Skip to content

Merge to tag jdk-17.0.17+4 #2047

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 26 commits into from
Aug 27, 2025
Merged

Merge to tag jdk-17.0.17+4 #2047

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
485385a
8266246: Swing test PressedIconTest.java sometimes fails on macOS 11 ARM
GoeLin Aug 13, 2025
e123f7e
8266247: Swing test bug7154030.java sometimes fails on macOS 11 ARM
GoeLin Aug 13, 2025
cebbcf3
8327753: Convert javax/swing/JOptionPane/8024926/bug8024926.java appl…
GoeLin Aug 13, 2025
84b6273
8328000: Convert /java/awt/im/8154816/bug8154816.java applet test to …
GoeLin Aug 13, 2025
376610c
8328012: Convert InputMethod (/java/awt/im) applet tests to main
GoeLin Aug 13, 2025
dfb113e
8328378: Convert java/awt/FileDialog/FileDialogForDirectories test to…
GoeLin Aug 13, 2025
42d09a6
8328382: Convert java/awt/FileDialog/FileDialogForPackages test to main
GoeLin Aug 13, 2025
b78623e
8079786: [macosx] Test java/awt/Frame/DisposeParentGC/DisposeParentGC…
GoeLin Aug 13, 2025
15f1acd
8351907: [XWayland] [OL10] Robot.mousePress() is delivered to wrong p…
GoeLin Aug 13, 2025
26e6968
8341311: [Accessibility,macOS,VoiceOver] VoiceOver announces incorrec…
GoeLin Aug 13, 2025
37a39c0
8358452: JNI exception pending in Java_sun_awt_screencast_ScreencastH…
GoeLin Aug 13, 2025
d1c21c6
8334457: Test javax/swing/JTabbedPane/bug4666224.java fail on macOS w…
GoeLin Aug 13, 2025
70b4f5b
8355779: When no "signature_algorithms_cert" extension is present we …
GoeLin Aug 13, 2025
6d190cb
8350830: Values converted incorrectly when reading TLS session tickets
GoeLin Aug 13, 2025
7845f08
8357253: Test test/jdk/sun/security/ssl/SSLSessionImpl/ResumeClientTL…
GoeLin Aug 13, 2025
4addb57
8342075: HttpClient: improve HTTP/2 flow control checks
GoeLin Aug 14, 2025
860896a
8352677: Opensource JMenu tests - series2
Aug 14, 2025
719f7d8
8185429: [macos] After a modal dialog is closed, no window becomes ac…
GoeLin Aug 15, 2025
6244c2e
8357285: JSR166 Test case testShutdownNow_delayedTasks failed
GoeLin Aug 15, 2025
b56e3b4
8360647: [XWayland] [OL10] NumPad keys are not triggered
GoeLin Aug 15, 2025
8bbb1d2
8354415: [Ubuntu25.04] api/java_awt/GraphicsDevice/indexTGF.html#SetD…
GoeLin Aug 15, 2025
f85e0e3
8308185: Update Http2TestServerConnection to use SSLSocket.startHands…
GoeLin Aug 15, 2025
56759b9
8341370: Test java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometime…
GoeLin Aug 15, 2025
c8d4778
8353126: Open source events tests batch1
Aug 15, 2025
56e1f4b
8352860: Open source events tests batch0
Aug 15, 2025
9b71cd6
8343855: HTTP/2 ConnectionWindowUpdateSender may miss some unprocesse…
GoeLin Aug 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
96 changes: 33 additions & 63 deletions src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import java.math.BigInteger;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
Expand Down Expand Up @@ -309,108 +310,85 @@ final class SSLSessionImpl extends ExtendedSSLSession {
SSLSessionImpl(HandshakeContext hc, ByteBuffer buf) throws IOException {
boundValues = new ConcurrentHashMap<>();
this.protocolVersion =
ProtocolVersion.valueOf(Short.toUnsignedInt(buf.getShort()));
ProtocolVersion.valueOf(Record.getInt16(buf));

// The CH session id may reset this if it's provided
this.sessionId = new SessionId(true,
hc.sslContext.getSecureRandom());

this.cipherSuite =
CipherSuite.valueOf(Short.toUnsignedInt(buf.getShort()));
CipherSuite.valueOf(Record.getInt16(buf));

// Local Supported signature algorithms
ArrayList<SignatureScheme> list = new ArrayList<>();
int i = Byte.toUnsignedInt(buf.get());
int i = Record.getInt8(buf);
while (i-- > 0) {
list.add(SignatureScheme.valueOf(
Short.toUnsignedInt(buf.getShort())));
Record.getInt16(buf)));
}
this.localSupportedSignAlgs = Collections.unmodifiableCollection(list);

// Peer Supported signature algorithms
i = Byte.toUnsignedInt(buf.get());
i = Record.getInt8(buf);
list.clear();
while (i-- > 0) {
list.add(SignatureScheme.valueOf(
Short.toUnsignedInt(buf.getShort())));
Record.getInt16(buf)));
}
this.peerSupportedSignAlgs = Collections.unmodifiableCollection(list);

// PSK
byte[] b;
i = Short.toUnsignedInt(buf.getShort());
if (i > 0) {
b = new byte[i];
// Get algorithm string
buf.get(b, 0, i);
// Encoded length
i = Short.toUnsignedInt(buf.getShort());
// Encoded SecretKey
b = new byte[i];
buf.get(b);
byte[] b = Record.getBytes16(buf);
if (b.length > 0) {
b = Record.getBytes16(buf);
this.preSharedKey = new SecretKeySpec(b, "TlsMasterSecret");
} else {
this.preSharedKey = null;
}

// PSK identity
i = buf.get();
if (i > 0) {
b = new byte[i];
buf.get(b);
b = Record.getBytes8(buf);
if (b.length > 0) {
this.pskIdentity = b;
} else {
this.pskIdentity = null;
}

// Master secret length of secret key algorithm (one byte)
i = buf.get();
if (i > 0) {
b = new byte[i];
// Get algorithm string
buf.get(b, 0, i);
// Encoded length
i = Short.toUnsignedInt(buf.getShort());
// Encoded SecretKey
b = new byte[i];
buf.get(b);
b = Record.getBytes8(buf);
if (b.length > 0) {
b = Record.getBytes16(buf);
this.masterSecret = new SecretKeySpec(b, "TlsMasterSecret");
} else {
this.masterSecret = null;
}
// Use extended master secret
this.useExtendedMasterSecret = (buf.get() != 0);
this.useExtendedMasterSecret = (Record.getInt8(buf) != 0);

// Identification Protocol
i = buf.get();
if (i == 0) {
b = Record.getBytes8(buf);
if (b.length == 0) {
identificationProtocol = null;
} else {
b = new byte[i];
buf.get(b);
identificationProtocol = new String(b);
}

// SNI
i = buf.get(); // length
if (i == 0) {
b = Record.getBytes8(buf);
if (b.length == 0) {
serverNameIndication = null;
} else {
b = new byte[i];
buf.get(b, 0, b.length);
serverNameIndication = new SNIHostName(b);
}

// List of SNIServerName
int len = Short.toUnsignedInt(buf.getShort());
int len = Record.getInt16(buf);
if (len == 0) {
this.requestedServerNames = Collections.<SNIServerName>emptyList();
} else {
requestedServerNames = new ArrayList<>();
while (len > 0) {
int l = buf.get();
b = new byte[l];
buf.get(b, 0, l);
b = Record.getBytes8(buf);
requestedServerNames.add(new SNIHostName(new String(b)));
len--;
}
Expand All @@ -425,31 +403,28 @@ final class SSLSessionImpl extends ExtendedSSLSession {
// Get Buffer sizes

// Status Response
len = Short.toUnsignedInt(buf.getShort());
len = Record.getInt16(buf);
if (len == 0) {
statusResponses = Collections.emptyList();
} else {
statusResponses = new ArrayList<>();
}
while (len-- > 0) {
b = new byte[Short.toUnsignedInt(buf.getShort())];
buf.get(b);
b = Record.getBytes16(buf);
statusResponses.add(b);
}

// Get Peer host & port
i = Byte.toUnsignedInt(buf.get());
if (i == 0) {
b = Record.getBytes8(buf);
if (b.length == 0) {
this.host = new String();
} else {
b = new byte[i];
buf.get(b, 0, i);
this.host = new String(b);
}
this.port = Short.toUnsignedInt(buf.getShort());
this.port = Record.getInt16(buf);

// Peer certs
i = buf.get();
i = Record.getInt8(buf);
if (i == 0) {
this.peerCerts = null;
} else {
Expand All @@ -468,7 +443,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
}

// Get local certs of PSK
switch (buf.get()) {
switch (Record.getInt8(buf)) {
case 0:
break;
case 1:
Expand All @@ -490,19 +465,13 @@ final class SSLSessionImpl extends ExtendedSSLSession {
case 2:
// pre-shared key
// Length of pre-shared key algorithm (one byte)
i = buf.get();
b = new byte[i];
buf.get(b, 0 , i);
b = Record.getBytes8(buf);
String alg = new String(b);
// Get length of encoding
i = Short.toUnsignedInt(buf.getShort());
// Get encoding
b = new byte[i];
buf.get(b);
b = Record.getBytes16(buf);
this.preSharedKey = new SecretKeySpec(b, alg);
// Get identity len
this.pskIdentity = new byte[buf.get()];
buf.get(pskIdentity);
this.pskIdentity = Record.getBytes8(buf);
break;
default:
throw new SSLException("Failed local certs of session.");
Expand All @@ -513,6 +482,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
this.lastUsedTime = System.currentTimeMillis();
}


// Some situations we cannot provide a stateless ticket, but after it
// has been negotiated
boolean isStatelessable() {
Expand Down
99 changes: 51 additions & 48 deletions src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@

package sun.security.ssl;

import static sun.security.ssl.SignatureScheme.CERTIFICATE_SCOPE;
import static sun.security.ssl.SignatureScheme.HANDSHAKE_SCOPE;

import java.io.IOException;
Expand All @@ -33,6 +34,7 @@
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLProtocolException;
import sun.security.ssl.SSLExtension.ExtensionConsumer;
import sun.security.ssl.SSLExtension.SSLExtensionSpec;
Expand Down Expand Up @@ -276,30 +278,8 @@ public void consume(ConnectionContext context,
return;
}

// update the context
List<SignatureScheme> sss =
SignatureScheme.getSupportedAlgorithms(
shc.sslConfig,
shc.algorithmConstraints, shc.negotiatedProtocol,
spec.signatureSchemes,
HANDSHAKE_SCOPE);

if (sss == null || sss.isEmpty()) {
throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
"No supported signature algorithm");
}
shc.peerRequestedSignatureSchemes = sss;

// If no "signature_algorithms_cert" extension is present, then
// the "signature_algorithms" extension also applies to
// signatures appearing in certificates.
SignatureSchemesSpec certSpec =
(SignatureSchemesSpec)shc.handshakeExtensions.get(
SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT);
if (certSpec == null) {
shc.peerRequestedCertSignSchemes = sss;
shc.handshakeSession.setPeerSupportedSignatureAlgorithms(sss);
}
updateHandshakeContext(shc, spec.signatureSchemes,
SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT);

if (!shc.isResumption &&
shc.negotiatedProtocol.useTLS13PlusSpec()) {
Expand Down Expand Up @@ -507,30 +487,8 @@ public void consume(ConnectionContext context,
return;
}

// update the context
List<SignatureScheme> sss =
SignatureScheme.getSupportedAlgorithms(
chc.sslConfig,
chc.algorithmConstraints, chc.negotiatedProtocol,
spec.signatureSchemes,
HANDSHAKE_SCOPE);

if (sss == null || sss.isEmpty()) {
throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
"No supported signature algorithm");
}
chc.peerRequestedSignatureSchemes = sss;

// If no "signature_algorithms_cert" extension is present, then
// the "signature_algorithms" extension also applies to
// signatures appearing in certificates.
SignatureSchemesSpec certSpec =
(SignatureSchemesSpec)chc.handshakeExtensions.get(
SSLExtension.CR_SIGNATURE_ALGORITHMS_CERT);
if (certSpec == null) {
chc.peerRequestedCertSignSchemes = sss;
chc.handshakeSession.setPeerSupportedSignatureAlgorithms(sss);
}
updateHandshakeContext(chc, spec.signatureSchemes,
SSLExtension.CR_SIGNATURE_ALGORITHMS_CERT);
}
}

Expand All @@ -553,4 +511,49 @@ public void absent(ConnectionContext context,
"received CertificateRequest handshake message");
}
}

// Updates given HandshakeContext with peer signature schemes.
private static void updateHandshakeContext(HandshakeContext hc,
int[] signatureSchemes, SSLExtension signatureAlgorithmsCertExt)
throws SSLException {
List<SignatureScheme> handshakeSS =
SignatureScheme.getSupportedAlgorithms(
hc.sslConfig,
hc.algorithmConstraints,
hc.negotiatedProtocol,
signatureSchemes,
HANDSHAKE_SCOPE);

if (handshakeSS.isEmpty()) {
throw hc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
"No supported signature algorithm");
}

hc.peerRequestedSignatureSchemes = handshakeSS;

// If no "signature_algorithms_cert" extension is present, then
// the "signature_algorithms" extension also applies to
// signatures appearing in certificates.
SignatureSchemesSpec certSpec =
(SignatureSchemesSpec) hc.handshakeExtensions.get(
signatureAlgorithmsCertExt);

if (certSpec == null) {
List<SignatureScheme> certSS =
SignatureScheme.getSupportedAlgorithms(
hc.sslConfig,
hc.algorithmConstraints,
hc.negotiatedProtocol,
signatureSchemes,
CERTIFICATE_SCOPE);

if (certSS.isEmpty()) {
throw hc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
"No supported signature algorithm");
}

hc.peerRequestedCertSignSchemes = certSS;
hc.handshakeSession.setPeerSupportedSignatureAlgorithms(certSS);
}
}
}
Loading
Loading