changeset 7902:bc7f9d966c1d jdk7u80-b01

Merge
author lana
date Tue, 03 Jun 2014 10:00:37 -0700
parents 77d727e6ba38 7522a66a366a
children 92efbbbea98b 145669a86b1d 639c541e83e7
files
diffstat 52 files changed, 1767 insertions(+), 560 deletions(-) [+]
line wrap: on
line diff
--- a/make/common/Defs-linux.gmk	Tue May 20 12:34:17 2014 -0700
+++ b/make/common/Defs-linux.gmk	Tue Jun 03 10:00:37 2014 -0700
@@ -191,9 +191,9 @@
 CFLAGS_REQUIRED_amd64   += -fno-omit-frame-pointer -D_LITTLE_ENDIAN
 CFLAGS_REQUIRED_i586    += -fno-omit-frame-pointer -D_LITTLE_ENDIAN
 CFLAGS_REQUIRED_ia64    += -fno-omit-frame-pointer -D_LITTLE_ENDIAN
-CFLAGS_REQUIRED_sparcv9 += -m64 -mcpu=v9
+CFLAGS_REQUIRED_sparcv9 += -m64 -mcpu=v9 -D_BIG_ENDIAN
 LDFLAGS_COMMON_sparcv9  += -m64 -mcpu=v9
-CFLAGS_REQUIRED_sparc   += -m32 -mcpu=v9
+CFLAGS_REQUIRED_sparc   += -m32 -mcpu=v9 -D_BIG_ENDIAN
 LDFLAGS_COMMON_sparc    += -m32 -mcpu=v9
 CFLAGS_REQUIRED_arm     += -fsigned-char -D_LITTLE_ENDIAN
 CFLAGS_REQUIRED_ppc     += -fsigned-char -D_BIG_ENDIAN
--- a/make/sun/javazic/tzdata/VERSION	Tue May 20 12:34:17 2014 -0700
+++ b/make/sun/javazic/tzdata/VERSION	Tue Jun 03 10:00:37 2014 -0700
@@ -21,4 +21,4 @@
 # or visit www.oracle.com if you need additional information or have any
 # questions.
 #
-tzdata2014b
+tzdata2014c
--- a/make/sun/javazic/tzdata/africa	Tue May 20 12:34:17 2014 -0700
+++ b/make/sun/javazic/tzdata/africa	Tue Jun 03 10:00:37 2014 -0700
@@ -358,11 +358,54 @@
 # http://www.worldtimezone.com/dst_news/dst_news_egypt02.html
 # </a>
 
+# From Ahmad El-Dardiry (2014-05-07):
+# Egypt is to change back to Daylight system on May 15
+# http://english.ahram.org.eg/NewsContent/1/64/100735/Egypt/Politics-/Egypts-government-to-reapply-daylight-saving-time-.aspx
+
+# From Gunther Vermier (2015-05-13):
+# our Egypt office confirms that the change will be at 15 May "midnight" (24:00)
+
+# From Paul Eggert (2014-05-13):
+# Sarah El Deeb and Lee Keath of AP report that the Egyptian government says
+# the change is because of blackouts in Cairo, even though Ahram Online (cited
+# above) says DST had no affect on electricity consumption.  The AP story says
+# DST will not be observed during Ramadan.  There is no information about when
+# DST will end.  See:
+# http://abcnews.go.com/International/wireStory/el-sissi-pushes-egyptians-line-23614833
+#
+# For now, guess that later transitions will use 2010's rules, and that
+# Egypt will agree with Morocco (see below) about the date Ramadan starts and
+# ends, though (unlike Morocco) it will switch at 00:00 standard time.  In
+# Egypt the spring-forward transitions are removed for 2020-2022, when the
+# guessed spring-forward date falls during the estimated Ramadan, and all
+# transitions removed for 2023-2038, where the estimated Ramadan falls entirely
+# outside the guessed daylight-saving time.  Ramadan intrudes on the guessed
+# DST starting in 2039, but that's beyond our somewhat-arbitrary cutoff.
+
 Rule	Egypt	2008	only	-	Aug	lastThu	23:00s	0	-
 Rule	Egypt	2009	only	-	Aug	20	23:00s	0	-
 Rule	Egypt	2010	only	-	Aug	11	0:00	0	-
 Rule	Egypt	2010	only	-	Sep	10	0:00	1:00	S
 Rule	Egypt	2010	only	-	Sep	lastThu	23:00s	0	-
+Rule	Egypt	2014	only	-	May	15	24:00	1:00	S
+Rule	Egypt	2014	only	-	Jun	29	 0:00s	0	-
+Rule	Egypt	2014	only	-	Jul	29	 0:00s	1:00	S
+Rule	Egypt	2014	max	-	Sep	lastThu	23:00s	0	-
+Rule	Egypt	2015	2019	-	Apr	lastFri	 0:00s	1:00	S
+Rule	Egypt	2015	only	-	Jun	18	 0:00s	0	-
+Rule	Egypt	2015	only	-	Jul	18	 0:00s	1:00	S
+Rule	Egypt	2016	only	-	Jun	 7	 0:00s	0	-
+Rule	Egypt	2016	only	-	Jul	 7	 0:00s	1:00	S
+Rule	Egypt	2017	only	-	May	27	 0:00s	0	-
+Rule	Egypt	2017	only	-	Jun	26	 0:00s	1:00	S
+Rule	Egypt	2018	only	-	May	16	 0:00s	0	-
+Rule	Egypt	2018	only	-	Jun	15	 0:00s	1:00	S
+Rule	Egypt	2019	only	-	May	 6	 0:00s	0	-
+Rule	Egypt	2019	only	-	Jun	 5	 0:00s	1:00	S
+Rule	Egypt	2020	only	-	May	24	 0:00s	1:00	S
+Rule	Egypt	2021	only	-	May	13	 0:00s	1:00	S
+Rule	Egypt	2022	only	-	May	 3	 0:00s	1:00	S
+Rule	Egypt	2023	max	-	Apr	lastFri	 0:00s	1:00	S
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Africa/Cairo	2:05:09 -	LMT	1900 Oct
--- a/make/sun/javazic/tzdata/asia	Tue May 20 12:34:17 2014 -0700
+++ b/make/sun/javazic/tzdata/asia	Tue Jun 03 10:00:37 2014 -0700
@@ -1370,22 +1370,6 @@
 # "Jordan will switch to winter time on Friday, October 27".
 #
 
-# From Phil Pizzey (2009-04-02):
-# ...I think I may have spotted an error in the timezone data for
-# Jordan.
-# The current (2009d) asia file shows Jordan going to daylight
-# saving
-# time on the last Thursday in March.
-#
-# Rule  Jordan      2000  max	-  Mar   lastThu     0:00s 1:00  S
-#
-# However timeanddate.com, which I usually find reliable, shows Jordan
-# going to daylight saving time on the last Friday in March since 2002.
-# Please see
-# <a href="http://www.timeanddate.com/worldclock/timezone.html?n=11">
-# http://www.timeanddate.com/worldclock/timezone.html?n=11
-# </a>
-
 # From Steffen Thorsen (2009-04-02):
 # This single one might be good enough, (2009-03-24, Arabic):
 # <a href="http://petra.gov.jo/Artical.aspx?Lng=2&Section=8&Artical=95279">
--- a/make/sun/javazic/tzdata/europe	Tue May 20 12:34:17 2014 -0700
+++ b/make/sun/javazic/tzdata/europe	Tue Jun 03 10:00:37 2014 -0700
@@ -2989,6 +2989,10 @@
 # From Alexander Krivenyshev (2014-03-17):
 # time change at 2:00 (2am) on March 30, 2014
 # http://vz.ru/news/2014/3/17/677464.html
+# From Paul Eggert (2014-03-30):
+# Simferopol and Sevastopol reportedly changed their central town clocks
+# late the previous day, but this appears to have been ceremonial
+# and the discrepancies are small enough to not worry about.
 			2:00	EU	EE%sT	2014 Mar 30 2:00
 			4:00	-	MSK
 
--- a/src/macosx/classes/sun/lwawt/macosx/CEmbeddedFrame.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/macosx/classes/sun/lwawt/macosx/CEmbeddedFrame.java	Tue Jun 03 10:00:37 2014 -0700
@@ -98,7 +98,8 @@
     public void handleKeyEvent(int eventType, int modifierFlags, String characters,
                                String charsIgnoringMods, boolean isRepeat, short keyCode,
                                boolean needsKeyTyped) {
-        responder.handleKeyEvent(eventType, modifierFlags, charsIgnoringMods, keyCode, needsKeyTyped, isRepeat);
+        responder.handleKeyEvent(eventType, modifierFlags, characters, charsIgnoringMods,
+                keyCode, needsKeyTyped, isRepeat);
     }
 
     // REMIND: delete this method once 'deploy' changes for 7156194 is pushed
--- a/src/macosx/classes/sun/lwawt/macosx/CPlatformResponder.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/macosx/classes/sun/lwawt/macosx/CPlatformResponder.java	Tue Jun 03 10:00:37 2014 -0700
@@ -126,7 +126,7 @@
     /**
      * Handles key events.
      */
-    void handleKeyEvent(int eventType, int modifierFlags, String chars,
+    void handleKeyEvent(int eventType, int modifierFlags, String chars, String charsIgnoringModifiers,
                         short keyCode, boolean needsKeyTyped, boolean needsKeyReleased) {
         boolean isFlagsChangedEvent =
             isNpapiCallback ? (eventType == CocoaConstants.NPCocoaEventFlagsChanged) :
@@ -154,7 +154,10 @@
                 testChar = chars.charAt(0);
             }
 
-            int[] in = new int[] {testChar, isDeadChar ? 1 : 0, modifierFlags, keyCode};
+            char testCharIgnoringModifiers = charsIgnoringModifiers != null && charsIgnoringModifiers.length() > 0 ?
+                    charsIgnoringModifiers.charAt(0) : KeyEvent.CHAR_UNDEFINED;
+
+            int[] in = new int[] {testCharIgnoringModifiers, isDeadChar ? 1 : 0, modifierFlags, keyCode};
             int[] out = new int[3]; // [jkeyCode, jkeyLocation, deadChar]
 
             postsTyped = NSEvent.nsToJavaKeyInfo(in, out);
--- a/src/macosx/classes/sun/lwawt/macosx/CPlatformView.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/macosx/classes/sun/lwawt/macosx/CPlatformView.java	Tue Jun 03 10:00:37 2014 -0700
@@ -227,7 +227,7 @@
     }
 
     private void deliverKeyEvent(NSEvent event) {
-        responder.handleKeyEvent(event.getType(), event.getModifierFlags(),
+        responder.handleKeyEvent(event.getType(), event.getModifierFlags(), event.getCharacters(),
                                  event.getCharactersIgnoringModifiers(), event.getKeyCode(), true, false);
     }
 
--- a/src/macosx/classes/sun/lwawt/macosx/event/NSEvent.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/macosx/classes/sun/lwawt/macosx/event/NSEvent.java	Tue Jun 03 10:00:37 2014 -0700
@@ -48,12 +48,14 @@
 
     // Key event information
     private short keyCode;
+    private String characters;
     private String charactersIgnoringModifiers;
 
-    public NSEvent(int type, int modifierFlags, short keyCode, String charactersIgnoringModifiers) {
+    public NSEvent(int type, int modifierFlags, short keyCode, String characters, String charactersIgnoringModifiers) {
         this.type = type;
         this.modifierFlags = modifierFlags;
         this.keyCode = keyCode;
+        this.characters = characters;
         this.charactersIgnoringModifiers = charactersIgnoringModifiers;
     }
 
@@ -120,12 +122,16 @@
         return charactersIgnoringModifiers;
     }
 
+    public String getCharacters() {
+        return characters;
+    }
+
     @Override
     public String toString() {
         return "NSEvent[" + getType() + " ," + getModifierFlags() + " ,"
                 + getClickCount() + " ," + getButtonNumber() + " ," + getX() + " ,"
                 + getY() + " ," + getAbsX() + " ," + getAbsY()+ " ," + getKeyCode() + " ,"
-                + getCharactersIgnoringModifiers() + "]";
+                + getCharacters() + " ," + getCharactersIgnoringModifiers() + "]";
     }
 
     /*
--- a/src/macosx/native/sun/awt/AWTView.m	Tue May 20 12:34:17 2014 -0700
+++ b/src/macosx/native/sun/awt/AWTView.m	Tue Jun 03 10:00:37 2014 -0700
@@ -421,17 +421,20 @@
     JNIEnv *env = [ThreadUtilities getJNIEnv];
 
     jstring characters = NULL;
+    jstring charactersIgnoringModifiers = NULL;
     if ([event type] != NSFlagsChanged) {
         characters = JNFNSToJavaString(env, [event characters]);
+        charactersIgnoringModifiers = JNFNSToJavaString(env, [event charactersIgnoringModifiers]);
     }
 
     static JNF_CLASS_CACHE(jc_NSEvent, "sun/lwawt/macosx/event/NSEvent");
-    static JNF_CTOR_CACHE(jctor_NSEvent, jc_NSEvent, "(IISLjava/lang/String;)V");
+    static JNF_CTOR_CACHE(jctor_NSEvent, jc_NSEvent, "(IISLjava/lang/String;Ljava/lang/String;)V");
     jobject jevent = JNFNewObject(env, jctor_NSEvent,
                                   [event type],
                                   [event modifierFlags],
                                   [event keyCode],
-                                  characters);
+                                  characters,
+                                  charactersIgnoringModifiers);
 
     static JNF_CLASS_CACHE(jc_PlatformView, "sun/lwawt/macosx/CPlatformView");
     static JNF_MEMBER_CACHE(jm_deliverKeyEvent, jc_PlatformView,
--- a/src/share/classes/com/sun/crypto/provider/RSACipher.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/com/sun/crypto/provider/RSACipher.java	Tue Jun 03 10:00:37 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,8 @@
 
 import sun.security.rsa.*;
 import sun.security.jca.Providers;
+import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
+import sun.security.util.KeyUtil;
 
 /**
  * RSA cipher implementation. Supports RSA en/decryption and signing/verifying
@@ -91,8 +93,8 @@
     // padding object
     private RSAPadding padding;
 
-    // cipher parameter for OAEP padding
-    private OAEPParameterSpec spec = null;
+    // cipher parameter for OAEP padding and TLS RSA premaster secret
+    private AlgorithmParameterSpec spec = null;
 
     // buffer for the data
     private byte[] buffer;
@@ -110,6 +112,9 @@
     // hash algorithm for OAEP
     private String oaepHashAlgorithm = "SHA-1";
 
+    // the source of randomness
+    private SecureRandom random;
+
     public RSACipher() {
         paddingType = PAD_PKCS1;
     }
@@ -175,7 +180,7 @@
 
     // see JCE spec
     protected AlgorithmParameters engineGetParameters() {
-        if (spec != null) {
+        if (spec != null && spec instanceof OAEPParameterSpec) {
             try {
                 AlgorithmParameters params =
                     AlgorithmParameters.getInstance("OAEP", "SunJCE");
@@ -278,8 +283,13 @@
             buffer = new byte[n];
         } else if (paddingType == PAD_PKCS1) {
             if (params != null) {
-                throw new InvalidAlgorithmParameterException
-                ("Parameters not supported");
+                if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
+                    throw new InvalidAlgorithmParameterException(
+                            "Parameters not supported");
+                }
+
+                spec = params;
+                this.random = random;   // for TLS RSA premaster secret
             }
             int blockType = (mode <= MODE_DECRYPT) ? RSAPadding.PAD_BLOCKTYPE_2
                                                    : RSAPadding.PAD_BLOCKTYPE_1;
@@ -295,19 +305,18 @@
                 throw new InvalidKeyException
                         ("OAEP cannot be used to sign or verify signatures");
             }
-            OAEPParameterSpec myParams;
             if (params != null) {
                 if (!(params instanceof OAEPParameterSpec)) {
                     throw new InvalidAlgorithmParameterException
                         ("Wrong Parameters for OAEP Padding");
                 }
-                myParams = (OAEPParameterSpec) params;
+                spec = params;
             } else {
-                myParams = new OAEPParameterSpec(oaepHashAlgorithm, "MGF1",
+                spec = new OAEPParameterSpec(oaepHashAlgorithm, "MGF1",
                     MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT);
             }
             padding = RSAPadding.getInstance(RSAPadding.PAD_OAEP_MGF1, n,
-                random, myParams);
+                random, (OAEPParameterSpec)spec);
             if (encrypt) {
                 int k = padding.getMaxDataSize();
                 buffer = new byte[k];
@@ -422,17 +431,40 @@
         if (wrappedKey.length > buffer.length) {
             throw new InvalidKeyException("Key is too long for unwrapping");
         }
+
+        boolean isTlsRsaPremasterSecret =
+                algorithm.equals("TlsRsaPremasterSecret");
+        Exception failover = null;
+        byte[] encoded = null;
+
         update(wrappedKey, 0, wrappedKey.length);
         try {
-            byte[] encoded = doFinal();
-            return ConstructKeys.constructKey(encoded, algorithm, type);
+            encoded = doFinal();
         } catch (BadPaddingException e) {
-            // should not occur
-            throw new InvalidKeyException("Unwrapping failed", e);
+            if (isTlsRsaPremasterSecret) {
+                failover = e;
+            } else {
+                throw new InvalidKeyException("Unwrapping failed", e);
+            }
         } catch (IllegalBlockSizeException e) {
             // should not occur, handled with length check above
             throw new InvalidKeyException("Unwrapping failed", e);
         }
+
+        if (isTlsRsaPremasterSecret) {
+            if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) {
+                throw new IllegalStateException(
+                        "No TlsRsaPremasterSecretParameterSpec specified");
+            }
+
+            // polish the TLS premaster secret
+            encoded = KeyUtil.checkTlsPreMasterSecretKey(
+                ((TlsRsaPremasterSecretParameterSpec)spec).getClientVersion(),
+                ((TlsRsaPremasterSecretParameterSpec)spec).getServerVersion(),
+                random, encoded, (failover != null));
+        }
+
+        return ConstructKeys.constructKey(encoded, algorithm, type);
     }
 
     // see JCE spec
@@ -440,5 +472,4 @@
         RSAKey rsaKey = RSAKeyFactory.toRSAKey(key);
         return rsaKey.getModulus().bitLength();
     }
-
 }
--- a/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java	Tue Jun 03 10:00:37 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,7 +56,7 @@
 
     protected void engineInit(AlgorithmParameterSpec params,
             SecureRandom random) throws InvalidAlgorithmParameterException {
-        if (params instanceof TlsRsaPremasterSecretParameterSpec == false) {
+        if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
             throw new InvalidAlgorithmParameterException(MSG);
         }
         this.spec = (TlsRsaPremasterSecretParameterSpec)params;
@@ -67,21 +67,20 @@
         throw new InvalidParameterException(MSG);
     }
 
+    // Only can be used in client side to generate TLS RSA premaster secret.
     protected SecretKey engineGenerateKey() {
         if (spec == null) {
             throw new IllegalStateException(
                 "TlsRsaPremasterSecretGenerator must be initialized");
         }
-        byte[] b = spec.getEncodedSecret();
-        if (b == null) {
-            if (random == null) {
-                random = new SecureRandom();
-            }
-            b = new byte[48];
-            random.nextBytes(b);
-            b[0] = (byte)spec.getMajorVersion();
-            b[1] = (byte)spec.getMinorVersion();
+
+        if (random == null) {
+            random = new SecureRandom();
         }
+        byte[] b = new byte[48];
+        random.nextBytes(b);
+        b[0] = (byte)spec.getMajorVersion();
+        b[1] = (byte)spec.getMinorVersion();
 
         return new SecretKeySpec(b, "TlsRsaPremasterSecret");
     }
--- a/src/share/classes/com/sun/jndi/ldap/Connection.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/com/sun/jndi/ldap/Connection.java	Tue Jun 03 10:00:37 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -464,10 +464,10 @@
                             // will be woken up before readTimeout only if reply is
                             // available
                             ldr.wait(readTimeout);
-                            waited = true;
                         } else {
                             ldr.wait(15 * 1000); // 15 second timeout
                         }
+                        waited = true;
                     } else {
                         break;
                     }
@@ -479,7 +479,7 @@
         }
 
         if ((rber == null) && waited) {
-            removeRequest(ldr);
+            abandonRequest(ldr, null);
             throw new NamingException("LDAP response read timed out, timeout used:"
                             + readTimeout + "ms." );
 
--- a/src/share/classes/java/beans/IndexedPropertyDescriptor.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/java/beans/IndexedPropertyDescriptor.java	Tue Jun 03 10:00:37 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,8 +41,8 @@
 public class IndexedPropertyDescriptor extends PropertyDescriptor {
 
     private Reference<Class> indexedPropertyTypeRef;
-    private Reference<Method> indexedReadMethodRef;
-    private Reference<Method> indexedWriteMethodRef;
+    private final MethodRef indexedReadMethodRef = new MethodRef();
+    private final MethodRef indexedWriteMethodRef = new MethodRef();
 
     private String indexedReadMethodName;
     private String indexedWriteMethodName;
@@ -173,11 +173,11 @@
      * May return null if the property isn't indexed or is write-only.
      */
     public synchronized Method getIndexedReadMethod() {
-        Method indexedReadMethod = getIndexedReadMethod0();
+        Method indexedReadMethod = this.indexedReadMethodRef.get();
         if (indexedReadMethod == null) {
             Class cls = getClass0();
             if (cls == null ||
-                (indexedReadMethodName == null && indexedReadMethodRef == null)) {
+                (indexedReadMethodName == null && !this.indexedReadMethodRef.isSet())) {
                 // the Indexed readMethod was explicitly set to null.
                 return null;
             }
@@ -213,20 +213,19 @@
 
         // the indexed property type is set by the reader.
         setIndexedPropertyType(findIndexedPropertyType(readMethod,
-                                                       getIndexedWriteMethod0()));
+                                                       this.indexedWriteMethodRef.get()));
         setIndexedReadMethod0(readMethod);
     }
 
     private void setIndexedReadMethod0(Method readMethod) {
+        this.indexedReadMethodRef.set(readMethod);
         if (readMethod == null) {
             indexedReadMethodName = null;
-            indexedReadMethodRef = null;
             return;
         }
         setClass0(readMethod.getDeclaringClass());
 
         indexedReadMethodName = readMethod.getName();
-        this.indexedReadMethodRef = getSoftReference(readMethod);
         setTransient(readMethod.getAnnotation(Transient.class));
     }
 
@@ -239,11 +238,11 @@
      * May return null if the property isn't indexed or is read-only.
      */
     public synchronized Method getIndexedWriteMethod() {
-        Method indexedWriteMethod = getIndexedWriteMethod0();
+        Method indexedWriteMethod = this.indexedWriteMethodRef.get();
         if (indexedWriteMethod == null) {
             Class cls = getClass0();
             if (cls == null ||
-                (indexedWriteMethodName == null && indexedWriteMethodRef == null)) {
+                (indexedWriteMethodName == null && !this.indexedWriteMethodRef.isSet())) {
                 // the Indexed writeMethod was explicitly set to null.
                 return null;
             }
@@ -297,15 +296,14 @@
     }
 
     private void setIndexedWriteMethod0(Method writeMethod) {
+        this.indexedWriteMethodRef.set(writeMethod);
         if (writeMethod == null) {
             indexedWriteMethodName = null;
-            indexedWriteMethodRef = null;
             return;
         }
         setClass0(writeMethod.getDeclaringClass());
 
         indexedWriteMethodName = writeMethod.getName();
-        this.indexedWriteMethodRef = getSoftReference(writeMethod);
         setTransient(writeMethod.getAnnotation(Transient.class));
     }
 
@@ -345,18 +343,6 @@
                 : null;
     }
 
-    private Method getIndexedReadMethod0() {
-        return (this.indexedReadMethodRef != null)
-                ? this.indexedReadMethodRef.get()
-                : null;
-    }
-
-    private Method getIndexedWriteMethod0() {
-        return (this.indexedWriteMethodRef != null)
-                ? this.indexedWriteMethodRef.get()
-                : null;
-    }
-
     private Class findIndexedPropertyType(Method indexedReadMethod,
                                           Method indexedWriteMethod)
         throws IntrospectionException {
@@ -488,8 +474,8 @@
      */
     IndexedPropertyDescriptor(IndexedPropertyDescriptor old) {
         super(old);
-        indexedReadMethodRef = old.indexedReadMethodRef;
-        indexedWriteMethodRef = old.indexedWriteMethodRef;
+        this.indexedReadMethodRef.set(old.indexedReadMethodRef.get());
+        this.indexedWriteMethodRef.set(old.indexedWriteMethodRef.get());
         indexedPropertyTypeRef = old.indexedPropertyTypeRef;
         indexedWriteMethodName = old.indexedWriteMethodName;
         indexedReadMethodName = old.indexedReadMethodName;
@@ -498,7 +484,7 @@
     void updateGenericsFor(Class<?> type) {
         super.updateGenericsFor(type);
         try {
-            setIndexedPropertyType(findIndexedPropertyType(getIndexedReadMethod0(), getIndexedWriteMethod0()));
+            setIndexedPropertyType(findIndexedPropertyType(this.indexedReadMethodRef.get(), this.indexedWriteMethodRef.get()));
         }
         catch (IntrospectionException exception) {
             setIndexedPropertyType(null);
@@ -528,7 +514,7 @@
     void appendTo(StringBuilder sb) {
         super.appendTo(sb);
         appendTo(sb, "indexedPropertyType", this.indexedPropertyTypeRef);
-        appendTo(sb, "indexedReadMethod", this.indexedReadMethodRef);
-        appendTo(sb, "indexedWriteMethod", this.indexedWriteMethodRef);
+        appendTo(sb, "indexedReadMethod", this.indexedReadMethodRef.get());
+        appendTo(sb, "indexedWriteMethod", this.indexedWriteMethodRef.get());
     }
 }
--- a/src/share/classes/java/beans/MethodDescriptor.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/java/beans/MethodDescriptor.java	Tue Jun 03 10:00:37 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,7 +38,7 @@
 
 public class MethodDescriptor extends FeatureDescriptor {
 
-    private Reference<Method> methodRef;
+    private final MethodRef methodRef = new MethodRef();
 
     private String[] paramNames;
 
@@ -79,7 +79,7 @@
      * @return The low-level description of the method
      */
     public synchronized Method getMethod() {
-        Method method = getMethod0();
+        Method method = this.methodRef.get();
         if (method == null) {
             Class cls = getClass0();
             String name = getName();
@@ -112,13 +112,7 @@
             setClass0(method.getDeclaringClass());
         }
         setParams(getParameterTypes(getClass0(), method));
-        this.methodRef = getSoftReference(method);
-    }
-
-    private Method getMethod0() {
-        return (this.methodRef != null)
-                ? this.methodRef.get()
-                : null;
+        this.methodRef.set(method);
     }
 
     private synchronized void setParams(Class[] param) {
@@ -173,12 +167,10 @@
      */
 
     MethodDescriptor(MethodDescriptor x, MethodDescriptor y) {
-        super(x,y);
+        super(x, y);
 
-        methodRef = x.methodRef;
-        if (y.methodRef != null) {
-            methodRef = y.methodRef;
-        }
+        Method method = y.methodRef.get();
+        this.methodRef.set(null != method ? method : x.methodRef.get());
         params = x.params;
         if (y.params != null) {
             params = y.params;
@@ -201,7 +193,7 @@
     MethodDescriptor(MethodDescriptor old) {
         super(old);
 
-        methodRef = old.methodRef;
+        this.methodRef.set(old.getMethod());
         params = old.params;
         paramNames = old.paramNames;
 
@@ -215,7 +207,7 @@
     }
 
     void appendTo(StringBuilder sb) {
-        appendTo(sb, "method", this.methodRef);
+        appendTo(sb, "method", this.methodRef.get());
         if (this.parameterDescriptors != null) {
             sb.append("; parameterDescriptors={");
             for (ParameterDescriptor pd : this.parameterDescriptors) {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/java/beans/MethodRef.java	Tue Jun 03 10:00:37 2014 -0700
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package java.beans;
+
+import java.lang.ref.SoftReference;
+import java.lang.ref.WeakReference;
+import java.lang.reflect.Method;
+
+import static sun.reflect.misc.ReflectUtil.isPackageAccessible;
+
+final class MethodRef {
+    private String signature;
+    private SoftReference<Method> methodRef;
+    private WeakReference<Class<?>> typeRef;
+
+    void set(Method method) {
+        if (method == null) {
+            this.signature = null;
+            this.methodRef = null;
+            this.typeRef = null;
+        }
+        else {
+            this.signature = method.toGenericString();
+            this.methodRef = new SoftReference<>(method);
+            this.typeRef = new WeakReference<Class<?>>(method.getDeclaringClass());
+        }
+    }
+
+    boolean isSet() {
+        return this.methodRef != null;
+    }
+
+    Method get() {
+        if (this.methodRef == null) {
+            return null;
+        }
+        Method method = this.methodRef.get();
+        if (method == null) {
+            method = find(this.typeRef.get(), this.signature);
+            if (method == null) {
+                this.signature = null;
+                this.methodRef = null;
+                this.typeRef = null;
+            }
+            else {
+                this.methodRef = new SoftReference<>(method);
+            }
+        }
+        return isPackageAccessible(method.getDeclaringClass()) ? method : null;
+    }
+
+    private static Method find(Class<?> type, String signature) {
+        if (type != null) {
+            for (Method method : type.getMethods()) {
+                if (type.equals(method.getDeclaringClass())) {
+                    if (method.toGenericString().equals(signature)) {
+                        return method;
+                    }
+                }
+            }
+        }
+        return null;
+    }
+}
--- a/src/share/classes/java/beans/PropertyDescriptor.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/java/beans/PropertyDescriptor.java	Tue Jun 03 10:00:37 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,8 +36,8 @@
 public class PropertyDescriptor extends FeatureDescriptor {
 
     private Reference<Class> propertyTypeRef;
-    private Reference<Method> readMethodRef;
-    private Reference<Method> writeMethodRef;
+    private final MethodRef readMethodRef = new MethodRef();
+    private final MethodRef writeMethodRef = new MethodRef();
     private Reference<Class> propertyEditorClassRef;
 
     private boolean bound;
@@ -68,8 +68,8 @@
     public PropertyDescriptor(String propertyName, Class<?> beanClass)
                 throws IntrospectionException {
         this(propertyName, beanClass,
-             Introspector.IS_PREFIX + NameGenerator.capitalize(propertyName),
-             Introspector.SET_PREFIX + NameGenerator.capitalize(propertyName));
+                Introspector.IS_PREFIX + NameGenerator.capitalize(propertyName),
+                Introspector.SET_PREFIX + NameGenerator.capitalize(propertyName));
     }
 
     /**
@@ -203,10 +203,10 @@
      * May return null if the property can't be read.
      */
     public synchronized Method getReadMethod() {
-        Method readMethod = getReadMethod0();
+        Method readMethod = this.readMethodRef.get();
         if (readMethod == null) {
             Class cls = getClass0();
-            if (cls == null || (readMethodName == null && readMethodRef == null)) {
+            if (cls == null || (readMethodName == null && !this.readMethodRef.isSet())) {
                 // The read method was explicitly set to null.
                 return null;
             }
@@ -246,17 +246,16 @@
      */
     public synchronized void setReadMethod(Method readMethod)
                                 throws IntrospectionException {
+        this.readMethodRef.set(readMethod);
         if (readMethod == null) {
             readMethodName = null;
-            readMethodRef = null;
             return;
         }
         // The property type is determined by the read method.
-        setPropertyType(findPropertyType(readMethod, getWriteMethod0()));
+        setPropertyType(findPropertyType(readMethod, this.writeMethodRef.get()));
         setClass0(readMethod.getDeclaringClass());
 
         readMethodName = readMethod.getName();
-        this.readMethodRef = getSoftReference(readMethod);
         setTransient(readMethod.getAnnotation(Transient.class));
     }
 
@@ -267,10 +266,10 @@
      * May return null if the property can't be written.
      */
     public synchronized Method getWriteMethod() {
-        Method writeMethod = getWriteMethod0();
+        Method writeMethod = this.writeMethodRef.get();
         if (writeMethod == null) {
             Class cls = getClass0();
-            if (cls == null || (writeMethodName == null && writeMethodRef == null)) {
+            if (cls == null || (writeMethodName == null && !this.writeMethodRef.isSet())) {
                 // The write method was explicitly set to null.
                 return null;
             }
@@ -316,9 +315,9 @@
      */
     public synchronized void setWriteMethod(Method writeMethod)
                                 throws IntrospectionException {
+        this.writeMethodRef.set(writeMethod);
         if (writeMethod == null) {
             writeMethodName = null;
-            writeMethodRef = null;
             return;
         }
         // Set the property type - which validates the method
@@ -326,22 +325,9 @@
         setClass0(writeMethod.getDeclaringClass());
 
         writeMethodName = writeMethod.getName();
-        this.writeMethodRef = getSoftReference(writeMethod);
         setTransient(writeMethod.getAnnotation(Transient.class));
     }
 
-    private Method getReadMethod0() {
-        return (this.readMethodRef != null)
-                ? this.readMethodRef.get()
-                : null;
-    }
-
-    private Method getWriteMethod0() {
-        return (this.writeMethodRef != null)
-                ? this.writeMethodRef.get()
-                : null;
-    }
-
     /**
      * Overridden to ensure that a super class doesn't take precedent
      */
@@ -618,8 +604,8 @@
     PropertyDescriptor(PropertyDescriptor old) {
         super(old);
         propertyTypeRef = old.propertyTypeRef;
-        readMethodRef = old.readMethodRef;
-        writeMethodRef = old.writeMethodRef;
+        this.readMethodRef.set(old.readMethodRef.get());
+        this.writeMethodRef.set(old.writeMethodRef.get());
         propertyEditorClassRef = old.propertyEditorClassRef;
 
         writeMethodName = old.writeMethodName;
@@ -633,7 +619,7 @@
     void updateGenericsFor(Class<?> type) {
         setClass0(type);
         try {
-            setPropertyType(findPropertyType(getReadMethod0(), getWriteMethod0()));
+            setPropertyType(findPropertyType(this.readMethodRef.get(), this.writeMethodRef.get()));
         }
         catch (IntrospectionException exception) {
             setPropertyType(null);
@@ -724,8 +710,8 @@
         appendTo(sb, "constrained", this.constrained);
         appendTo(sb, "propertyEditorClass", this.propertyEditorClassRef);
         appendTo(sb, "propertyType", this.propertyTypeRef);
-        appendTo(sb, "readMethod", this.readMethodRef);
-        appendTo(sb, "writeMethod", this.writeMethodRef);
+        appendTo(sb, "readMethod", this.readMethodRef.get());
+        appendTo(sb, "writeMethod", this.writeMethodRef.get());
     }
 
     private boolean isAssignable(Method m1, Method m2) {
--- a/src/share/classes/java/lang/ClassValue.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/java/lang/ClassValue.java	Tue Jun 03 10:00:37 2014 -0700
@@ -489,9 +489,18 @@
         /** Remove an entry. */
         synchronized
         void removeEntry(ClassValue<?> classValue) {
-            // make all cache elements for this guy go stale:
-            if (remove(classValue.identity) != null) {
+            Entry<?> e = remove(classValue.identity);
+            if (e == null) {
+                // Uninitialized, and no pending calls to computeValue.  No change.
+            } else if (e.isPromise()) {
+                // State is uninitialized, with a pending call to finishEntry.
+                // Since remove is a no-op in such a state, keep the promise
+                // by putting it back into the map.
+                put(classValue.identity, e);
+            } else {
+                // In an initialized state.  Bump forward, and de-initialize.
                 classValue.bumpVersion();
+                // Make all cache elements for this guy go stale.
                 removeStaleEntries(classValue);
             }
         }
--- a/src/share/classes/javax/crypto/JceSecurity.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/javax/crypto/JceSecurity.java	Tue Jun 03 10:00:37 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -216,26 +216,28 @@
     private static final Map codeBaseCacheRef = new WeakHashMap();
 
     /*
-     * Retuns the CodeBase for the given class.
+     * Returns the CodeBase for the given class.
      */
     static URL getCodeBase(final Class clazz) {
-        URL url = (URL)codeBaseCacheRef.get(clazz);
-        if (url == null) {
-            url = (URL)AccessController.doPrivileged(new PrivilegedAction() {
-                public Object run() {
-                    ProtectionDomain pd = clazz.getProtectionDomain();
-                    if (pd != null) {
-                        CodeSource cs = pd.getCodeSource();
-                        if (cs != null) {
-                            return cs.getLocation();
+        synchronized (codeBaseCacheRef) {
+            URL url = (URL)codeBaseCacheRef.get(clazz);
+            if (url == null) {
+                url = (URL)AccessController.doPrivileged(new PrivilegedAction() {
+                    public Object run() {
+                        ProtectionDomain pd = clazz.getProtectionDomain();
+                        if (pd != null) {
+                            CodeSource cs = pd.getCodeSource();
+                            if (cs != null) {
+                                return cs.getLocation();
+                            }
                         }
+                        return NULL_URL;
                     }
-                    return NULL_URL;
-                }
-            });
-            codeBaseCacheRef.put(clazz, url);
+                });
+                codeBaseCacheRef.put(clazz, url);
+            }
+            return (url == NULL_URL) ? null : url;
         }
-        return (url == NULL_URL) ? null : url;
     }
 
     private static void setupJurisdictionPolicies() throws Exception {
--- a/src/share/classes/javax/swing/JPopupMenu.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/javax/swing/JPopupMenu.java	Tue Jun 03 10:00:37 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -735,7 +735,7 @@
 
             if (pref == null || pref.width != getWidth() ||
                                 pref.height != getHeight()) {
-                popup = getPopup();
+                showPopup();
             } else {
                 validate();
             }
@@ -786,7 +786,7 @@
 
         if(b) {
             firePopupMenuWillBecomeVisible();
-            popup = getPopup();
+            showPopup();
             firePropertyChange("visible", Boolean.FALSE, Boolean.TRUE);
 
 
@@ -804,7 +804,7 @@
     }
 
     /**
-     * Returns a <code>Popup</code> instance from the
+     * Retrieves <code>Popup</code> instance from the
      * <code>PopupMenuUI</code> that has had <code>show</code> invoked on
      * it. If the current <code>popup</code> is non-null,
      * this will invoke <code>dispose</code> of it, and then
@@ -813,7 +813,7 @@
      * This does NOT fire any events, it is up the caller to dispatch
      * the necessary events.
      */
-    private Popup getPopup() {
+    private void showPopup() {
         Popup oldPopup = popup;
 
         if (oldPopup != null) {
@@ -837,8 +837,8 @@
                                           desiredLocationY);
 
         popupFactory.setPopupType(PopupFactory.LIGHT_WEIGHT_POPUP);
+        popup = newPopup;
         newPopup.show();
-        return newPopup;
     }
 
     /**
@@ -867,7 +867,7 @@
         desiredLocationX = x;
         desiredLocationY = y;
         if(popup != null && (x != oldX || y != oldY)) {
-            popup = getPopup();
+            showPopup();
         }
     }
 
@@ -1024,7 +1024,7 @@
             Dimension newSize = getPreferredSize();
 
             if (!oldSize.equals(newSize)) {
-                popup = getPopup();
+                showPopup();
             }
         }
     }
--- a/src/share/classes/javax/swing/plaf/nimbus/skin.laf	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/javax/swing/plaf/nimbus/skin.laf	Tue Jun 03 10:00:37 2014 -0700
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <!--
- Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
  DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 
  This code is free software; you can redistribute it and/or modify it
@@ -13424,10 +13424,10 @@
             <state stateKeys="Selected">
                 <style>
                    <textForeground>
-                      <matte red="255" green="255" blue="255" alpha="255" uiDefaultParentName="nimbusLightBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0" uiResource="false"/>
+                      <matte red="255" green="255" blue="255" alpha="255" uiDefaultParentName="nimbusLightBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0"/>
                    </textForeground>
                    <textBackground>
-                      <matte red="57" green="105" blue="138" alpha="255" uiDefaultParentName="nimbusSelectionBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0" uiResource="false"/>
+                      <matte red="57" green="105" blue="138" alpha="255" uiDefaultParentName="nimbusSelectionBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0"/>
                    </textBackground>
                    <background/>
                    <inherit-textForeground>false</inherit-textForeground>
@@ -13453,7 +13453,7 @@
                 <style>
                    <textForeground/>
                    <textBackground>
-                       <matte red="57" green="105" blue="138" alpha="255" uiDefaultParentName="nimbusSelectionBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0" uiResource="false"/>
+                       <matte red="57" green="105" blue="138" alpha="255" uiDefaultParentName="nimbusSelectionBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0"/>
                    </textBackground>
                    <background/>
                    <inherit-textBackground>false</inherit-textBackground>
@@ -13477,7 +13477,7 @@
             <state stateKeys="Disabled">
                 <style>
                    <textForeground>
-                      <matte red="142" green="143" blue="145" alpha="255" uiDefaultParentName="nimbusDisabledText" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0" uiResource="false"/>
+                      <matte red="142" green="143" blue="145" alpha="255" uiDefaultParentName="nimbusDisabledText" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0"/>
                    </textForeground>
                    <textBackground/>
                    <background/>
@@ -13520,7 +13520,7 @@
                         </textForeground>
                         <textBackground/>
                         <background>
-                           <matte red="57" green="105" blue="138" alpha="255" uiDefaultParentName="nimbusSelectionBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0" uiResource="false"/>
+                           <matte red="57" green="105" blue="138" alpha="255" uiDefaultParentName="nimbusSelectionBackground" hueOffset="0.0" saturationOffset="0.0" brightnessOffset="0.0" alphaOffset="0"/>
                         </background>
                         <inherit-textForeground>false</inherit-textForeground>
                         <inherit-background>false</inherit-background>
--- a/src/share/classes/sun/awt/image/ByteBandedRaster.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/sun/awt/image/ByteBandedRaster.java	Tue Jun 03 10:00:37 2014 -0700
@@ -755,10 +755,22 @@
                     + scanlineStride);
         }
 
-        for (int i = 0; i < data.length; i++) {
-            if (scanlineStride > data[i].length) {
-                throw new RasterFormatException("Incorrect scanline stride: "
-                    + scanlineStride);
+        if ((long)minX - sampleModelTranslateX < 0 ||
+            (long)minY - sampleModelTranslateY < 0) {
+
+            throw new RasterFormatException("Incorrect origin/translate: (" +
+                    minX + ", " + minY + ") / (" +
+                    sampleModelTranslateX + ", " + sampleModelTranslateY + ")");
+        }
+
+
+        if (height > 1 || minY - sampleModelTranslateY > 0) {
+            // buffer should contain at least one scanline
+            for (int i = 0; i < data.length; i++) {
+                if (scanlineStride > data[i].length) {
+                    throw new RasterFormatException("Incorrect scanline stride: "
+                        + scanlineStride);
+                }
             }
         }
 
--- a/src/share/classes/sun/awt/image/ByteComponentRaster.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/sun/awt/image/ByteComponentRaster.java	Tue Jun 03 10:00:37 2014 -0700
@@ -885,15 +885,31 @@
             }
         }
 
+        if ((long)minX - sampleModelTranslateX < 0 ||
+            (long)minY - sampleModelTranslateY < 0) {
+
+            throw new RasterFormatException("Incorrect origin/translate: (" +
+                    minX + ", " + minY + ") / (" +
+                    sampleModelTranslateX + ", " + sampleModelTranslateY + ")");
+        }
+
         // we can be sure that width and height are greater than 0
         if (scanlineStride < 0 ||
-            scanlineStride > (Integer.MAX_VALUE / height) ||
-            scanlineStride > data.length)
+            scanlineStride > (Integer.MAX_VALUE / height))
         {
             // integer overflow
             throw new RasterFormatException("Incorrect scanline stride: "
                     + scanlineStride);
         }
+
+        if (height > 1 || minY - sampleModelTranslateY > 0) {
+            // buffer should contain at least one scanline
+            if (scanlineStride > data.length) {
+                throw new RasterFormatException("Incorrect scanline stride: "
+                        + scanlineStride);
+            }
+        }
+
         int lastScanOffset = (height - 1) * scanlineStride;
 
         if (pixelStride < 0 ||
--- a/src/share/classes/sun/awt/image/BytePackedRaster.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/sun/awt/image/BytePackedRaster.java	Tue Jun 03 10:00:37 2014 -0700
@@ -1386,13 +1386,28 @@
             throw new RasterFormatException("Invalid raster dimension");
         }
 
+        if ((long)minX - sampleModelTranslateX < 0 ||
+            (long)minY - sampleModelTranslateY < 0) {
+
+            throw new RasterFormatException("Incorrect origin/translate: (" +
+                    minX + ", " + minY + ") / (" +
+                    sampleModelTranslateX + ", " + sampleModelTranslateY + ")");
+        }
+
         if (scanlineStride < 0 ||
-            scanlineStride > (Integer.MAX_VALUE / height) ||
-            scanlineStride > data.length)
+            scanlineStride > (Integer.MAX_VALUE / height))
         {
             throw new RasterFormatException("Invalid scanline stride");
         }
 
+        if (height > 1 || minY - sampleModelTranslateY > 0) {
+            // buffer should contain at least one scanline
+            if (scanlineStride > data.length) {
+                throw new RasterFormatException("Incorrect scanline stride: "
+                        + scanlineStride);
+            }
+        }
+
         int lastbit = (dataBitOffset
                        + (height-1) * scanlineStride * 8
                        + (width-1) * pixelBitStride
--- a/src/share/classes/sun/awt/image/FileImageSource.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/sun/awt/image/FileImageSource.java	Tue Jun 03 10:00:37 2014 -0700
@@ -48,6 +48,10 @@
     }
 
     protected ImageDecoder getDecoder() {
+        if (imagefile == null) {
+            return null;
+        }
+
         InputStream is;
         try {
             is = new BufferedInputStream(new FileInputStream(imagefile));
--- a/src/share/classes/sun/awt/image/IntegerComponentRaster.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/sun/awt/image/IntegerComponentRaster.java	Tue Jun 03 10:00:37 2014 -0700
@@ -654,15 +654,31 @@
                                             ") must be >= 0");
         }
 
+        if ((long)minX - sampleModelTranslateX < 0 ||
+            (long)minY - sampleModelTranslateY < 0) {
+
+            throw new RasterFormatException("Incorrect origin/translate: (" +
+                    minX + ", " + minY + ") / (" +
+                    sampleModelTranslateX + ", " + sampleModelTranslateY + ")");
+        }
+
         // we can be sure that width and height are greater than 0
         if (scanlineStride < 0 ||
-            scanlineStride > (Integer.MAX_VALUE / height) ||
-            scanlineStride > data.length)
+            scanlineStride > (Integer.MAX_VALUE / height))
         {
             // integer overflow
             throw new RasterFormatException("Incorrect scanline stride: "
                     + scanlineStride);
         }
+
+        if (height > 1 || minY - sampleModelTranslateY > 0) {
+            // buffer should contain at least one scanline
+            if (scanlineStride > data.length) {
+                throw new RasterFormatException("Incorrect scanline stride: "
+                        + scanlineStride);
+            }
+        }
+
         int lastScanOffset = (height - 1) * scanlineStride;
 
         if (pixelStride < 0 ||
--- a/src/share/classes/sun/awt/image/ShortBandedRaster.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/sun/awt/image/ShortBandedRaster.java	Tue Jun 03 10:00:37 2014 -0700
@@ -754,10 +754,21 @@
                     + scanlineStride);
         }
 
-        for (int i = 0; i < data.length; i++) {
-            if (scanlineStride > data[i].length) {
-                throw new RasterFormatException("Incorrect scanline stride: "
-                    + scanlineStride);
+        if ((long)minX - sampleModelTranslateX < 0 ||
+            (long)minY - sampleModelTranslateY < 0) {
+
+            throw new RasterFormatException("Incorrect origin/translate: (" +
+                    minX + ", " + minY + ") / (" +
+                    sampleModelTranslateX + ", " + sampleModelTranslateY + ")");
+        }
+
+        if (height > 1 || minY - sampleModelTranslateY > 0) {
+            // buffer should contain at least one scanline
+            for (int i = 0; i < data.length; i++) {
+                if (scanlineStride > data[i].length) {
+                    throw new RasterFormatException("Incorrect scanline stride: "
+                        + scanlineStride);
+                }
             }
         }
 
--- a/src/share/classes/sun/awt/image/ShortComponentRaster.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/sun/awt/image/ShortComponentRaster.java	Tue Jun 03 10:00:37 2014 -0700
@@ -819,15 +819,31 @@
             }
         }
 
+        if ((long)minX - sampleModelTranslateX < 0 ||
+            (long)minY - sampleModelTranslateY < 0) {
+
+            throw new RasterFormatException("Incorrect origin/translate: (" +
+                    minX + ", " + minY + ") / (" +
+                    sampleModelTranslateX + ", " + sampleModelTranslateY + ")");
+        }
+
         // we can be sure that width and height are greater than 0
         if (scanlineStride < 0 ||
-            scanlineStride > (Integer.MAX_VALUE / height) ||
-            scanlineStride > data.length)
+            scanlineStride > (Integer.MAX_VALUE / height))
         {
             // integer overflow
             throw new RasterFormatException("Incorrect scanline stride: "
                     + scanlineStride);
         }
+
+        if (height > 1 || minY - sampleModelTranslateY > 0) {
+            // buffer should contain at least one scanline
+            if (scanlineStride > data.length) {
+                throw new RasterFormatException("Incorrect scanline stride: "
+                        + scanlineStride);
+            }
+        }
+
         int lastScanOffset = (height - 1) * scanlineStride;
 
         if (pixelStride < 0 ||
--- a/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java	Tue Jun 03 10:00:37 2014 -0700
@@ -26,11 +26,11 @@
 package sun.security.internal.spec;
 
 import java.security.spec.AlgorithmParameterSpec;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 
 /**
- * Parameters for SSL/TLS RSA Premaster secret generation.
- * This class is used by SSL/TLS client to initialize KeyGenerators of the
- * type "TlsRsaPremasterSecret".
+ * Parameters for SSL/TLS RSA premaster secret.
  *
  * <p>Instances of this class are immutable.
  *
@@ -43,90 +43,108 @@
 public class TlsRsaPremasterSecretParameterSpec
         implements AlgorithmParameterSpec {
 
-    private final int majorVersion;
-    private final int minorVersion;
-    private final byte[] encodedSecret;
+    /*
+     * The TLS spec says that the version in the RSA premaster secret must
+     * be the maximum version supported by the client (i.e. the version it
+     * requested in its client hello version). However, we (and other
+     * implementations) used to send the active negotiated version. The
+     * system property below allows to toggle the behavior.
+     */
+    private final static String PROP_NAME =
+                                "com.sun.net.ssl.rsaPreMasterSecretFix";
+
+    /*
+     * Default is "false" (old behavior) for compatibility reasons in
+     * SSLv3/TLSv1.  Later protocols (TLSv1.1+) do not use this property.
+     */
+    private final static boolean rsaPreMasterSecretFix =
+            AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+                public Boolean run() {
+                    String value = System.getProperty(PROP_NAME);
+                    if (value != null && value.equalsIgnoreCase("true")) {
+                        return Boolean.TRUE;
+                    }
+
+                    return Boolean.FALSE;
+                }
+            });
+
+    private final int clientVersion;
+    private final int serverVersion;
 
     /**
      * Constructs a new TlsRsaPremasterSecretParameterSpec.
-     * <P>
-     * The version numbers will be placed inside the premaster secret to
-     * detect version rollbacks attacks as described in the TLS specification.
-     * Note that they do not indicate the protocol version negotiated for
-     * the handshake.
      *
-     * @param majorVersion the major number of the protocol version
-     * @param minorVersion the minor number of the protocol version
+     * @param clientVersion the version of the TLS protocol by which the
+     *        client wishes to communicate during this session
+     * @param serverVersion the negotiated version of the TLS protocol which
+     *        contains the lower of that suggested by the client in the client
+     *        hello and the highest supported by the server.
      *
-     * @throws IllegalArgumentException if minorVersion or majorVersion are
-     *   negative or larger than 255
+     * @throws IllegalArgumentException if clientVersion or serverVersion are
+     *   negative or larger than (2^16 - 1)
      */
-    public TlsRsaPremasterSecretParameterSpec(int majorVersion,
-            int minorVersion) {
-        this.majorVersion =
-            TlsMasterSecretParameterSpec.checkVersion(majorVersion);
-        this.minorVersion =
-            TlsMasterSecretParameterSpec.checkVersion(minorVersion);
-        this.encodedSecret = null;
+    public TlsRsaPremasterSecretParameterSpec(
+            int clientVersion, int serverVersion) {
+
+        this.clientVersion = checkVersion(clientVersion);
+        this.serverVersion = checkVersion(serverVersion);
     }
 
     /**
-     * Constructs a new TlsRsaPremasterSecretParameterSpec.
-     * <P>
-     * The version numbers will be placed inside the premaster secret to
-     * detect version rollbacks attacks as described in the TLS specification.
-     * Note that they do not indicate the protocol version negotiated for
-     * the handshake.
-     * <P>
-     * Usually, the encoded secret key is a random number that acts as
-     * dummy pre_master_secret to avoid vulnerabilities described by
-     * section 7.4.7.1, RFC 5246.
+     * Returns the version of the TLS protocol by which the client wishes to
+     * communicate during this session.
      *
-     * @param majorVersion the major number of the protocol version
-     * @param minorVersion the minor number of the protocol version
-     * @param encodedSecret the encoded secret key
-     *
-     * @throws IllegalArgumentException if minorVersion or majorVersion are
-     *   negative or larger than 255, or encodedSecret is not exactly 48 bytes.
+     * @return the version of the TLS protocol in ClientHello message
      */
-    public TlsRsaPremasterSecretParameterSpec(int majorVersion,
-            int minorVersion, byte[] encodedSecret) {
-        this.majorVersion =
-            TlsMasterSecretParameterSpec.checkVersion(majorVersion);
-        this.minorVersion =
-            TlsMasterSecretParameterSpec.checkVersion(minorVersion);
-
-        if (encodedSecret == null || encodedSecret.length != 48) {
-            throw new IllegalArgumentException(
-                        "Encoded secret is not exactly 48 bytes");
-        }
-        this.encodedSecret = encodedSecret.clone();
+    public int getClientVersion() {
+        return clientVersion;
     }
 
     /**
-     * Returns the major version.
+     * Returns the negotiated version of the TLS protocol which contains the
+     * lower of that suggested by the client in the client hello and the
+     * highest supported by the server.
      *
-     * @return the major version.
+     * @return the negotiated version of the TLS protocol in ServerHello message
      */
-    public int getMajorVersion() {
-        return majorVersion;
+    public int getServerVersion() {
+        return serverVersion;
     }
 
     /**
-     * Returns the minor version.
+     * Returns the major version used in RSA premaster secret.
      *
-     * @return the minor version.
+     * @return the major version used in RSA premaster secret.
      */
-    public int getMinorVersion() {
-        return minorVersion;
+    public int getMajorVersion() {
+        if (rsaPreMasterSecretFix || clientVersion >= 0x0302) {
+                                                        // 0x0302: TLSv1.1
+            return (clientVersion >>> 8) & 0xFF;
+        }
+
+        return (serverVersion >>> 8) & 0xFF;
     }
 
     /**
-     * Returns the encoded secret.
+     * Returns the minor version used in RSA premaster secret.
      *
-     * @return the encoded secret, may be null if no encoded secret.
+     * @return the minor version used in RSA premaster secret.
      */
-    public byte[] getEncodedSecret() {
-        return encodedSecret == null ? null : encodedSecret.clone();
+    public int getMinorVersion() {
+        if (rsaPreMasterSecretFix || clientVersion >= 0x0302) {
+                                                        // 0x0302: TLSv1.1
+            return clientVersion & 0xFF;
+        }
+
+        return serverVersion & 0xFF;
+    }
+
+    private int checkVersion(int version) {
+        if ((version < 0) || (version > 0xFFFF)) {
+            throw new IllegalArgumentException(
+                        "Version must be between 0 and 65,535");
+        }
+        return version;
     }
 }
--- a/src/share/classes/sun/security/pkcs11/P11RSACipher.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11RSACipher.java	Tue Jun 03 10:00:37 2014 -0700
@@ -37,6 +37,8 @@
 import static sun.security.pkcs11.TemplateManager.*;
 import sun.security.pkcs11.wrapper.*;
 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
+import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
+import sun.security.util.KeyUtil;
 
 /**
  * RSA Cipher implementation class. We currently only support
@@ -102,6 +104,12 @@
     // maximum output size. this is the length of the key
     private int outputSize;
 
+    // cipher parameter for TLS RSA premaster secret
+    private AlgorithmParameterSpec spec = null;
+
+    // the source of randomness
+    private SecureRandom random;
+
     P11RSACipher(Token token, String algorithm, long mechanism)
             throws PKCS11Exception {
         super();
@@ -165,8 +173,12 @@
             AlgorithmParameterSpec params, SecureRandom random)
             throws InvalidKeyException, InvalidAlgorithmParameterException {
         if (params != null) {
-            throw new InvalidAlgorithmParameterException
-                ("Parameters not supported");
+            if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
+                throw new InvalidAlgorithmParameterException(
+                        "Parameters not supported");
+            }
+            spec = params;
+            this.random = random;   // for TLS RSA premaster secret
         }
         implInit(opmode, key);
     }
@@ -176,8 +188,8 @@
             SecureRandom random)
             throws InvalidKeyException, InvalidAlgorithmParameterException {
         if (params != null) {
-            throw new InvalidAlgorithmParameterException
-                ("Parameters not supported");
+            throw new InvalidAlgorithmParameterException(
+                        "Parameters not supported");
         }
         implInit(opmode, key);
     }
@@ -452,21 +464,101 @@
     protected Key engineUnwrap(byte[] wrappedKey, String algorithm,
             int type) throws InvalidKeyException, NoSuchAlgorithmException {
 
-        // XXX implement unwrap using C_Unwrap() for all keys
-        implInit(Cipher.DECRYPT_MODE, p11Key);
-        if (wrappedKey.length > maxInputSize) {
-            throw new InvalidKeyException("Key is too long for unwrapping");
+        boolean isTlsRsaPremasterSecret =
+                algorithm.equals("TlsRsaPremasterSecret");
+        Exception failover = null;
+
+        SecureRandom secureRandom = random;
+        if (secureRandom == null && isTlsRsaPremasterSecret) {
+            secureRandom = new SecureRandom();
         }
-        implUpdate(wrappedKey, 0, wrappedKey.length);
-        try {
-            byte[] encoded = doFinal();
+
+        // Should C_Unwrap be preferred for non-TLS RSA premaster secret?
+        if (token.supportsRawSecretKeyImport()) {
+            // XXX implement unwrap using C_Unwrap() for all keys
+            implInit(Cipher.DECRYPT_MODE, p11Key);
+            if (wrappedKey.length > maxInputSize) {
+                throw new InvalidKeyException("Key is too long for unwrapping");
+            }
+
+            byte[] encoded = null;
+            implUpdate(wrappedKey, 0, wrappedKey.length);
+            try {
+                encoded = doFinal();
+            } catch (BadPaddingException e) {
+                if (isTlsRsaPremasterSecret) {
+                    failover = e;
+                } else {
+                    throw new InvalidKeyException("Unwrapping failed", e);
+                }
+            } catch (IllegalBlockSizeException e) {
+                // should not occur, handled with length check above
+                throw new InvalidKeyException("Unwrapping failed", e);
+            }
+
+            if (isTlsRsaPremasterSecret) {
+                if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) {
+                    throw new IllegalStateException(
+                            "No TlsRsaPremasterSecretParameterSpec specified");
+                }
+
+                // polish the TLS premaster secret
+                TlsRsaPremasterSecretParameterSpec psps =
+                        (TlsRsaPremasterSecretParameterSpec)spec;
+                encoded = KeyUtil.checkTlsPreMasterSecretKey(
+                        psps.getClientVersion(), psps.getServerVersion(),
+                        secureRandom, encoded, (failover != null));
+            }
+
             return ConstructKeys.constructKey(encoded, algorithm, type);
-        } catch (BadPaddingException e) {
-            // should not occur
-            throw new InvalidKeyException("Unwrapping failed", e);
-        } catch (IllegalBlockSizeException e) {
-            // should not occur, handled with length check above
-            throw new InvalidKeyException("Unwrapping failed", e);
+        } else {
+            Session s = null;
+            SecretKey secretKey = null;
+            try {
+                try {
+                    s = token.getObjSession();
+                    long keyType = CKK_GENERIC_SECRET;
+                    CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
+                            new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
+                            new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),
+                        };
+                    attributes = token.getAttributes(
+                            O_IMPORT, CKO_SECRET_KEY, keyType, attributes);
+                    long keyID = token.p11.C_UnwrapKey(s.id(),
+                            new CK_MECHANISM(mechanism), p11Key.keyID,
+                            wrappedKey, attributes);
+                    secretKey = P11Key.secretKey(s, keyID,
+                            algorithm, 48 << 3, attributes);
+                } catch (PKCS11Exception e) {
+                    if (isTlsRsaPremasterSecret) {
+                        failover = e;
+                    } else {
+                        throw new InvalidKeyException("unwrap() failed", e);
+                    }
+                }
+
+                if (isTlsRsaPremasterSecret) {
+                    byte[] replacer = new byte[48];
+                    if (failover == null) {
+                        // Does smart compiler dispose this operation?
+                        secureRandom.nextBytes(replacer);
+                    }
+
+                    TlsRsaPremasterSecretParameterSpec psps =
+                            (TlsRsaPremasterSecretParameterSpec)spec;
+
+                    // Please use the tricky failover and replacer byte array
+                    // as the parameters so that smart compiler won't dispose
+                    // the unused variable .
+                    secretKey = polishPreMasterSecretKey(token, s,
+                            failover, replacer, secretKey,
+                            psps.getClientVersion(), psps.getServerVersion());
+                }
+
+                return secretKey;
+            } finally {
+                token.releaseSession(s);
+            }
         }
     }
 
@@ -475,6 +567,34 @@
         int n = P11KeyFactory.convertKey(token, key, algorithm).length();
         return n;
     }
+
+    private static SecretKey polishPreMasterSecretKey(
+            Token token, Session session,
+            Exception failover, byte[] replacer, SecretKey secretKey,
+            int clientVersion, int serverVersion) {
+
+        if (failover != null) {
+            CK_VERSION version = new CK_VERSION(
+                    (clientVersion >>> 8) & 0xFF, clientVersion & 0xFF);
+            try {
+                CK_ATTRIBUTE[] attributes = token.getAttributes(
+                        O_GENERATE, CKO_SECRET_KEY,
+                        CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
+                long keyID = token.p11.C_GenerateKey(session.id(),
+                    // new CK_MECHANISM(CKM_TLS_PRE_MASTER_KEY_GEN, version),
+                        new CK_MECHANISM(CKM_SSL3_PRE_MASTER_KEY_GEN, version),
+                        attributes);
+                return P11Key.secretKey(session,
+                        keyID, "TlsRsaPremasterSecret", 48 << 3, attributes);
+            } catch (PKCS11Exception e) {
+                throw new ProviderException(
+                        "Could not generate premaster secret", e);
+            }
+        }
+
+        return secretKey;
+    }
+
 }
 
 final class ConstructKeys {
--- a/src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java	Tue Jun 03 10:00:37 2014 -0700
@@ -73,7 +73,7 @@
 
     protected void engineInit(AlgorithmParameterSpec params,
             SecureRandom random) throws InvalidAlgorithmParameterException {
-        if (params instanceof TlsRsaPremasterSecretParameterSpec == false) {
+        if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
             throw new InvalidAlgorithmParameterException(MSG);
         }
         this.spec = (TlsRsaPremasterSecretParameterSpec)params;
@@ -83,38 +83,32 @@
         throw new InvalidParameterException(MSG);
     }
 
+    // Only can be used in client side to generate TLS RSA premaster secret.
     protected SecretKey engineGenerateKey() {
         if (spec == null) {
             throw new IllegalStateException
                         ("TlsRsaPremasterSecretGenerator must be initialized");
         }
 
-        byte[] b = spec.getEncodedSecret();
-        if (b == null) {
-            CK_VERSION version = new CK_VERSION(
+        CK_VERSION version = new CK_VERSION(
                         spec.getMajorVersion(), spec.getMinorVersion());
-            Session session = null;
-            try {
-                session = token.getObjSession();
-                CK_ATTRIBUTE[] attributes = token.getAttributes(
-                        O_GENERATE, CKO_SECRET_KEY,
-                        CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
-                long keyID = token.p11.C_GenerateKey(session.id(),
-                        new CK_MECHANISM(mechanism, version), attributes);
-                SecretKey key = P11Key.secretKey(session,
-                        keyID, "TlsRsaPremasterSecret", 48 << 3, attributes);
-                return key;
-            } catch (PKCS11Exception e) {
-                throw new ProviderException(
-                        "Could not generate premaster secret", e);
-            } finally {
-                token.releaseSession(session);
-            }
+        Session session = null;
+        try {
+            session = token.getObjSession();
+            CK_ATTRIBUTE[] attributes = token.getAttributes(
+                    O_GENERATE, CKO_SECRET_KEY,
+                    CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
+            long keyID = token.p11.C_GenerateKey(session.id(),
+                    new CK_MECHANISM(mechanism, version), attributes);
+            SecretKey key = P11Key.secretKey(session,
+                    keyID, "TlsRsaPremasterSecret", 48 << 3, attributes);
+            return key;
+        } catch (PKCS11Exception e) {
+            throw new ProviderException(
+                    "Could not generate premaster secret", e);
+        } finally {
+            token.releaseSession(session);
         }
-
-        // Won't worry, the TlsRsaPremasterSecret will be soon converted to
-        // TlsMasterSecret.
-        return new SecretKeySpec(b, "TlsRsaPremasterSecret");
     }
 
 }
--- a/src/share/classes/sun/security/pkcs11/Token.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/sun/security/pkcs11/Token.java	Tue Jun 03 10:00:37 2014 -0700
@@ -35,6 +35,7 @@
 import sun.security.jca.JCAUtil;
 
 import sun.security.pkcs11.wrapper.*;
+import static sun.security.pkcs11.TemplateManager.*;
 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
 
 /**
@@ -121,6 +122,9 @@
     private final static CK_MECHANISM_INFO INVALID_MECH =
         new CK_MECHANISM_INFO(0, 0, 0);
 
+    // flag indicating whether the token supports raw secret key material import
+    private Boolean supportsRawSecretKeyImport;
+
     Token(SunPKCS11 provider) throws PKCS11Exception {
         this.provider = provider;
         this.removable = provider.removable;
@@ -159,6 +163,36 @@
         return writeProtected;
     }
 
+    // return whether the token supports raw secret key material import
+    boolean supportsRawSecretKeyImport() {
+        if (supportsRawSecretKeyImport == null) {
+            SecureRandom random = JCAUtil.getSecureRandom();
+            byte[] encoded = new byte[48];
+            random.nextBytes(encoded);
+
+            CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[3];
+            attributes[0] = new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY);
+            attributes[1] = new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET);
+            attributes[2] = new CK_ATTRIBUTE(CKA_VALUE, encoded);
+
+            Session session = null;
+            try {
+                attributes = getAttributes(O_IMPORT,
+                        CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes);
+                session = getObjSession();
+                long keyID = p11.C_CreateObject(session.id(), attributes);
+
+                supportsRawSecretKeyImport = Boolean.TRUE;
+            } catch (PKCS11Exception e) {
+                supportsRawSecretKeyImport = Boolean.FALSE;
+            } finally {
+                releaseSession(session);
+            }
+        }
+
+        return supportsRawSecretKeyImport;
+    }
+
     // return whether we are logged in
     // uses cached result if current. session is optional and may be null
     boolean isLoggedIn(Session session) throws PKCS11Exception {
--- a/src/share/classes/sun/security/smartcardio/CardImpl.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/sun/security/smartcardio/CardImpl.java	Tue Jun 03 10:00:37 2014 -0700
@@ -246,7 +246,7 @@
         }
         checkExclusive();
         try {
-            SCardDisconnect(cardId, (reset ? SCARD_LEAVE_CARD : SCARD_RESET_CARD));
+            SCardDisconnect(cardId, (reset ? SCARD_RESET_CARD : SCARD_LEAVE_CARD));
         } catch (PCSCException e) {
             throw new CardException("disconnect() failed", e);
         } finally {
--- a/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java	Tue Jun 03 10:00:37 2014 -0700
@@ -50,23 +50,6 @@
  */
 final class RSAClientKeyExchange extends HandshakeMessage {
 
-    /**
-     * The TLS spec says that the version in the RSA premaster secret must
-     * be the maximum version supported by the client (i.e. the version it
-     * requested in its client hello version). However, we (and other
-     * implementations) used to send the active negotiated version. The
-     * system property below allows to toggle the behavior.
-     */
-    private final static String PROP_NAME =
-                                "com.sun.net.ssl.rsaPreMasterSecretFix";
-
-    /*
-     * Default is "false" (old behavior) for compatibility reasons in
-     * SSLv3/TLSv1.  Later protocols (TLSv1.1+) do not use this property.
-     */
-    private final static boolean rsaPreMasterSecretFix =
-                                Debug.getBooleanProperty(PROP_NAME, false);
-
     /*
      * The following field values were encrypted with the server's public
      * key (or temp key from server key exchange msg) and are presented
@@ -90,22 +73,12 @@
         }
         this.protocolVersion = protocolVersion;
 
-        int major, minor;
-
-        if (rsaPreMasterSecretFix || maxVersion.v >= ProtocolVersion.TLS11.v) {
-            major = maxVersion.major;
-            minor = maxVersion.minor;
-        } else {
-            major = protocolVersion.major;
-            minor = protocolVersion.minor;
-        }
-
         try {
             String s = ((protocolVersion.v >= ProtocolVersion.TLS12.v) ?
                 "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
             KeyGenerator kg = JsseJce.getKeyGenerator(s);
-            kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor),
-                    generator);
+            kg.init(new TlsRsaPremasterSecretParameterSpec(
+                    maxVersion.v, protocolVersion.v), generator);
             preMaster = kg.generateKey();
 
             Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1);
@@ -140,18 +113,17 @@
             }
         }
 
-        Exception failover = null;
-        byte[] encoded = null;
         try {
             Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1);
             // Cannot generate key here, please don't use Cipher.UNWRAP_MODE!
-            cipher.init(Cipher.DECRYPT_MODE, privateKey);
-            encoded = cipher.doFinal(encrypted);
-        } catch (BadPaddingException bpe) {
-            failover = bpe;
-            encoded = null;
-        } catch (IllegalBlockSizeException ibse) {
-            // the message it too big to process with RSA
+            cipher.init(Cipher.UNWRAP_MODE, privateKey,
+                    new TlsRsaPremasterSecretParameterSpec(
+                            maxVersion.v, currentVersion.v),
+                    generator);
+            preMaster = (SecretKey)cipher.unwrap(encrypted,
+                                "TlsRsaPremasterSecret", Cipher.SECRET_KEY);
+        } catch (InvalidKeyException ibk) {
+            // the message is too big to process with RSA
             throw new SSLProtocolException(
                 "Unable to process PreMasterSecret, may be too big");
         } catch (Exception e) {
@@ -162,124 +134,6 @@
             }
             throw new RuntimeException("Could not generate dummy secret", e);
         }
-
-        // polish the premaster secret
-        preMaster = polishPreMasterSecretKey(
-                    currentVersion, maxVersion, generator, encoded, failover);
-    }
-
-    /**
-     * To avoid vulnerabilities described by section 7.4.7.1, RFC 5246,
-     * treating incorrectly formatted message blocks and/or mismatched
-     * version numbers in a manner indistinguishable from correctly
-     * formatted RSA blocks.
-     *
-     * RFC 5246 describes the approach as :
-     *
-     *  1. Generate a string R of 48 random bytes
-     *
-     *  2. Decrypt the message to recover the plaintext M
-     *
-     *  3. If the PKCS#1 padding is not correct, or the length of message
-     *     M is not exactly 48 bytes:
-     *        pre_master_secret = R
-     *     else If ClientHello.client_version <= TLS 1.0, and version
-     *     number check is explicitly disabled:
-     *        premaster secret = M
-     *     else If M[0..1] != ClientHello.client_version:
-     *        premaster secret = R
-     *     else:
-     *        premaster secret = M
-     *
-     * Note that #2 has completed before the call of this method.
-     */
-    private SecretKey polishPreMasterSecretKey(ProtocolVersion currentVersion,
-            ProtocolVersion clientHelloVersion, SecureRandom generator,
-            byte[] encoded, Exception failoverException) {
-
-        this.protocolVersion = clientHelloVersion;
-        if (generator == null) {
-            generator = new SecureRandom();
-        }
-        byte[] random = new byte[48];
-        generator.nextBytes(random);
-
-        if (failoverException == null && encoded != null) {
-            // check the length
-            if (encoded.length != 48) {
-                if (debug != null && Debug.isOn("handshake")) {
-                    System.out.println(
-                        "incorrect length of premaster secret: " +
-                        encoded.length);
-                }
-
-                return generatePreMasterSecret(
-                        clientHelloVersion, random, generator);
-            }
-
-            if (clientHelloVersion.major != encoded[0] ||
-                        clientHelloVersion.minor != encoded[1]) {
-
-                if (clientHelloVersion.v <= ProtocolVersion.TLS10.v &&
-                       currentVersion.major == encoded[0] &&
-                       currentVersion.minor == encoded[1]) {
-                    /*
-                     * For compatibility, we maintain the behavior that the
-                     * version in pre_master_secret can be the negotiated
-                     * version for TLS v1.0 and SSL v3.0.
-                     */
-                    this.protocolVersion = currentVersion;
-                } else {
-                    if (debug != null && Debug.isOn("handshake")) {
-                        System.out.println("Mismatching Protocol Versions, " +
-                            "ClientHello.client_version is " +
-                            clientHelloVersion +
-                            ", while PreMasterSecret.client_version is " +
-                            ProtocolVersion.valueOf(encoded[0], encoded[1]));
-                    }
-
-                    encoded = random;
-                }
-            }
-
-            return generatePreMasterSecret(
-                    clientHelloVersion, encoded, generator);
-        }
-
-        if (debug != null && Debug.isOn("handshake") &&
-                    failoverException != null) {
-            System.out.println("Error decrypting premaster secret:");
-            failoverException.printStackTrace(System.out);
-        }
-
-        return generatePreMasterSecret(clientHelloVersion, random, generator);
-    }
-
-    // generate a premaster secret with the specified version number
-    private static SecretKey generatePreMasterSecret(
-            ProtocolVersion version, byte[] encodedSecret,
-            SecureRandom generator) {
-
-        if (debug != null && Debug.isOn("handshake")) {
-            System.out.println("Generating a random fake premaster secret");
-        }
-
-        try {
-            String s = ((version.v >= ProtocolVersion.TLS12.v) ?
-                "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
-            KeyGenerator kg = JsseJce.getKeyGenerator(s);
-            kg.init(new TlsRsaPremasterSecretParameterSpec(
-                    version.major, version.minor, encodedSecret), generator);
-            return kg.generateKey();
-        } catch (InvalidAlgorithmParameterException |
-                NoSuchAlgorithmException iae) {
-            // unlikely to happen, otherwise, must be a provider exception
-            if (debug != null && Debug.isOn("handshake")) {
-                System.out.println("RSA premaster secret generation error:");
-                iae.printStackTrace(System.out);
-            }
-            throw new RuntimeException("Could not generate dummy secret", iae);
-        }
     }
 
     @Override
--- a/src/share/classes/sun/security/util/KeyUtil.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/classes/sun/security/util/KeyUtil.java	Tue Jun 03 10:00:37 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@
 import java.security.interfaces.ECKey;
 import java.security.interfaces.RSAKey;
 import java.security.interfaces.DSAKey;
+import java.security.SecureRandom;
 import java.security.spec.KeySpec;
 import javax.crypto.SecretKey;
 import javax.crypto.interfaces.DHKey;
@@ -157,6 +158,79 @@
     }
 
     /**
+     * Check the format of TLS PreMasterSecret.
+     * <P>
+     * To avoid vulnerabilities described by section 7.4.7.1, RFC 5246,
+     * treating incorrectly formatted message blocks and/or mismatched
+     * version numbers in a manner indistinguishable from correctly
+     * formatted RSA blocks.
+     *
+     * RFC 5246 describes the approach as :
+     *
+     *  1. Generate a string R of 48 random bytes
+     *
+     *  2. Decrypt the message to recover the plaintext M
+     *
+     *  3. If the PKCS#1 padding is not correct, or the length of message
+     *     M is not exactly 48 bytes:
+     *        pre_master_secret = R
+     *     else If ClientHello.client_version <= TLS 1.0, and version
+     *     number check is explicitly disabled:
+     *        premaster secret = M
+     *     else If M[0..1] != ClientHello.client_version:
+     *        premaster secret = R
+     *     else:
+     *        premaster secret = M
+     *
+     * Note that #2 should have completed before the call to this method.
+     *
+     * @param  clientVersion the version of the TLS protocol by which the
+     *         client wishes to communicate during this session
+     * @param  serverVersion the negotiated version of the TLS protocol which
+     *         contains the lower of that suggested by the client in the client
+     *         hello and the highest supported by the server.
+     * @param  encoded the encoded key in its "RAW" encoding format
+     * @param  isFailover whether or not the previous decryption of the
+     *         encrypted PreMasterSecret message run into problem
+     * @return the polished PreMasterSecret key in its "RAW" encoding format
+     */
+    public static byte[] checkTlsPreMasterSecretKey(
+            int clientVersion, int serverVersion, SecureRandom random,
+            byte[] encoded, boolean isFailOver) {
+
+        if (random == null) {
+            random = new SecureRandom();
+        }
+        byte[] replacer = new byte[48];
+        random.nextBytes(replacer);
+
+        if (!isFailOver && (encoded != null)) {
+            // check the length
+            if (encoded.length != 48) {
+                // private, don't need to clone the byte array.
+                return replacer;
+            }
+
+            int encodedVersion =
+                    ((encoded[0] & 0xFF) << 8) | (encoded[1] & 0xFF);
+            if (clientVersion != encodedVersion) {
+                if (clientVersion > 0x0301 ||               // 0x0301: TLSv1
+                       serverVersion != encodedVersion) {
+                    encoded = replacer;
+                }   // Otherwise, For compatibility, we maintain the behavior
+                    // that the version in pre_master_secret can be the
+                    // negotiated version for TLS v1.0 and SSL v3.0.
+            }
+
+            // private, don't need to clone the byte array.
+            return encoded;
+        }
+
+        // private, don't need to clone the byte array.
+        return replacer;
+    }
+
+    /**
      * Returns whether the Diffie-Hellman public key is valid or not.
      *
      * Per RFC 2631 and NIST SP800-56A, the following algorithm is used to
--- a/src/share/native/sun/security/smartcardio/pcsc.c	Tue May 20 12:34:17 2014 -0700
+++ b/src/share/native/sun/security/smartcardio/pcsc.c	Tue Jun 03 10:00:37 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -64,17 +64,32 @@
 
 #define J2PCSC_EXCEPTION_NAME "sun/security/smartcardio/PCSCException"
 
+void throwOutOfMemoryError(JNIEnv *env, const char *msg) {
+    jclass cls = (*env)->FindClass(env, "java/lang/OutOfMemoryError");
+
+    if (cls != NULL) /* Otherwise an exception has already been thrown */
+        (*env)->ThrowNew(env, cls, msg);
+
+}
+
 void throwPCSCException(JNIEnv* env, LONG code) {
     jclass pcscClass;
     jmethodID constructor;
     jthrowable pcscException;
 
     pcscClass = (*env)->FindClass(env, J2PCSC_EXCEPTION_NAME);
-    assert(pcscClass != NULL);
+    if (pcscClass == NULL) {
+        return;
+    }
     constructor = (*env)->GetMethodID(env, pcscClass, "<init>", "(I)V");
-    assert(constructor != NULL);
-    pcscException = (jthrowable) (*env)->NewObject(env, pcscClass, constructor, (jint)code);
-    (*env)->Throw(env, pcscException);
+    if (constructor == NULL) {
+        return;
+    }
+    pcscException = (jthrowable) (*env)->NewObject(env, pcscClass,
+        constructor, (jint)code);
+    if (pcscException != NULL) {
+        (*env)->Throw(env, pcscException);
+    }
 }
 
 jboolean handleRV(JNIEnv* env, LONG code) {
@@ -93,7 +108,7 @@
 JNIEXPORT jlong JNICALL Java_sun_security_smartcardio_PCSC_SCardEstablishContext
     (JNIEnv *env, jclass thisClass, jint dwScope)
 {
-    SCARDCONTEXT context;
+    SCARDCONTEXT context = 0;
     LONG rv;
     dprintf("-establishContext\n");
     rv = CALL_SCardEstablishContext(dwScope, NULL, NULL, &context);
@@ -110,7 +125,7 @@
 jobjectArray pcsc_multi2jstring(JNIEnv *env, char *spec) {
     jobjectArray result;
     jclass stringClass;
-    char *cp, **tab;
+    char *cp, **tab = NULL;
     jstring js;
     int cnt = 0;
 
@@ -121,6 +136,10 @@
     }
 
     tab = (char **)malloc(cnt * sizeof(char *));
+    if (tab == NULL) {
+        throwOutOfMemoryError(env, NULL);
+        return NULL;
+    }
 
     cnt = 0;
     cp = spec;
@@ -130,12 +149,26 @@
     }
 
     stringClass = (*env)->FindClass(env, "java/lang/String");
-    assert(stringClass != NULL);
+    if (stringClass == NULL) {
+        free(tab);
+        return NULL;
+    }
 
     result = (*env)->NewObjectArray(env, cnt, stringClass, NULL);
-    while (cnt-- > 0) {
-        js = (*env)->NewStringUTF(env, tab[cnt]);
-        (*env)->SetObjectArrayElement(env, result, cnt, js);
+    if (result != NULL) {
+        while (cnt-- > 0) {
+            js = (*env)->NewStringUTF(env, tab[cnt]);
+            if ((*env)->ExceptionCheck(env)) {
+                free(tab);
+                return NULL;
+            }
+            (*env)->SetObjectArrayElement(env, result, cnt, js);
+            if ((*env)->ExceptionCheck(env)) {
+                free(tab);
+                return NULL;
+            }
+            (*env)->DeleteLocalRef(env, js);
+        }
     }
     free(tab);
     return result;
@@ -146,8 +179,8 @@
 {
     SCARDCONTEXT context = (SCARDCONTEXT)jContext;
     LONG rv;
-    LPTSTR mszReaders;
-    DWORD size;
+    LPTSTR mszReaders = NULL;
+    DWORD size = 0;
     jobjectArray result;
 
     dprintf1("-context: %x\n", context);
@@ -157,13 +190,20 @@
     }
     dprintf1("-size: %d\n", size);
 
-    mszReaders = malloc(size);
-    rv = CALL_SCardListReaders(context, NULL, mszReaders, &size);
-    if (handleRV(env, rv)) {
-        free(mszReaders);
-        return NULL;
+    if (size) {
+        mszReaders = malloc(size);
+        if (mszReaders == NULL) {
+            throwOutOfMemoryError(env, NULL);
+            return NULL;
+        }
+
+        rv = CALL_SCardListReaders(context, NULL, mszReaders, &size);
+        if (handleRV(env, rv)) {
+            free(mszReaders);
+            return NULL;
+        }
+        dprintf1("-String: %s\n", mszReaders);
     }
-    dprintf1("-String: %s\n", mszReaders);
 
     result = pcsc_multi2jstring(env, mszReaders);
     free(mszReaders);
@@ -177,10 +217,13 @@
     SCARDCONTEXT context = (SCARDCONTEXT)jContext;
     LONG rv;
     LPCTSTR readerName;
-    SCARDHANDLE card;
-    DWORD proto;
+    SCARDHANDLE card = 0;
+    DWORD proto = 0;
 
     readerName = (*env)->GetStringUTFChars(env, jReaderName, NULL);
+    if (readerName == NULL) {
+        return 0;
+    }
     rv = CALL_SCardConnect(context, readerName, jShareMode, jPreferredProtocols, &card, &proto);
     (*env)->ReleaseStringUTFChars(env, jReaderName, readerName);
     dprintf1("-cardhandle: %x\n", card);
@@ -210,6 +253,9 @@
     sendPci.cbPciLength = sizeof(SCARD_IO_REQUEST);
 
     sbuf = (unsigned char *) ((*env)->GetByteArrayElements(env, jBuf, NULL));
+    if (sbuf == NULL) {
+        return NULL;
+    }
     rv = CALL_SCardTransmit(card, &sendPci, sbuf + ofs, len, NULL, rbuf, &rlen);
     (*env)->ReleaseByteArrayElements(env, jBuf, (jbyte *)sbuf, JNI_ABORT);
 
@@ -218,7 +264,12 @@
     }
 
     jOut = (*env)->NewByteArray(env, rlen);
-    (*env)->SetByteArrayRegion(env, jOut, 0, rlen, (jbyte *)rbuf);
+    if (jOut != NULL) {
+        (*env)->SetByteArrayRegion(env, jOut, 0, rlen, (jbyte *)rbuf);
+        if ((*env)->ExceptionCheck(env)) {
+            return NULL;
+        }
+    }
     return jOut;
 }
 
@@ -231,10 +282,10 @@
     DWORD readerLen = READERNAME_BUFFER_SIZE;
     unsigned char atr[ATR_BUFFER_SIZE];
     DWORD atrLen = ATR_BUFFER_SIZE;
-    DWORD state;
-    DWORD protocol;
+    DWORD state = 0;
+    DWORD protocol = 0;
     jbyteArray jArray;
-    jbyte tmp;
+    jbyte status[2];
 
     rv = CALL_SCardStatus(card, readerName, &readerLen, &state, &protocol, atr, &atrLen);
     if (handleRV(env, rv)) {
@@ -245,13 +296,19 @@
     dprintf1("-protocol: %d\n", protocol);
 
     jArray = (*env)->NewByteArray(env, atrLen);
+    if (jArray == NULL) {
+        return NULL;
+    }
     (*env)->SetByteArrayRegion(env, jArray, 0, atrLen, (jbyte *)atr);
-
-    tmp = (jbyte)state;
-    (*env)->SetByteArrayRegion(env, jStatus, 0, 1, &tmp);
-    tmp = (jbyte)protocol;
-    (*env)->SetByteArrayRegion(env, jStatus, 1, 1, &tmp);
-
+    if ((*env)->ExceptionCheck(env)) {
+        return NULL;
+    }
+    status[0] = (jbyte) state;
+    status[1] = (jbyte) protocol;
+    (*env)->SetByteArrayRegion(env, jStatus, 0, 2, status);
+    if ((*env)->ExceptionCheck(env)) {
+        return NULL;
+    }
     return jArray;
 }
 
@@ -274,36 +331,78 @@
     SCARDCONTEXT context = (SCARDCONTEXT)jContext;
     LONG rv;
     int readers = (*env)->GetArrayLength(env, jReaderNames);
-    SCARD_READERSTATE *readerState = malloc(readers * sizeof(SCARD_READERSTATE));
+    SCARD_READERSTATE *readerState;
     int i;
-    jintArray jEventState;
-    int *currentState = (*env)->GetIntArrayElements(env, jCurrentState, NULL);
+    jintArray jEventState = NULL;
+    int *currentState = NULL;
+    const char *readerName;
+
+    readerState = calloc(readers, sizeof(SCARD_READERSTATE));
+    if (readerState == NULL && readers > 0) {
+        throwOutOfMemoryError(env, NULL);
+        return NULL;
+    }
+
+    currentState = (*env)->GetIntArrayElements(env, jCurrentState, NULL);
+    if (currentState == NULL) {
+        free(readerState);
+        return NULL;
+    }
+
+    for (i = 0; i < readers; i++) {
+        readerState[i].szReader = NULL;
+    }
 
     for (i = 0; i < readers; i++) {
         jobject jReaderName = (*env)->GetObjectArrayElement(env, jReaderNames, i);
-        readerState[i].szReader = (*env)->GetStringUTFChars(env, jReaderName, NULL);
+        if ((*env)->ExceptionCheck(env)) {
+            goto cleanup;
+        }
+        readerName = (*env)->GetStringUTFChars(env, jReaderName, NULL);
+        if (readerName == NULL) {
+            goto cleanup;
+        }
+        readerState[i].szReader = strdup(readerName);
+        (*env)->ReleaseStringUTFChars(env, jReaderName, readerName);
+        if (readerState[i].szReader == NULL) {
+            throwOutOfMemoryError(env, NULL);
+            goto cleanup;
+        }
         readerState[i].pvUserData = NULL;
         readerState[i].dwCurrentState = currentState[i];
         readerState[i].dwEventState = SCARD_STATE_UNAWARE;
         readerState[i].cbAtr = 0;
+        (*env)->DeleteLocalRef(env, jReaderName);
     }
-    (*env)->ReleaseIntArrayElements(env, jCurrentState, currentState, JNI_ABORT);
 
-    rv = CALL_SCardGetStatusChange(context, (DWORD)jTimeout, readerState, readers);
+    if (readers > 0) {
+        rv = CALL_SCardGetStatusChange(context, (DWORD)jTimeout, readerState, readers);
+        if (handleRV(env, rv)) {
+            goto cleanup;
+        }
+    }
 
     jEventState = (*env)->NewIntArray(env, readers);
+    if (jEventState == NULL) {
+        goto cleanup;
+    }
     for (i = 0; i < readers; i++) {
         jint eventStateTmp;
-        jobject jReaderName = (*env)->GetObjectArrayElement(env, jReaderNames, i);
         dprintf3("-reader status %s: 0x%X, 0x%X\n", readerState[i].szReader,
             readerState[i].dwCurrentState, readerState[i].dwEventState);
-        (*env)->ReleaseStringUTFChars(env, jReaderName, readerState[i].szReader);
         eventStateTmp = (jint)readerState[i].dwEventState;
         (*env)->SetIntArrayRegion(env, jEventState, i, 1, &eventStateTmp);
+        if ((*env)->ExceptionCheck(env)) {
+            jEventState = NULL;
+            goto cleanup;
+        }
+    }
+cleanup:
+    (*env)->ReleaseIntArrayElements(env, jCurrentState, currentState, JNI_ABORT);
+    for (i = 0; i < readers; i++) {
+        free((char *)readerState[i].szReader);
     }
     free(readerState);
-
-    handleRV(env, rv);
     return jEventState;
 }
 
@@ -336,13 +435,18 @@
 {
     SCARDHANDLE card = (SCARDHANDLE)jCard;
     LONG rv;
-    jbyte* sendBuffer = (*env)->GetByteArrayElements(env, jSendBuffer, NULL);
+    jbyte* sendBuffer;
     jint sendBufferLength = (*env)->GetArrayLength(env, jSendBuffer);
     jbyte receiveBuffer[MAX_STACK_BUFFER_SIZE];
     jint receiveBufferLength = MAX_STACK_BUFFER_SIZE;
     ULONG returnedLength = 0;
     jbyteArray jReceiveBuffer;
 
+    sendBuffer = (*env)->GetByteArrayElements(env, jSendBuffer, NULL);
+    if (sendBuffer == NULL) {
+        return NULL;
+    }
+
 #ifdef J2PCSC_DEBUG
 {
     int k;
@@ -375,7 +479,12 @@
 #endif
 
     jReceiveBuffer = (*env)->NewByteArray(env, returnedLength);
+    if (jReceiveBuffer == NULL) {
+        return NULL;
+    }
     (*env)->SetByteArrayRegion(env, jReceiveBuffer, 0, returnedLength, receiveBuffer);
-
+    if ((*env)->ExceptionCheck(env)) {
+        return NULL;
+    }
     return jReceiveBuffer;
 }
--- a/src/solaris/classes/sun/nio/fs/UnixPath.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/solaris/classes/sun/nio/fs/UnixPath.java	Tue Jun 03 10:00:37 2014 -0700
@@ -482,7 +482,7 @@
     @Override
     public Path normalize() {
         final int count = getNameCount();
-        if (count == 0)
+        if (count == 0 || isEmpty())
             return this;
 
         boolean[] ignore = new boolean[count];      // true => ignore name
--- a/src/solaris/native/sun/security/smartcardio/MUSCLE/pcsclite.h	Tue May 20 12:34:17 2014 -0700
+++ b/src/solaris/native/sun/security/smartcardio/MUSCLE/pcsclite.h	Tue Jun 03 10:00:37 2014 -0700
@@ -62,6 +62,8 @@
 
 #define MAX_ATR_SIZE                    33      /* Maximum ATR size */
 
+#ifndef __APPLE__
+
 typedef struct
 {
         const char *szReader;
@@ -73,6 +75,23 @@
 }
 SCARD_READERSTATE_A;
 
+#else // __APPLE__
+
+#pragma pack(1)
+typedef struct
+{
+        const char *szReader;
+        void *pvUserData;
+        uint32_t dwCurrentState;
+        uint32_t dwEventState;
+        uint32_t cbAtr;
+        unsigned char rgbAtr[MAX_ATR_SIZE];
+}
+SCARD_READERSTATE_A;
+#pragma pack()
+
+#endif // __APPLE__
+
 typedef SCARD_READERSTATE_A SCARD_READERSTATE, *PSCARD_READERSTATE_A,
         *LPSCARD_READERSTATE_A;
 
--- a/src/solaris/native/sun/security/smartcardio/pcsc_md.c	Tue May 20 12:34:17 2014 -0700
+++ b/src/solaris/native/sun/security/smartcardio/pcsc_md.c	Tue Jun 03 10:00:37 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,8 +32,6 @@
 
 #include <winscard.h>
 
-#include <jni_util.h>
-
 #include "sun_security_smartcardio_PlatformPCSC.h"
 
 #include "pcsc_md.h"
@@ -50,12 +48,40 @@
 FPTR_SCardEndTransaction scardEndTransaction;
 FPTR_SCardControl scardControl;
 
+/*
+ * Throws a Java Exception by name
+ */
+void throwByName(JNIEnv *env, const char *name, const char *msg)
+{
+    jclass cls = (*env)->FindClass(env, name);
+
+    if (cls != 0) /* Otherwise an exception has already been thrown */
+        (*env)->ThrowNew(env, cls, msg);
+}
+
+/*
+ * Throws java.lang.NullPointerException
+ */
+void throwNullPointerException(JNIEnv *env, const char *msg)
+{
+    throwByName(env, "java/lang/NullPointerException", msg);
+}
+
+/*
+ * Throws java.io.IOException
+ */
+void throwIOException(JNIEnv *env, const char *msg)
+{
+    throwByName(env, "java/io/IOException", msg);
+}
+
+
 void *findFunction(JNIEnv *env, void *hModule, char *functionName) {
     void *fAddress = dlsym(hModule, functionName);
     if (fAddress == NULL) {
         char errorMessage[256];
         snprintf(errorMessage, sizeof(errorMessage), "Symbol not found: %s", functionName);
-        JNU_ThrowNullPointerException(env, errorMessage);
+        throwNullPointerException(env, errorMessage);
         return NULL;
     }
     return fAddress;
@@ -64,21 +90,56 @@
 JNIEXPORT void JNICALL Java_sun_security_smartcardio_PlatformPCSC_initialize
         (JNIEnv *env, jclass thisClass, jstring jLibName) {
     const char *libName = (*env)->GetStringUTFChars(env, jLibName, NULL);
+    if (libName == NULL) {
+        throwNullPointerException(env, "PCSC library name is null");
+        return;
+    }
     hModule = dlopen(libName, RTLD_LAZY);
     (*env)->ReleaseStringUTFChars(env, jLibName, libName);
 
     if (hModule == NULL) {
-        JNU_ThrowIOException(env, dlerror());
+        throwIOException(env, dlerror());
         return;
     }
     scardEstablishContext = (FPTR_SCardEstablishContext)findFunction(env, hModule, "SCardEstablishContext");
+    if ((*env)->ExceptionCheck(env)) {
+         return;
+    }
     scardConnect          = (FPTR_SCardConnect)         findFunction(env, hModule, "SCardConnect");
+    if ((*env)->ExceptionCheck(env)) {
+         return;
+    }
     scardDisconnect       = (FPTR_SCardDisconnect)      findFunction(env, hModule, "SCardDisconnect");
+    if ((*env)->ExceptionCheck(env)) {
+         return;
+    }
     scardStatus           = (FPTR_SCardStatus)          findFunction(env, hModule, "SCardStatus");
+    if ((*env)->ExceptionCheck(env)) {
+         return;
+    }
     scardGetStatusChange  = (FPTR_SCardGetStatusChange) findFunction(env, hModule, "SCardGetStatusChange");
+    if ((*env)->ExceptionCheck(env)) {
+         return;
+    }
     scardTransmit         = (FPTR_SCardTransmit)        findFunction(env, hModule, "SCardTransmit");
+    if ((*env)->ExceptionCheck(env)) {
+         return;
+    }
     scardListReaders      = (FPTR_SCardListReaders)     findFunction(env, hModule, "SCardListReaders");
+    if ((*env)->ExceptionCheck(env)) {
+         return;
+    }
     scardBeginTransaction = (FPTR_SCardBeginTransaction)findFunction(env, hModule, "SCardBeginTransaction");
+    if ((*env)->ExceptionCheck(env)) {
+         return;
+    }
     scardEndTransaction   = (FPTR_SCardEndTransaction)  findFunction(env, hModule, "SCardEndTransaction");
+    if ((*env)->ExceptionCheck(env)) {
+         return;
+    }
+#ifndef __APPLE__
     scardControl          = (FPTR_SCardControl)         findFunction(env, hModule, "SCardControl");
+#else
+    scardControl          = (FPTR_SCardControl)         findFunction(env, hModule, "SCardControl132");
+#endif // __APPLE__
 }
--- a/src/windows/classes/sun/security/mscapi/RSACipher.java	Tue May 20 12:34:17 2014 -0700
+++ b/src/windows/classes/sun/security/mscapi/RSACipher.java	Tue Jun 03 10:00:37 2014 -0700
@@ -35,6 +35,8 @@
 import javax.crypto.spec.*;
 
 import sun.security.rsa.RSAKeyFactory;
+import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
+import sun.security.util.KeyUtil;
 
 /**
  * RSA cipher implementation using the Microsoft Crypto API.
@@ -92,9 +94,16 @@
 
     // the public key, if we were initialized using a public key
     private sun.security.mscapi.Key publicKey;
+
     // the private key, if we were initialized using a private key
     private sun.security.mscapi.Key privateKey;
 
+    // cipher parameter for TLS RSA premaster secret
+    private AlgorithmParameterSpec spec = null;
+
+    // the source of randomness
+    private SecureRandom random;
+
     public RSACipher() {
         paddingType = PAD_PKCS1;
     }
@@ -155,8 +164,12 @@
             throws InvalidKeyException, InvalidAlgorithmParameterException {
 
         if (params != null) {
-            throw new InvalidAlgorithmParameterException
-                ("Parameters not supported");
+            if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
+                throw new InvalidAlgorithmParameterException(
+                        "Parameters not supported");
+            }
+            spec = params;
+            this.random = random;   // for TLS RSA premaster secret
         }
         init(opmode, key);
     }
@@ -356,39 +369,47 @@
     }
 
     // see JCE spec
-    protected java.security.Key engineUnwrap(byte[] wrappedKey, String algorithm,
+    protected java.security.Key engineUnwrap(byte[] wrappedKey,
+            String algorithm,
             int type) throws InvalidKeyException, NoSuchAlgorithmException {
 
         if (wrappedKey.length > buffer.length) {
             throw new InvalidKeyException("Key is too long for unwrapping");
         }
+
+        boolean isTlsRsaPremasterSecret =
+                algorithm.equals("TlsRsaPremasterSecret");
+        Exception failover = null;
+        byte[] encoded = null;
+
         update(wrappedKey, 0, wrappedKey.length);
-
         try {
-            byte[] encoding = doFinal();
-
-            switch (type) {
-            case Cipher.PUBLIC_KEY:
-                return constructPublicKey(encoding, algorithm);
-
-            case Cipher.PRIVATE_KEY:
-                return constructPrivateKey(encoding, algorithm);
-
-            case Cipher.SECRET_KEY:
-                return constructSecretKey(encoding, algorithm);
-
-            default:
-                throw new InvalidKeyException("Unknown key type " + type);
+            encoded = doFinal();
+        } catch (BadPaddingException e) {
+            if (isTlsRsaPremasterSecret) {
+                failover = e;
+            } else {
+                throw new InvalidKeyException("Unwrapping failed", e);
             }
-
-        } catch (BadPaddingException e) {
-            // should not occur
-            throw new InvalidKeyException("Unwrapping failed", e);
-
         } catch (IllegalBlockSizeException e) {
             // should not occur, handled with length check above
             throw new InvalidKeyException("Unwrapping failed", e);
         }
+
+        if (isTlsRsaPremasterSecret) {
+            if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) {
+                throw new IllegalStateException(
+                        "No TlsRsaPremasterSecretParameterSpec specified");
+            }
+
+            // polish the TLS premaster secret
+            encoded = KeyUtil.checkTlsPreMasterSecretKey(
+                ((TlsRsaPremasterSecretParameterSpec)spec).getClientVersion(),
+                ((TlsRsaPremasterSecretParameterSpec)spec).getServerVersion(),
+                random, encoded, (failover != null));
+        }
+
+        return constructKey(encoded, algorithm, type);
     }
 
     // see JCE spec
@@ -452,6 +473,22 @@
         return new SecretKeySpec(encodedKey, encodedKeyAlgorithm);
     }
 
+    private static Key constructKey(byte[] encodedKey,
+            String encodedKeyAlgorithm,
+            int keyType) throws InvalidKeyException, NoSuchAlgorithmException {
+
+        switch (keyType) {
+            case Cipher.PUBLIC_KEY:
+                return constructPublicKey(encodedKey, encodedKeyAlgorithm);
+            case Cipher.PRIVATE_KEY:
+                return constructPrivateKey(encodedKey, encodedKeyAlgorithm);
+            case Cipher.SECRET_KEY:
+                return constructSecretKey(encodedKey, encodedKeyAlgorithm);
+            default:
+                throw new InvalidKeyException("Unknown key type " + keyType);
+        }
+    }
+
     /*
      * Encrypt/decrypt a data buffer using Microsoft Crypto API with HCRYPTKEY.
      * It expects and returns ciphertext data in big-endian form.
--- a/test/com/sun/crypto/provider/TLS/TestPremaster.java	Tue May 20 12:34:17 2014 -0700
+++ b/test/com/sun/crypto/provider/TLS/TestPremaster.java	Tue Jun 03 10:00:37 2014 -0700
@@ -33,6 +33,7 @@
 
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
+import java.util.Formatter;
 
 import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
 
@@ -52,27 +53,51 @@
             System.out.println("OK: " + e);
         }
 
-        test(kg, 3, 0);
-        test(kg, 3, 1);
-        test(kg, 3, 2);
-        test(kg, 4, 0);
+        int[] protocolVersions = {0x0300, 0x0301, 0x0302, 0x0400};
+        for (int clientVersion : protocolVersions) {
+            for (int serverVersion : protocolVersions) {
+                test(kg, clientVersion, serverVersion);
+                if (serverVersion >= clientVersion) {
+                    break;
+                }
+            }
+        }
 
         System.out.println("Done.");
     }
 
-    private static void test(KeyGenerator kg, int major, int minor)
-            throws Exception {
+    private static void test(KeyGenerator kg,
+            int clientVersion, int serverVersion) throws Exception {
 
-        kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor));
+        System.out.printf(
+                "Testing RSA pre-master secret key generation between " +
+                "client (0x%04X) and server(0x%04X)%n",
+                clientVersion, serverVersion);
+        kg.init(new TlsRsaPremasterSecretParameterSpec(
+                                    clientVersion, serverVersion));
+
         SecretKey key = kg.generateKey();
         byte[] encoded = key.getEncoded();
-        if (encoded.length != 48) {
-            throw new Exception("length: " + encoded.length);
-        }
-        if ((encoded[0] != major) || (encoded[1] != minor)) {
-            throw new Exception("version mismatch: "  + encoded[0] +
-                "." + encoded[1]);
-        }
-        System.out.println("OK: " + major + "." + minor);
+        if (encoded != null) {  // raw key material may be not extractable
+            if (encoded.length != 48) {
+                throw new Exception("length: " + encoded.length);
+            }
+            int v = versionOf(encoded[0], encoded[1]);
+            if (clientVersion != v) {
+                if (serverVersion != v || clientVersion >= 0x0302) {
+                    throw new Exception(String.format(
+                        "version mismatch: (0x%04X) rather than (0x%04X) " +
+                        "is used in pre-master secret", v, clientVersion));
+                }
+                System.out.printf("Use compatible version (0x%04X)%n", v);
+            }
+            System.out.println("Passed, version matches!");
+       } else {
+            System.out.println("Raw key material is not extractable");
+       }
+    }
+
+    private static int versionOf(int major, int minor) {
+        return ((major & 0xFF) << 8) | (minor & 0xFF);
     }
 }
--- a/test/com/sun/jndi/ldap/LdapTimeoutTest.java	Tue May 20 12:34:17 2014 -0700
+++ b/test/com/sun/jndi/ldap/LdapTimeoutTest.java	Tue Jun 03 10:00:37 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -64,11 +64,12 @@
         env.put(Context.SECURITY_PRINCIPAL, "user");
         env.put(Context.SECURITY_CREDENTIALS, "password");
 
-        env.put("com.sun.jndi.ldap.connect.timeout", "10");
-        env.put("com.sun.jndi.ldap.read.timeout", "3000");
-
         InitialContext ctx = null;
         try {
+            new LdapTimeoutTest().deadServerNoTimeout(env);
+
+            env.put("com.sun.jndi.ldap.connect.timeout", "10");
+            env.put("com.sun.jndi.ldap.read.timeout", "3000");
             new LdapTimeoutTest().ldapReadTimeoutTest(env, false);
             new LdapTimeoutTest().ldapReadTimeoutTest(env, true);
             new LdapTimeoutTest().simpleAuthConnectTest(env);
@@ -84,7 +85,7 @@
     void ldapReadTimeoutTest(Hashtable env, boolean ssl) {
         InitialContext ctx = null;
         if (ssl) env.put(Context.SECURITY_PROTOCOL, "ssl");
-        ScheduledFuture killer = killSwitch();
+        ScheduledFuture killer = killSwitch(5000);
         long start = System.nanoTime();
         try {
             ctx = new InitialDirContext(env);
@@ -112,7 +113,7 @@
 
     void simpleAuthConnectTest(Hashtable env) {
         InitialContext ctx = null;
-        ScheduledFuture killer = killSwitch();
+        ScheduledFuture killer = killSwitch(5000);
         long start = System.nanoTime();
         try {
             ctx = new InitialDirContext(env);
@@ -139,6 +140,32 @@
         }
     }
 
+    void deadServerNoTimeout(Hashtable env) {
+        InitialContext ctx = null;
+        ScheduledFuture killer = killSwitch(30000);
+        long start = System.nanoTime();
+        try {
+            ctx = new InitialDirContext(env);
+            SearchControls scl = new SearchControls();
+            scl.setSearchScope(SearchControls.SUBTREE_SCOPE);
+            NamingEnumeration<SearchResult> answer = ((InitialDirContext)ctx)
+                .search("ou=People,o=JNDITutorial", "(objectClass=*)", scl);
+            // shouldn't reach here
+            fail();
+        } catch (NamingException e) {
+            long end = System.nanoTime();
+            if (TimeUnit.NANOSECONDS.toMillis(end - start) < 14000) {
+                System.err.println("fail: timeout should be at least 15 seconds, actual time: "
+                                   + TimeUnit.NANOSECONDS.toMillis(end - start));
+                fail();
+            } else {
+                pass();
+            }
+        } finally {
+            if (!shutItDown(killer, ctx)) fail();
+        }
+    }
+
     boolean shutItDown(ScheduledFuture killer, InitialContext ctx) {
         killer.cancel(true);
         try {
@@ -149,15 +176,15 @@
         }
     }
 
-    ScheduledFuture killSwitch() {
+    ScheduledFuture killSwitch(int ms) {
         final Thread current = Thread.currentThread();
         return LdapTimeoutTest.pool.schedule(new Callable<Void>() {
             public Void call() throws Exception {
                 System.err.println("Fail: killSwitch()");
-                current.interrupt();
+                System.exit(0);
                 return null;
             }
-        }, 5000, TimeUnit.MILLISECONDS);
+        }, ms, TimeUnit.MILLISECONDS);
     }
 
     static class Server extends Thread {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/awt/image/ImageIconHang.java	Tue Jun 03 10:00:37 2014 -0700
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.awt.*;
+
+/*
+ * @test
+ * @bug     8032788
+ * @summary Checks that null filename argument is processed correctly
+ *
+ * @run     main ImageIconHang
+ */
+public class ImageIconHang {
+    public static void main(String[] args) throws Exception {
+        Image image = Toolkit.getDefaultToolkit().getImage((String) null);
+        MediaTracker mt = new MediaTracker(new Component() {});
+        mt.addImage(image, 1);
+        mt.waitForID(1, 5000);
+
+        int status = mt.statusID(1, false);
+
+        System.out.println("Status: " + status);
+
+        if (status != MediaTracker.ERRORED) {
+            throw new RuntimeException("MediaTracker.waitForID() hung.");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/beans/Introspector/Test7172865.java	Tue Jun 03 10:00:37 2014 -0700
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.beans.IndexedPropertyDescriptor;
+import java.beans.MethodDescriptor;
+import java.beans.PropertyDescriptor;
+
+/*
+ * @test
+ * @bug 7172854 7172865
+ * @summary Tests that cached methods are not lost
+ * @author Sergey Malenkov
+ */
+
+public class Test7172865 {
+    public static void main(String[] args) throws Exception {
+        int errors = 0;
+
+        MethodDescriptor md = new MethodDescriptor(Test7172865.class.getMethod("getGood"));
+
+        errors += test(PropertyDescriptor.class, "good", true);
+        PropertyDescriptor pdGoodString = new PropertyDescriptor("good", Test7172865.class, "getGood", "setGood");
+        PropertyDescriptor pdGoodMethod = new PropertyDescriptor("good",
+                Test7172865.class.getMethod("getGood"),
+                Test7172865.class.getMethod("setGood", args.getClass()));
+
+        errors += test(PropertyDescriptor.class, "bad", false);
+        PropertyDescriptor pdBadString = new PropertyDescriptor("bad", Test7172865.class, "getBad", null);
+        PropertyDescriptor pdBadMethod = new PropertyDescriptor("bad",
+                Test7172865.class.getMethod("getBad"),
+                Test7172865.class.getMethod("setBad", args.getClass()));
+
+        errors += test(IndexedPropertyDescriptor.class, "good", true);
+        IndexedPropertyDescriptor ipdGoodString = new IndexedPropertyDescriptor("good", Test7172865.class, "getGood", "setGood", "getGood", "setGood");
+        IndexedPropertyDescriptor ipdGoodMethod = new IndexedPropertyDescriptor("good",
+                Test7172865.class.getMethod("getGood"),
+                Test7172865.class.getMethod("setGood", args.getClass()),
+                Test7172865.class.getMethod("getGood", Integer.TYPE),
+                Test7172865.class.getMethod("setGood", Integer.TYPE, String.class));
+
+        errors += test(IndexedPropertyDescriptor.class, "bad", false);
+        IndexedPropertyDescriptor ipdBadString = new IndexedPropertyDescriptor("bad", Test7172865.class, "getBad", null, "getBad", null);
+        IndexedPropertyDescriptor ipdBadMethod = new IndexedPropertyDescriptor("bad",
+                Test7172865.class.getMethod("getBad"),
+                Test7172865.class.getMethod("setBad", args.getClass()),
+                Test7172865.class.getMethod("getBad", Integer.TYPE),
+                Test7172865.class.getMethod("setBad", Integer.TYPE, String.class));
+
+        for (int i = 1; i <= 2; i++) {
+            System.out.println("STEP: " + i);
+            errors += test("md", null != md.getMethod());
+
+            errors += test("pdGoodString", pdGoodString, true, true);
+            errors += test("pdGoodMethod", pdGoodMethod, true, true);
+
+            errors += test("pdBadString", pdBadString, true, false);
+            errors += test("pdBadMethod", pdBadMethod, true, true);
+
+            errors += test("ipdGoodString", ipdGoodString, true, true, true, true);
+            errors += test("ipdGoodMethod", ipdGoodMethod, true, true, true, true);
+
+            errors += test("ipdBadString", ipdBadString, true, false, true, false);
+            errors += test("ipdBadMethod", ipdBadMethod, true, true, true, true);
+
+            try {
+                int[] array = new int[1024];
+                while (true) {
+                    array = new int[array.length << 1];
+                }
+            }
+            catch (OutOfMemoryError error) {
+                System.gc();
+            }
+        }
+        if (errors > 0) {
+            throw new Error("found " + errors + " errors");
+        }
+    }
+
+    private static int test(Class<?> type, String property, boolean value) {
+        String message = type.getSimpleName() + "(" + property + ") ";
+        try {
+            type.getConstructor(String.class, Class.class).newInstance(property, Test7172865.class);
+            message += "passed";
+        }
+        catch (Exception exception) {
+            message += "failed";
+            value = !value;
+        }
+        if (value) {
+            message += " as expected";
+        }
+        System.out.println(message);
+        return value ? 0 : 1;
+    }
+
+    private static int test(String message, boolean value) {
+        System.out.println(message + ": " + (value ? "passed" : "failed"));
+        return value ? 0 : 1;
+    }
+
+    private static int test(String message, PropertyDescriptor pd, boolean rm, boolean wm) {
+        return test(message + ".Read", rm == (null != pd.getReadMethod()))
+             + test(message + ".Write", wm == (null != pd.getWriteMethod()));
+    }
+
+    private static int test(String message, IndexedPropertyDescriptor ipd, boolean rm, boolean wm, boolean irm, boolean iwm) {
+        return test(message, ipd, rm, wm)
+             + test(message + ".IndexedRead", irm == (null != ipd.getIndexedReadMethod()))
+             + test(message + ".IndexedWrite", iwm == (null != ipd.getIndexedWriteMethod()));
+    }
+
+    public String[] getGood() {
+        return null;
+    }
+
+    public String getGood(int index) {
+        return null;
+    }
+
+    public void setGood(String[] good) {
+    }
+
+    public void setGood(int index, String value) {
+    }
+
+    public String[] getBad() {
+        return null;
+    }
+
+    public String getBad(int index) {
+        return null;
+    }
+
+    public Test7172865 setBad(String[] bad) {
+        return null;
+    }
+
+    public Test7172865 setBad(int index, String value) {
+        return null;
+    }
+}
--- a/test/java/nio/file/Path/PathOps.java	Tue May 20 12:34:17 2014 -0700
+++ b/test/java/nio/file/Path/PathOps.java	Tue Jun 03 10:00:37 2014 -0700
@@ -22,7 +22,7 @@
  */
 
 /* @test
- * @bug 4313887 6838333 6925932 7006126
+ * @bug 4313887 6838333 6925932 7006126 8037945
  * @summary Unit test for java.nio.file.Path path operations
  */
 
@@ -899,6 +899,8 @@
             .normalize("foo");
         test("/foo")
             .normalize("/foo");
+        test("")
+            .normalize("");
         test(".")
             .normalize("");
         test("..")
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/swing/JPopupMenu/7160604/bug7160604.html	Tue Jun 03 10:00:37 2014 -0700
@@ -0,0 +1,30 @@
+<!--
+ Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+
+ This code is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License version 2 only, as
+ published by the Free Software Foundation.
+
+ This code is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ version 2 for more details (a copy is included in the LICENSE file that
+ accompanied this code).
+
+ You should have received a copy of the GNU General Public License version
+ 2 along with this work; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ or visit www.oracle.com if you need additional information or have any
+ questions.
+-->
+
+<html>
+<body>
+<applet  code="bug7160604.class" width=400 height=100></applet>
+Click on the top-bar and combo-box more than once. 
+Make sure popup menu and drop-down list have a border and their items are drawn properly.
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/swing/JPopupMenu/7160604/bug7160604.java	Tue Jun 03 10:00:37 2014 -0700
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+   @bug 7160604
+   @summary Using non-opaque windows - popups are initially not painted correctly
+   @author Oleg Pekhovskiy
+   @run applet/manual=yesno bug7160604.html
+*/
+
+import javax.swing.AbstractAction;
+import javax.swing.BorderFactory;
+import javax.swing.JApplet;
+import javax.swing.JComboBox;
+import javax.swing.JLabel;
+import javax.swing.JMenuItem;
+import javax.swing.JPanel;
+import javax.swing.JPopupMenu;
+import javax.swing.JWindow;
+import javax.swing.SwingUtilities;
+import java.awt.BorderLayout;
+import java.awt.Color;
+import java.awt.event.ActionEvent;
+import java.awt.event.MouseAdapter;
+import java.awt.event.MouseEvent;
+
+public class bug7160604 extends JApplet {
+
+    public void init() {
+        SwingUtilities.invokeLater(new Runnable() {
+            @Override
+            public void run() {
+                final JWindow window = new JWindow();
+                window.setLocation(200, 200);
+                window.setSize(300, 300);
+
+                final JLabel label = new JLabel("...click to invoke JPopupMenu");
+                label.setOpaque(true);
+                final JPanel contentPane = new JPanel(new BorderLayout());
+                contentPane.setBorder(BorderFactory.createLineBorder(Color.RED));
+                window.setContentPane(contentPane);
+                contentPane.add(label, BorderLayout.NORTH);
+
+                final JComboBox comboBox = new JComboBox(new Object[]{"1", "2", "3", "4"});
+                contentPane.add(comboBox, BorderLayout.SOUTH);
+
+                final JPopupMenu jPopupMenu = new JPopupMenu();
+
+                jPopupMenu.add("string");
+                jPopupMenu.add(new AbstractAction("action") {
+                    @Override
+                    public void actionPerformed(final ActionEvent e) {
+                    }
+                });
+                jPopupMenu.add(new JLabel("label"));
+                jPopupMenu.add(new JMenuItem("MenuItem"));
+                label.addMouseListener(new MouseAdapter() {
+                    @Override
+                    public void mouseReleased(final MouseEvent e) {
+                        jPopupMenu.show(label, 0, 0);
+                    }
+                });
+
+                window.setBackground(new Color(0, 0, 0, 0));
+
+                window.setVisible(true);
+            }
+        });
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/javax/swing/plaf/nimbus/8041725/bug8041725.java	Tue Jun 03 10:00:37 2014 -0700
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+   @bug 8041725
+   @summary JList selection colors are not UIResource instances in Nimbus L&F
+   @author Anton Litvinov
+*/
+
+import java.awt.*;
+import javax.swing.*;
+import javax.swing.plaf.*;
+import javax.swing.plaf.nimbus.*;
+
+public class bug8041725 {
+    public static void main(String[] args) throws Exception {
+        UIManager.setLookAndFeel(new NimbusLookAndFeel());
+        SwingUtilities.invokeAndWait(new Runnable() {
+            @Override
+            public void run() {
+                JFrame frame = new JFrame("bug8041725");
+                frame.setSize(200, 200);
+                JList list = new JList(new String[]{"Item1", "Item2", "Item3"});
+                frame.getContentPane().add(list);
+                frame.pack();
+                frame.setVisible(true);
+
+                System.err.println("Test #1: No items are selected, list is enabled.");
+                testSelectionColors(list);
+
+                System.err.println("Test #2: No items are selected, list is disabled.");
+                list.setEnabled(false);
+                testSelectionColors(list);
+
+                System.err.println("Test #3: One item is selected, list is disabled.");
+                list.setSelectedIndex(0);
+                testSelectionColors(list);
+
+                System.err.println("Test #4: One item is selected, list is enabled.");
+                list.setEnabled(true);
+                testSelectionColors(list);
+
+                frame.dispose();
+            }
+        });
+    }
+
+    private static void testSelectionColors(JList list) {
+        Color selBackColor = list.getSelectionBackground();
+        if (!(selBackColor instanceof UIResource)) {
+            throw new RuntimeException(String.format(
+                "JList.getSelectionBackground() returned instance of '%s' instead of UIResource.",
+                selBackColor.getClass()));
+        }
+        Color selForeColor = list.getSelectionForeground();
+        if (!(selForeColor instanceof UIResource)) {
+            throw new RuntimeException(String.format(
+                "JList.getSelectionForeground() returned instance of '%s' instead of UIResource.",
+                selForeColor.getClass()));
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/awt/image/bug8038000.java	Tue Jun 03 10:00:37 2014 -0700
@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug     8038000
+ *
+ * @summary Verifies that we could create different type of Rasters with height 1
+ * and strideline which exceeds raster width.
+ * Also checks that a set of RasterOp work correctly with such kind of Rasters.
+ *
+ * @run     main bug8038000
+ */
+
+import java.awt.*;
+import java.awt.color.ColorSpace;
+import java.awt.geom.AffineTransform;
+import java.awt.image.*;
+import java.util.Arrays;
+
+public class bug8038000 {
+
+    public static void main(String[] args) throws Exception {
+        new bug8038000().checkOps();
+
+        // No exceptions - Passed
+    }
+
+    private void checkOps() throws Exception {
+
+        RasterOp[] ops = new RasterOp[] {
+                new ColorConvertOp(ColorSpace.getInstance(ColorSpace.CS_sRGB),
+                        ColorSpace.getInstance(ColorSpace.CS_LINEAR_RGB), null),
+                new AffineTransformOp(AffineTransform.getScaleInstance(1, 1.1), null)
+        };
+
+
+        for (RasterOp op: ops) {
+            // Banded rasters
+            checkOp(Raster.createBandedRaster(DataBuffer.TYPE_BYTE, 10, 1, 10,
+                            new int[] {0, 1, 2}, new int[]{2,1,0}, null),
+                    Raster.createBandedRaster(DataBuffer.TYPE_BYTE, 10, 1, 1001,
+                            new int[] {0, 1, 2}, new int[]{2,1,0}, null), op);
+            checkOp(Raster.createBandedRaster(DataBuffer.TYPE_USHORT, 10, 1, 10,
+                    new int[] {0, 1, 2}, new int[]{2,1,0}, null),
+                    Raster.createBandedRaster(DataBuffer.TYPE_USHORT, 10, 1, 1001,
+                            new int[] {0, 1, 2}, new int[]{2,1,0}, null), op);
+            checkOp(Raster.createBandedRaster(DataBuffer.TYPE_INT, 10, 1, 10,
+                    new int[] {0, 1, 2}, new int[]{2,1,0}, null),
+                    Raster.createBandedRaster(DataBuffer.TYPE_INT, 10, 1, 1001,
+                            new int[] {0, 1, 2}, new int[]{2,1,0}, null), op);
+
+            // Interleaved rasters
+            checkOp(Raster.createInterleavedRaster(DataBuffer.TYPE_BYTE,
+                            10, 1, 30, 3, new int[]{0, 1, 2}, null),
+                    Raster.createInterleavedRaster(DataBuffer.TYPE_BYTE,
+                            10, 1, 1001, 3, new int[]{0, 1, 2}, null),
+                    op);
+
+            checkOp(Raster.createInterleavedRaster(DataBuffer.TYPE_USHORT,
+                            10, 1, 30, 3, new int[]{0, 1, 2}, null),
+                    Raster.createInterleavedRaster(DataBuffer.TYPE_USHORT,
+                            10, 1, 1001, 3, new int[]{0, 1, 2}, null),
+                    op);
+
+            // Packed rasters
+            checkOp(Raster.createPackedRaster(new DataBufferByte(10), 10, 1, 10,
+                            new int[] {0x01, 0x02, 0x04}, null),
+                    Raster.createPackedRaster(new DataBufferByte(10), 10, 1, 2000,
+                            new int[] {0x01, 0x02, 0x04}, null),
+                    op);
+            checkOp(Raster.createPackedRaster(new DataBufferInt(10), 10, 1, 10,
+                        new int[] {0xff0000, 0x00ff00, 0x0000ff}, null),
+                    Raster.createPackedRaster(new DataBufferInt(10), 10, 1, 20,
+                            new int[] {0xff0000, 0x00ff00, 0x0000ff}, null),
+                    op);
+
+        }
+    }
+
+    /**
+     *  Takes two identical rasters (identical with the exception of scanline stride)
+     *  fills their pixels with identical data, applies the RasterOp to both rasters
+     *  and checks that the result is the same
+     */
+    private void checkOp(WritableRaster wr1, WritableRaster wr2, RasterOp op) {
+        System.out.println("Checking " + op + " with rasters: \n    " + wr1 +
+                "\n    " + wr2);
+        try {
+            WritableRaster r1 = op.filter(fillRaster(wr1), null);
+            WritableRaster r2 = op.filter(fillRaster(wr2), null);
+            compareRasters(r1, r2);
+        } catch (ImagingOpException e) {
+            System.out.println("    Skip: Op is not supported: " + e);
+        }
+    }
+
+    private WritableRaster fillRaster(WritableRaster wr) {
+        int c = 0;
+        for(int x = wr.getMinX(); x < wr.getMinX() + wr.getWidth(); x++) {
+            for(int y = wr.getMinY(); y < wr.getMinY() + wr.getHeight(); y++) {
+                for (int b = 0; b < wr.getNumBands(); b++) {
+                    wr.setSample(x, y, b, c++);
+                }
+            }
+        }
+        return wr;
+    }
+
+    private void compareRasters(Raster r1, Raster r2) {
+        Rectangle bounds = r1.getBounds();
+        if (!bounds.equals(r2.getBounds())) {
+            throw new RuntimeException("Bounds differ.");
+        }
+
+        if (r1.getNumBands() != r2.getNumBands()) {
+            throw new RuntimeException("Bands differ.");
+        }
+
+        int[] b1 = new int[r1.getNumBands()];
+        int[] b2 = new int[r1.getNumBands()];
+
+        for (int x = (int) bounds.getX(); x < bounds.getMaxX(); x++) {
+            for (int y = (int) bounds.getY(); y < bounds.getMaxY(); y++) {
+                r1.getPixel(x,y, b1);
+                r2.getPixel(x,y, b2);
+                if (!Arrays.equals(b1, b2)) {
+                    throw new RuntimeException("Pixels differ.");
+                }
+            }
+        }
+    }
+}
--- a/test/sun/security/pkcs11/fips/CipherTest.java	Tue May 20 12:34:17 2014 -0700
+++ b/test/sun/security/pkcs11/fips/CipherTest.java	Tue Jun 03 10:00:37 2014 -0700
@@ -458,8 +458,21 @@
                 return false;
             }
 
+            // No ECDH-capable certificate in key store. May restructure
+            // this in the future.
+            if (cipherSuite.contains("ECDHE_ECDSA") ||
+                    cipherSuite.contains("ECDH_ECDSA") ||
+                    cipherSuite.contains("ECDH_RSA")) {
+                System.out.println("Skipping unsupported test for " +
+                                    cipherSuite + " of " + protocol);
+                return false;
+            }
+
             // skip SSLv2Hello protocol
-            if (protocol.equals("SSLv2Hello")) {
+            //
+            // skip TLSv1.2 protocol, we have not implement "SunTls12Prf" and
+            // SunTls12RsaPremasterSecret in SunPKCS11 provider
+            if (protocol.equals("SSLv2Hello") || protocol.equals("TLSv1.2")) {
                 System.out.println("Skipping unsupported test for " +
                                     cipherSuite + " of " + protocol);
                 return false;
--- a/test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java	Tue May 20 12:34:17 2014 -0700
+++ b/test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java	Tue Jun 03 10:00:37 2014 -0700
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 6313675 6323647
+ * @bug 6313675 6323647 8028192
  * @summary Verify that all ciphersuites work in FIPS mode
  * @library ..
  * @ignore JSSE supported cipher suites are changed with CR 6916074,
@@ -44,9 +44,13 @@
             return;
         }
 
-        if ("sparc".equals(System.getProperty("os.arch")) == false) {
-            // we have not updated other platforms with the proper NSS libraries yet
-            System.out.println("Test currently works only on solaris-sparc, skipping");
+        String arch = System.getProperty("os.arch");
+        if (!("sparc".equals(arch) || "sparcv9".equals(arch))) {
+            // we have not updated other platforms with the proper NSS
+            // libraries yet
+            System.out.println(
+                    "Test currently works only on solaris-sparc " +
+                    "and solaris-sparcv9. Skipping on " + arch);
             return;
         }
 
--- a/test/sun/security/pkcs11/tls/TestPremaster.java	Tue May 20 12:34:17 2014 -0700
+++ b/test/sun/security/pkcs11/tls/TestPremaster.java	Tue Jun 03 10:00:37 2014 -0700
@@ -34,6 +34,7 @@
 
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
+import java.util.Formatter;
 
 import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
 
@@ -59,27 +60,51 @@
             System.out.println("OK: " + e);
         }
 
-        test(kg, 3, 0);
-        test(kg, 3, 1);
-        test(kg, 3, 2);
-        test(kg, 4, 0);
+        int[] protocolVersions = {0x0300, 0x0301, 0x0302, 0x0400};
+        for (int clientVersion : protocolVersions) {
+            for (int serverVersion : protocolVersions) {
+                test(kg, clientVersion, serverVersion);
+                if (serverVersion >= clientVersion) {
+                    break;
+                }
+            }
+        }
 
         System.out.println("Done.");
     }
 
-    private static void test(KeyGenerator kg, int major, int minor)
-            throws Exception {
+    private static void test(KeyGenerator kg,
+            int clientVersion, int serverVersion) throws Exception {
 
-        kg.init(new TlsRsaPremasterSecretParameterSpec(major, minor));
+        System.out.printf(
+                "Testing RSA pre-master secret key generation between " +
+                "client (0x%04X) and server(0x%04X)%n",
+                clientVersion, serverVersion);
+        kg.init(new TlsRsaPremasterSecretParameterSpec(
+                                    clientVersion, serverVersion));
         SecretKey key = kg.generateKey();
         byte[] encoded = key.getEncoded();
-        if (encoded.length != 48) {
-            throw new Exception("length: " + encoded.length);
-        }
-        if ((encoded[0] != major) || (encoded[1] != minor)) {
-            throw new Exception("version mismatch: "  + encoded[0] +
-                "." + encoded[1]);
-        }
-        System.out.println("OK: " + major + "." + minor);
+        if (encoded != null) {  // raw key material may be not extractable
+            if (encoded.length != 48) {
+                throw new Exception("length: " + encoded.length);
+            }
+            int v = versionOf(encoded[0], encoded[1]);
+            if (clientVersion != v) {
+                if (serverVersion != v || clientVersion >= 0x0302) {
+                    throw new Exception(String.format(
+                        "version mismatch: (0x%04X) rather than (0x%04X) " +
+                        "is used in pre-master secret", v, clientVersion));
+                }
+                System.out.printf("Use compatible version (0x%04X)%n", v);
+            }
+            System.out.println("Passed, version matches!");
+       } else {
+            System.out.println("Raw key material is not extractable");
+       }
     }
+
+    private static int versionOf(int major, int minor) {
+        return ((major & 0xFF) << 8) | (minor & 0xFF);
+    }
+
 }