit seed, which is
* modified using a linear congruential formula. (See Donald Knuth,
* <i>The Art of Computer Programming, Volume 2</i>, Section 3.2.1.)
* modified using a linear congruential formula. (See Donald E. Knuth,
* <cite>The Art of Computer Programming, Volume 2, Third
* edition: Seminumerical Algorithms</cite>, Section 3.2.1.)
* <p>
* If two instances of {@code Random} are created with the same
* seed, and the same sequence of method calls is made for each, they
Expand Down Expand Up @@ -187,8 +188,8 @@ public synchronized void setSeed(long seed) {
*
* This is a linear congruential pseudorandom number generator, as
* defined by D. H. Lehmer and described by Donald E. Knuth in
* <i>The Art of Computer Programming,</i> Volume 2:
* <i>Seminumerical Algorithms</i>, section 3.2.1.
* <cite>The Art of Computer Programming, Volume 2, Third edition:
* Seminumerical Algorithms</cite>, section 3.2.1.
*
* @param bits random bits
* @return the next pseudorandom value from this random number
Expand Down Expand Up @@ -569,8 +570,8 @@ public double nextDouble() {
* }
* }}</pre>
* This uses the <i>polar method</i> of G. E. P. Box, M. E. Muller, and
* G. Marsaglia, as described by Donald E. Knuth in <i>The Art of
* Computer Programming</i>, Volume 2: <i>Seminumerical Algorithms</i>,
* G. Marsaglia, as described by Donald E. Knuth in <cite>The Art of
* Computer Programming, Volume 2, third edition: Seminumerical Algorithms</cite>,
* section 3.4.1, subsection C, algorithm P. Note that it generates two
* independent values at the cost of only one call to {@code StrictMath.log}
* and one call to {@code StrictMath.sqrt}.
Expand All @@ -581,7 +582,7 @@ public double nextDouble() {
* generator's sequence
*/
public synchronized double nextGaussian() {
// See Knuth, ACP, Section 3.4.1 Algorithm C.
// See Knuth, TAOCP, Vol. 2, 3rd edition, Section 3.4.1 Algorithm C.
if (haveNextNextGaussian) {
haveNextNextGaussian = false;
return nextNextGaussian;
Expand Down
21 changes: 20 additions & 1 deletion src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2019, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -350,6 +350,13 @@ private void cancelOperation() {
0, buffer, 0, bufLen);
}
} catch (PKCS11Exception e) {
if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) {
// Cancel Operation may be invoked after an error on a PKCS#11
// call. If the operation inside the token was already cancelled,
// do not fail here. This is part of a defensive mechanism for
// PKCS#11 libraries that do not strictly follow the standard.
return;
}
if (encrypt) {
throw new ProviderException("Cancel failed", e);
}
Expand Down Expand Up @@ -616,6 +623,12 @@ private int implDoFinal(byte[] in, int inOfs, int inLen,
}
return k;
} catch (PKCS11Exception e) {
// As per the PKCS#11 standard, C_Encrypt and C_Decrypt may only
// keep the operation active on CKR_BUFFER_TOO_SMALL errors or
// successful calls to determine the output length. However,
// these cases are not expected here because the output length
// is checked in the OpenJDK side before making the PKCS#11 call.
// Thus, doCancel can safely be 'false'.
doCancel = false;
handleException(e);
throw new ProviderException("doFinal() failed", e);
Expand Down Expand Up @@ -702,6 +715,12 @@ private int implDoFinal(ByteBuffer inBuffer, ByteBuffer outBuffer)
outBuffer.position(outBuffer.position() + k);
return k;
} catch (PKCS11Exception e) {
// As per the PKCS#11 standard, C_Encrypt and C_Decrypt may only
// keep the operation active on CKR_BUFFER_TOO_SMALL errors or
// successful calls to determine the output length. However,
// these cases are not expected here because the output length
// is checked in the OpenJDK side before making the PKCS#11 call.
// Thus, doCancel can safely be 'false'.
doCancel = false;
handleException(e);
throw new ProviderException("doFinal() failed", e);
Expand Down
55 changes: 44 additions & 11 deletions src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -439,6 +439,13 @@ private void cancelOperation() {
token.p11.C_DecryptFinal(session.id(), 0, buffer, 0, bufLen);
}
} catch (PKCS11Exception e) {
if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) {
// Cancel Operation may be invoked after an error on a PKCS#11
// call. If the operation inside the token was already cancelled,
// do not fail here. This is part of a defensive mechanism for
// PKCS#11 libraries that do not strictly follow the standard.
return;
}
if (encrypt) {
throw new ProviderException("Cancel failed", e);
}
Expand Down Expand Up @@ -628,7 +635,11 @@ private int implUpdate(byte[] in, int inOfs, int inLen,
throw (ShortBufferException)
(new ShortBufferException().initCause(e));
}
reset(false);
// Some implementations such as the NSS Software Token do not
// cancel the operation upon a C_EncryptUpdate/C_DecryptUpdate
// failure (as required by the PKCS#11 standard). See JDK-8258833
// for further information.
reset(true);
throw new ProviderException("update() failed", e);
}
}
Expand Down Expand Up @@ -746,7 +757,11 @@ private int implUpdate(ByteBuffer inBuffer, ByteBuffer outBuffer)
throw (ShortBufferException)
(new ShortBufferException().initCause(e));
}
reset(false);
// Some implementations such as the NSS Software Token do not
// cancel the operation upon a C_EncryptUpdate/C_DecryptUpdate
// failure (as required by the PKCS#11 standard). See JDK-8258833
// for further information.
reset(true);
throw new ProviderException("update() failed", e);
}
}
Expand All @@ -770,9 +785,14 @@ private int implDoFinal(byte[] out, int outOfs, int outLen)
0, padBuffer, 0, actualPadLen,
0, out, outOfs, outLen);
}
// Some implementations such as the NSS Software Token do not
// cancel the operation upon a C_EncryptUpdate failure (as
// required by the PKCS#11 standard). Cancel is not needed
// only after this point. See JDK-8258833 for further
// information.
doCancel = false;
k += token.p11.C_EncryptFinal(session.id(),
0, out, (outOfs + k), (outLen - k));
doCancel = false;
} else {
// Special handling to match SunJCE provider behavior
if (bytesBuffered == 0 && padBufferLen == 0) {
Expand All @@ -784,22 +804,26 @@ private int implDoFinal(byte[] out, int outOfs, int outLen)
padBuffer, 0, padBufferLen, 0, padBuffer, 0,
padBuffer.length);
}
// Some implementations such as the NSS Software Token do not
// cancel the operation upon a C_DecryptUpdate failure (as
// required by the PKCS#11 standard). Cancel is not needed
// only after this point. See JDK-8258833 for further
// information.
doCancel = false;
k += token.p11.C_DecryptFinal(session.id(), 0, padBuffer, k,
padBuffer.length - k);
doCancel = false;

int actualPadLen = paddingObj.unpad(padBuffer, k);
k -= actualPadLen;
System.arraycopy(padBuffer, 0, out, outOfs, k);
} else {
doCancel = false;
k = token.p11.C_DecryptFinal(session.id(), 0, out, outOfs,
outLen);
doCancel = false;
}
}
return k;
} catch (PKCS11Exception e) {
doCancel = false;
handleException(e);
throw new ProviderException("doFinal() failed", e);
} finally {
Expand Down Expand Up @@ -845,9 +869,14 @@ private int implDoFinal(ByteBuffer outBuffer)
0, padBuffer, 0, actualPadLen,
outAddr, outArray, outOfs, outLen);
}
// Some implementations such as the NSS Software Token do not
// cancel the operation upon a C_EncryptUpdate failure (as
// required by the PKCS#11 standard). Cancel is not needed
// only after this point. See JDK-8258833 for further
// information.
doCancel = false;
k += token.p11.C_EncryptFinal(session.id(),
outAddr, outArray, (outOfs + k), (outLen - k));
doCancel = false;
} else {
// Special handling to match SunJCE provider behavior
if (bytesBuffered == 0 && padBufferLen == 0) {
Expand All @@ -861,18 +890,23 @@ private int implDoFinal(ByteBuffer outBuffer)
0, padBuffer, 0, padBuffer.length);
padBufferLen = 0;
}
// Some implementations such as the NSS Software Token do not
// cancel the operation upon a C_DecryptUpdate failure (as
// required by the PKCS#11 standard). Cancel is not needed
// only after this point. See JDK-8258833 for further
// information.
doCancel = false;
k += token.p11.C_DecryptFinal(session.id(),
0, padBuffer, k, padBuffer.length - k);
doCancel = false;

int actualPadLen = paddingObj.unpad(padBuffer, k);
k -= actualPadLen;
outArray = padBuffer;
outOfs = 0;
} else {
doCancel = false;
k = token.p11.C_DecryptFinal(session.id(),
outAddr, outArray, outOfs, outLen);
doCancel = false;
}
}
if ((!encrypt && paddingObj != null) ||
Expand All @@ -884,7 +918,6 @@ private int implDoFinal(ByteBuffer outBuffer)
}
return k;
} catch (PKCS11Exception e) {
doCancel = false;
handleException(e);
throw new ProviderException("doFinal() failed", e);
} finally {
Expand Down
15 changes: 14 additions & 1 deletion src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -151,6 +151,13 @@ private void cancelOperation() {
try {
token.p11.C_SignFinal(session.id(), 0);
} catch (PKCS11Exception e) {
if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) {
// Cancel Operation may be invoked after an error on a PKCS#11
// call. If the operation inside the token was already cancelled,
// do not fail here. This is part of a defensive mechanism for
// PKCS#11 libraries that do not strictly follow the standard.
return;
}
throw new ProviderException("Cancel failed", e);
}
}
Expand Down Expand Up @@ -213,6 +220,12 @@ protected byte[] engineDoFinal() {
ensureInitialized();
return token.p11.C_SignFinal(session.id(), 0);
} catch (PKCS11Exception e) {
// As per the PKCS#11 standard, C_SignFinal may only
// keep the operation active on CKR_BUFFER_TOO_SMALL errors or
// successful calls to determine the output length. However,
// these cases are handled at OpenJDK's libj2pkcs11 native
// library. Thus, P11Mac::reset can be called with a 'false'
// doCancel argument from here.
throw new ProviderException("doFinal() failed", e);
} finally {
reset(false);
Expand Down
14 changes: 13 additions & 1 deletion src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2019, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -298,6 +298,13 @@ private void cancelOperation() {
}
}
} catch (PKCS11Exception e) {
if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) {
// Cancel Operation may be invoked after an error on a PKCS#11
// call. If the operation inside the token was already cancelled,
// do not fail here. This is part of a defensive mechanism for
// PKCS#11 libraries that do not strictly follow the standard.
return;
}
if (mode == M_SIGN) {
throw new ProviderException("cancel failed", e);
}
Expand Down Expand Up @@ -662,6 +669,11 @@ protected byte[] engineSign() throws SignatureException {
doCancel = false;
return signature;
} catch (PKCS11Exception pe) {
// As per the PKCS#11 standard, C_Sign and C_SignFinal may only
// keep the operation active on CKR_BUFFER_TOO_SMALL errors or
// successful calls to determine the output length. However,
// these cases are handled at OpenJDK's libj2pkcs11 native
// library. Thus, doCancel can safely be 'false' here.
doCancel = false;
throw new ProviderException(pe);
} catch (ProviderException e) {
Expand Down
14 changes: 13 additions & 1 deletion src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -314,6 +314,13 @@ private void cancelOperation() {
}
}
} catch (PKCS11Exception e) {
if (e.getErrorCode() == CKR_OPERATION_NOT_INITIALIZED) {
// Cancel Operation may be invoked after an error on a PKCS#11
// call. If the operation inside the token was already cancelled,
// do not fail here. This is part of a defensive mechanism for
// PKCS#11 libraries that do not strictly follow the standard.
return;
}
if (mode == M_VERIFY) {
long errorCode = e.getErrorCode();
if ((errorCode == CKR_SIGNATURE_INVALID) ||
Expand Down Expand Up @@ -654,6 +661,11 @@ protected byte[] engineSign() throws SignatureException {
}
}
} catch (PKCS11Exception pe) {
// As per the PKCS#11 standard, C_Sign and C_SignFinal may only
// keep the operation active on CKR_BUFFER_TOO_SMALL errors or
// successful calls to determine the output length. However,
// these cases are handled at OpenJDK's libj2pkcs11 native
// library. Thus, doCancel can safely be 'false' here.
doCancel = false;
throw new ProviderException(pe);
} catch (SignatureException | ProviderException e) {
Expand Down

0 comments on commit 3bf0268

Please sign in to comment.