# HG changeset patch
# User Andrew John Hughes <gnu.andrew@redhat.com>
# Date 1453759602 0
# Mon Jan 25 22:06:42 2016 +0000
# Node ID 412e3ce4141e2ddb01c8fb099fc0823d783e7b3d
# Parent 33e9441c53fc29f1aa1f496eedda845b6e405473
S8076221, PR2808: Disable RC4 cipher suites
2016-01-25 Andrew John Hughes <gnu.andrew@redhat.com>
* Makefile.am:
(ICEDTEA_PATCHES): Add new patches.
* NEWS: Updated.
* patches/openjdk/8076221-pr2808-disable_rc4_cipher_suites.patch:
Backport of 8076221 to OpenJDK 6 b38.
* patches/openjdk/8078823-disabledalgorithms_fails_intermittently.patch:
Improve reliability of DisabledAlgorithms test.
* patches/pr2808-fix_disabled_algorithms_test.patch:
Remove Java 7 features from new DisabledAlgorithms test.
diff -r 33e9441c53fc -r 412e3ce4141e patches/openjdk/8076221-pr2808-disable_rc4_cipher_suites.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/openjdk/8076221-pr2808-disable_rc4_cipher_suites.patch Mon Jan 25 22:06:42 2016 +0000
@@ -0,0 +1,553 @@
+# HG changeset patch
+# User xuelei
+# Date 1429096621 0
+# Wed Apr 15 11:17:01 2015 +0000
+# Node ID 6a24fc5e32a359335538bfa453040fc2d9ba13e9
+# Parent fe93a8cd20a56dc59e5f2464d7e6bd0d52b807b3
+8076221: Disable RC4 cipher suites
+Reviewed-by: xuelei, wetmore
+
+diff -Nru openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux
+--- openjdk.orig/jdk/src/share/lib/security/java.security-linux 2016-01-20 01:47:58.000000000 +0000
++++ openjdk/jdk/src/share/lib/security/java.security-linux 2016-01-25 20:25:35.722972332 +0000
+@@ -451,7 +451,7 @@
+ #
+ # Example:
+ # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+-jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
++jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
+
+ # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
+ # processing in JSSE implementation.
+diff -Nru openjdk.orig/jdk/src/share/lib/security/java.security-solaris openjdk/jdk/src/share/lib/security/java.security-solaris
+--- openjdk.orig/jdk/src/share/lib/security/java.security-solaris 2016-01-20 01:47:58.000000000 +0000
++++ openjdk/jdk/src/share/lib/security/java.security-solaris 2016-01-25 20:24:27.088115212 +0000
+@@ -411,7 +411,7 @@
+ #
+ # Example:
+ # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+-jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
++jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
+
+ # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
+ # processing in JSSE implementation.
+diff -Nru openjdk.orig/jdk/src/share/lib/security/java.security-windows openjdk/jdk/src/share/lib/security/java.security-windows
+--- openjdk.orig/jdk/src/share/lib/security/java.security-windows 2016-01-20 01:47:58.000000000 +0000
++++ openjdk/jdk/src/share/lib/security/java.security-windows 2016-01-25 20:23:50.300727758 +0000
+@@ -428,7 +428,7 @@
+ #
+ # Example:
+ # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+-jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
++jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
+
+ # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
+ # processing in JSSE implementation.
+diff -Nru openjdk.orig/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
+--- openjdk.orig/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java 1970-01-01 01:00:00.000000000 +0100
++++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java 2016-01-25 20:17:49.902742622 +0000
+@@ -0,0 +1,362 @@
++/*
++ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++import java.io.BufferedInputStream;
++import java.io.BufferedOutputStream;
++import java.io.IOException;
++import java.io.InputStream;
++import java.io.OutputStream;
++import java.security.NoSuchAlgorithmException;
++import java.security.Security;
++import java.util.concurrent.TimeUnit;
++import javax.net.ssl.SSLContext;
++import javax.net.ssl.SSLHandshakeException;
++import javax.net.ssl.SSLServerSocket;
++import javax.net.ssl.SSLServerSocketFactory;
++import javax.net.ssl.SSLSocket;
++import javax.net.ssl.SSLSocketFactory;
++
++/**
++ * @test
++ * @bug 8076221
++ * @summary Check if weak cipher suites are disabled
++ * @run main/othervm DisabledAlgorithms default
++ * @run main/othervm DisabledAlgorithms empty
++ */
++public class DisabledAlgorithms {
++
++ private static final String pathToStores =
++ "../../../../sun/security/ssl/etc";
++ private static final String keyStoreFile = "keystore";
++ private static final String trustStoreFile = "truststore";
++ private static final String passwd = "passphrase";
++
++ private static final String keyFilename =
++ System.getProperty("test.src", "./") + "/" + pathToStores +
++ "/" + keyStoreFile;
++
++ private static final String trustFilename =
++ System.getProperty("test.src", "./") + "/" + pathToStores +
++ "/" + trustStoreFile;
++
++ // supported RC4 cipher suites
++ // it does not contain KRB5 cipher suites because they need a KDC
++ private static final String[] rc4_ciphersuites = new String[] {
++ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
++ "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
++ "SSL_RSA_WITH_RC4_128_SHA",
++ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
++ "TLS_ECDH_RSA_WITH_RC4_128_SHA",
++ "SSL_RSA_WITH_RC4_128_MD5",
++ "TLS_ECDH_anon_WITH_RC4_128_SHA",
++ "SSL_DH_anon_WITH_RC4_128_MD5"
++ };
++
++ public static void main(String[] args) throws Exception {
++ if (args.length < 1) {
++ throw new RuntimeException("No parameters specified");
++ }
++
++ System.setProperty("javax.net.ssl.keyStore", keyFilename);
++ System.setProperty("javax.net.ssl.keyStorePassword", passwd);
++ System.setProperty("javax.net.ssl.trustStore", trustFilename);
++ System.setProperty("javax.net.ssl.trustStorePassword", passwd);
++
++ switch (args[0]) {
++ case "default":
++ // use default jdk.tls.disabledAlgorithms
++ System.out.println("jdk.tls.disabledAlgorithms = "
++ + Security.getProperty("jdk.tls.disabledAlgorithms"));
++
++ // check if RC4 cipher suites can't be used by default
++ checkFailure(rc4_ciphersuites);
++ break;
++ case "empty":
++ // reset jdk.tls.disabledAlgorithms
++ Security.setProperty("jdk.tls.disabledAlgorithms", "");
++ System.out.println("jdk.tls.disabledAlgorithms = "
++ + Security.getProperty("jdk.tls.disabledAlgorithms"));
++
++ // check if RC4 cipher suites can be used
++ // if jdk.tls.disabledAlgorithms is empty
++ checkSuccess(rc4_ciphersuites);
++ break;
++ default:
++ throw new RuntimeException("Wrong parameter: " + args[0]);
++ }
++ }
++
++ /*
++ * Checks if that specified cipher suites cannot be used.
++ */
++ private static void checkFailure(String[] ciphersuites) throws Exception {
++ try (SSLServer server = SSLServer.init(ciphersuites)) {
++ startNewThread(server);
++ while (!server.isRunning()) {
++ sleep();
++ }
++
++ int port = server.getPort();
++ for (String ciphersuite : ciphersuites) {
++ try (SSLClient client = SSLClient.init(port, ciphersuite)) {
++ client.connect();
++ throw new RuntimeException("Expected SSLHandshakeException "
++ + "not thrown");
++ } catch (SSLHandshakeException e) {
++ System.out.println("Expected exception on client side: "
++ + e);
++ }
++ }
++
++ server.stop();
++ while (server.isRunning()) {
++ sleep();
++ }
++
++ if (!server.sslError()) {
++ throw new RuntimeException("Expected SSL exception "
++ + "not thrown on server side");
++ }
++ }
++
++ }
++
++ /*
++ * Checks if specified cipher suites can be used.
++ */
++ private static void checkSuccess(String[] ciphersuites) throws Exception {
++ try (SSLServer server = SSLServer.init(ciphersuites)) {
++ startNewThread(server);
++ while (!server.isRunning()) {
++ sleep();
++ }
++
++ int port = server.getPort();
++ for (String ciphersuite : ciphersuites) {
++ try (SSLClient client = SSLClient.init(port, ciphersuite)) {
++ client.connect();
++ String negotiated = client.getNegotiatedCipherSuite();
++ System.out.println("Negotiated cipher suite: "
++ + negotiated);
++ if (!negotiated.equals(ciphersuite)) {
++ throw new RuntimeException("Unexpected cipher suite: "
++ + negotiated);
++ }
++ }
++ }
++
++ server.stop();
++ while (server.isRunning()) {
++ sleep();
++ }
++
++ if (server.error()) {
++ throw new RuntimeException("Unexpected error on server side");
++ }
++ }
++
++ }
++
++ private static Thread startNewThread(SSLServer server) {
++ Thread serverThread = new Thread(server, "SSL server thread");
++ serverThread.setDaemon(true);
++ serverThread.start();
++ return serverThread;
++ }
++
++ private static void sleep() {
++ try {
++ TimeUnit.MILLISECONDS.sleep(50);
++ } catch (InterruptedException e) {
++ // do nothing
++ }
++ }
++
++ static class SSLServer implements Runnable, AutoCloseable {
++
++ private final SSLServerSocket ssocket;
++ private volatile boolean stopped = false;
++ private volatile boolean running = false;
++ private volatile boolean sslError = false;
++ private volatile boolean otherError = false;
++
++ private SSLServer(SSLServerSocket ssocket) {
++ this.ssocket = ssocket;
++ }
++
++ @Override
++ public void run() {
++ System.out.println("Server: started");
++ running = true;
++ while (!stopped) {
++ try (SSLSocket socket = (SSLSocket) ssocket.accept()) {
++ System.out.println("Server: accepted client connection");
++ InputStream in = socket.getInputStream();
++ OutputStream out = socket.getOutputStream();
++ int b = in.read();
++ if (b < 0) {
++ throw new IOException("Unexpected EOF");
++ }
++ System.out.println("Server: send data: " + b);
++ out.write(b);
++ out.flush();
++ socket.getSession().invalidate();
++ } catch (SSLHandshakeException e) {
++ System.out.println("Server: run: " + e);
++ sslError = true;
++ } catch (IOException e) {
++ if (!stopped) {
++ System.out.println("Server: run: " + e);
++ e.printStackTrace();
++ otherError = true;
++ }
++ }
++ }
++
++ System.out.println("Server: finished");
++ running = false;
++ }
++
++ int getPort() {
++ return ssocket.getLocalPort();
++ }
++
++ String[] getEnabledCiperSuites() {
++ return ssocket.getEnabledCipherSuites();
++ }
++
++ boolean isRunning() {
++ return running;
++ }
++
++ boolean sslError() {
++ return sslError;
++ }
++
++ boolean error() {
++ return sslError || otherError;
++ }
++
++ void stop() {
++ stopped = true;
++ if (!ssocket.isClosed()) {
++ try {
++ ssocket.close();
++ } catch (IOException e) {
++ System.out.println("Server: close: " + e);
++ }
++ }
++ }
++
++ @Override
++ public void close() {
++ stop();
++ }
++
++ static SSLServer init(String[] ciphersuites)
++ throws IOException {
++ SSLServerSocketFactory ssf = (SSLServerSocketFactory)
++ SSLServerSocketFactory.getDefault();
++ SSLServerSocket ssocket = (SSLServerSocket)
++ ssf.createServerSocket(0);
++
++ if (ciphersuites != null) {
++ System.out.println("Server: enable cipher suites: "
++ + java.util.Arrays.toString(ciphersuites));
++ ssocket.setEnabledCipherSuites(ciphersuites);
++ }
++
++ return new SSLServer(ssocket);
++ }
++ }
++
++ static class SSLClient implements AutoCloseable {
++
++ private final SSLSocket socket;
++
++ private SSLClient(SSLSocket socket) {
++ this.socket = socket;
++ }
++
++ void connect() throws IOException {
++ System.out.println("Client: connect to server");
++ try (
++ BufferedInputStream bis = new BufferedInputStream(
++ socket.getInputStream());
++ BufferedOutputStream bos = new BufferedOutputStream(
++ socket.getOutputStream())) {
++ bos.write('x');
++ bos.flush();
++
++ int read = bis.read();
++ if (read < 0) {
++ throw new IOException("Client: couldn't read a response");
++ }
++ socket.getSession().invalidate();
++ }
++ }
++
++ String[] getEnabledCiperSuites() {
++ return socket.getEnabledCipherSuites();
++ }
++
++ String getNegotiatedCipherSuite() {
++ return socket.getSession().getCipherSuite();
++ }
++
++ @Override
++ public void close() throws Exception {
++ if (!socket.isClosed()) {
++ try {
++ socket.close();
++ } catch (IOException e) {
++ System.out.println("Client: close: " + e);
++ }
++ }
++ }
++
++ static SSLClient init(int port)
++ throws NoSuchAlgorithmException, IOException {
++ return init(port, null);
++ }
++
++ static SSLClient init(int port, String ciphersuite)
++ throws NoSuchAlgorithmException, IOException {
++ SSLContext context = SSLContext.getDefault();
++ SSLSocketFactory ssf = (SSLSocketFactory)
++ context.getSocketFactory();
++ SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port);
++
++ if (ciphersuite != null) {
++ System.out.println("Client: enable cipher suite: "
++ + ciphersuite);
++ socket.setEnabledCipherSuites(new String[] { ciphersuite });
++ }
++
++ return new SSLClient(socket);
++ }
++
++ }
++
++
++}
+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java
+--- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java 2016-01-20 01:42:21.000000000 +0000
++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ClientHandshaker/CipherSuiteOrder.java 2016-01-25 20:23:28.749086605 +0000
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -30,7 +30,7 @@
+ */
+
+ import java.io.*;
+-import java.net.*;
++import java.security.Security;
+ import javax.net.ssl.*;
+
+ public class CipherSuiteOrder {
+@@ -192,6 +192,10 @@
+ volatile Exception clientException = null;
+
+ public static void main(String[] args) throws Exception {
++ // reset the security property to make sure that the algorithms
++ // and keys used in this test are not disabled.
++ Security.setProperty("jdk.tls.disabledAlgorithms", "");
++
+ String keyFilename =
+ System.getProperty("test.src", "./") + "/" + pathToStores +
+ "/" + keyStoreFile;
+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java
+--- openjdk.orig/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java 2016-01-25 20:15:46.384811880 +0000
++++ openjdk/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java 2016-01-25 20:17:49.902742622 +0000
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -102,10 +102,10 @@
+ import java.nio.*;
+ import java.security.KeyStore;
+ import java.security.KeyFactory;
++import java.security.Security;
+ import java.security.cert.Certificate;
+ import java.security.cert.CertificateFactory;
+ import java.security.spec.PKCS8EncodedKeySpec;
+-import java.security.spec.*;
+ import java.security.interfaces.*;
+ import java.util.Base64;
+
+@@ -367,6 +367,10 @@
+ }
+
+ public static void main(String args[]) throws Exception {
++ // reset the security property to make sure that the algorithms
++ // and keys used in this test are not disabled.
++ Security.setProperty("jdk.tls.disabledAlgorithms", "");
++
+ if (args.length != 4) {
+ System.out.println(
+ "Usage: java DHEKeySizing cipher-suite " +
+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java 2016-01-20 01:42:24.000000000 +0000
++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java 2016-01-25 20:17:49.902742622 +0000
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -622,6 +622,9 @@
+ }
+
+ public static void main(String args[]) throws Exception {
++ // reset the security property to make sure that the algorithms
++ // and keys used in this test are not disabled.
++ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
+ CheckStatus cs;
+
+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java 2016-01-20 01:42:24.000000000 +0000
++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java 2016-01-25 20:20:24.580152890 +0000
+@@ -33,6 +33,8 @@
+ * The code could certainly be tightened up a lot.
+ *
+ * @author Brad Wetmore
++ *
++ * @run main/othervm ConnectionTest
+ */
+
+ import javax.net.ssl.*;
+@@ -672,6 +674,10 @@
+ }
+
+ public static void main(String args[]) throws Exception {
++ // reset the security property to make sure that the algorithms
++ // and keys used in this test are not disabled.
++ Security.setProperty("jdk.tls.disabledAlgorithms", "");
++
+ ConnectionTest ct = new ConnectionTest();
+ ct.test();
+ }
+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java
+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java 2016-01-20 01:42:24.000000000 +0000
++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java 2016-01-25 20:19:17.305278447 +0000
+@@ -180,6 +180,9 @@
+ }
+
+ public static void main(String args[]) throws Exception {
++ // reset the security property to make sure that the algorithms
++ // and keys used in this test are not disabled.
++ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
+ LargeBufs test;
+
+diff -Nru openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java
+--- openjdk.orig/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java 2016-01-20 01:42:25.000000000 +0000
++++ openjdk/jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java 2016-01-25 20:18:53.009685445 +0000
+@@ -33,7 +33,7 @@
+ */
+
+ import java.io.*;
+-import java.net.*;
++import java.security.Security;
+ import javax.net.ssl.*;
+
+ public class GenericStreamCipher {
+@@ -161,6 +161,10 @@
+ volatile Exception clientException = null;
+
+ public static void main(String[] args) throws Exception {
++ // reset the security property to make sure that the algorithms
++ // and keys used in this test are not disabled.
++ Security.setProperty("jdk.tls.disabledAlgorithms", "");
++
+ String keyFilename =
+ System.getProperty("test.src", ".") + "/" + pathToStores +
+ "/" + keyStoreFile;
diff -r 33e9441c53fc -r 412e3ce4141e patches/openjdk/8078823-disabledalgorithms_fails_intermittently.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/openjdk/8078823-disabledalgorithms_fails_intermittently.patch Mon Jan 25 22:06:42 2016 +0000
@@ -0,0 +1,58 @@
+# HG changeset patch
+# User asmotrak
+# Date 1435145895 -10800
+# Wed Jun 24 14:38:15 2015 +0300
+# Node ID 66bf77932d57ef00e0c68c19c5e45e0b1de80fad
+# Parent fddcb008fd1d285ed7d84011a43cdf556ab16bcb
+8078823: javax/net/ssl/ciphersuites/DisabledAlgorithms.java fails intermittently
+Reviewed-by: xuelei
+
+diff -r fddcb008fd1d -r 66bf77932d57 test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java
+--- openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java Tue Jun 23 15:07:18 2015 +0100
++++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java Wed Jun 24 14:38:15 2015 +0300
+@@ -104,6 +104,8 @@
+ default:
+ throw new RuntimeException("Wrong parameter: " + args[0]);
+ }
++
++ System.out.println("Test passed");
+ }
+
+ /*
+@@ -128,7 +130,6 @@
+ }
+ }
+
+- server.stop();
+ while (server.isRunning()) {
+ sleep();
+ }
+@@ -224,11 +225,19 @@
+ } catch (SSLHandshakeException e) {
+ System.out.println("Server: run: " + e);
+ sslError = true;
++ stopped = true;
+ } catch (IOException e) {
+ if (!stopped) {
+- System.out.println("Server: run: " + e);
++ System.out.println("Server: run: unexpected exception: "
++ + e);
+ e.printStackTrace();
+ otherError = true;
++ stopped = true;
++ } else {
++ System.out.println("Server: run: " + e);
++ System.out.println("The exception above occurred "
++ + "because socket was closed, "
++ + "please ignore it");
+ }
+ }
+ }
+@@ -261,6 +270,7 @@
+ stopped = true;
+ if (!ssocket.isClosed()) {
+ try {
++ System.out.println("Server: close socket");
+ ssocket.close();
+ } catch (IOException e) {
+ System.out.println("Server: close: " + e);
diff -r 33e9441c53fc -r 412e3ce4141e patches/pr2808-fix_disabled_algorithms_test.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/pr2808-fix_disabled_algorithms_test.patch Mon Jan 25 22:06:42 2016 +0000
@@ -0,0 +1,226 @@
+--- openjdk.orig/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java 2015-10-21 05:20:57.910156611 +0100
++++ openjdk/jdk/test/javax/net/ssl/ciphersuites/DisabledAlgorithms.java 2016-01-25 21:58:39.334103875 +0000
+@@ -82,16 +82,14 @@
+ System.setProperty("javax.net.ssl.trustStore", trustFilename);
+ System.setProperty("javax.net.ssl.trustStorePassword", passwd);
+
+- switch (args[0]) {
+- case "default":
++ if ("default".equals(args[0])) {
+ // use default jdk.tls.disabledAlgorithms
+ System.out.println("jdk.tls.disabledAlgorithms = "
+ + Security.getProperty("jdk.tls.disabledAlgorithms"));
+
+ // check if RC4 cipher suites can't be used by default
+ checkFailure(rc4_ciphersuites);
+- break;
+- case "empty":
++ } else if ("empty".equals(args[0])) {
+ // reset jdk.tls.disabledAlgorithms
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ System.out.println("jdk.tls.disabledAlgorithms = "
+@@ -100,19 +98,19 @@
+ // check if RC4 cipher suites can be used
+ // if jdk.tls.disabledAlgorithms is empty
+ checkSuccess(rc4_ciphersuites);
+- break;
+- default:
++ } else {
+ throw new RuntimeException("Wrong parameter: " + args[0]);
+ }
+-
+- System.out.println("Test passed");
+ }
+
+ /*
+ * Checks if that specified cipher suites cannot be used.
+ */
+ private static void checkFailure(String[] ciphersuites) throws Exception {
+- try (SSLServer server = SSLServer.init(ciphersuites)) {
++ SSLServer server = null;
++
++ try {
++ server = SSLServer.init(ciphersuites);
+ startNewThread(server);
+ while (!server.isRunning()) {
+ sleep();
+@@ -120,16 +118,21 @@
+
+ int port = server.getPort();
+ for (String ciphersuite : ciphersuites) {
+- try (SSLClient client = SSLClient.init(port, ciphersuite)) {
++ SSLClient client = null;
++ try {
++ client = SSLClient.init(port, ciphersuite);
+ client.connect();
+ throw new RuntimeException("Expected SSLHandshakeException "
+ + "not thrown");
+ } catch (SSLHandshakeException e) {
+ System.out.println("Expected exception on client side: "
+ + e);
++ } finally {
++ if (client != null) { client.close(); }
+ }
+ }
+
++ server.stop();
+ while (server.isRunning()) {
+ sleep();
+ }
+@@ -138,15 +141,18 @@
+ throw new RuntimeException("Expected SSL exception "
+ + "not thrown on server side");
+ }
++ } finally {
++ if (server != null ) { server.close(); }
+ }
+-
+ }
+
+ /*
+ * Checks if specified cipher suites can be used.
+ */
+ private static void checkSuccess(String[] ciphersuites) throws Exception {
+- try (SSLServer server = SSLServer.init(ciphersuites)) {
++ SSLServer server = null;
++ try {
++ server = SSLServer.init(ciphersuites);
+ startNewThread(server);
+ while (!server.isRunning()) {
+ sleep();
+@@ -154,7 +160,9 @@
+
+ int port = server.getPort();
+ for (String ciphersuite : ciphersuites) {
+- try (SSLClient client = SSLClient.init(port, ciphersuite)) {
++ SSLClient client = null;
++ try {
++ client = SSLClient.init(port, ciphersuite);
+ client.connect();
+ String negotiated = client.getNegotiatedCipherSuite();
+ System.out.println("Negotiated cipher suite: "
+@@ -163,6 +171,8 @@
+ throw new RuntimeException("Unexpected cipher suite: "
+ + negotiated);
+ }
++ } finally {
++ if (client != null) { client.close(); }
+ }
+ }
+
+@@ -174,6 +184,8 @@
+ if (server.error()) {
+ throw new RuntimeException("Unexpected error on server side");
+ }
++ } finally {
++ if (server != null) { server.close(); }
+ }
+
+ }
+@@ -193,7 +205,7 @@
+ }
+ }
+
+- static class SSLServer implements Runnable, AutoCloseable {
++ static class SSLServer implements Runnable {
+
+ private final SSLServerSocket ssocket;
+ private volatile boolean stopped = false;
+@@ -210,7 +222,9 @@
+ System.out.println("Server: started");
+ running = true;
+ while (!stopped) {
+- try (SSLSocket socket = (SSLSocket) ssocket.accept()) {
++ SSLSocket socket = null;
++ try {
++ socket = (SSLSocket) ssocket.accept();
+ System.out.println("Server: accepted client connection");
+ InputStream in = socket.getInputStream();
+ OutputStream out = socket.getOutputStream();
+@@ -225,19 +239,16 @@
+ } catch (SSLHandshakeException e) {
+ System.out.println("Server: run: " + e);
+ sslError = true;
+- stopped = true;
+ } catch (IOException e) {
+ if (!stopped) {
+- System.out.println("Server: run: unexpected exception: "
+- + e);
++ System.out.println("Server: run: " + e);
+ e.printStackTrace();
+ otherError = true;
+- stopped = true;
+- } else {
+- System.out.println("Server: run: " + e);
+- System.out.println("The exception above occurred "
+- + "because socket was closed, "
+- + "please ignore it");
++ }
++ } finally {
++ if (socket != null ) {
++ try { socket.close(); }
++ catch (IOException e) { }
+ }
+ }
+ }
+@@ -270,7 +281,6 @@
+ stopped = true;
+ if (!ssocket.isClosed()) {
+ try {
+- System.out.println("Server: close socket");
+ ssocket.close();
+ } catch (IOException e) {
+ System.out.println("Server: close: " + e);
+@@ -278,7 +288,6 @@
+ }
+ }
+
+- @Override
+ public void close() {
+ stop();
+ }
+@@ -300,7 +309,7 @@
+ }
+ }
+
+- static class SSLClient implements AutoCloseable {
++ static class SSLClient {
+
+ private final SSLSocket socket;
+
+@@ -310,11 +319,12 @@
+
+ void connect() throws IOException {
+ System.out.println("Client: connect to server");
+- try (
+- BufferedInputStream bis = new BufferedInputStream(
+- socket.getInputStream());
+- BufferedOutputStream bos = new BufferedOutputStream(
+- socket.getOutputStream())) {
++ BufferedInputStream bis = null;
++ BufferedOutputStream bos = null;
++ try {
++ bis = new BufferedInputStream(socket.getInputStream());
++ bos = new BufferedOutputStream(socket.getOutputStream());
++
+ bos.write('x');
+ bos.flush();
+
+@@ -323,6 +333,9 @@
+ throw new IOException("Client: couldn't read a response");
+ }
+ socket.getSession().invalidate();
++ } finally {
++ if (bis != null) { bis.close(); }
++ if (bos != null) { bos.close(); }
+ }
+ }
+
+@@ -334,7 +347,6 @@
+ return socket.getSession().getCipherSuite();
+ }
+
+- @Override
+ public void close() throws Exception {
+ if (!socket.isClosed()) {
+ try {