Merge branch 'master' into backport-krk-98f40e45-master

krk · krk · commit 984b029df04f · 2025-11-19T16:13:25.000Z
diff --git a/src/hotspot/cpu/x86/stubGenerator_x86_64.hpp b/src/hotspot/cpu/x86/stubGenerator_x86_64.hpp
@@ -393,6 +393,8 @@ class StubGenerator: public StubCodeGenerator {
                                      XMMRegister xmm5, XMMRegister xmm6, XMMRegister xmm7, XMMRegister xmm8);
   void ghash_last_8_avx2(Register subkeyHtbl);
 
+  void check_key_offset(Register key, int offset, int load_size);
+
   // Load key and shuffle operation
   void ev_load_key(XMMRegister xmmdst, Register key, int offset, XMMRegister xmm_shuf_mask);
   void ev_load_key(XMMRegister xmmdst, Register key, int offset, Register rscratch);
diff --git a/src/hotspot/cpu/x86/stubGenerator_x86_64_aes.cpp b/src/hotspot/cpu/x86/stubGenerator_x86_64_aes.cpp
@@ -1759,25 +1759,43 @@ void StubGenerator::roundDeclast(XMMRegister xmm_reg) {
   __ vaesdeclast(xmm8, xmm8, xmm_reg, Assembler::AVX_512bit);
 }
 
+// Check incoming byte offset against the int[] len. key is the pointer to the int[0].
+// This check happens often, so it is important for it to be very compact.
+void StubGenerator::check_key_offset(Register key, int offset, int load_size) {
+#ifdef ASSERT
+  Address key_length(key, arrayOopDesc::length_offset_in_bytes() - arrayOopDesc::base_offset_in_bytes(T_INT));
+  assert((offset + load_size) % 4 == 0, "Alignment is good: %d + %d", offset, load_size);
+  int end_offset = (offset + load_size) / 4;
+  Label L_good;
+  __ cmpl(key_length, end_offset);
+  __ jccb(Assembler::greaterEqual, L_good);
+  __ hlt();
+  __ bind(L_good);
+#endif
+}
 
 // Utility routine for loading a 128-bit key word in little endian format
 void StubGenerator::load_key(XMMRegister xmmdst, Register key, int offset, XMMRegister xmm_shuf_mask) {
+  check_key_offset(key, offset, 16);
   __ movdqu(xmmdst, Address(key, offset));
   __ pshufb(xmmdst, xmm_shuf_mask);
 }
 
 void StubGenerator::load_key(XMMRegister xmmdst, Register key, int offset, Register rscratch) {
+  check_key_offset(key, offset, 16);
   __ movdqu(xmmdst, Address(key, offset));
   __ pshufb(xmmdst, ExternalAddress(key_shuffle_mask_addr()), rscratch);
 }
 
 void StubGenerator::ev_load_key(XMMRegister xmmdst, Register key, int offset, XMMRegister xmm_shuf_mask) {
+  check_key_offset(key, offset, 16);
   __ movdqu(xmmdst, Address(key, offset));
   __ pshufb(xmmdst, xmm_shuf_mask);
   __ evshufi64x2(xmmdst, xmmdst, xmmdst, 0x0, Assembler::AVX_512bit);
 }
 
 void StubGenerator::ev_load_key(XMMRegister xmmdst, Register key, int offset, Register rscratch) {
+  check_key_offset(key, offset, 16);
   __ movdqu(xmmdst, Address(key, offset));
   __ pshufb(xmmdst, ExternalAddress(key_shuffle_mask_addr()), rscratch);
   __ evshufi64x2(xmmdst, xmmdst, xmmdst, 0x0, Assembler::AVX_512bit);
@@ -3205,12 +3223,12 @@ void StubGenerator::ghash16_encrypt_parallel16_avx512(Register in, Register out,
 
   //AES round 9
   roundEncode(AESKEY2, B00_03, B04_07, B08_11, B12_15);
-  ev_load_key(AESKEY2, key, 11 * 16, rbx);
   //AES rounds up to 11 (AES192) or 13 (AES256)
   //AES128 is done
   __ cmpl(NROUNDS, 52);
   __ jcc(Assembler::less, last_aes_rnd);
   __ bind(aes_192);
+  ev_load_key(AESKEY2, key, 11 * 16, rbx);
   roundEncode(AESKEY1, B00_03, B04_07, B08_11, B12_15);
   ev_load_key(AESKEY1, key, 12 * 16, rbx);
   roundEncode(AESKEY2, B00_03, B04_07, B08_11, B12_15);
diff --git a/src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/SigningIdentityBuilder.java b/src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/SigningIdentityBuilder.java
@@ -113,14 +113,16 @@ private SigningIdentity validatedSigningIdentity() throws ConfigException {
 
         final var signingIdentityNames = certificateSelector.signingIdentities();
 
+        // Look up for the exact match.
         var matchingCertificates = mappedCertficates.stream().filter(e -> {
             return signingIdentityNames.contains(e.getKey());
         }).map(Map.Entry::getValue).toList();
 
         if (matchingCertificates.isEmpty()) {
+            // No exact matches found, look up for substrings.
             matchingCertificates = mappedCertficates.stream().filter(e -> {
                 return signingIdentityNames.stream().anyMatch(filter -> {
-                    return filter.startsWith(e.getKey());
+                    return e.getKey().startsWith(filter);
                 });
             }).map(Map.Entry::getValue).toList();
         }
diff --git a/test/jdk/tools/jpackage/macosx/MacSignTest.java b/test/jdk/tools/jpackage/macosx/MacSignTest.java
@@ -160,6 +160,7 @@ public static void testMultipleCertificates(PackageType type, SignOption... opti
 
     @Test
     @ParameterSupplier
+    @ParameterSupplier("testSelectSigningIdentity_JDK_8371094")
     public static void testSelectSigningIdentity(String signingKeyUserName, CertificateRequest certRequest) {
 
         final var keychain = SigningBase.StandardKeychain.MAIN.spec().keychain();
@@ -187,6 +188,12 @@ public static Collection<Object[]> testSelectSigningIdentity() {
         }).toList();
     }
 
+    public static Collection<Object[]> testSelectSigningIdentity_JDK_8371094() {
+        return List.<Object[]>of(new Object[] {
+                "ACME Technologies Limited", SigningBase.StandardCertificateRequest.CODESIGN_ACME_TECH_LTD.spec()
+        });
+    }
+
     enum SignOption {
         EXPIRED_SIGNING_KEY_USER_NAME("--mac-signing-key-user-name", SigningBase.StandardCertificateRequest.CODESIGN_EXPIRED.spec(), true, false),
         EXPIRED_SIGNING_KEY_USER_NAME_PKG("--mac-signing-key-user-name", SigningBase.StandardCertificateRequest.PKG_EXPIRED.spec(), true, false),
diff --git a/test/jdk/tools/jpackage/macosx/base/SigningBase.java b/test/jdk/tools/jpackage/macosx/base/SigningBase.java
@@ -68,6 +68,7 @@ public class SigningBase {
     public enum StandardCertificateRequest {
         CODESIGN(cert().userName(DEV_NAMES[CertIndex.ASCII_INDEX.value()])),
         CODESIGN_COPY(cert().days(100).userName(DEV_NAMES[CertIndex.ASCII_INDEX.value()])),
+        CODESIGN_ACME_TECH_LTD(cert().days(100).userName("ACME Technologies Limited (ABC12345)")),
         PKG(cert().type(CertificateType.INSTALLER).userName(DEV_NAMES[CertIndex.ASCII_INDEX.value()])),
         PKG_COPY(cert().type(CertificateType.INSTALLER).days(100).userName(DEV_NAMES[CertIndex.ASCII_INDEX.value()])),
         CODESIGN_UNICODE(cert().userName(DEV_NAMES[CertIndex.UNICODE_INDEX.value()])),
@@ -95,7 +96,8 @@ public enum StandardKeychain {
                 StandardCertificateRequest.CODESIGN,
                 StandardCertificateRequest.PKG,
                 StandardCertificateRequest.CODESIGN_UNICODE,
-                StandardCertificateRequest.PKG_UNICODE),
+                StandardCertificateRequest.PKG_UNICODE,
+                StandardCertificateRequest.CODESIGN_ACME_TECH_LTD),
         EXPIRED("jpackagerTest-expired.keychain",
                 StandardCertificateRequest.CODESIGN,
                 StandardCertificateRequest.PKG,
