Merge pull request #176 from pshipton/0.36rc1

Merge jdk-17.0.6+10 to 0.36

Author: JasonFengJ9

closed/openjdk-tag.gmk

@@ -1 +1 @@
-OPENJDK_TAG := jdk-17.0.6+9
+OPENJDK_TAG := jdk-17.0.6+10

make/conf/version-numbers.conf

@@ -39,4 +39,4 @@ DEFAULT_VERSION_CLASSFILE_MINOR=0
 DEFAULT_VERSION_DOCS_API_SINCE=11
 DEFAULT_ACCEPTABLE_BOOT_VERSIONS="16 17"
 DEFAULT_JDK_SOURCE_TARGET_VERSION=17
-DEFAULT_PROMOTED_VERSION_PRE=ea
+DEFAULT_PROMOTED_VERSION_PRE=

make/data/currency/CurrencyData.properties

@@ -32,7 +32,7 @@ formatVersion=3
 # Version of the currency code information in this class.
 # It is a serial number that accompanies with each amendment.
 
-dataVersion=173
+dataVersion=174
 
 # List of all valid ISO 4217 currency codes.
 # To ensure compatibility, do not remove codes.
@@ -189,7 +189,7 @@ CR=CRC
 # COTE D'IVOIRE
 CI=XOF
 # CROATIA
-HR=HRK
+HR=HRK;2022-12-31-23-00-00;EUR
 # CUBA
 CU=CUP
 # Cura\u00e7ao

src/java.base/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java

@@ -34,6 +34,7 @@
 
 import sun.security.provider.ParameterCache;
 import static sun.security.util.SecurityProviderConstants.DEF_DH_KEY_SIZE;
+import static sun.security.util.SecurityProviderConstants.getDefDHPrivateExpSize;
 
 /**
  * This class represents the key pair generator for Diffie-Hellman key pairs.
@@ -60,9 +61,6 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi {
     // The size in bits of the prime modulus
     private int pSize;
 
-    // The size in bits of the random exponent (private value)
-    private int lSize;
-
     // The source of randomness
     private SecureRandom random;
 
@@ -71,7 +69,8 @@ public DHKeyPairGenerator() {
         initialize(DEF_DH_KEY_SIZE, null);
     }
 
-    private static void checkKeySize(int keysize)
+    // pkg private; used by DHParameterGenerator class as well
+    static void checkKeySize(int keysize, int expSize)
             throws InvalidParameterException {
 
         if ((keysize < 512) || (keysize > 8192) || ((keysize & 0x3F) != 0)) {
@@ -80,6 +79,13 @@ private static void checkKeySize(int keysize)
                     "from 512 to 8192 (inclusive). " +
                     "The specific key size " + keysize + " is not supported");
         }
+
+        // optional, could be 0 if not specified
+        if ((expSize < 0) || (expSize > keysize)) {
+            throw new InvalidParameterException
+                    ("Exponent size must be positive and no larger than" +
+                    " modulus size");
+        }
     }
 
     /**
@@ -91,21 +97,17 @@ private static void checkKeySize(int keysize)
      * @param random the source of randomness
      */
     public void initialize(int keysize, SecureRandom random) {
-        checkKeySize(keysize);
+        checkKeySize(keysize, 0);
 
-        // Use the built-in parameters (ranging from 512 to 8192)
-        // when available.
-        this.params = ParameterCache.getCachedDHParameterSpec(keysize);
-
-        // Due to performance issue, only support DH parameters generation
-        // up to 1024 bits.
-        if ((this.params == null) && (keysize > 1024)) {
-            throw new InvalidParameterException(
-                "Unsupported " + keysize + "-bit DH parameter generation");
+        try {
+            // Use the built-in parameters (ranging from 512 to 8192)
+            // when available.
+            this.params = ParameterCache.getDHParameterSpec(keysize, random);
+        } catch (GeneralSecurityException e) {
+            throw new InvalidParameterException(e.getMessage());
         }
 
         this.pSize = keysize;
-        this.lSize = 0;
         this.random = random;
     }
 
@@ -130,22 +132,13 @@ public void initialize(AlgorithmParameterSpec algParams,
                 ("Inappropriate parameter type");
         }
 
-        params = (DHParameterSpec)algParams;
+        params = (DHParameterSpec) algParams;
         pSize = params.getP().bitLength();
         try {
-            checkKeySize(pSize);
+            checkKeySize(pSize, params.getL());
         } catch (InvalidParameterException ipe) {
             throw new InvalidAlgorithmParameterException(ipe.getMessage());
         }
-
-        // exponent size is optional, could be 0
-        lSize = params.getL();
-
-        // Require exponentSize < primeSize
-        if ((lSize != 0) && (lSize > pSize)) {
-            throw new InvalidAlgorithmParameterException
-                ("Exponent size must not be larger than modulus size");
-        }
         this.random = random;
     }
 
@@ -159,24 +152,12 @@ public KeyPair generateKeyPair() {
             random = SunJCE.getRandom();
         }
 
-        if (params == null) {
-            try {
-                params = ParameterCache.getDHParameterSpec(pSize, random);
-            } catch (GeneralSecurityException e) {
-                // should never happen
-                throw new ProviderException(e);
-            }
-        }
-
         BigInteger p = params.getP();
         BigInteger g = params.getG();
 
-        if (lSize <= 0) {
-            lSize = pSize >> 1;
-            // use an exponent size of (pSize / 2) but at least 384 bits
-            if (lSize < 384) {
-                lSize = 384;
-            }
+        int lSize = params.getL();
+        if (lSize == 0) { // not specified; use our own default
+            lSize = getDefDHPrivateExpSize(params);
         }
 
         BigInteger x;

src/java.base/share/classes/com/sun/crypto/provider/DHParameterGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,17 +59,21 @@ public final class DHParameterGenerator extends AlgorithmParameterGeneratorSpi {
     // The source of randomness
     private SecureRandom random = null;
 
-    private static void checkKeySize(int keysize)
+    private static void checkSupport(int keysize, int exponentSize)
             throws InvalidParameterException {
 
         boolean supported = ((keysize == 2048) || (keysize == 3072) ||
             ((keysize >= 512) && (keysize <= 1024) && ((keysize & 0x3F) == 0)));
 
         if (!supported) {
             throw new InvalidParameterException(
-                    "DH key size must be multiple of 64 and range " +
+                    "Supported DH key size must be multiple of 64 and range " +
                     "from 512 to 1024 (inclusive), or 2048, 3072. " +
-                    "The specific key size " + keysize + " is not supported");
+                    "The specified key size " + keysize + " is not supported");
+        }
+
+        if (exponentSize != 0) {
+            DHKeyPairGenerator.checkKeySize(keysize, exponentSize);
         }
     }
 
@@ -83,7 +87,8 @@ private static void checkKeySize(int keysize)
      */
     @Override
     protected void engineInit(int keysize, SecureRandom random) {
-        checkKeySize(keysize);
+        checkSupport(keysize, 0);
+
         this.primeSize = keysize;
         this.random = random;
     }
@@ -108,21 +113,17 @@ protected void engineInit(AlgorithmParameterSpec genParamSpec,
                 ("Inappropriate parameter type");
         }
 
-        DHGenParameterSpec dhParamSpec = (DHGenParameterSpec)genParamSpec;
-        primeSize = dhParamSpec.getPrimeSize();
-        exponentSize = dhParamSpec.getExponentSize();
-        if ((exponentSize <= 0) || (exponentSize >= primeSize)) {
-            throw new InvalidAlgorithmParameterException(
-                    "Exponent size (" + exponentSize +
-                    ") must be positive and less than modulus size (" +
-                    primeSize + ")");
-        }
+        DHGenParameterSpec dhParamSpec = (DHGenParameterSpec) genParamSpec;
+        int primeSize = dhParamSpec.getPrimeSize();
+        int exponentSize = dhParamSpec.getExponentSize();
         try {
-            checkKeySize(primeSize);
+            checkSupport(primeSize, exponentSize);
         } catch (InvalidParameterException ipe) {
             throw new InvalidAlgorithmParameterException(ipe.getMessage());
         }
 
+        this.primeSize = primeSize;
+        this.exponentSize = exponentSize;
         this.random = random;
     }
 

src/java.base/share/classes/java/net/InetAddress.java

@@ -1360,6 +1360,10 @@ private static InetAddress[] getAllByName(String host, InetAddress reqAddr)
             InetAddress[] ret = new InetAddress[1];
             if(addr != null) {
                 if (addr.length == Inet4Address.INADDRSZ) {
+                    if (numericZone != -1 || ifname != null) {
+                        // IPv4-mapped address must not contain zone-id
+                        throw new UnknownHostException(host + ": invalid IPv4-mapped address");
+                    }
                     ret[0] = new Inet4Address(null, addr);
                 } else {
                     if (ifname != null) {
@@ -1404,22 +1408,23 @@ private static int checkNumericZone (String s) throws UnknownHostException {
         int percent = s.indexOf ('%');
         int slen = s.length();
         int digit, zone=0;
+        int multmax = Integer.MAX_VALUE / 10; // for int overflow detection
         if (percent == -1) {
             return -1;
         }
         for (int i=percent+1; i<slen; i++) {
             char c = s.charAt(i);
-            if (c == ']') {
-                if (i == percent+1) {
-                    /* empty per-cent field */
-                    return -1;
-                }
-                break;
+            if ((digit = IPAddressUtil.parseAsciiDigit(c, 10)) < 0) {
+                return -1;
             }
-            if ((digit = Character.digit (c, 10)) < 0) {
+            if (zone > multmax) {
                 return -1;
             }
             zone = (zone * 10) + digit;
+            if (zone < 0) {
+                return -1;
+            }
+
         }
         return zone;
     }

src/java.base/share/classes/sun/net/util/IPAddressUtil.java

@@ -785,7 +785,7 @@ private static boolean isHexFieldStart(CharBuffer cb) {
     }
 
     // Parse ASCII digit in given radix
-    private static int parseAsciiDigit(char c, int radix) {
+    public static int parseAsciiDigit(char c, int radix) {
         assert radix == OCTAL || radix == DECIMAL || radix == HEXADECIMAL;
         if (radix == HEXADECIMAL) {
             return parseAsciiHexDigit(c);

src/java.base/share/classes/sun/security/provider/ParameterCache.java

@@ -34,6 +34,7 @@
 import java.security.spec.*;
 
 import javax.crypto.spec.DHParameterSpec;
+import sun.security.util.SafeDHParameterSpec;
 
 /**
  * Cache for DSA and DH parameter specs. Used by the KeyPairGenerators
@@ -55,6 +56,26 @@ private ParameterCache() {
     // cache of DH parameters
     private static final Map<Integer,DHParameterSpec> dhCache;
 
+    // convert DHParameterSpec to SafeDHParameterSpec if its parameters are
+    // safe primes; validation takes time but should be worthwhile for the
+    // parameter cache since the parameters may be reused many times.
+    private static DHParameterSpec makeSafe(DHParameterSpec spec) {
+        if (spec instanceof SafeDHParameterSpec) {
+            return spec;
+        }
+
+        BigInteger p = spec.getP();
+        BigInteger g = spec.getG();
+
+        boolean isSafe = (g.equals(BigInteger.TWO) && p.testBit(0) &&
+                p.shiftRight(1).isProbablePrime(100));
+        if (isSafe) {
+            return new SafeDHParameterSpec(p, g, spec.getL());
+        } else {
+            return spec;
+        }
+    }
+
     /**
      * Return cached DSA parameters for the given length combination of
      * prime and subprime, or null if none are available in the cache.
@@ -74,7 +95,7 @@ public static DSAParameterSpec getCachedDSAParameterSpec(int primeLen,
      * are available in the cache.
      */
     public static DHParameterSpec getCachedDHParameterSpec(int keyLength) {
-        return dhCache.get(Integer.valueOf(keyLength));
+        return dhCache.get(keyLength);
     }
 
     /**
@@ -132,7 +153,7 @@ public static DHParameterSpec getDHParameterSpec(int keyLength,
         gen.init(keyLength, random);
         AlgorithmParameters params = gen.generateParameters();
         spec = params.getParameterSpec(DHParameterSpec.class);
-        dhCache.put(Integer.valueOf(keyLength), spec);
+        dhCache.put(keyLength, makeSafe(spec));
         return spec;
     }
 
@@ -394,6 +415,12 @@ public static DSAParameterSpec getNewDSAParameterSpec(int primeLen,
         // the common generator
         BigInteger dhG = BigInteger.TWO;
 
+        // Self generated following the approach from RFC 2412 Appendix E but
+        // using random source instead of binary expansion of pi
+        BigInteger dhP512 = new BigInteger(
+                "FFFFFFFFFFFFFFFF8B479B3A6E8DE86C294188F0BF2CD86C" +
+                "DB950ADB36D0F61FD51E46F69C99ED95ABE5A7BBB230A6ED" +
+                "1D0B4506B5317284FFFFFFFFFFFFFFFF", 16);
         //
         // From RFC 7296
 
@@ -562,16 +589,18 @@ public static DSAParameterSpec getNewDSAParameterSpec(int primeLen,
                 "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71" +
                 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF", 16);
 
-        // use DSA parameters for DH for sizes not defined in RFC 7296, 3526
-        dhCache.put(Integer.valueOf(512), new DHParameterSpec(p512, g512));
-
-        dhCache.put(Integer.valueOf(768), new DHParameterSpec(dhP768, dhG));
-        dhCache.put(Integer.valueOf(1024), new DHParameterSpec(dhP1024, dhG));
-        dhCache.put(Integer.valueOf(1536), new DHParameterSpec(dhP1536, dhG));
-        dhCache.put(Integer.valueOf(2048), new DHParameterSpec(dhP2048, dhG));
-        dhCache.put(Integer.valueOf(3072), new DHParameterSpec(dhP3072, dhG));
-        dhCache.put(Integer.valueOf(4096), new DHParameterSpec(dhP4096, dhG));
-        dhCache.put(Integer.valueOf(6144), new DHParameterSpec(dhP6144, dhG));
-        dhCache.put(Integer.valueOf(8192), new DHParameterSpec(dhP8192, dhG));
+        // self-generated safe prime
+        dhCache.put(512, new SafeDHParameterSpec(dhP512, dhG));
+
+        // from RFC 7296
+        dhCache.put(768, new SafeDHParameterSpec(dhP768, dhG));
+        dhCache.put(1024, new SafeDHParameterSpec(dhP1024, dhG));
+        // from RFC 3526
+        dhCache.put(1536, new SafeDHParameterSpec(dhP1536, dhG));
+        dhCache.put(2048, new SafeDHParameterSpec(dhP2048, dhG));
+        dhCache.put(3072, new SafeDHParameterSpec(dhP3072, dhG));
+        dhCache.put(4096, new SafeDHParameterSpec(dhP4096, dhG));
+        dhCache.put(6144, new SafeDHParameterSpec(dhP6144, dhG));
+        dhCache.put(8192, new SafeDHParameterSpec(dhP8192, dhG));
     }
 }