1.1 --- a/src/share/classes/com/sun/net/ssl/HttpsURLConnection.java Mon Nov 14 18:15:37 2011 -0800
1.2 +++ b/src/share/classes/com/sun/net/ssl/HttpsURLConnection.java Mon Nov 14 18:18:22 2011 -0800
1.3 @@ -1,5 +1,5 @@
1.4 /*
1.5 - * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
1.6 + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
1.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
1.8 *
1.9 * This code is free software; you can redistribute it and/or modify it
1.10 @@ -179,6 +179,12 @@
1.11 throw new IllegalArgumentException(
1.12 "no SSLSocketFactory specified");
1.13 }
1.14 +
1.15 + SecurityManager sm = System.getSecurityManager();
1.16 + if (sm != null) {
1.17 + sm.checkSetFactory();
1.18 + }
1.19 +
1.20 sslSocketFactory = sf;
1.21 }
1.22
2.1 --- a/src/share/classes/java/awt/AWTKeyStroke.java Mon Nov 14 18:15:37 2011 -0800
2.2 +++ b/src/share/classes/java/awt/AWTKeyStroke.java Mon Nov 14 18:18:22 2011 -0800
2.3 @@ -1,5 +1,5 @@
2.4 /*
2.5 - * Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
2.6 + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
2.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
2.8 *
2.9 * This code is free software; you can redistribute it and/or modify it
2.10 @@ -25,6 +25,7 @@
2.11 package java.awt;
2.12
2.13 import java.awt.event.KeyEvent;
2.14 +import sun.awt.AppContext;
2.15 import java.awt.event.InputEvent;
2.16 import java.util.Collections;
2.17 import java.util.HashMap;
2.18 @@ -66,9 +67,6 @@
2.19 public class AWTKeyStroke implements Serializable {
2.20 static final long serialVersionUID = -6430539691155161871L;
2.21
2.22 - private static Map cache;
2.23 - private static AWTKeyStroke cacheKey;
2.24 - private static Constructor ctor = getCtor(AWTKeyStroke.class);
2.25 private static Map modifierKeywords;
2.26 /**
2.27 * Associates VK_XXX (as a String) with code (as Integer). This is
2.28 @@ -77,6 +75,25 @@
2.29 */
2.30 private static VKCollection vks;
2.31
2.32 + //A key for the collection of AWTKeyStrokes within AppContext.
2.33 + private static Object APP_CONTEXT_CACHE_KEY = new Object();
2.34 + //A key withing the cache
2.35 + private static AWTKeyStroke APP_CONTEXT_KEYSTROKE_KEY = new AWTKeyStroke();
2.36 +
2.37 + /*
2.38 + * Reads keystroke class from AppContext and if null, puts there the
2.39 + * AWTKeyStroke class.
2.40 + * Must be called under locked AWTKeyStro
2.41 + */
2.42 + private static Class getAWTKeyStrokeClass() {
2.43 + Class clazz = (Class)AppContext.getAppContext().get(AWTKeyStroke.class);
2.44 + if (clazz == null) {
2.45 + clazz = AWTKeyStroke.class;
2.46 + AppContext.getAppContext().put(AWTKeyStroke.class, AWTKeyStroke.class);
2.47 + }
2.48 + return clazz;
2.49 + }
2.50 +
2.51 private char keyChar = KeyEvent.CHAR_UNDEFINED;
2.52 private int keyCode = KeyEvent.VK_UNDEFINED;
2.53 private int modifiers;
2.54 @@ -164,9 +181,12 @@
2.55 if (subclass == null) {
2.56 throw new IllegalArgumentException("subclass cannot be null");
2.57 }
2.58 - if (AWTKeyStroke.ctor.getDeclaringClass().equals(subclass)) {
2.59 - // Already registered
2.60 - return;
2.61 + synchronized (AWTKeyStroke.class) {
2.62 + Class keyStrokeClass = (Class)AppContext.getAppContext().get(AWTKeyStroke.class);
2.63 + if (keyStrokeClass != null && keyStrokeClass.equals(subclass)){
2.64 + // Already registered
2.65 + return;
2.66 + }
2.67 }
2.68 if (!AWTKeyStroke.class.isAssignableFrom(subclass)) {
2.69 throw new ClassCastException("subclass is not derived from AWTKeyStroke");
2.70 @@ -197,9 +217,9 @@
2.71 }
2.72
2.73 synchronized (AWTKeyStroke.class) {
2.74 - AWTKeyStroke.ctor = ctor;
2.75 - cache = null;
2.76 - cacheKey = null;
2.77 + AppContext.getAppContext().put(AWTKeyStroke.class, subclass);
2.78 + AppContext.getAppContext().remove(APP_CONTEXT_CACHE_KEY);
2.79 + AppContext.getAppContext().remove(APP_CONTEXT_KEYSTROKE_KEY);
2.80 }
2.81 }
2.82
2.83 @@ -229,13 +249,19 @@
2.84 private static synchronized AWTKeyStroke getCachedStroke
2.85 (char keyChar, int keyCode, int modifiers, boolean onKeyRelease)
2.86 {
2.87 + Map cache = (Map)AppContext.getAppContext().get(APP_CONTEXT_CACHE_KEY);
2.88 + AWTKeyStroke cacheKey = (AWTKeyStroke)AppContext.getAppContext().get(APP_CONTEXT_KEYSTROKE_KEY);
2.89 +
2.90 if (cache == null) {
2.91 cache = new HashMap();
2.92 + AppContext.getAppContext().put(APP_CONTEXT_CACHE_KEY, cache);
2.93 }
2.94
2.95 if (cacheKey == null) {
2.96 try {
2.97 - cacheKey = (AWTKeyStroke)ctor.newInstance((Object[]) null);
2.98 + Class clazz = getAWTKeyStrokeClass();
2.99 + cacheKey = (AWTKeyStroke)getCtor(clazz).newInstance((Object[]) null);
2.100 + AppContext.getAppContext().put(APP_CONTEXT_KEYSTROKE_KEY, cacheKey);
2.101 } catch (InstantiationException e) {
2.102 assert(false);
2.103 } catch (IllegalAccessException e) {
2.104 @@ -253,9 +279,8 @@
2.105 if (stroke == null) {
2.106 stroke = cacheKey;
2.107 cache.put(stroke, stroke);
2.108 - cacheKey = null;
2.109 + AppContext.getAppContext().remove(APP_CONTEXT_KEYSTROKE_KEY);
2.110 }
2.111 -
2.112 return stroke;
2.113 }
2.114
3.1 --- a/src/share/classes/java/io/InputStream.java Mon Nov 14 18:15:37 2011 -0800
3.2 +++ b/src/share/classes/java/io/InputStream.java Mon Nov 14 18:18:22 2011 -0800
3.3 @@ -44,10 +44,9 @@
3.4 */
3.5 public abstract class InputStream implements Closeable {
3.6
3.7 - // SKIP_BUFFER_SIZE is used to determine the size of skipBuffer
3.8 - private static final int SKIP_BUFFER_SIZE = 2048;
3.9 - // skipBuffer is initialized in skip(long), if needed.
3.10 - private static byte[] skipBuffer;
3.11 + // MAX_SKIP_BUFFER_SIZE is used to determine the maximum buffer size to
3.12 + // use when skipping.
3.13 + private static final int MAX_SKIP_BUFFER_SIZE = 2048;
3.14
3.15 /**
3.16 * Reads the next byte of data from the input stream. The value byte is
3.17 @@ -212,18 +211,15 @@
3.18
3.19 long remaining = n;
3.20 int nr;
3.21 - if (skipBuffer == null)
3.22 - skipBuffer = new byte[SKIP_BUFFER_SIZE];
3.23 -
3.24 - byte[] localSkipBuffer = skipBuffer;
3.25
3.26 if (n <= 0) {
3.27 return 0;
3.28 }
3.29
3.30 + int size = (int)Math.min(MAX_SKIP_BUFFER_SIZE, remaining);
3.31 + byte[] skipBuffer = new byte[size];
3.32 while (remaining > 0) {
3.33 - nr = read(localSkipBuffer, 0,
3.34 - (int) Math.min(SKIP_BUFFER_SIZE, remaining));
3.35 + nr = read(skipBuffer, 0, (int)Math.min(size, remaining));
3.36 if (nr < 0) {
3.37 break;
3.38 }
4.1 --- a/src/share/classes/javax/net/ssl/HttpsURLConnection.java Mon Nov 14 18:15:37 2011 -0800
4.2 +++ b/src/share/classes/javax/net/ssl/HttpsURLConnection.java Mon Nov 14 18:18:22 2011 -0800
4.3 @@ -1,5 +1,5 @@
4.4 /*
4.5 - * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
4.6 + * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
4.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4.8 *
4.9 * This code is free software; you can redistribute it and/or modify it
4.10 @@ -347,6 +347,9 @@
4.11 * @param sf the SSL socket factory
4.12 * @throws IllegalArgumentException if the <code>SSLSocketFactory</code>
4.13 * parameter is null.
4.14 + * @throws SecurityException if a security manager exists and its
4.15 + * <code>checkSetFactory</code> method does not allow
4.16 + * a socket factory to be specified.
4.17 * @see #getSSLSocketFactory()
4.18 */
4.19 public void setSSLSocketFactory(SSLSocketFactory sf) {
4.20 @@ -355,6 +358,10 @@
4.21 "no SSLSocketFactory specified");
4.22 }
4.23
4.24 + SecurityManager sm = System.getSecurityManager();
4.25 + if (sm != null) {
4.26 + sm.checkSetFactory();
4.27 + }
4.28 sslSocketFactory = sf;
4.29 }
4.30
5.1 --- a/src/share/classes/javax/net/ssl/SSLEngine.java Mon Nov 14 18:15:37 2011 -0800
5.2 +++ b/src/share/classes/javax/net/ssl/SSLEngine.java Mon Nov 14 18:18:22 2011 -0800
5.3 @@ -1,5 +1,5 @@
5.4 /*
5.5 - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
5.6 + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
5.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5.8 *
5.9 * This code is free software; you can redistribute it and/or modify it
5.10 @@ -538,7 +538,7 @@
5.11 * If this <code>SSLEngine</code> has not yet started its initial
5.12 * handshake, this method will automatically start the handshake.
5.13 * <P>
5.14 - * This method will attempt to produce one SSL/TLS packet, and will
5.15 + * This method will attempt to produce SSL/TLS records, and will
5.16 * consume as much source data as possible, but will never consume
5.17 * more than the sum of the bytes remaining in each buffer. Each
5.18 * <code>ByteBuffer</code>'s position is updated to reflect the
6.1 --- a/src/share/classes/sun/net/ResourceManager.java Mon Nov 14 18:15:37 2011 -0800
6.2 +++ b/src/share/classes/sun/net/ResourceManager.java Mon Nov 14 18:18:22 2011 -0800
6.3 @@ -41,13 +41,14 @@
6.4
6.5 /* default maximum number of udp sockets per VM
6.6 * when a security manager is enabled.
6.7 - * The default is 1024 which is high enough to be useful
6.8 + * The default is 25 which is high enough to be useful
6.9 * but low enough to be well below the maximum number
6.10 - * of port numbers actually available on all OSes for
6.11 - * such sockets (5000 on some versions of windows)
6.12 + * of port numbers actually available on all OSes
6.13 + * when multiplied by the maximum feasible number of VM processes
6.14 + * that could practically be spawned.
6.15 */
6.16
6.17 - private static final int DEFAULT_MAX_SOCKETS = 1024;
6.18 + private static final int DEFAULT_MAX_SOCKETS = 25;
6.19 private static final int maxSockets;
6.20 private static final AtomicInteger numSockets;
6.21
7.1 --- a/src/share/classes/sun/rmi/registry/RegistryImpl.java Mon Nov 14 18:15:37 2011 -0800
7.2 +++ b/src/share/classes/sun/rmi/registry/RegistryImpl.java Mon Nov 14 18:18:22 2011 -0800
7.3 @@ -38,13 +38,23 @@
7.4 import java.rmi.registry.Registry;
7.5 import java.rmi.server.RMIClientSocketFactory;
7.6 import java.rmi.server.RMIServerSocketFactory;
7.7 +import java.security.AccessControlContext;
7.8 +import java.security.AccessController;
7.9 +import java.security.CodeSource;
7.10 +import java.security.Policy;
7.11 import java.security.PrivilegedActionException;
7.12 +import java.security.PrivilegedExceptionAction;
7.13 +import java.security.PermissionCollection;
7.14 +import java.security.Permissions;
7.15 +import java.security.ProtectionDomain;
7.16 import java.text.MessageFormat;
7.17 +import sun.rmi.server.LoaderHandler;
7.18 import sun.rmi.server.UnicastServerRef;
7.19 import sun.rmi.server.UnicastServerRef2;
7.20 import sun.rmi.transport.LiveRef;
7.21 import sun.rmi.transport.ObjectTable;
7.22 import sun.rmi.transport.Target;
7.23 +import sun.security.action.GetPropertyAction;
7.24
7.25 /**
7.26 * A "registry" exists on every node that allows RMI connections to
7.27 @@ -325,6 +335,19 @@
7.28 URL[] urls = sun.misc.URLClassPath.pathToURLs(envcp);
7.29 ClassLoader cl = new URLClassLoader(urls);
7.30
7.31 + String codebaseProperty = null;
7.32 + String prop = java.security.AccessController.doPrivileged(
7.33 + new GetPropertyAction("java.rmi.server.codebase"));
7.34 + if (prop != null && prop.trim().length() > 0) {
7.35 + codebaseProperty = prop;
7.36 + }
7.37 + URL[] codebaseURLs = null;
7.38 + if (codebaseProperty != null) {
7.39 + codebaseURLs = sun.misc.URLClassPath.pathToURLs(codebaseProperty);
7.40 + } else {
7.41 + codebaseURLs = new URL[0];
7.42 + }
7.43 +
7.44 /*
7.45 * Fix bugid 4242317: Classes defined by this class loader should
7.46 * be annotated with the value of the "java.rmi.server.codebase"
7.47 @@ -334,11 +357,19 @@
7.48
7.49 Thread.currentThread().setContextClassLoader(cl);
7.50
7.51 - int regPort = Registry.REGISTRY_PORT;
7.52 - if (args.length >= 1) {
7.53 - regPort = Integer.parseInt(args[0]);
7.54 + final int regPort = (args.length >= 1) ? Integer.parseInt(args[0])
7.55 + : Registry.REGISTRY_PORT;
7.56 + try {
7.57 + registry = AccessController.doPrivileged(
7.58 + new PrivilegedExceptionAction<RegistryImpl>() {
7.59 + public RegistryImpl run() throws RemoteException {
7.60 + return new RegistryImpl(regPort);
7.61 + }
7.62 + }, getAccessControlContext(codebaseURLs));
7.63 + } catch (PrivilegedActionException ex) {
7.64 + throw (RemoteException) ex.getException();
7.65 }
7.66 - registry = new RegistryImpl(regPort);
7.67 +
7.68 // prevent registry from exiting
7.69 while (true) {
7.70 try {
7.71 @@ -358,4 +389,48 @@
7.72 }
7.73 System.exit(1);
7.74 }
7.75 +
7.76 + /**
7.77 + * Generates an AccessControlContext from several URLs.
7.78 + * The approach used here is taken from the similar method
7.79 + * getAccessControlContext() in the sun.applet.AppletPanel class.
7.80 + */
7.81 + private static AccessControlContext getAccessControlContext(URL[] urls) {
7.82 + // begin with permissions granted to all code in current policy
7.83 + PermissionCollection perms = AccessController.doPrivileged(
7.84 + new java.security.PrivilegedAction<PermissionCollection>() {
7.85 + public PermissionCollection run() {
7.86 + CodeSource codesource = new CodeSource(null,
7.87 + (java.security.cert.Certificate[]) null);
7.88 + Policy p = java.security.Policy.getPolicy();
7.89 + if (p != null) {
7.90 + return p.getPermissions(codesource);
7.91 + } else {
7.92 + return new Permissions();
7.93 + }
7.94 + }
7.95 + });
7.96 +
7.97 + /*
7.98 + * Anyone can connect to the registry and the registry can connect
7.99 + * to and possibly download stubs from anywhere. Downloaded stubs and
7.100 + * related classes themselves are more tightly limited by RMI.
7.101 + */
7.102 + perms.add(new SocketPermission("*", "connect,accept"));
7.103 +
7.104 + perms.add(new RuntimePermission("accessClassInPackage.sun.*"));
7.105 +
7.106 + // add permissions required to load from codebase URL path
7.107 + LoaderHandler.addPermissionsForURLs(urls, perms, false);
7.108 +
7.109 + /*
7.110 + * Create an AccessControlContext that consists of a single
7.111 + * protection domain with only the permissions calculated above.
7.112 + */
7.113 + ProtectionDomain pd = new ProtectionDomain(
7.114 + new CodeSource((urls.length > 0 ? urls[0] : null),
7.115 + (java.security.cert.Certificate[]) null),
7.116 + perms);
7.117 + return new AccessControlContext(new ProtectionDomain[] { pd });
7.118 + }
7.119 }
8.1 --- a/src/share/classes/sun/rmi/server/LoaderHandler.java Mon Nov 14 18:15:37 2011 -0800
8.2 +++ b/src/share/classes/sun/rmi/server/LoaderHandler.java Mon Nov 14 18:18:22 2011 -0800
8.3 @@ -1031,9 +1031,9 @@
8.4 * loader. A given permission is only added to the collection if
8.5 * it is not already implied by the collection.
8.6 */
8.7 - private static void addPermissionsForURLs(URL[] urls,
8.8 - PermissionCollection perms,
8.9 - boolean forLoader)
8.10 + public static void addPermissionsForURLs(URL[] urls,
8.11 + PermissionCollection perms,
8.12 + boolean forLoader)
8.13 {
8.14 for (int i = 0; i < urls.length; i++) {
8.15 URL url = urls[i];
9.1 --- a/src/share/classes/sun/rmi/server/UnicastServerRef.java Mon Nov 14 18:15:37 2011 -0800
9.2 +++ b/src/share/classes/sun/rmi/server/UnicastServerRef.java Mon Nov 14 18:18:22 2011 -0800
9.3 @@ -390,6 +390,12 @@
9.4 ObjectInput in;
9.5 try {
9.6 in = call.getInputStream();
9.7 + try {
9.8 + Class<?> clazz = Class.forName("sun.rmi.transport.DGCImpl_Skel");
9.9 + if (clazz.isAssignableFrom(skel.getClass())) {
9.10 + ((MarshalInputStream)in).useCodebaseOnly();
9.11 + }
9.12 + } catch (ClassNotFoundException ignore) { }
9.13 hash = in.readLong();
9.14 } catch (Exception readEx) {
9.15 throw new UnmarshalException("error unmarshalling call header",
10.1 --- a/src/share/classes/sun/security/ssl/AppOutputStream.java Mon Nov 14 18:15:37 2011 -0800
10.2 +++ b/src/share/classes/sun/security/ssl/AppOutputStream.java Mon Nov 14 18:18:22 2011 -0800
10.3 @@ -1,5 +1,5 @@
10.4 /*
10.5 - * Copyright (c) 1996, 2009, Oracle and/or its affiliates. All rights reserved.
10.6 + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
10.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
10.8 *
10.9 * This code is free software; you can redistribute it and/or modify it
10.10 @@ -69,12 +69,38 @@
10.11 // check if the Socket is invalid (error or closed)
10.12 c.checkWrite();
10.13
10.14 + /*
10.15 + * By default, we counter chosen plaintext issues on CBC mode
10.16 + * ciphersuites in SSLv3/TLS1.0 by sending one byte of application
10.17 + * data in the first record of every payload, and the rest in
10.18 + * subsequent record(s). Note that the issues have been solved in
10.19 + * TLS 1.1 or later.
10.20 + *
10.21 + * It is not necessary to split the very first application record of
10.22 + * a freshly negotiated TLS session, as there is no previous
10.23 + * application data to guess. To improve compatibility, we will not
10.24 + * split such records.
10.25 + *
10.26 + * This avoids issues in the outbound direction. For a full fix,
10.27 + * the peer must have similar protections.
10.28 + */
10.29 + boolean isFirstRecordOfThePayload = true;
10.30 +
10.31 // Always flush at the end of each application level record.
10.32 // This lets application synchronize read and write streams
10.33 // however they like; if we buffered here, they couldn't.
10.34 try {
10.35 do {
10.36 - int howmuch = Math.min(len, r.availableDataBytes());
10.37 + int howmuch;
10.38 + if (isFirstRecordOfThePayload && c.needToSplitPayload()) {
10.39 + howmuch = Math.min(0x01, r.availableDataBytes());
10.40 + } else {
10.41 + howmuch = Math.min(len, r.availableDataBytes());
10.42 + }
10.43 +
10.44 + if (isFirstRecordOfThePayload && howmuch != 0) {
10.45 + isFirstRecordOfThePayload = false;
10.46 + }
10.47
10.48 // NOTE: *must* call c.writeRecord() even for howmuch == 0
10.49 if (howmuch > 0) {
11.1 --- a/src/share/classes/sun/security/ssl/CipherBox.java Mon Nov 14 18:15:37 2011 -0800
11.2 +++ b/src/share/classes/sun/security/ssl/CipherBox.java Mon Nov 14 18:18:22 2011 -0800
11.3 @@ -113,6 +113,11 @@
11.4 private SecureRandom random;
11.5
11.6 /**
11.7 + * Is the cipher of CBC mode?
11.8 + */
11.9 + private final boolean isCBCMode;
11.10 +
11.11 + /**
11.12 * Fixed masks of various block size, as the initial decryption IVs
11.13 * for TLS 1.1 or later.
11.14 *
11.15 @@ -128,6 +133,7 @@
11.16 private CipherBox() {
11.17 this.protocolVersion = ProtocolVersion.DEFAULT;
11.18 this.cipher = null;
11.19 + this.isCBCMode = false;
11.20 }
11.21
11.22 /**
11.23 @@ -148,6 +154,7 @@
11.24 random = JsseJce.getSecureRandom();
11.25 }
11.26 this.random = random;
11.27 + this.isCBCMode = bulkCipher.isCBCMode;
11.28
11.29 /*
11.30 * RFC 4346 recommends two algorithms used to generated the
11.31 @@ -694,4 +701,12 @@
11.32 }
11.33 }
11.34
11.35 + /*
11.36 + * Does the cipher use CBC mode?
11.37 + *
11.38 + * @return true if the cipher use CBC mode, false otherwise.
11.39 + */
11.40 + boolean isCBCMode() {
11.41 + return isCBCMode;
11.42 + }
11.43 }
12.1 --- a/src/share/classes/sun/security/ssl/CipherSuite.java Mon Nov 14 18:15:37 2011 -0800
12.2 +++ b/src/share/classes/sun/security/ssl/CipherSuite.java Mon Nov 14 18:18:22 2011 -0800
12.3 @@ -420,10 +420,16 @@
12.4 // exportable under 512/40 bit rules
12.5 final boolean exportable;
12.6
12.7 + // Is the cipher algorithm of Cipher Block Chaining (CBC) mode?
12.8 + final boolean isCBCMode;
12.9 +
12.10 BulkCipher(String transformation, int keySize,
12.11 int expandedKeySize, int ivSize, boolean allowed) {
12.12 this.transformation = transformation;
12.13 - this.algorithm = transformation.split("/")[0];
12.14 + String[] splits = transformation.split("/");
12.15 + this.algorithm = splits[0];
12.16 + this.isCBCMode =
12.17 + splits.length <= 1 ? false : "CBC".equalsIgnoreCase(splits[1]);
12.18 this.description = this.algorithm + "/" + (keySize << 3);
12.19 this.keySize = keySize;
12.20 this.ivSize = ivSize;
12.21 @@ -436,7 +442,10 @@
12.22 BulkCipher(String transformation, int keySize,
12.23 int ivSize, boolean allowed) {
12.24 this.transformation = transformation;
12.25 - this.algorithm = transformation.split("/")[0];
12.26 + String[] splits = transformation.split("/");
12.27 + this.algorithm = splits[0];
12.28 + this.isCBCMode =
12.29 + splits.length <= 1 ? false : "CBC".equalsIgnoreCase(splits[1]);
12.30 this.description = this.algorithm + "/" + (keySize << 3);
12.31 this.keySize = keySize;
12.32 this.ivSize = ivSize;
13.1 --- a/src/share/classes/sun/security/ssl/EngineOutputRecord.java Mon Nov 14 18:15:37 2011 -0800
13.2 +++ b/src/share/classes/sun/security/ssl/EngineOutputRecord.java Mon Nov 14 18:18:22 2011 -0800
13.3 @@ -1,5 +1,5 @@
13.4 /*
13.5 - * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
13.6 + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
13.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
13.8 *
13.9 * This code is free software; you can redistribute it and/or modify it
13.10 @@ -46,6 +46,7 @@
13.11 */
13.12 final class EngineOutputRecord extends OutputRecord {
13.13
13.14 + private SSLEngineImpl engine;
13.15 private EngineWriter writer;
13.16
13.17 private boolean finishedMsg = false;
13.18 @@ -62,6 +63,7 @@
13.19 */
13.20 EngineOutputRecord(byte type, SSLEngineImpl engine) {
13.21 super(type, recordSize(type));
13.22 + this.engine = engine;
13.23 writer = engine.writer;
13.24 }
13.25
13.26 @@ -227,12 +229,51 @@
13.27 * implementations are fragile and don't like to see empty
13.28 * records, so this increases robustness.
13.29 */
13.30 - int length = Math.min(ea.getAppRemaining(), maxDataSize);
13.31 - if (length == 0) {
13.32 + if (ea.getAppRemaining() == 0) {
13.33 return;
13.34 }
13.35
13.36 /*
13.37 + * By default, we counter chosen plaintext issues on CBC mode
13.38 + * ciphersuites in SSLv3/TLS1.0 by sending one byte of application
13.39 + * data in the first record of every payload, and the rest in
13.40 + * subsequent record(s). Note that the issues have been solved in
13.41 + * TLS 1.1 or later.
13.42 + *
13.43 + * It is not necessary to split the very first application record of
13.44 + * a freshly negotiated TLS session, as there is no previous
13.45 + * application data to guess. To improve compatibility, we will not
13.46 + * split such records.
13.47 + *
13.48 + * Because of the compatibility, we'd better produce no more than
13.49 + * SSLSession.getPacketBufferSize() net data for each wrap. As we
13.50 + * need a one-byte record at first, the 2nd record size should be
13.51 + * equal to or less than Record.maxDataSizeMinusOneByteRecord.
13.52 + *
13.53 + * This avoids issues in the outbound direction. For a full fix,
13.54 + * the peer must have similar protections.
13.55 + */
13.56 + int length;
13.57 + if (engine.needToSplitPayload(writeCipher, protocolVersion)) {
13.58 + write(ea, writeMAC, writeCipher, 0x01);
13.59 + ea.resetLim(); // reset application data buffer limit
13.60 + length = Math.min(ea.getAppRemaining(),
13.61 + maxDataSizeMinusOneByteRecord);
13.62 + } else {
13.63 + length = Math.min(ea.getAppRemaining(), maxDataSize);
13.64 + }
13.65 +
13.66 + // Don't bother to really write empty records.
13.67 + if (length > 0) {
13.68 + write(ea, writeMAC, writeCipher, length);
13.69 + }
13.70 +
13.71 + return;
13.72 + }
13.73 +
13.74 + void write(EngineArgs ea, MAC writeMAC, CipherBox writeCipher,
13.75 + int length) throws IOException {
13.76 + /*
13.77 * Copy out existing buffer values.
13.78 */
13.79 ByteBuffer dstBB = ea.netData;
14.1 --- a/src/share/classes/sun/security/ssl/Record.java Mon Nov 14 18:15:37 2011 -0800
14.2 +++ b/src/share/classes/sun/security/ssl/Record.java Mon Nov 14 18:18:22 2011 -0800
14.3 @@ -1,5 +1,5 @@
14.4 /*
14.5 - * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
14.6 + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
14.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
14.8 *
14.9 * This code is free software; you can redistribute it and/or modify it
14.10 @@ -67,6 +67,23 @@
14.11 + maxPadding // padding
14.12 + trailerSize; // MAC
14.13
14.14 + static final boolean enableCBCProtection =
14.15 + Debug.getBooleanProperty("jsse.enableCBCProtection", true);
14.16 +
14.17 + /*
14.18 + * For CBC protection in SSL3/TLS1, we break some plaintext into two
14.19 + * packets. Max application data size for the second packet.
14.20 + */
14.21 + static final int maxDataSizeMinusOneByteRecord =
14.22 + maxDataSize // max data size
14.23 + - ( // max one byte record size
14.24 + headerSize // header
14.25 + + maxIVLength // iv
14.26 + + 1 // one byte data
14.27 + + maxPadding // padding
14.28 + + trailerSize // MAC
14.29 + );
14.30 +
14.31 /*
14.32 * The maximum large record size.
14.33 *
15.1 --- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java Mon Nov 14 18:15:37 2011 -0800
15.2 +++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java Mon Nov 14 18:18:22 2011 -0800
15.3 @@ -309,6 +309,11 @@
15.4 Object writeLock;
15.5
15.6 /*
15.7 + * Is it the first application record to write?
15.8 + */
15.9 + private boolean isFirstAppOutputRecord = true;
15.10 +
15.11 + /*
15.12 * Class and subclass dynamic debugging support
15.13 */
15.14 private static final Debug debug = Debug.getInstance("ssl");
15.15 @@ -612,6 +617,9 @@
15.16
15.17 // See comment above.
15.18 oldCipher.dispose();
15.19 +
15.20 + // reset the flag of the first application record
15.21 + isFirstAppOutputRecord = true;
15.22 }
15.23
15.24 /*
15.25 @@ -1286,10 +1294,36 @@
15.26 }
15.27 }
15.28
15.29 + /*
15.30 + * turn off the flag of the first application record if we really
15.31 + * consumed at least byte.
15.32 + */
15.33 + if (isFirstAppOutputRecord && ea.deltaApp() > 0) {
15.34 + isFirstAppOutputRecord = false;
15.35 + }
15.36 +
15.37 return hsStatus;
15.38 }
15.39
15.40 /*
15.41 + * Need to split the payload except the following cases:
15.42 + *
15.43 + * 1. protocol version is TLS 1.1 or later;
15.44 + * 2. bulk cipher does not use CBC mode, including null bulk cipher suites.
15.45 + * 3. the payload is the first application record of a freshly
15.46 + * negotiated TLS session.
15.47 + * 4. the CBC protection is disabled;
15.48 + *
15.49 + * More details, please refer to
15.50 + * EngineOutputRecord.write(EngineArgs, MAC, CipherBox).
15.51 + */
15.52 + boolean needToSplitPayload(CipherBox cipher, ProtocolVersion protocol) {
15.53 + return (protocol.v <= ProtocolVersion.TLS10.v) &&
15.54 + cipher.isCBCMode() && !isFirstAppOutputRecord &&
15.55 + Record.enableCBCProtection;
15.56 + }
15.57 +
15.58 + /*
15.59 * Non-application OutputRecords go through here.
15.60 */
15.61 void writeRecord(EngineOutputRecord eor) throws IOException {
16.1 --- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java Mon Nov 14 18:15:37 2011 -0800
16.2 +++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java Mon Nov 14 18:18:22 2011 -0800
16.3 @@ -369,6 +369,11 @@
16.4 /* Class and subclass dynamic debugging support */
16.5 private static final Debug debug = Debug.getInstance("ssl");
16.6
16.7 + /*
16.8 + * Is it the first application record to write?
16.9 + */
16.10 + private boolean isFirstAppOutputRecord = true;
16.11 +
16.12 //
16.13 // CONSTRUCTORS AND INITIALIZATION CODE
16.14 //
16.15 @@ -802,8 +807,35 @@
16.16 if (connectionState < cs_ERROR) {
16.17 checkSequenceNumber(writeMAC, r.contentType());
16.18 }
16.19 +
16.20 + // turn off the flag of the first application record
16.21 + if (isFirstAppOutputRecord &&
16.22 + r.contentType() == Record.ct_application_data) {
16.23 + isFirstAppOutputRecord = false;
16.24 + }
16.25 }
16.26
16.27 + /*
16.28 + * Need to split the payload except the following cases:
16.29 + *
16.30 + * 1. protocol version is TLS 1.1 or later;
16.31 + * 2. bulk cipher does not use CBC mode, including null bulk cipher suites.
16.32 + * 3. the payload is the first application record of a freshly
16.33 + * negotiated TLS session.
16.34 + * 4. the CBC protection is disabled;
16.35 + *
16.36 + * More details, please refer to AppOutputStream.write(byte[], int, int).
16.37 + */
16.38 + boolean needToSplitPayload() {
16.39 + writeLock.lock();
16.40 + try {
16.41 + return (protocolVersion.v <= ProtocolVersion.TLS10.v) &&
16.42 + writeCipher.isCBCMode() && !isFirstAppOutputRecord &&
16.43 + Record.enableCBCProtection;
16.44 + } finally {
16.45 + writeLock.unlock();
16.46 + }
16.47 + }
16.48
16.49 /*
16.50 * Read an application data record. Alerts and handshake
16.51 @@ -2030,6 +2062,9 @@
16.52
16.53 // See comment above.
16.54 oldCipher.dispose();
16.55 +
16.56 + // reset the flag of the first application record
16.57 + isFirstAppOutputRecord = true;
16.58 }
16.59
16.60 /*
17.1 --- a/src/share/native/com/sun/java/util/jar/pack/unpack.cpp Mon Nov 14 18:15:37 2011 -0800
17.2 +++ b/src/share/native/com/sun/java/util/jar/pack/unpack.cpp Mon Nov 14 18:18:22 2011 -0800
17.3 @@ -1112,11 +1112,14 @@
17.4 uint size3 = suffix * 3;
17.5 if (suffix == 0) continue; // done with empty string
17.6 chars.malloc(size3);
17.7 + CHECK;
17.8 byte* chp = chars.ptr;
17.9 band saved_band = cp_Utf8_big_chars;
17.10 cp_Utf8_big_chars.readData(suffix);
17.11 + CHECK;
17.12 for (int j = 0; j < suffix; j++) {
17.13 unsigned short ch = cp_Utf8_big_chars.getInt();
17.14 + CHECK;
17.15 chp = store_Utf8_char(chp, ch);
17.16 }
17.17 chars.realloc(chp - chars.ptr);
17.18 @@ -1134,10 +1137,12 @@
17.19 CHECK;
17.20 int prevlen = 0; // previous string length (in chars)
17.21 tmallocs.add(bigbuf.ptr); // free after this block
17.22 + CHECK;
17.23 cp_Utf8_prefix.rewind();
17.24 for (i = 0; i < len; i++) {
17.25 bytes& chars = allsuffixes[i];
17.26 int prefix = (i < PREFIX_SKIP_2)? 0: cp_Utf8_prefix.getInt();
17.27 + CHECK;
17.28 int suffix = (int)chars.len;
17.29 byte* fillp;
17.30 // by induction, the buffer is already filled with the prefix
18.1 --- a/src/share/native/com/sun/java/util/jar/pack/utils.cpp Mon Nov 14 18:15:37 2011 -0800
18.2 +++ b/src/share/native/com/sun/java/util/jar/pack/utils.cpp Mon Nov 14 18:18:22 2011 -0800
18.3 @@ -1,5 +1,5 @@
18.4 /*
18.5 - * Copyright (c) 2001, 2008, Oracle and/or its affiliates. All rights reserved.
18.6 + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
18.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
18.8 *
18.9 * This code is free software; you can redistribute it and/or modify it
18.10 @@ -52,7 +52,7 @@
18.11 if (msize >= 0 && msize < sizeof(int))
18.12 msize = sizeof(int); // see 0xbaadf00d below
18.13 #endif
18.14 - void* ptr = (msize > PSIZE_MAX) ? null : malloc(msize);
18.15 + void* ptr = (msize > PSIZE_MAX || msize <= 0) ? null : malloc(msize);
18.16 if (ptr != null) {
18.17 memset(ptr, 0, size);
18.18 } else {
19.1 --- a/src/share/native/com/sun/java/util/jar/pack/utils.h Mon Nov 14 18:15:37 2011 -0800
19.2 +++ b/src/share/native/com/sun/java/util/jar/pack/utils.h Mon Nov 14 18:18:22 2011 -0800
19.3 @@ -1,5 +1,5 @@
19.4 /*
19.5 - * Copyright (c) 2001, 2008, Oracle and/or its affiliates. All rights reserved.
19.6 + * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
19.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
19.8 *
19.9 * This code is free software; you can redistribute it and/or modify it
19.10 @@ -33,7 +33,7 @@
19.11 #endif
19.12
19.13 // overflow management
19.14 -#define OVERFLOW ((size_t)-1)
19.15 +#define OVERFLOW ((uint)-1)
19.16 #define PSIZE_MAX (OVERFLOW/2) /* normal size limit */
19.17
19.18 inline size_t scale_size(size_t size, size_t scale) {
20.1 --- a/src/share/native/sun/java2d/loops/TransformHelper.c Mon Nov 14 18:15:37 2011 -0800
20.2 +++ b/src/share/native/sun/java2d/loops/TransformHelper.c Mon Nov 14 18:18:22 2011 -0800
20.3 @@ -1,5 +1,5 @@
20.4 /*
20.5 - * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
20.6 + * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
20.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
20.8 *
20.9 * This code is free software; you can redistribute it and/or modify it
20.10 @@ -284,7 +284,7 @@
20.11 TransformHelperFunc *pHelperFunc;
20.12 TransformInterpFunc *pInterpFunc;
20.13 jdouble xorig, yorig;
20.14 - jint numedges;
20.15 + jlong numedges;
20.16 jint *pEdges;
20.17 jint edgebuf[2 + MAXEDGES * 2];
20.18 union {
20.19 @@ -379,19 +379,44 @@
20.20 }
20.21 Region_IntersectBounds(&clipInfo, &dstInfo.bounds);
20.22
20.23 - numedges = (dstInfo.bounds.y2 - dstInfo.bounds.y1);
20.24 - if (numedges > MAXEDGES) {
20.25 - pEdges = malloc((2 + 2 * numedges) * sizeof (*pEdges));
20.26 - if (pEdges == NULL) {
20.27 - SurfaceData_InvokeUnlock(env, dstOps, &dstInfo);
20.28 - SurfaceData_InvokeUnlock(env, srcOps, &srcInfo);
20.29 - /* edgeArray should already contain zeros for min/maxy */
20.30 - return;
20.31 - }
20.32 + numedges = (((jlong) dstInfo.bounds.y2) - ((jlong) dstInfo.bounds.y1));
20.33 + if (numedges <= 0) {
20.34 + pEdges = NULL;
20.35 + } else if (!JNU_IsNull(env, edgeArray)) {
20.36 + /*
20.37 + * Ideally Java should allocate an array large enough, but if
20.38 + * we ever have a miscommunication about the number of edge
20.39 + * lines, or if the Java array calculation should overflow to
20.40 + * a positive number and succeed in allocating an array that
20.41 + * is too small, we need to verify that it can still hold the
20.42 + * number of integers that we plan to store to be safe.
20.43 + */
20.44 + jsize edgesize = (*env)->GetArrayLength(env, edgeArray);
20.45 + /* (edgesize/2 - 1) should avoid any overflow or underflow. */
20.46 + pEdges = (((edgesize / 2) - 1) >= numedges)
20.47 + ? (*env)->GetPrimitiveArrayCritical(env, edgeArray, NULL)
20.48 + : NULL;
20.49 + } else if (numedges > MAXEDGES) {
20.50 + /* numedges variable (jlong) can be at most ((1<<32)-1) */
20.51 + /* memsize can overflow a jint, but not a jlong */
20.52 + jlong memsize = ((numedges * 2) + 2) * sizeof(*pEdges);
20.53 + pEdges = (memsize == ((size_t) memsize))
20.54 + ? malloc((size_t) memsize)
20.55 + : NULL;
20.56 } else {
20.57 pEdges = edgebuf;
20.58 }
20.59
20.60 + if (pEdges == NULL) {
20.61 + if (numedges > 0) {
20.62 + JNU_ThrowInternalError(env, "Unable to allocate edge list");
20.63 + }
20.64 + SurfaceData_InvokeUnlock(env, dstOps, &dstInfo);
20.65 + SurfaceData_InvokeUnlock(env, srcOps, &srcInfo);
20.66 + /* edgeArray should already contain zeros for min/maxy */
20.67 + return;
20.68 + }
20.69 +
20.70 Transform_GetInfo(env, itxform, &itxInfo);
20.71
20.72 if (!Region_IsEmpty(&clipInfo)) {
20.73 @@ -500,14 +525,14 @@
20.74 } else {
20.75 pEdges[0] = pEdges[1] = 0;
20.76 }
20.77 +
20.78 + if (!JNU_IsNull(env, edgeArray)) {
20.79 + (*env)->ReleasePrimitiveArrayCritical(env, edgeArray, pEdges, 0);
20.80 + } else if (pEdges != edgebuf) {
20.81 + free(pEdges);
20.82 + }
20.83 SurfaceData_InvokeUnlock(env, dstOps, &dstInfo);
20.84 SurfaceData_InvokeUnlock(env, srcOps, &srcInfo);
20.85 - if (!JNU_IsNull(env, edgeArray)) {
20.86 - (*env)->SetIntArrayRegion(env, edgeArray, 0, 2+numedges*2, pEdges);
20.87 - }
20.88 - if (pEdges != edgebuf) {
20.89 - free(pEdges);
20.90 - }
20.91 }
20.92
20.93 static void
21.1 --- a/src/windows/classes/java/lang/ProcessImpl.java Mon Nov 14 18:15:37 2011 -0800
21.2 +++ b/src/windows/classes/java/lang/ProcessImpl.java Mon Nov 14 18:18:22 2011 -0800
21.3 @@ -60,10 +60,11 @@
21.4 throws IOException
21.5 {
21.6 if (append) {
21.7 + String path = f.getPath();
21.8 SecurityManager sm = System.getSecurityManager();
21.9 if (sm != null)
21.10 - sm.checkWrite(f.getPath());
21.11 - long handle = openForAtomicAppend(f.getPath());
21.12 + sm.checkWrite(path);
21.13 + long handle = openForAtomicAppend(path);
21.14 final FileDescriptor fd = new FileDescriptor();
21.15 fdAccess.setHandle(fd, handle);
21.16 return AccessController.doPrivileged(
22.1 --- a/src/windows/native/sun/windows/awt_Window.cpp Mon Nov 14 18:15:37 2011 -0800
22.2 +++ b/src/windows/native/sun/windows/awt_Window.cpp Mon Nov 14 18:18:22 2011 -0800
22.3 @@ -355,7 +355,7 @@
22.4 RECT rect;
22.5 CalculateWarningWindowBounds(env, &rect);
22.6
22.7 - ::SetWindowPos(warningWindow, IsAlwaysOnTop() ? HWND_TOPMOST : GetHWnd(),
22.8 + ::SetWindowPos(warningWindow, IsAlwaysOnTop() ? HWND_TOPMOST : HWND_NOTOPMOST,
22.9 rect.left, rect.top,
22.10 rect.right - rect.left, rect.bottom - rect.top,
22.11 SWP_ASYNCWINDOWPOS | SWP_NOACTIVATE |
22.12 @@ -835,7 +835,7 @@
22.13
22.14 if (securityAnimationKind == akShow) {
22.15 ::SetWindowPos(warningWindow,
22.16 - IsAlwaysOnTop() ? HWND_TOPMOST : GetHWnd(),
22.17 + IsAlwaysOnTop() ? HWND_TOPMOST : HWND_NOTOPMOST,
22.18 0, 0, 0, 0,
22.19 SWP_NOACTIVATE | SWP_NOSIZE | SWP_NOMOVE |
22.20 SWP_SHOWWINDOW | SWP_NOOWNERZORDER);
23.1 --- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/GenSSLConfigs/main.java Mon Nov 14 18:15:37 2011 -0800
23.2 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/GenSSLConfigs/main.java Mon Nov 14 18:18:22 2011 -0800
23.3 @@ -1,10 +1,7 @@
23.4 /*
23.5 * @test
23.6 * @build TestThread Traffic Handler ServerHandler ServerThread ClientThread
23.7 - * @run main/othervm/timeout=140 main
23.8 - *
23.9 - * SunJSSE does not support dynamic system properties, no way to re-use
23.10 - * system properties in samevm/agentvm mode.
23.11 + * @run main/othervm/timeout=140 -Djsse.enableCBCProtection=false main
23.12 * @summary Make sure that different configurations of SSL sockets work
23.13 */
23.14
24.1 --- a/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java Mon Nov 14 18:15:37 2011 -0800
24.2 +++ b/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java Mon Nov 14 18:18:22 2011 -0800
24.3 @@ -1,5 +1,5 @@
24.4 /*
24.5 - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24.6 + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
24.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
24.8 *
24.9 * This code is free software; you can redistribute it and/or modify it
24.10 @@ -29,6 +29,8 @@
24.11 * This is a simple hack to test a bunch of conditions and check
24.12 * their return codes.
24.13 *
24.14 + * @run main/othervm -Djsse.enableCBCProtection=false CheckStatus
24.15 + *
24.16 * @author Brad Wetmore
24.17 */
24.18
25.1 --- a/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java Mon Nov 14 18:15:37 2011 -0800
25.2 +++ b/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java Mon Nov 14 18:18:22 2011 -0800
25.3 @@ -1,5 +1,5 @@
25.4 /*
25.5 - * Copyright (c) 2004, 2006, Oracle and/or its affiliates. All rights reserved.
25.6 + * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
25.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
25.8 *
25.9 * This code is free software; you can redistribute it and/or modify it
25.10 @@ -30,6 +30,8 @@
25.11 * This is to test larger buffer arrays, and make sure the maximum
25.12 * is being passed.
25.13 *
25.14 + * @run main/othervm -Djsse.enableCBCProtection=false LargeBufs
25.15 + *
25.16 * @author Brad R. Wetmore
25.17 */
25.18
26.1 --- a/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargePacket.java Mon Nov 14 18:15:37 2011 -0800
26.2 +++ b/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargePacket.java Mon Nov 14 18:18:22 2011 -0800
26.3 @@ -1,5 +1,5 @@
26.4 /*
26.5 - * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved.
26.6 + * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
26.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
26.8 *
26.9 * This code is free software; you can redistribute it and/or modify it
26.10 @@ -27,10 +27,7 @@
26.11 * @bug 6388456
26.12 * @summary Need adjustable TLS max record size for interoperability
26.13 * with non-compliant
26.14 - * @run main/othervm LargePacket
26.15 - *
26.16 - * SunJSSE does not support dynamic system properties, no way to re-use
26.17 - * system properties in samevm/agentvm mode.
26.18 + * @run main/othervm -Djsse.enableCBCProtection=false LargePacket
26.19 *
26.20 * @author Xuelei Fan
26.21 */
27.1 --- a/test/sun/tools/jstatd/jstatdExternalRegistry.sh Mon Nov 14 18:15:37 2011 -0800
27.2 +++ b/test/sun/tools/jstatd/jstatdExternalRegistry.sh Mon Nov 14 18:18:22 2011 -0800
27.3 @@ -22,7 +22,7 @@
27.4 #
27.5
27.6 # @test
27.7 -# @bug 4990825
27.8 +# @bug 4990825 7092186
27.9 # @run shell/timeout=90 jstatdExternalRegistry.sh
27.10 # @summary Test functionality of 'jstatd -p<port>&' with an external RMI registry
27.11