ibmruntimes
diff --git a/‎closed/openjdk-tag.gmk‎
Lines changed: 1 addition & 1 deletion b/‎closed/openjdk-tag.gmk‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/java.base/share/classes/sun/security/ssl/Utilities.java‎
Lines changed: 8 additions & 3 deletions b/‎src/java.base/share/classes/sun/security/ssl/Utilities.java‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java‎
Lines changed: 6 additions & 0 deletions b/‎src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/java.base/share/classes/sun/security/tools/keytool/CertAndKeyGen.java‎
Lines changed: 4 additions & 4 deletions b/‎src/java.base/share/classes/sun/security/tools/keytool/CertAndKeyGen.java‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java‎
Lines changed: 13 additions & 5 deletions b/‎src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Config.java‎
Lines changed: 13 additions & 5 deletions
diff --git a/‎src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java‎
Lines changed: 2 additions & 2 deletions b/‎src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java‎
Lines changed: 23 additions & 7 deletions b/‎src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java‎
Lines changed: 23 additions & 7 deletions
diff --git a/‎src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java‎
Lines changed: 1 addition & 1 deletion b/‎src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java‎
Lines changed: 1 addition & 1 deletion b/‎src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java‎
Lines changed: 5 additions & 5 deletions b/‎src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java‎
Lines changed: 5 additions & 5 deletions
@@ -1 +1 @@
-OPENJDK_TAG := jdk-17.0.6+4
+OPENJDK_TAG := jdk-17.0.6+5
@@ -101,14 +101,19 @@ static List<SNIServerName> addToSNIServerNameList(
      *         not look like a FQDN
      */
     private static SNIHostName rawToSNIHostName(String hostname) {
-        SNIHostName sniHostName = null;
+        // Is it a Fully-Qualified Domain Names (FQDN) ending with a dot?
+        if (hostname != null && hostname.endsWith(".")) {
+            // Remove the ending dot, which is not allowed in SNIHostName.
+            hostname = hostname.substring(0, hostname.length() - 1);
+        }
+
         if (hostname != null && hostname.indexOf('.') > 0 &&
                 !hostname.endsWith(".") &&
                 !IPAddressUtil.isIPv4LiteralAddress(hostname) &&
                 !IPAddressUtil.isIPv6LiteralAddress(hostname)) {
 
             try {
-                sniHostName = new SNIHostName(hostname);
+                return new SNIHostName(hostname);
             } catch (IllegalArgumentException iae) {
                 // don't bother to handle illegal host_name
                 if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
@@ -118,7 +123,7 @@ private static SNIHostName rawToSNIHostName(String hostname) {
             }
         }
 
-        return sniHostName;
+        return null;
     }
 
     /**
 
@@ -404,6 +404,12 @@ static void checkIdentity(SSLSession session,
 
         boolean identifiable = false;
         String peerHost = session.getPeerHost();
+        // Is it a Fully-Qualified Domain Names (FQDN) ending with a dot?
+        if (peerHost != null && peerHost.endsWith(".")) {
+            // Remove the ending dot, which is not allowed in SNIHostName.
+            peerHost = peerHost.substring(0, peerHost.length() - 1);
+        }
+
         if (!checkClientTrusted) {
             List<SNIServerName> sniNames = getRequestedServerNames(session);
             String sniHostName = getHostNameInSNI(sniNames);
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -160,7 +160,7 @@ public void generate(String name) {
             }
 
         } catch (Exception e) {
-            throw new IllegalArgumentException(e.getMessage());
+            throw new IllegalArgumentException(e.getMessage(), e);
         }
         generateInternal();
     }
@@ -176,7 +176,7 @@ public void generate(int keyBits) {
                 keyGen.initialize(keyBits, prng);
 
             } catch (Exception e) {
-                throw new IllegalArgumentException(e.getMessage());
+                throw new IllegalArgumentException(e.getMessage(), e);
             }
         }
         generateInternal();
@@ -349,7 +349,7 @@ public X509Certificate getSelfCertificate (X500Name myname, Date firstDate,
 
         } catch (IOException e) {
              throw new CertificateEncodingException("getSelfCert: " +
-                                                    e.getMessage());
+                                                    e.getMessage(), e);
         }
     }
 
 
@@ -358,7 +358,7 @@ private static String expand(final String s) throws IOException {
         try {
             return PropertyExpander.expand(s);
         } catch (Exception e) {
-            throw new RuntimeException(e.getMessage());
+            throw new RuntimeException(e.getMessage(), e);
         }
     }
 
@@ -396,6 +396,10 @@ private ConfigurationException excLine(String msg) {
         return new ConfigurationException(msg + ", line " + st.lineno());
     }
 
+    private ConfigurationException excLine(String msg, Throwable e) {
+        return new ConfigurationException(msg + ", line " + st.lineno(), e);
+    }
+
     private void parse() throws IOException {
         while (true) {
             int token = nextToken();
@@ -792,7 +796,7 @@ private long parseMechanism(String mech) throws IOException {
             try {
                 return Functions.getMechanismId(mech);
             } catch (IllegalArgumentException e) {
-                throw excLine("Unknown mechanism: " + mech);
+                throw excLine("Unknown mechanism: " + mech, e);
             }
         }
     }
@@ -952,7 +956,7 @@ private long parseObjectClass() throws IOException {
         try {
             return Functions.getObjectClassId(name);
         } catch (IllegalArgumentException e) {
-            throw excLine("Unknown object class " + name);
+            throw excLine("Unknown object class " + name, e);
         }
     }
 
@@ -964,7 +968,7 @@ private long parseKeyAlgorithm() throws IOException {
             try {
                 return Functions.getKeyId(name);
             } catch (IllegalArgumentException e) {
-                throw excLine("Unknown key algorithm " + name);
+                throw excLine("Unknown key algorithm " + name, e);
             }
         }
     }
@@ -976,7 +980,7 @@ private long decodeAttributeName(String name) throws IOException {
             try {
                 return Functions.getAttributeId(name);
             } catch (IllegalArgumentException e) {
-                throw excLine("Unknown attribute name " + name);
+                throw excLine("Unknown attribute name " + name, e);
             }
         }
     }
@@ -1032,4 +1036,8 @@ class ConfigurationException extends IOException {
     ConfigurationException(String msg) {
         super(msg);
     }
+
+    ConfigurationException(String msg, Throwable e) {
+        super(msg, e);
+    }
 }
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -140,7 +140,7 @@ private enum Transformation {
             try {
                 engineSetPadding(algoParts[2]);
             } catch (NoSuchPaddingException e) {
-                throw new NoSuchAlgorithmException();
+                throw new NoSuchAlgorithmException(e);
             }
         } else if (algoParts[0].equals("ChaCha20-Poly1305")) {
             fixedKeySize = 32;
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -808,13 +808,21 @@ private int implDoFinal(byte[] out, int outOfs, int outLen)
                 if (paddingObj != null) {
                     int startOff = 0;
                     if (reqBlockUpdates) {
-                        startOff = padBufferLen;
+                        // call C_EncryptUpdate first if the padBuffer is full
+                        // to make room for padding bytes
+                        if (padBufferLen == padBuffer.length) {
+                            k = token.p11.C_EncryptUpdate(session.id(),
+                                0, padBuffer, 0, padBufferLen,
+                                0, out, outOfs, outLen);
+                        } else {
+                            startOff = padBufferLen;
+                        }
                     }
                     int actualPadLen = paddingObj.setPaddingBytes(padBuffer,
                             startOff, requiredOutLen - bytesBuffered);
-                    k = token.p11.C_EncryptUpdate(session.id(),
+                    k += token.p11.C_EncryptUpdate(session.id(),
                             0, padBuffer, 0, startOff + actualPadLen,
-                            0, out, outOfs, outLen);
+                            0, out, outOfs + k, outLen - k);
                 }
                 // Some implementations such as the NSS Software Token do not
                 // cancel the operation upon a C_EncryptUpdate failure (as
@@ -896,13 +904,21 @@ private int implDoFinal(ByteBuffer outBuffer)
                 if (paddingObj != null) {
                     int startOff = 0;
                     if (reqBlockUpdates) {
-                        startOff = padBufferLen;
+                        // call C_EncryptUpdate first if the padBuffer is full
+                        // to make room for padding bytes
+                        if (padBufferLen == padBuffer.length) {
+                            k = token.p11.C_EncryptUpdate(session.id(),
+                                0, padBuffer, 0, padBufferLen,
+                                outAddr, outArray, outOfs, outLen);
+                        } else {
+                            startOff = padBufferLen;
+                        }
                     }
                     int actualPadLen = paddingObj.setPaddingBytes(padBuffer,
                             startOff, requiredOutLen - bytesBuffered);
-                    k = token.p11.C_EncryptUpdate(session.id(),
+                    k += token.p11.C_EncryptUpdate(session.id(),
                             0, padBuffer, 0, startOff + actualPadLen,
-                            outAddr, outArray, outOfs, outLen);
+                            outAddr, outArray, outOfs + k, outLen - k);
                 }
                 // Some implementations such as the NSS Software Token do not
                 // cancel the operation upon a C_EncryptUpdate failure (as
 
@@ -145,7 +145,7 @@ public void initialize(int keySize, SecureRandom random) {
         try {
             checkKeySize(keySize, null);
         } catch (InvalidAlgorithmParameterException e) {
-            throw new InvalidParameterException(e.getMessage());
+            throw (InvalidParameterException) new InvalidParameterException(e.getMessage()).initCause(e);
         }
         this.params = null;
         if (algorithm.equals("EC")) {
 
@@ -1323,7 +1323,7 @@ private PrivateKey loadPkey(Session session, long oHandle)
                 RSAKeyFactory.checkKeyLengths(keyLength, null,
                     -1, Integer.MAX_VALUE);
             } catch (InvalidKeyException e) {
-                throw new KeyStoreException(e.getMessage());
+                throw new KeyStoreException(e.getMessage(), e);
             }
 
             return P11Key.privateKey(session,
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -569,10 +569,10 @@ protected void engineUpdate(byte[] b, int ofs, int len)
         case T_UPDATE:
             try {
                 if (mode == M_SIGN) {
-                    System.out.println(this + ": Calling C_SignUpdate");
+                    if (DEBUG) System.out.println(this + ": Calling C_SignUpdate");
                     token.p11.C_SignUpdate(session.id(), 0, b, ofs, len);
                 } else {
-                    System.out.println(this + ": Calling C_VerfifyUpdate");
+                    if (DEBUG) System.out.println(this + ": Calling C_VerfifyUpdate");
                     token.p11.C_VerifyUpdate(session.id(), 0, b, ofs, len);
                 }
                 bytesProcessed += len;
@@ -618,11 +618,11 @@ protected void engineUpdate(ByteBuffer byteBuffer) {
             int ofs = byteBuffer.position();
             try {
                 if (mode == M_SIGN) {
-                    System.out.println(this + ": Calling C_SignUpdate");
+                    if (DEBUG) System.out.println(this + ": Calling C_SignUpdate");
                     token.p11.C_SignUpdate
                         (session.id(), addr + ofs, null, 0, len);
                 } else {
-                    System.out.println(this + ": Calling C_VerifyUpdate");
+                    if (DEBUG) System.out.println(this + ": Calling C_VerifyUpdate");
                     token.p11.C_VerifyUpdate
                         (session.id(), addr + ofs, null, 0, len);
                 }
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-OPENJDK_TAG := jdk-17.0.6+4`
	`1`	`+OPENJDK_TAG := jdk-17.0.6+5`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.`
	`2`	`+ * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.`
`3`	`3`	`* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.`
`4`	`4`	`*`
`5`	`5`	`* This code is free software; you can redistribute it and/or modify it`
`@@ -160,7 +160,7 @@ public void generate(String name) {`
`160`	`160`	`}`
`161`	`161`
`162`	`162`	`} catch (Exception e) {`
`163`		`- throw new IllegalArgumentException(e.getMessage());`
	`163`	`+ throw new IllegalArgumentException(e.getMessage(), e);`
`164`	`164`	`}`
`165`	`165`	`generateInternal();`
`166`	`166`	`}`
`@@ -176,7 +176,7 @@ public void generate(int keyBits) {`
`176`	`176`	`keyGen.initialize(keyBits, prng);`
`177`	`177`
`178`	`178`	`} catch (Exception e) {`
`179`		`- throw new IllegalArgumentException(e.getMessage());`
	`179`	`+ throw new IllegalArgumentException(e.getMessage(), e);`
`180`	`180`	`}`
`181`	`181`	`}`
`182`	`182`	`generateInternal();`
`@@ -349,7 +349,7 @@ public X509Certificate getSelfCertificate (X500Name myname, Date firstDate,`
`349`	`349`
`350`	`350`	`} catch (IOException e) {`
`351`	`351`	`throw new CertificateEncodingException("getSelfCert: " +`
`352`		`- e.getMessage());`
	`352`	`+ e.getMessage(), e);`
`353`	`353`	`}`
`354`	`354`	`}`
`355`	`355`
Original file line number	Diff line number	Diff line change
`@@ -358,7 +358,7 @@ private static String expand(final String s) throws IOException {`
`358`	`358`	`try {`
`359`	`359`	`return PropertyExpander.expand(s);`
`360`	`360`	`} catch (Exception e) {`
`361`		`- throw new RuntimeException(e.getMessage());`
	`361`	`+ throw new RuntimeException(e.getMessage(), e);`
`362`	`362`	`}`
`363`	`363`	`}`
`364`	`364`
`@@ -396,6 +396,10 @@ private ConfigurationException excLine(String msg) {`
`396`	`396`	`return new ConfigurationException(msg + ", line " + st.lineno());`
`397`	`397`	`}`
`398`	`398`
	`399`	`+ private ConfigurationException excLine(String msg, Throwable e) {`
	`400`	`+ return new ConfigurationException(msg + ", line " + st.lineno(), e);`
	`401`	`+ }`
	`402`	`+`
`399`	`403`	`private void parse() throws IOException {`
`400`	`404`	`while (true) {`
`401`	`405`	`int token = nextToken();`
`@@ -792,7 +796,7 @@ private long parseMechanism(String mech) throws IOException {`
`792`	`796`	`try {`
`793`	`797`	`return Functions.getMechanismId(mech);`
`794`	`798`	`} catch (IllegalArgumentException e) {`
`795`		`- throw excLine("Unknown mechanism: " + mech);`
	`799`	`+ throw excLine("Unknown mechanism: " + mech, e);`
`796`	`800`	`}`
`797`	`801`	`}`
`798`	`802`	`}`
`@@ -952,7 +956,7 @@ private long parseObjectClass() throws IOException {`
`952`	`956`	`try {`
`953`	`957`	`return Functions.getObjectClassId(name);`
`954`	`958`	`} catch (IllegalArgumentException e) {`
`955`		`- throw excLine("Unknown object class " + name);`
	`959`	`+ throw excLine("Unknown object class " + name, e);`
`956`	`960`	`}`
`957`	`961`	`}`
`958`	`962`
`@@ -964,7 +968,7 @@ private long parseKeyAlgorithm() throws IOException {`
`964`	`968`	`try {`
`965`	`969`	`return Functions.getKeyId(name);`
`966`	`970`	`} catch (IllegalArgumentException e) {`
`967`		`- throw excLine("Unknown key algorithm " + name);`
	`971`	`+ throw excLine("Unknown key algorithm " + name, e);`
`968`	`972`	`}`
`969`	`973`	`}`
`970`	`974`	`}`
`@@ -976,7 +980,7 @@ private long decodeAttributeName(String name) throws IOException {`
`976`	`980`	`try {`
`977`	`981`	`return Functions.getAttributeId(name);`
`978`	`982`	`} catch (IllegalArgumentException e) {`
`979`		`- throw excLine("Unknown attribute name " + name);`
	`983`	`+ throw excLine("Unknown attribute name " + name, e);`
`980`	`984`	`}`
`981`	`985`	`}`
`982`	`986`	`}`
`@@ -1032,4 +1036,8 @@ class ConfigurationException extends IOException {`
`1032`	`1036`	`ConfigurationException(String msg) {`
`1033`	`1037`	`super(msg);`
`1034`	`1038`	`}`
	`1039`	`+`
	`1040`	`+ ConfigurationException(String msg, Throwable e) {`
	`1041`	`+ super(msg, e);`
	`1042`	`+ }`
`1035`	`1043`	`}`
Original file line number	Diff line number	Diff line change
`@@ -145,7 +145,7 @@ public void initialize(int keySize, SecureRandom random) {`
`145`	`145`	`try {`
`146`	`146`	`checkKeySize(keySize, null);`
`147`	`147`	`} catch (InvalidAlgorithmParameterException e) {`
`148`		`- throw new InvalidParameterException(e.getMessage());`
	`148`	`+ throw (InvalidParameterException) new InvalidParameterException(e.getMessage()).initCause(e);`
`149`	`149`	`}`
`150`	`150`	`this.params = null;`
`151`	`151`	`if (algorithm.equals("EC")) {`
Original file line number	Diff line number	Diff line change
`@@ -1323,7 +1323,7 @@ private PrivateKey loadPkey(Session session, long oHandle)`
`1323`	`1323`	`RSAKeyFactory.checkKeyLengths(keyLength, null,`
`1324`	`1324`	`-1, Integer.MAX_VALUE);`
`1325`	`1325`	`} catch (InvalidKeyException e) {`
`1326`		`- throw new KeyStoreException(e.getMessage());`
	`1326`	`+ throw new KeyStoreException(e.getMessage(), e);`
`1327`	`1327`	`}`
`1328`	`1328`
`1329`	`1329`	`return P11Key.privateKey(session,`