Merge to tag jdk-17.0.9+9

make/conf/version-numbers.conf

@@ -39,4 +39,4 @@ DEFAULT_VERSION_CLASSFILE_MINOR=0
 DEFAULT_VERSION_DOCS_API_SINCE=11
 DEFAULT_ACCEPTABLE_BOOT_VERSIONS="16 17"
 DEFAULT_JDK_SOURCE_TARGET_VERSION=17
-DEFAULT_PROMOTED_VERSION_PRE=ea
+DEFAULT_PROMOTED_VERSION_PRE=

src/hotspot/share/memory/metaspace.cpp

@@ -634,11 +634,13 @@ ReservedSpace Metaspace::reserve_address_space_for_compressed_classes(size_t siz
     // (the OS already assigned it for something else), go to the next position, wrapping
     // around if necessary, until we exhaust all the items.
     os::init_random((int)os::javaTimeNanos());
-    r = os::random();
+    r = ABS(os::random()) % len;
+    assert(r >= 0, "must be");
     log_info(metaspace)("Randomizing compressed class space: start from %d out of %d locations",
-                        r % len, len);
+                        r, len);
   }
   for (int i = 0; i < len; i++) {
+    assert((i + r) >= 0, "should never underflow because len is small integer");
     address a = list.at((i + r) % len);
     ReservedSpace rs(size, Metaspace::reserve_alignment(),
                      os::vm_page_size(), (char*)a);

src/hotspot/share/opto/memnode.cpp

@@ -579,8 +579,13 @@ Node* LoadNode::find_previous_arraycopy(PhaseTransform* phase, Node* ld_alloc, N
         Node* dest = ac->in(ArrayCopyNode::Dest);
 
         if (dest == ld_base) {
-          const TypeX *ld_offs_t = phase->type(ld_offs)->isa_intptr_t();
-          if (ac->modifies(ld_offs_t->_lo, ld_offs_t->_hi, phase, can_see_stored_value)) {
+          const TypeX* ld_offs_t = phase->type(ld_offs)->isa_intptr_t();
+          assert(!ld_offs_t->empty(), "dead reference should be checked already");
+          // Take into account vector or unsafe access size
+          jlong ld_size_in_bytes = (jlong)memory_size();
+          jlong offset_hi = ld_offs_t->_hi + ld_size_in_bytes - 1;
+          offset_hi = MIN2(offset_hi, (jlong)(TypeX::MAX->_hi)); // Take care for overflow in 32-bit VM
+          if (ac->modifies(ld_offs_t->_lo, (intptr_t)offset_hi, phase, can_see_stored_value)) {
             return ac;
           }
           if (!can_see_stored_value) {

src/java.base/share/classes/com/sun/crypto/provider/DESKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
 
 package com.sun.crypto.provider;
 
+import java.io.IOException;
+import java.io.InvalidObjectException;
 import java.lang.ref.Reference;
 import java.security.MessageDigest;
 import java.security.KeyRep;
@@ -44,7 +46,7 @@
 final class DESKey implements SecretKey {
 
     @java.io.Serial
-    static final long serialVersionUID = 7724971015953279128L;
+    private static final long serialVersionUID = 7724971015953279128L;
 
     private byte[] key;
 
@@ -113,7 +115,7 @@ public int hashCode() {
         for (int i = 1; i < this.key.length; i++) {
             retval += this.key[i] * i;
         }
-        return(retval ^= "des".hashCode());
+        return(retval ^ "des".hashCode());
     }
 
     public boolean equals(Object obj) {
@@ -134,15 +136,28 @@ public boolean equals(Object obj) {
     }
 
     /**
-     * readObject is called to restore the state of this key from
-     * a stream.
+     * Restores the state of this object from the stream.
+     *
+     * @param  s the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
      */
     @java.io.Serial
     private void readObject(java.io.ObjectInputStream s)
-         throws java.io.IOException, ClassNotFoundException
+         throws IOException, ClassNotFoundException
     {
         s.defaultReadObject();
+        if ((key == null) || (key.length != DESKeySpec.DES_KEY_LEN)) {
+            throw new InvalidObjectException("Wrong key size");
+        }
         key = key.clone();
+
+        DESKeyGenerator.setParityBit(key, 0);
+
+        // Use the cleaner to zero the key when no longer referenced
+        final byte[] k = key;
+        CleanerFactory.cleaner().register(this,
+                () -> java.util.Arrays.fill(k, (byte)0x00));
     }
 
     /**

src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
 
 package com.sun.crypto.provider;
 
+import java.io.IOException;
+import java.io.InvalidObjectException;
 import java.lang.ref.Reference;
 import java.security.MessageDigest;
 import java.security.KeyRep;
@@ -44,7 +46,7 @@
 final class DESedeKey implements SecretKey {
 
     @java.io.Serial
-    static final long serialVersionUID = 2463986565756745178L;
+    private static final long serialVersionUID = 2463986565756745178L;
 
     private byte[] key;
 
@@ -112,7 +114,7 @@ public int hashCode() {
         for (int i = 1; i < this.key.length; i++) {
             retval += this.key[i] * i;
         }
-        return(retval ^= "desede".hashCode());
+        return(retval ^ "desede".hashCode());
     }
 
     public boolean equals(Object obj) {
@@ -134,15 +136,30 @@ public boolean equals(Object obj) {
     }
 
     /**
-     * readObject is called to restore the state of this key from
-     * a stream.
+     * Restores the state of this object from the stream.
+     *
+     * @param  s the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
      */
     @java.io.Serial
     private void readObject(java.io.ObjectInputStream s)
-         throws java.io.IOException, ClassNotFoundException
+         throws IOException, ClassNotFoundException
     {
         s.defaultReadObject();
+        if ((key == null) || (key.length != DESedeKeySpec.DES_EDE_KEY_LEN)) {
+            throw new InvalidObjectException("Wrong key size");
+        }
         key = key.clone();
+
+        DESKeyGenerator.setParityBit(key, 0);
+        DESKeyGenerator.setParityBit(key, 8);
+        DESKeyGenerator.setParityBit(key, 16);
+
+        // Use the cleaner to zero the key when no longer referenced
+        final byte[] k = key;
+        CleanerFactory.cleaner().register(this,
+                () -> java.util.Arrays.fill(k, (byte)0x00));
     }
 
     /**

src/java.base/share/classes/com/sun/crypto/provider/DHPrivateKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,16 +41,14 @@
  * algorithm.
  *
  * @author Jan Luehe
- *
- *
  * @see DHPublicKey
  * @see java.security.KeyAgreement
  */
 final class DHPrivateKey implements PrivateKey,
         javax.crypto.interfaces.DHPrivateKey, Serializable {
 
     @java.io.Serial
-    static final long serialVersionUID = 7565477590005668886L;
+    private static final long serialVersionUID = 7565477590005668886L;
 
     // only supported version of PKCS#8 PrivateKeyInfo
     private static final BigInteger PKCS8_VERSION = BigInteger.ZERO;
@@ -65,10 +63,10 @@ final class DHPrivateKey implements PrivateKey,
     private byte[] encodedKey;
 
     // the prime modulus
-    private BigInteger p;
+    private final BigInteger p;
 
     // the base generator
-    private BigInteger g;
+    private final BigInteger g;
 
     // the private-value length (optional)
     private int l;
@@ -336,4 +334,28 @@ private Object writeReplace() throws java.io.ObjectStreamException {
                 getFormat(),
                 encodedKey);
     }
+
+    /**
+     * Restores the state of this object from the stream.
+     * <p>
+     * JDK 1.5+ objects use <code>KeyRep</code>s instead.
+     *
+     * @param  stream the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
+     */
+    @java.io.Serial
+    private void readObject(ObjectInputStream stream)
+            throws IOException, ClassNotFoundException {
+        stream.defaultReadObject();
+        if ((key == null) || (key.length == 0)) {
+            throw new InvalidObjectException("key not deserializable");
+        }
+        this.key = key.clone();
+        if ((encodedKey == null) || (encodedKey.length == 0)) {
+            throw new InvalidObjectException(
+                    "encoded key not deserializable");
+        }
+        this.encodedKey = encodedKey.clone();
+    }
 }

src/java.base/share/classes/com/sun/crypto/provider/DHPublicKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,16 +40,14 @@
  * A public key in X.509 format for the Diffie-Hellman key agreement algorithm.
  *
  * @author Jan Luehe
- *
- *
  * @see DHPrivateKey
  * @see javax.crypto.KeyAgreement
  */
 final class DHPublicKey implements PublicKey,
 javax.crypto.interfaces.DHPublicKey, Serializable {
 
     @java.io.Serial
-    static final long serialVersionUID = 7647557958927458271L;
+    private static final long serialVersionUID = 7647557958927458271L;
 
     // the public key
     private BigInteger y;
@@ -61,10 +59,10 @@ final class DHPublicKey implements PublicKey,
     private byte[] encodedKey;
 
     // the prime modulus
-    private BigInteger p;
+    private final BigInteger p;
 
     // the base generator
-    private BigInteger g;
+    private final BigInteger g;
 
     // the private-value length (optional)
     private int l;
@@ -324,4 +322,28 @@ private Object writeReplace() throws java.io.ObjectStreamException {
                         getFormat(),
                         getEncoded());
     }
+
+    /**
+     * Restores the state of this object from the stream.
+     * <p>
+     * JDK 1.5+ objects use <code>KeyRep</code>s instead.
+     *
+     * @param  stream the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
+     */
+    @java.io.Serial
+    private void readObject(ObjectInputStream stream)
+            throws IOException, ClassNotFoundException {
+        stream.defaultReadObject();
+        if ((key == null) || (key.length == 0)) {
+            throw new InvalidObjectException("key not deserializable");
+        }
+        this.key = key.clone();
+        if ((encodedKey == null) || (encodedKey.length == 0)) {
+            throw new InvalidObjectException(
+                    "encoded key not deserializable");
+        }
+        this.encodedKey = encodedKey.clone();
+    }
 }

src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,8 @@
 
 package com.sun.crypto.provider;
 
+import java.io.IOException;
+import java.io.InvalidObjectException;
 import java.lang.ref.Reference;
 import java.security.MessageDigest;
 import java.security.KeyRep;
@@ -45,11 +47,11 @@
 final class PBEKey implements SecretKey {
 
     @java.io.Serial
-    static final long serialVersionUID = -2234768909660948176L;
+    private static final long serialVersionUID = -2234768909660948176L;
 
     private byte[] key;
 
-    private String type;
+    private final String type;
 
     /**
      * Creates a PBE key from a given PBE key specification.
@@ -110,7 +112,7 @@ public int hashCode() {
         for (int i = 1; i < this.key.length; i++) {
             retval += this.key[i] * i;
         }
-        return(retval ^= getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode());
+        return(retval ^ getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode());
     }
 
     public boolean equals(Object obj) {
@@ -144,15 +146,38 @@ public void destroy() {
     }
 
     /**
-     * readObject is called to restore the state of this key from
-     * a stream.
+     * Restores the state of this object from the stream.
+     *
+     * @param  s the {@code ObjectInputStream} from which data is read
+     * @throws IOException if an I/O error occurs
+     * @throws ClassNotFoundException if a serialized class cannot be loaded
      */
     @java.io.Serial
     private void readObject(java.io.ObjectInputStream s)
-         throws java.io.IOException, ClassNotFoundException
+         throws IOException, ClassNotFoundException
     {
         s.defaultReadObject();
+        if (key == null) {
+            throw new InvalidObjectException(
+                    "PBEKey couldn't be deserialized");
+        }
         key = key.clone();
+
+        // Accept "\0" to signify "zero-length password with no terminator".
+        if (!(key.length == 1 && key[0] == 0)) {
+            for (int i = 0; i < key.length; i++) {
+                if ((key[i] < '\u0020') || (key[i] > '\u007E')) {
+                    throw new InvalidObjectException(
+                            "PBEKey had non-ASCII chars");
+                }
+            }
+        }
+
+        // Use the cleaner to zero the key when no longer referenced
+        final byte[] k = this.key;
+        CleanerFactory.cleaner().register(this,
+                () -> Arrays.fill(k, (byte) 0x00));
+
     }