changeset 8434:db5cf905ff15

Merge from main OpenJDK repository
author Greg Lewis <glewis@eyesbeyond.com>
date Sun, 01 May 2016 21:26:40 -0700
parents 66ad975b45a7 f51368baecd9
children 105d6ed3d7bd
files .hgtags src/solaris/native/sun/awt/fontpath.c test/com/sun/corba/5036554/TestCorbaBug.sh test/com/sun/jdi/ImmutableResourceTest.sh test/com/sun/jdi/JITDebug.sh test/com/sun/jdi/PrivateTransportTest.sh test/com/sun/jdi/ShellScaffold.sh test/com/sun/jdi/connect/spi/JdiLoadedByCustomLoader.sh test/java/io/Serializable/evolution/RenamePackage/run.sh test/java/io/Serializable/serialver/classpath/run.sh test/java/io/Serializable/serialver/nested/run.sh test/java/lang/ClassLoader/deadlock/TestCrossDelegate.sh test/java/lang/ClassLoader/deadlock/TestOneWayDelegate.sh test/java/lang/StringCoding/CheckEncodings.sh test/java/lang/annotation/loaderLeak/LoaderLeak.sh test/java/lang/instrument/appendToClassLoaderSearch/CommonSetup.sh test/java/lang/management/OperatingSystemMXBean/TestSystemLoadAvg.sh test/java/net/Authenticator/B4933582.sh test/java/net/DatagramSocket/SetDatagramSocketImplFactory/ADatagramSocket.sh test/java/net/Socket/OldSocketImpl.sh test/java/net/URL/B5086147.sh test/java/net/URLClassLoader/B5077773.sh test/java/net/URLClassLoader/sealing/checksealed.sh test/java/net/URLConnection/6212146/test.sh test/java/nio/charset/coders/CheckSJISMappingProp.sh test/java/nio/charset/spi/basic.sh test/java/rmi/registry/readTest/readTest.sh test/java/security/Security/ClassLoaderDeadlock/ClassLoaderDeadlock.sh test/java/security/Security/ClassLoaderDeadlock/Deadlock.sh test/java/security/Security/ClassLoaderDeadlock/Deadlock2.sh test/java/security/Security/signedfirst/Dyn.sh test/java/security/Security/signedfirst/Static.sh test/java/util/Currency/PropertiesTest.sh test/java/util/PluggableLocale/ExecTest.sh test/java/util/ResourceBundle/Bug6299235Test.sh test/java/util/ServiceLoader/basic.sh test/javax/crypto/SecretKeyFactory/FailOverTest.sh test/javax/imageio/stream/StreamCloserLeak/run_test.sh test/javax/script/CommonSetup.sh test/javax/security/auth/Subject/doAs/Test.sh test/lib/security/java.policy/Ext_AllPolicy.sh test/sun/management/jmxremote/bootstrap/GeneratePropertyPassword.sh test/sun/net/www/http/HttpClient/RetryPost.sh test/sun/net/www/protocol/jar/B5105410.sh test/sun/net/www/protocol/jar/jarbug/run.sh test/sun/security/krb5/runNameEquals.sh test/sun/security/pkcs11/Provider/ConfigQuotedString.sh test/sun/security/pkcs11/Provider/Login.sh test/sun/security/provider/PolicyFile/getinstance/getinstance.sh test/sun/security/ssl/com/sun/net/ssl/internal/ssl/EngineArgs/DebugReportsOneExtraByte.sh test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/NotifyHandshakeTest.sh test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxy.sh test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/PostThruProxyWithAuth.sh test/sun/security/tools/jarsigner/AlgOptions.sh test/sun/security/tools/jarsigner/PercentSign.sh test/sun/security/tools/jarsigner/diffend.sh test/sun/security/tools/jarsigner/oldsig.sh test/sun/security/tools/keytool/AltProviderPath.sh test/sun/security/tools/keytool/CloneKeyAskPassword.sh test/sun/security/tools/keytool/NoExtNPE.sh test/sun/security/tools/keytool/SecretKeyKS.sh test/sun/security/tools/keytool/StandardAlgName.sh test/sun/security/tools/keytool/printssl.sh test/sun/security/tools/keytool/resource.sh test/sun/security/tools/keytool/standard.sh test/sun/security/tools/policytool/Alias.sh test/sun/security/tools/policytool/ChangeUI.sh test/sun/security/tools/policytool/OpenPolicy.sh test/sun/security/tools/policytool/SaveAs.sh test/sun/security/tools/policytool/UpdatePermissions.sh test/sun/security/tools/policytool/UsePolicy.sh test/sun/security/tools/policytool/i18n.sh test/sun/tools/jconsole/ResourceCheckTest.sh test/sun/tools/native2ascii/resources/ImmutableResourceTest.sh test/tools/launcher/ChangeDataModel.sh test/tools/launcher/CreatePlatformFile.java test/tools/launcher/SomeException.java test/tools/launcher/UnicodeCleanup.java test/tools/launcher/UnicodeTest.sh test/tools/launcher/deleteI18n.sh test/tools/launcher/i18nTest.sh test/tools/launcher/unresolvedExceptions.sh
diffstat 246 files changed, 5887 insertions(+), 3008 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Mon Feb 01 17:33:13 2016 -0800
+++ b/.hgtags	Sun May 01 21:26:40 2016 -0700
@@ -591,3 +591,6 @@
 295856e8680fa7248dac54bc15b3d6ef697b27ce jdk7u91-b00
 9fc5d7338840ef6b73d28290735bab11395824b0 jdk7u91-b01
 c434c67b8189677dec0a0034a109fb261497cd92 jdk7u91-b02
+3a74fee9ba00da3bd3a22492e1b069430a82574d jdk7u95-b00
+0b89eea70cf4952b22dfe10ea8611ddb852d73d6 jdk7u99-b00
+bdcfc4d9ab9f52fbf37db876c08a1846765627c4 jdk7u101-b00
--- a/make/sun/javazic/tzdata/VERSION	Mon Feb 01 17:33:13 2016 -0800
+++ b/make/sun/javazic/tzdata/VERSION	Sun May 01 21:26:40 2016 -0700
@@ -21,4 +21,4 @@
 # or visit www.oracle.com if you need additional information or have any
 # questions.
 #
-tzdata2015g
+tzdata2016a
--- a/make/sun/javazic/tzdata/asia	Mon Feb 01 17:33:13 2016 -0800
+++ b/make/sun/javazic/tzdata/asia	Sun May 01 21:26:40 2016 -0700
@@ -897,6 +897,15 @@
 			9:00	-	TLT
 
 # India
+
+# From Ian P. Beacock, in "A brief history of (modern) time", The Atlantic
+# http://www.theatlantic.com/technology/archive/2015/12/the-creation-of-modern-time/421419/
+# (2015-12-22):
+# In January 1906, several thousand cotton-mill workers rioted on the
+# outskirts of Bombay....  They were protesting the proposed abolition of
+# local time in favor of Indian Standard Time....  Journalists called this
+# dispute the "Battle of the Clocks."  It lasted nearly half a century.
+
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Kolkata	5:53:28 -	LMT	1880        # Kolkata
 			5:53:20	-	HMT	1941 Oct    # Howrah Mean Time?
@@ -1107,8 +1116,15 @@
 Rule	Iran	2032	2033	-	Sep	21	0:00	0	S
 Rule	Iran	2034	2035	-	Mar	22	0:00	1:00	D
 Rule	Iran	2034	2035	-	Sep	22	0:00	0	S
-Rule	Iran	2036	2037	-	Mar	21	0:00	1:00	D
-Rule	Iran	2036	2037	-	Sep	21	0:00	0	S
+#
+# The following rules are approximations starting in the year 2038.
+# These are the best post-2037 approximations available, given the
+# restrictions of a single rule using a Gregorian-based data format.
+# At some point this table will need to be extended, though quite
+# possibly Iran will change the rules first.
+Rule	Iran	2036	max	-	Mar	21	0:00	1:00	D
+Rule	Iran	2036	max	-	Sep	21	0:00	0	S
+
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Tehran	3:25:44	-	LMT	1916
 			3:25:44	-	TMT	1946     # Tehran Mean Time
@@ -2134,8 +2150,8 @@
 # http://www.app.com.pk/en_/index.php?option=com_content&task=view&id=99374&Itemid=2
 
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
-Rule Pakistan	2002	only	-	Apr	Sun>=2	0:01	1:00	S
-Rule Pakistan	2002	only	-	Oct	Sun>=2	0:01	0	-
+Rule Pakistan	2002	only	-	Apr	Sun>=2	0:00	1:00	S
+Rule Pakistan	2002	only	-	Oct	Sun>=2	0:00	0	-
 Rule Pakistan	2008	only	-	Jun	1	0:00	1:00	S
 Rule Pakistan	2008	2009	-	Nov	1	0:00	0	-
 Rule Pakistan	2009	only	-	Apr	15	0:00	1:00	S
--- a/make/sun/javazic/tzdata/backward	Mon Feb 01 17:33:13 2016 -0800
+++ b/make/sun/javazic/tzdata/backward	Sun May 01 21:26:40 2016 -0700
@@ -46,6 +46,7 @@
 Link	America/Toronto		America/Montreal
 Link	America/Rio_Branco	America/Porto_Acre
 Link	America/Argentina/Cordoba	America/Rosario
+Link	America/Tijuana		America/Santa_Isabel
 Link	America/Denver		America/Shiprock
 Link	America/Port_of_Spain	America/Virgin
 Link	Pacific/Auckland	Antarctica/South_Pole
--- a/make/sun/javazic/tzdata/europe	Mon Feb 01 17:33:13 2016 -0800
+++ b/make/sun/javazic/tzdata/europe	Sun May 01 21:26:40 2016 -0700
@@ -2616,13 +2616,20 @@
 # Note: Effective 2008-03-01, (75) Chita Oblast and (80) Agin-Buryat
 # Autonomous Okrug merged to form (92, RU-ZAB) Zabaykalsky Krai.
 
+# From Alexander Krivenyshev (2016-01-02):
+# [The] time zone in the Trans-Baikal Territory (Zabaykalsky Krai) -
+# Asia/Chita [is changing] from UTC+8 to UTC+9.  Effective date will
+# be March 27, 2016 at 2:00am....
+# http://publication.pravo.gov.ru/Document/View/000120151230010
+
 Zone Asia/Chita	 7:33:52 -	LMT	1919 Dec 15
 			 8:00	-	YAKT	1930 Jun 21 # Yakutsk Time
 			 9:00	Russia	YAK%sT	1991 Mar 31  2:00s
 			 8:00	Russia	YAK%sT	1992 Jan 19  2:00s
 			 9:00	Russia	YAK%sT	2011 Mar 27  2:00s
 			10:00	-	YAKT	2014 Oct 26  2:00s
-			 8:00	-	IRKT
+			 8:00	-	IRKT	2016 Mar 27  2:00
+			 9:00	-	YAKT
 
 
 # From Tim Parenti (2014-07-03), per Oscar van Vlijmen (2009-11-29):
@@ -3177,6 +3184,12 @@
 # It's officially announced now by the Ministry of Energy.
 # Turkey delays winter time to 8th of November 04:00
 # http://www.aa.com.tr/tr/turkiye/yaz-saati-uygulamasi-8-kasimda-sona-erecek/362217
+#
+# From BBC News (2015-10-25):
+# Confused Turks are asking "what's the time?" after automatic clocks defied a
+# government decision ... "For the next two weeks #Turkey is on EEST... Erdogan
+# Engineered Standard Time," said Twitter user @aysekarahasan.
+# http://www.bbc.com/news/world-europe-34631326
 
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Turkey	1916	only	-	May	 1	0:00	1:00	S
--- a/make/sun/javazic/tzdata/northamerica	Mon Feb 01 17:33:13 2016 -0800
+++ b/make/sun/javazic/tzdata/northamerica	Sun May 01 21:26:40 2016 -0700
@@ -348,6 +348,16 @@
 # Statue 175 closer in synch with the US Congress' intent....
 # http://www.legis.state.wi.us/2007/data/acts/07Act3.pdf
 
+# From an email administrator of the City of Fort Pierre, SD (2015-12-21):
+# Fort Pierre is technically located in the Mountain time zone as is
+# the rest of Stanley County.  Most of Stanley County and Fort Pierre
+# uses the Central time zone due to doing most of their business in
+# Pierre so it simplifies schedules.  I have lived in Stanley County
+# all my life and it has been that way since I can remember.  (43 years!)
+#
+# From Paul Eggert (2015-12-25):
+# Assume this practice predates 1970, so Fort Pierre can use America/Chicago.
+
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
 Rule	Chicago	1920	only	-	Jun	13	2:00	1:00	D
 Rule	Chicago	1920	1921	-	Oct	lastSun	2:00	0	S
@@ -504,6 +514,12 @@
 # For lack of better information, assume that Metlakatla's
 # abandonment of use of daylight saving resulted from the 1983 vote.
 
+# From Steffen Thorsen (2015-11-09):
+# It seems Metlakatla did go off PST on Sunday, November 1, changing
+# their time to AKST and are going to follow Alaska's DST, switching
+# between AKST and AKDT from now on....
+# http://www.krbd.org/2015/10/30/annette-island-times-they-are-a-changing/
+
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone America/Juneau	 15:02:19 -	LMT	1867 Oct 18
 			 -8:57:41 -	LMT	1900 Aug 20 12:00
@@ -529,7 +545,8 @@
 			 -8:00	US	P%sT	1946
 			 -8:00	-	PST	1969
 			 -8:00	US	P%sT	1983 Oct 30  2:00
-			 -8:00	-	PST
+			 -8:00	-	PST	2015 Nov  1  2:00
+			 -9:00	US	AK%sT
 Zone America/Yakutat	 14:41:05 -	LMT	1867 Oct 18
 			 -9:18:55 -	LMT	1900 Aug 20 12:00
 			 -9:00	-	YST	1942
@@ -2610,25 +2627,6 @@
 			-8:00	US	P%sT	2002 Feb 20
 			-8:00	Mexico	P%sT	2010
 			-8:00	US	P%sT
-# Baja California (away from US border)
-Zone America/Santa_Isabel	-7:39:28 -	LMT	1922 Jan  1  0:20:32
-			-7:00	-	MST	1924
-			-8:00	-	PST	1927 Jun 10 23:00
-			-7:00	-	MST	1930 Nov 15
-			-8:00	-	PST	1931 Apr  1
-			-8:00	1:00	PDT	1931 Sep 30
-			-8:00	-	PST	1942 Apr 24
-			-8:00	1:00	PWT	1945 Aug 14 23:00u
-			-8:00	1:00	PPT	1945 Nov 12 # Peace
-			-8:00	-	PST	1948 Apr  5
-			-8:00	1:00	PDT	1949 Jan 14
-			-8:00	-	PST	1954
-			-8:00	CA	P%sT	1961
-			-8:00	-	PST	1976
-			-8:00	US	P%sT	1996
-			-8:00	Mexico	P%sT	2001
-			-8:00	US	P%sT	2002 Feb 20
-			-8:00	Mexico	P%sT
 # From Paul Eggert (2006-03-22):
 # Formerly there was an America/Ensenada zone, which differed from
 # America/Tijuana only in that it did not observe DST from 1976
@@ -2641,6 +2639,13 @@
 # other than America/Tijuana for Baja, but it's not clear yet what its
 # name or contents should be.
 #
+# From Paul Eggert (2015-10-08):
+# Formerly there was an America/Santa_Isabel zone, but this appears to
+# have come from a misreading of
+# http://dof.gob.mx/nota_detalle.php?codigo=5127480&fecha=06/01/2010
+# It has been moved to the 'backward' file.
+#
+#
 # Revillagigedo Is
 # no information
 
@@ -2715,17 +2720,7 @@
 			-4:00	US	A%sT
 
 # Cayman Is
-
-# From Paul Eggert (2015-05-15):
-# The Cayman government has decided to introduce DST in 2016, the idea being
-# to keep in sync with New York.  The legislation hasn't passed but the change
-# seems quite likely.  See: Meade B. Cayman 27.
-# http://www.cayman27.com.ky/2015/05/15/clock-ticks-toward-daylight-saving-time-in-cayman
-
-Zone	America/Cayman	-5:25:32 -	LMT	1890     # Georgetown
-			-5:07:11 -	KMT	1912 Feb # Kingston Mean Time
-			-5:00	-	EST	2016
-			-5:00	US	E%sT
+# See America/Panama.
 
 # Costa Rica
 
@@ -3248,6 +3243,7 @@
 Zone	America/Panama	-5:18:08 -	LMT	1890
 			-5:19:36 -	CMT	1908 Apr 22 # Colón Mean Time
 			-5:00	-	EST
+Link America/Panama America/Cayman
 
 # Puerto Rico
 # There are too many San Juans elsewhere, so we'll use 'Puerto_Rico'.
--- a/make/sun/javazic/tzdata/zone.tab	Mon Feb 01 17:33:13 2016 -0800
+++ b/make/sun/javazic/tzdata/zone.tab	Sun May 01 21:26:40 2016 -0700
@@ -306,8 +306,7 @@
 MX	+2838-10605	America/Chihuahua	Mexican Mountain Time - Chihuahua away from US border
 MX	+2934-10425	America/Ojinaga	US Mountain Time - Chihuahua near US border
 MX	+2904-11058	America/Hermosillo	Mountain Standard Time - Sonora
-MX	+3232-11701	America/Tijuana	US Pacific Time - Baja California near US border
-MX	+3018-11452	America/Santa_Isabel	Mexican Pacific Time - Baja California away from US border
+MX	+3232-11701	America/Tijuana	US Pacific Time - Baja California state
 MX	+2048-10515	America/Bahia_Banderas	Mexican Central Time - Bahia de Banderas
 MY	+0310+10142	Asia/Kuala_Lumpur	peninsular Malaysia
 MY	+0133+11020	Asia/Kuching	Sabah & Sarawak
@@ -437,10 +436,10 @@
 US	+433649-1161209	America/Boise	Mountain Time - south Idaho & east Oregon
 US	+332654-1120424	America/Phoenix	Mountain Standard Time - Arizona (except Navajo)
 US	+340308-1181434	America/Los_Angeles	Pacific Time
-US	+550737-1313435	America/Metlakatla	Pacific Standard Time - Annette Island, Alaska
 US	+611305-1495401	America/Anchorage	Alaska Time
 US	+581807-1342511	America/Juneau	Alaska Time - Alaska panhandle
 US	+571035-1351807	America/Sitka	Alaska Time - southeast Alaska panhandle
+US	+550737-1313435	America/Metlakatla	Alaska Time - Annette Island
 US	+593249-1394338	America/Yakutat	Alaska Time - Alaska panhandle neck
 US	+643004-1652423	America/Nome	Alaska Time - west Alaska
 US	+515248-1763929	America/Adak	Aleutian Islands
--- a/make/sun/security/pkcs11/mapfile-vers	Mon Feb 01 17:33:13 2016 -0800
+++ b/make/sun/security/pkcs11/mapfile-vers	Sun May 01 21:26:40 2016 -0700
@@ -47,8 +47,8 @@
 		Java_sun_security_pkcs11_wrapper_PKCS11_C_1CloseSession;
 #		Java_sun_security_pkcs11_wrapper_PKCS11_C_1CloseAllSessions;
 		Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetSessionInfo;
-#		Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetOperationState;
-#		Java_sun_security_pkcs11_wrapper_PKCS11_C_1SetOperationState;
+		Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetOperationState;
+		Java_sun_security_pkcs11_wrapper_PKCS11_C_1SetOperationState;
 		Java_sun_security_pkcs11_wrapper_PKCS11_C_1Login;
 		Java_sun_security_pkcs11_wrapper_PKCS11_C_1Logout;
 		Java_sun_security_pkcs11_wrapper_PKCS11_C_1CreateObject;
--- a/src/share/classes/com/sun/crypto/provider/AESCipher.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/crypto/provider/AESCipher.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,18 +47,122 @@
  * @see OutputFeedback
  */
 
-public final class AESCipher extends CipherSpi {
+abstract class AESCipher extends CipherSpi {
+    public static final class General extends AESCipher {
+        public General() {
+            super(-1);
+        }
+    }
+    abstract static class OidImpl extends AESCipher {
+        protected OidImpl(int keySize, String mode, String padding) {
+            super(keySize);
+            try {
+                engineSetMode(mode);
+                engineSetPadding(padding);
+            } catch (GeneralSecurityException gse) {
+                // internal error; re-throw as provider exception
+                ProviderException pe =new ProviderException("Internal Error");
+                pe.initCause(gse);
+                throw pe;
+            }
+        }
+    }
+    public static final class AES128_ECB_NoPadding extends OidImpl {
+        public AES128_ECB_NoPadding() {
+            super(16, "ECB", "NOPADDING");
+        }
+    }
+    public static final class AES192_ECB_NoPadding extends OidImpl {
+        public AES192_ECB_NoPadding() {
+            super(24, "ECB", "NOPADDING");
+        }
+    }
+    public static final class AES256_ECB_NoPadding extends OidImpl {
+        public AES256_ECB_NoPadding() {
+            super(32, "ECB", "NOPADDING");
+        }
+    }
+    public static final class AES128_CBC_NoPadding extends OidImpl {
+        public AES128_CBC_NoPadding() {
+            super(16, "CBC", "NOPADDING");
+        }
+    }
+    public static final class AES192_CBC_NoPadding extends OidImpl {
+        public AES192_CBC_NoPadding() {
+            super(24, "CBC", "NOPADDING");
+        }
+    }
+    public static final class AES256_CBC_NoPadding extends OidImpl {
+        public AES256_CBC_NoPadding() {
+            super(32, "CBC", "NOPADDING");
+        }
+    }
+    public static final class AES128_OFB_NoPadding extends OidImpl {
+        public AES128_OFB_NoPadding() {
+            super(16, "OFB", "NOPADDING");
+        }
+    }
+    public static final class AES192_OFB_NoPadding extends OidImpl {
+        public AES192_OFB_NoPadding() {
+            super(24, "OFB", "NOPADDING");
+        }
+    }
+    public static final class AES256_OFB_NoPadding extends OidImpl {
+        public AES256_OFB_NoPadding() {
+            super(32, "OFB", "NOPADDING");
+        }
+    }
+    public static final class AES128_CFB_NoPadding extends OidImpl {
+        public AES128_CFB_NoPadding() {
+            super(16, "CFB", "NOPADDING");
+        }
+    }
+    public static final class AES192_CFB_NoPadding extends OidImpl {
+        public AES192_CFB_NoPadding() {
+            super(24, "CFB", "NOPADDING");
+        }
+    }
+    public static final class AES256_CFB_NoPadding extends OidImpl {
+        public AES256_CFB_NoPadding() {
+            super(32, "CFB", "NOPADDING");
+        }
+    }
+
+    // utility method used by AESCipher and AESWrapCipher
+    static final void checkKeySize(Key key, int fixedKeySize)
+        throws InvalidKeyException {
+        if (fixedKeySize != -1) {
+            if (key == null) {
+                throw new InvalidKeyException("The key must not be null");
+            }
+            byte[] value = key.getEncoded();
+            if (value == null) {
+                throw new InvalidKeyException("Key encoding must not be null");
+            } else if (value.length != fixedKeySize) {
+                throw new InvalidKeyException("The key must be " +
+                    fixedKeySize*8 + " bits");
+            }
+        }
+    }
+
     /*
      * internal CipherCore object which does the real work.
      */
     private CipherCore core = null;
 
+    /*
+     * needed to support AES oids which associates a fixed key size
+     * to the cipher object.
+     */
+    private final int fixedKeySize; // in bytes, -1 if no restriction
+
     /**
      * Creates an instance of AES cipher with default ECB mode and
      * PKCS5Padding.
      */
-    public AESCipher() {
+    protected AESCipher(int keySize) {
         core = new CipherCore(new AESCrypt(), AESConstants.AES_BLOCK_SIZE);
+        fixedKeySize = keySize;
     }
 
     /**
@@ -183,6 +287,7 @@
      */
     protected void engineInit(int opmode, Key key, SecureRandom random)
         throws InvalidKeyException {
+        checkKeySize(key, fixedKeySize);
         core.init(opmode, key, random);
     }
 
@@ -214,6 +319,7 @@
                               AlgorithmParameterSpec params,
                               SecureRandom random)
         throws InvalidKeyException, InvalidAlgorithmParameterException {
+        checkKeySize(key, fixedKeySize);
         core.init(opmode, key, params, random);
     }
 
@@ -221,6 +327,7 @@
                               AlgorithmParameters params,
                               SecureRandom random)
         throws InvalidKeyException, InvalidAlgorithmParameterException {
+        checkKeySize(key, fixedKeySize);
         core.init(opmode, key, params, random);
     }
 
--- a/src/share/classes/com/sun/crypto/provider/AESWrapCipher.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/crypto/provider/AESWrapCipher.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,8 +43,27 @@
  *
  * @see AESCipher
  */
-public final class AESWrapCipher extends CipherSpi {
-
+abstract class AESWrapCipher extends CipherSpi {
+    public static final class General extends AESWrapCipher {
+        public General() {
+            super(-1);
+        }
+    }
+    public static final class AES128 extends AESWrapCipher {
+        public AES128() {
+            super(16);
+        }
+    }
+    public static final class AES192 extends AESWrapCipher {
+        public AES192() {
+            super(24);
+        }
+    }
+    public static final class AES256 extends AESWrapCipher {
+        public AES256() {
+            super(32);
+        }
+    }
     private static final byte[] IV = {
         (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6,
         (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6
@@ -62,12 +81,20 @@
      */
     private boolean decrypting = false;
 
+    /*
+     * needed to support AES oids which associates a fixed key size
+     * to the cipher object.
+     */
+    private final int fixedKeySize; // in bytes, -1 if no restriction
+
     /**
      * Creates an instance of AES KeyWrap cipher with default
      * mode, i.e. "ECB" and padding scheme, i.e. "NoPadding".
      */
-    public AESWrapCipher() {
+    public AESWrapCipher(int keySize) {
         cipher = new AESCrypt();
+        fixedKeySize = keySize;
+
     }
 
     /**
@@ -170,6 +197,7 @@
             throw new UnsupportedOperationException("This cipher can " +
                 "only be used for key wrapping and unwrapping");
         }
+        AESCipher.checkKeySize(key, fixedKeySize);
         cipher.init(decrypting, key.getAlgorithm(), key.getEncoded());
     }
 
--- a/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -80,10 +80,10 @@
      * @param random the source of randomness
      */
     public void initialize(int keysize, SecureRandom random) {
-        if ((keysize < 512) || (keysize > 1024) || (keysize % 64 != 0)) {
+        if ((keysize < 512) || (keysize > 2048) || (keysize % 64 != 0)) {
             throw new InvalidParameterException("Keysize must be multiple "
                                                 + "of 64, and can only range "
-                                                + "from 512 to 1024 "
+                                                + "from 512 to 2048 "
                                                 + "(inclusive)");
         }
         this.pSize = keysize;
@@ -115,11 +115,11 @@
 
         params = (DHParameterSpec)algParams;
         pSize = params.getP().bitLength();
-        if ((pSize < 512) || (pSize > 1024) ||
+        if ((pSize < 512) || (pSize > 2048) ||
             (pSize % 64 != 0)) {
             throw new InvalidAlgorithmParameterException
                 ("Prime size must be multiple of 64, and can only range "
-                 + "from 512 to 1024 (inclusive)");
+                 + "from 512 to 2048 (inclusive)");
         }
 
         // exponent size is optional, could be 0
@@ -156,10 +156,11 @@
         BigInteger g = params.getG();
 
         if (lSize <= 0) {
+            lSize = pSize >> 1;
             // use an exponent size of (pSize / 2) but at least 384 bits
-            lSize = Math.max(384, pSize >> 1);
-            // if lSize is larger than pSize, limit by pSize
-            lSize = Math.min(lSize, pSize);
+            if (lSize < 384) {
+                lSize = 384;
+            }
         }
 
         BigInteger x;
--- a/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -68,10 +68,10 @@
      * @param random the source of randomness
      */
     protected void engineInit(int keysize, SecureRandom random) {
-        if ((keysize < 512) || (keysize > 1024) || (keysize % 64 != 0)) {
+        if ((keysize < 512) || (keysize > 2048) || (keysize % 64 != 0)) {
             throw new InvalidParameterException("Keysize must be multiple "
                                                 + "of 64, and can only range "
-                                                + "from 512 to 1024 "
+                                                + "from 512 to 2048 "
                                                 + "(inclusive)");
         }
         this.primeSize = keysize;
@@ -100,10 +100,10 @@
             DHGenParameterSpec dhParamSpec = (DHGenParameterSpec)genParamSpec;
 
             primeSize = dhParamSpec.getPrimeSize();
-            if ((primeSize<512) || (primeSize>1024) || (primeSize%64 != 0)) {
+            if ((primeSize<512) || (primeSize>2048) || (primeSize%64 != 0)) {
                 throw new InvalidAlgorithmParameterException
                     ("Modulus size must be multiple of 64, and can only range "
-                     + "from 512 to 1024 (inclusive)");
+                     + "from 512 to 2048 (inclusive)");
             }
 
             exponentSize = dhParamSpec.getExponentSize();
--- a/src/share/classes/com/sun/crypto/provider/HmacCore.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/crypto/provider/HmacCore.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,16 +38,16 @@
  * This class constitutes the core of HMAC-<MD> algorithms, where
  * <MD> can be SHA1 or MD5, etc. See RFC 2104 for spec.
  *
- * It also contains the implementation classes for the SHA-256,
+ * It also contains the implementation classes for SHA-224, SHA-256,
  * SHA-384, and SHA-512 HMACs.
  *
  * @author Jan Luehe
  */
-final class HmacCore implements Cloneable {
+abstract class HmacCore extends MacSpi implements Cloneable {
 
-    private final MessageDigest md;
-    private final byte[] k_ipad; // inner padding - key XORd with ipad
-    private final byte[] k_opad; // outer padding - key XORd with opad
+    private MessageDigest md;
+    private byte[] k_ipad; // inner padding - key XORd with ipad
+    private byte[] k_opad; // outer padding - key XORd with opad
     private boolean first;       // Is this the first data to be processed?
 
     private final int blockLen;
@@ -73,22 +73,11 @@
     }
 
     /**
-     * Constructor used for cloning.
-     */
-    private HmacCore(HmacCore other) throws CloneNotSupportedException {
-        this.md = (MessageDigest)other.md.clone();
-        this.blockLen = other.blockLen;
-        this.k_ipad = (byte[])other.k_ipad.clone();
-        this.k_opad = (byte[])other.k_opad.clone();
-        this.first = other.first;
-    }
-
-    /**
      * Returns the length of the HMAC in bytes.
      *
      * @return the HMAC length in bytes.
      */
-    int getDigestLength() {
+    protected int engineGetMacLength() {
         return this.md.getDigestLength();
     }
 
@@ -103,9 +92,8 @@
      * @exception InvalidAlgorithmParameterException if the given algorithm
      * parameters are inappropriate for this MAC.
      */
-    void init(Key key, AlgorithmParameterSpec params)
+    protected void engineInit(Key key, AlgorithmParameterSpec params)
             throws InvalidKeyException, InvalidAlgorithmParameterException {
-
         if (params != null) {
             throw new InvalidAlgorithmParameterException
                 ("HMAC does not use parameters");
@@ -140,7 +128,7 @@
         Arrays.fill(secret, (byte)0);
         secret = null;
 
-        reset();
+        engineReset();
     }
 
     /**
@@ -148,7 +136,7 @@
      *
      * @param input the input byte to be processed.
      */
-    void update(byte input) {
+    protected void engineUpdate(byte input) {
         if (first == true) {
             // compute digest for 1st pass; start with inner pad
             md.update(k_ipad);
@@ -167,7 +155,7 @@
      * @param offset the offset in <code>input</code> where the input starts.
      * @param len the number of bytes to process.
      */
-    void update(byte input[], int offset, int len) {
+    protected void engineUpdate(byte input[], int offset, int len) {
         if (first == true) {
             // compute digest for 1st pass; start with inner pad
             md.update(k_ipad);
@@ -178,7 +166,13 @@
         md.update(input, offset, len);
     }
 
-    void update(ByteBuffer input) {
+    /**
+     * Processes the <code>input.remaining()</code> bytes in the ByteBuffer
+     * <code>input</code>.
+     *
+     * @param input the input byte buffer.
+     */
+    protected void engineUpdate(ByteBuffer input) {
         if (first == true) {
             // compute digest for 1st pass; start with inner pad
             md.update(k_ipad);
@@ -194,7 +188,7 @@
      *
      * @return the HMAC result.
      */
-    byte[] doFinal() {
+    protected byte[] engineDoFinal() {
         if (first == true) {
             // compute digest for 1st pass; start with inner pad
             md.update(k_ipad);
@@ -223,7 +217,7 @@
      * Resets the HMAC for further use, maintaining the secret key that the
      * HMAC was initialized with.
      */
-    void reset() {
+    protected void engineReset() {
         if (first == false) {
             md.reset();
             first = true;
@@ -234,115 +228,38 @@
      * Clones this object.
      */
     public Object clone() throws CloneNotSupportedException {
-        return new HmacCore(this);
+        HmacCore copy = (HmacCore) super.clone();
+        copy.md = (MessageDigest) md.clone();
+        copy.k_ipad = k_ipad.clone();
+        copy.k_opad = k_opad.clone();
+        return copy;
+    }
+
+    // nested static class for the HmacSHA224 implementation
+    public static final class HmacSHA224 extends HmacCore {
+        public HmacSHA224() throws NoSuchAlgorithmException {
+            super("SHA-224", 64);
+        }
     }
 
     // nested static class for the HmacSHA256 implementation
-    public static final class HmacSHA256 extends MacSpi implements Cloneable {
-        private final HmacCore core;
+    public static final class HmacSHA256 extends HmacCore {
         public HmacSHA256() throws NoSuchAlgorithmException {
-            core = new HmacCore("SHA-256", 64);
-        }
-        private HmacSHA256(HmacSHA256 base) throws CloneNotSupportedException {
-            core = (HmacCore)base.core.clone();
-        }
-        protected int engineGetMacLength() {
-            return core.getDigestLength();
-        }
-        protected void engineInit(Key key, AlgorithmParameterSpec params)
-                throws InvalidKeyException, InvalidAlgorithmParameterException {
-            core.init(key, params);
-        }
-        protected void engineUpdate(byte input) {
-            core.update(input);
-        }
-        protected void engineUpdate(byte input[], int offset, int len) {
-            core.update(input, offset, len);
-        }
-        protected void engineUpdate(ByteBuffer input) {
-            core.update(input);
-        }
-        protected byte[] engineDoFinal() {
-            return core.doFinal();
-        }
-        protected void engineReset() {
-            core.reset();
-        }
-        public Object clone() throws CloneNotSupportedException {
-            return new HmacSHA256(this);
+            super("SHA-256", 64);
         }
     }
 
     // nested static class for the HmacSHA384 implementation
-    public static final class HmacSHA384 extends MacSpi implements Cloneable {
-        private final HmacCore core;
+    public static final class HmacSHA384 extends HmacCore {
         public HmacSHA384() throws NoSuchAlgorithmException {
-            core = new HmacCore("SHA-384", 128);
-        }
-        private HmacSHA384(HmacSHA384 base) throws CloneNotSupportedException {
-            core = (HmacCore)base.core.clone();
-        }
-        protected int engineGetMacLength() {
-            return core.getDigestLength();
-        }
-        protected void engineInit(Key key, AlgorithmParameterSpec params)
-                throws InvalidKeyException, InvalidAlgorithmParameterException {
-            core.init(key, params);
-        }
-        protected void engineUpdate(byte input) {
-            core.update(input);
-        }
-        protected void engineUpdate(byte input[], int offset, int len) {
-            core.update(input, offset, len);
-        }
-        protected void engineUpdate(ByteBuffer input) {
-            core.update(input);
-        }
-        protected byte[] engineDoFinal() {
-            return core.doFinal();
-        }
-        protected void engineReset() {
-            core.reset();
-        }
-        public Object clone() throws CloneNotSupportedException {
-            return new HmacSHA384(this);
+            super("SHA-384", 128);
         }
     }
 
     // nested static class for the HmacSHA512 implementation
-    public static final class HmacSHA512 extends MacSpi implements Cloneable {
-        private final HmacCore core;
+    public static final class HmacSHA512 extends HmacCore {
         public HmacSHA512() throws NoSuchAlgorithmException {
-            core = new HmacCore("SHA-512", 128);
-        }
-        private HmacSHA512(HmacSHA512 base) throws CloneNotSupportedException {
-            core = (HmacCore)base.core.clone();
-        }
-        protected int engineGetMacLength() {
-            return core.getDigestLength();
-        }
-        protected void engineInit(Key key, AlgorithmParameterSpec params)
-                throws InvalidKeyException, InvalidAlgorithmParameterException {
-            core.init(key, params);
-        }
-        protected void engineUpdate(byte input) {
-            core.update(input);
-        }
-        protected void engineUpdate(byte input[], int offset, int len) {
-            core.update(input, offset, len);
-        }
-        protected void engineUpdate(ByteBuffer input) {
-            core.update(input);
-        }
-        protected byte[] engineDoFinal() {
-            return core.doFinal();
-        }
-        protected void engineReset() {
-            core.reset();
-        }
-        public Object clone() throws CloneNotSupportedException {
-            return new HmacSHA512(this);
+            super("SHA-512", 128);
         }
     }
-
 }
--- a/src/share/classes/com/sun/crypto/provider/HmacMD5.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/crypto/provider/HmacMD5.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,97 +37,11 @@
  *
  * @author Jan Luehe
  */
-public final class HmacMD5 extends MacSpi implements Cloneable {
-
-    private HmacCore hmac;
-    private static final int MD5_BLOCK_LENGTH = 64;
-
+public final class HmacMD5 extends HmacCore {
     /**
      * Standard constructor, creates a new HmacMD5 instance.
      */
     public HmacMD5() throws NoSuchAlgorithmException {
-        hmac = new HmacCore(MessageDigest.getInstance("MD5"),
-                            MD5_BLOCK_LENGTH);
-    }
-
-    /**
-     * Returns the length of the HMAC in bytes.
-     *
-     * @return the HMAC length in bytes.
-     */
-    protected int engineGetMacLength() {
-        return hmac.getDigestLength();
-    }
-
-    /**
-     * Initializes the HMAC with the given secret key and algorithm parameters.
-     *
-     * @param key the secret key.
-     * @param params the algorithm parameters.
-     *
-     * @exception InvalidKeyException if the given key is inappropriate for
-     * initializing this MAC.
-     * @exception InvalidAlgorithmParameterException if the given algorithm
-     * parameters are inappropriate for this MAC.
-     */
-    protected void engineInit(Key key, AlgorithmParameterSpec params)
-        throws InvalidKeyException, InvalidAlgorithmParameterException {
-        hmac.init(key, params);
-    }
-
-    /**
-     * Processes the given byte.
-     *
-     * @param input the input byte to be processed.
-     */
-    protected void engineUpdate(byte input) {
-        hmac.update(input);
-    }
-
-    /**
-     * Processes the first <code>len</code> bytes in <code>input</code>,
-     * starting at <code>offset</code>.
-     *
-     * @param input the input buffer.
-     * @param offset the offset in <code>input</code> where the input starts.
-     * @param len the number of bytes to process.
-     */
-    protected void engineUpdate(byte input[], int offset, int len) {
-        hmac.update(input, offset, len);
-    }
-
-    protected void engineUpdate(ByteBuffer input) {
-        hmac.update(input);
-    }
-
-    /**
-     * Completes the HMAC computation and resets the HMAC for further use,
-     * maintaining the secret key that the HMAC was initialized with.
-     *
-     * @return the HMAC result.
-     */
-    protected byte[] engineDoFinal() {
-        return hmac.doFinal();
-    }
-
-    /**
-     * Resets the HMAC for further use, maintaining the secret key that the
-     * HMAC was initialized with.
-     */
-    protected void engineReset() {
-        hmac.reset();
-    }
-
-    /*
-     * Clones this object.
-     */
-    public Object clone() {
-        HmacMD5 that = null;
-        try {
-            that = (HmacMD5) super.clone();
-            that.hmac = (HmacCore) this.hmac.clone();
-        } catch (CloneNotSupportedException e) {
-        }
-        return that;
+        super("MD5", 64);
     }
 }
--- a/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,26 +41,13 @@
  *
  * @author Valerie Peng
  */
-public final class HmacPKCS12PBESHA1 extends MacSpi implements Cloneable {
-
-    private HmacCore hmac = null;
-    private static final int SHA1_BLOCK_LENGTH = 64;
+public final class HmacPKCS12PBESHA1 extends HmacCore {
 
     /**
      * Standard constructor, creates a new HmacSHA1 instance.
      */
     public HmacPKCS12PBESHA1() throws NoSuchAlgorithmException {
-        this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"),
-                                 SHA1_BLOCK_LENGTH);
-    }
-
-    /**
-     * Returns the length of the HMAC in bytes.
-     *
-     * @return the HMAC length in bytes.
-     */
-    protected int engineGetMacLength() {
-        return hmac.getDigestLength();
+        super("SHA1", 64);
     }
 
     /**
@@ -71,7 +58,7 @@
      *
      * @exception InvalidKeyException if the given key is inappropriate for
      * initializing this MAC.
-     u* @exception InvalidAlgorithmParameterException if the given algorithm
+     * @exception InvalidAlgorithmParameterException if the given algorithm
      * parameters are inappropriate for this MAC.
      */
     protected void engineInit(Key key, AlgorithmParameterSpec params)
@@ -140,64 +127,8 @@
                 ("IterationCount must be a positive number");
         }
         byte[] derivedKey = PKCS12PBECipherCore.derive(passwdChars, salt,
-            iCount, hmac.getDigestLength(), PKCS12PBECipherCore.MAC_KEY);
+            iCount, engineGetMacLength(), PKCS12PBECipherCore.MAC_KEY);
         SecretKey cipherKey = new SecretKeySpec(derivedKey, "HmacSHA1");
-        hmac.init(cipherKey, null);
-    }
-
-    /**
-     * Processes the given byte.
-     *
-     * @param input the input byte to be processed.
-     */
-    protected void engineUpdate(byte input) {
-        hmac.update(input);
-    }
-
-    /**
-     * Processes the first <code>len</code> bytes in <code>input</code>,
-     * starting at <code>offset</code>.
-     *
-     * @param input the input buffer.
-     * @param offset the offset in <code>input</code> where the input starts.
-     * @param len the number of bytes to process.
-     */
-    protected void engineUpdate(byte input[], int offset, int len) {
-        hmac.update(input, offset, len);
-    }
-
-    protected void engineUpdate(ByteBuffer input) {
-        hmac.update(input);
-    }
-
-    /**
-     * Completes the HMAC computation and resets the HMAC for further use,
-     * maintaining the secret key that the HMAC was initialized with.
-     *
-     * @return the HMAC result.
-     */
-    protected byte[] engineDoFinal() {
-        return hmac.doFinal();
-    }
-
-    /**
-     * Resets the HMAC for further use, maintaining the secret key that the
-     * HMAC was initialized with.
-     */
-    protected void engineReset() {
-        hmac.reset();
-    }
-
-    /*
-     * Clones this object.
-     */
-    public Object clone() {
-        HmacPKCS12PBESHA1 that = null;
-        try {
-            that = (HmacPKCS12PBESHA1)super.clone();
-            that.hmac = (HmacCore)this.hmac.clone();
-        } catch (CloneNotSupportedException e) {
-        }
-        return that;
+        super.engineInit(cipherKey, null);
     }
 }
--- a/src/share/classes/com/sun/crypto/provider/HmacSHA1.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/crypto/provider/HmacSHA1.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,97 +37,11 @@
  *
  * @author Jan Luehe
  */
-public final class HmacSHA1 extends MacSpi implements Cloneable {
-
-    private HmacCore hmac = null;
-    private static final int SHA1_BLOCK_LENGTH = 64;
-
+public final class HmacSHA1 extends HmacCore {
     /**
      * Standard constructor, creates a new HmacSHA1 instance.
      */
     public HmacSHA1() throws NoSuchAlgorithmException {
-        this.hmac = new HmacCore(MessageDigest.getInstance("SHA1"),
-                                 SHA1_BLOCK_LENGTH);
-    }
-
-    /**
-     * Returns the length of the HMAC in bytes.
-     *
-     * @return the HMAC length in bytes.
-     */
-    protected int engineGetMacLength() {
-        return hmac.getDigestLength();
-    }
-
-    /**
-     * Initializes the HMAC with the given secret key and algorithm parameters.
-     *
-     * @param key the secret key.
-     * @param params the algorithm parameters.
-     *
-     * @exception InvalidKeyException if the given key is inappropriate for
-     * initializing this MAC.
-     * @exception InvalidAlgorithmParameterException if the given algorithm
-     * parameters are inappropriate for this MAC.
-     */
-    protected void engineInit(Key key, AlgorithmParameterSpec params)
-        throws InvalidKeyException, InvalidAlgorithmParameterException {
-        hmac.init(key, params);
-    }
-
-    /**
-     * Processes the given byte.
-     *
-     * @param input the input byte to be processed.
-     */
-    protected void engineUpdate(byte input) {
-        hmac.update(input);
-    }
-
-    /**
-     * Processes the first <code>len</code> bytes in <code>input</code>,
-     * starting at <code>offset</code>.
-     *
-     * @param input the input buffer.
-     * @param offset the offset in <code>input</code> where the input starts.
-     * @param len the number of bytes to process.
-     */
-    protected void engineUpdate(byte input[], int offset, int len) {
-        hmac.update(input, offset, len);
-    }
-
-    protected void engineUpdate(ByteBuffer input) {
-        hmac.update(input);
-    }
-
-    /**
-     * Completes the HMAC computation and resets the HMAC for further use,
-     * maintaining the secret key that the HMAC was initialized with.
-     *
-     * @return the HMAC result.
-     */
-    protected byte[] engineDoFinal() {
-        return hmac.doFinal();
-    }
-
-    /**
-     * Resets the HMAC for further use, maintaining the secret key that the
-     * HMAC was initialized with.
-     */
-    protected void engineReset() {
-        hmac.reset();
-    }
-
-    /*
-     * Clones this object.
-     */
-    public Object clone() {
-        HmacSHA1 that = null;
-        try {
-            that = (HmacSHA1)super.clone();
-            that.hmac = (HmacCore)this.hmac.clone();
-        } catch (CloneNotSupportedException e) {
-        }
-        return that;
+        super("SHA1", 64);
     }
 }
--- a/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/crypto/provider/KeyGeneratorCore.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -105,11 +105,11 @@
         return new SecretKeySpec(b, name);
     }
 
-    // nested static class for the HmacSHA256 key generator
-    public static final class HmacSHA256KG extends KeyGeneratorSpi {
+    // nested static classes for the HmacSHA-2 family of key generator
+    abstract static class HmacSHA2KG extends KeyGeneratorSpi {
         private final KeyGeneratorCore core;
-        public HmacSHA256KG() {
-            core = new KeyGeneratorCore("HmacSHA256", 256);
+        protected HmacSHA2KG(String algoName, int len) {
+            core = new KeyGeneratorCore(algoName, len);
         }
         protected void engineInit(SecureRandom random) {
             core.implInit(random);
@@ -124,47 +124,26 @@
         protected SecretKey engineGenerateKey() {
             return core.implGenerateKey();
         }
-    }
 
-    // nested static class for the HmacSHA384 key generator
-    public static final class HmacSHA384KG extends KeyGeneratorSpi {
-        private final KeyGeneratorCore core;
-        public HmacSHA384KG() {
-            core = new KeyGeneratorCore("HmacSHA384", 384);
+        public static final class SHA224 extends HmacSHA2KG {
+            public SHA224() {
+                super("HmacSHA224", 224);
+            }
         }
-        protected void engineInit(SecureRandom random) {
-            core.implInit(random);
+        public static final class SHA256 extends HmacSHA2KG {
+            public SHA256() {
+                super("HmacSHA256", 256);
+            }
         }
-        protected void engineInit(AlgorithmParameterSpec params,
-                SecureRandom random) throws InvalidAlgorithmParameterException {
-            core.implInit(params, random);
+        public static final class SHA384 extends HmacSHA2KG {
+            public SHA384() {
+                super("HmacSHA384", 384);
+            }
         }
-        protected void engineInit(int keySize, SecureRandom random) {
-            core.implInit(keySize, random);
-        }
-        protected SecretKey engineGenerateKey() {
-            return core.implGenerateKey();
-        }
-    }
-
-    // nested static class for the HmacSHA384 key generator
-    public static final class HmacSHA512KG extends KeyGeneratorSpi {
-        private final KeyGeneratorCore core;
-        public HmacSHA512KG() {
-            core = new KeyGeneratorCore("HmacSHA512", 512);
-        }
-        protected void engineInit(SecureRandom random) {
-            core.implInit(random);
-        }
-        protected void engineInit(AlgorithmParameterSpec params,
-                SecureRandom random) throws InvalidAlgorithmParameterException {
-            core.implInit(params, random);
-        }
-        protected void engineInit(int keySize, SecureRandom random) {
-            core.implInit(keySize, random);
-        }
-        protected SecretKey engineGenerateKey() {
-            return core.implGenerateKey();
+        public static final class SHA512 extends HmacSHA2KG {
+            public SHA512() {
+                super("HmacSHA512", 512);
+            }
         }
     }
 
--- a/src/share/classes/com/sun/crypto/provider/OAEPParameters.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/crypto/provider/OAEPParameters.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -131,6 +131,8 @@
                         params.getName());
                 if (mgfDigestName.equals("SHA-1")) {
                     mgfSpec = MGF1ParameterSpec.SHA1;
+                } else if (mgfDigestName.equals("SHA-224")) {
+                    mgfSpec = new MGF1ParameterSpec("SHA-224");
                 } else if (mgfDigestName.equals("SHA-256")) {
                     mgfSpec = MGF1ParameterSpec.SHA256;
                 } else if (mgfDigestName.equals("SHA-384")) {
--- a/src/share/classes/com/sun/crypto/provider/SunJCE.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/crypto/provider/SunJCE.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -70,7 +70,7 @@
  *
  * - Diffie-Hellman Key Agreement
  *
- * - HMAC-MD5, HMAC-SHA1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
+ * - HMAC-MD5, HMAC-SHA1, HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
  *
  */
 
@@ -117,6 +117,7 @@
                         "NOPADDING|PKCS1PADDING|OAEPWITHMD5ANDMGF1PADDING"
                         + "|OAEPWITHSHA1ANDMGF1PADDING"
                         + "|OAEPWITHSHA-1ANDMGF1PADDING"
+                        + "|OAEPWITHSHA-224ANDMGF1PADDING"
                         + "|OAEPWITHSHA-256ANDMGF1PADDING"
                         + "|OAEPWITHSHA-384ANDMGF1PADDING"
                         + "|OAEPWITHSHA-512ANDMGF1PADDING");
@@ -170,17 +171,67 @@
                 put("Cipher.Blowfish SupportedPaddings", BLOCK_PADS);
                 put("Cipher.Blowfish SupportedKeyFormats", "RAW");
 
-                put("Cipher.AES", "com.sun.crypto.provider.AESCipher");
+                put("Cipher.AES", "com.sun.crypto.provider.AESCipher$General");
                 put("Alg.Alias.Cipher.Rijndael", "AES");
                 put("Cipher.AES SupportedModes", BLOCK_MODES128);
                 put("Cipher.AES SupportedPaddings", BLOCK_PADS);
                 put("Cipher.AES SupportedKeyFormats", "RAW");
 
-                put("Cipher.AESWrap", "com.sun.crypto.provider.AESWrapCipher");
+                put("Cipher.AES_128/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding");
+                put("Cipher.AES_128/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding");
+                put("Cipher.AES_128/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding");
+                put("Cipher.AES_128/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding");
+
+                put("Cipher.AES_192/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding");
+                put("Cipher.AES_192/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding");
+                put("Cipher.AES_192/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding");
+                put("Cipher.AES_192/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding");
+
+
+                put("Cipher.AES_256/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding");
+                put("Cipher.AES_256/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding");
+                put("Cipher.AES_256/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding");
+                put("Cipher.AES_256/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding");
+
+                put("Cipher.AESWrap", "com.sun.crypto.provider.AESWrapCipher$General");
                 put("Cipher.AESWrap SupportedModes", "ECB");
                 put("Cipher.AESWrap SupportedPaddings", "NOPADDING");
                 put("Cipher.AESWrap SupportedKeyFormats", "RAW");
 
+                put("Cipher.AESWrap_128", "com.sun.crypto.provider.AESWrapCipher$AES128");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128");
+                put("Cipher.AESWrap_192", "com.sun.crypto.provider.AESWrapCipher$AES192");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192");
+                put("Cipher.AESWrap_256", "com.sun.crypto.provider.AESWrapCipher$AES256");
+                put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256");
+                put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256");
+
                 put("Cipher.RC2",
                     "com.sun.crypto.provider.RC2Cipher");
                 put("Cipher.RC2 SupportedModes", BLOCK_MODES);
@@ -195,7 +246,7 @@
                 put("Cipher.ARCFOUR SupportedKeyFormats", "RAW");
 
                 /*
-                 *  Key(pair) Generator engines
+                 * Key(pair) Generator engines
                  */
                 put("KeyGenerator.DES",
                     "com.sun.crypto.provider.DESKeyGenerator");
@@ -224,13 +275,28 @@
 
                 put("KeyGenerator.HmacSHA1",
                     "com.sun.crypto.provider.HmacSHA1KeyGenerator");
+                put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1");
+                put("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1");
+
+                put("KeyGenerator.HmacSHA224",
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224");
+                put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224");
+                put("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224");
 
                 put("KeyGenerator.HmacSHA256",
-                    "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA256KG");
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256");
+                put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256");
+                put("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256");
+
                 put("KeyGenerator.HmacSHA384",
-                    "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA384KG");
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384");
+                put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384");
+                put("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384");
+
                 put("KeyGenerator.HmacSHA512",
-                    "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA512KG");
+                    "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512");
+                put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512");
+                put("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512");
 
                 put("KeyPairGenerator.DiffieHellman",
                     "com.sun.crypto.provider.DHKeyPairGenerator");
@@ -316,14 +382,12 @@
                     "com.sun.crypto.provider.AESParameters");
                 put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
 
-
                 put("AlgorithmParameters.RC2",
                     "com.sun.crypto.provider.RC2Parameters");
 
                 put("AlgorithmParameters.OAEP",
                     "com.sun.crypto.provider.OAEPParameters");
 
-
                 /*
                  * Key factories
                  */
@@ -393,12 +457,25 @@
                  */
                 put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5");
                 put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1");
+                put("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1");
+                put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1");
+                put("Mac.HmacSHA224",
+                    "com.sun.crypto.provider.HmacCore$HmacSHA224");
+                put("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224");
+                put("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224");
                 put("Mac.HmacSHA256",
                     "com.sun.crypto.provider.HmacCore$HmacSHA256");
+                put("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256");
+                put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256");
                 put("Mac.HmacSHA384",
                     "com.sun.crypto.provider.HmacCore$HmacSHA384");
+                put("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384");
+                put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384");
                 put("Mac.HmacSHA512",
                     "com.sun.crypto.provider.HmacCore$HmacSHA512");
+                put("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512");
+                put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512");
+
                 put("Mac.HmacPBESHA1",
                     "com.sun.crypto.provider.HmacPKCS12PBESHA1");
 
@@ -409,6 +486,7 @@
 
                 put("Mac.HmacMD5 SupportedKeyFormats", "RAW");
                 put("Mac.HmacSHA1 SupportedKeyFormats", "RAW");
+                put("Mac.HmacSHA224 SupportedKeyFormats", "RAW");
                 put("Mac.HmacSHA256 SupportedKeyFormats", "RAW");
                 put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
                 put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
--- a/src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -241,14 +241,29 @@
         int off = secret.length >> 1;
         int seclen = off + (secret.length & 1);
 
+        byte[] secKey = secret;
+        int keyLen = seclen;
         byte[] output = new byte[outputLength];
 
         // P_MD5(S1, label + seed)
-        expand(md5, 16, secret, 0, seclen, labelBytes, seed, output,
+        // If we have a long secret, digest it first.
+        if (seclen > 64) {              // 64: block size of HMAC-MD5
+            md5.update(secret, 0, seclen);
+            secKey = md5.digest();
+            keyLen = secKey.length;
+        }
+        expand(md5, 16, secKey, 0, keyLen, labelBytes, seed, output,
             HMAC_ipad64.clone(), HMAC_opad64.clone());
 
         // P_SHA-1(S2, label + seed)
-        expand(sha, 20, secret, off, seclen, labelBytes, seed, output,
+        // If we have a long secret, digest it first.
+        if (seclen > 64) {              // 64: block size of HMAC-SHA1
+            sha.update(secret, off, seclen);
+            secKey = sha.digest();
+            keyLen = secKey.length;
+            off = 0;
+        }
+        expand(sha, 20, secKey, off, keyLen, labelBytes, seed, output,
             HMAC_ipad64.clone(), HMAC_opad64.clone());
 
         return output;
--- a/src/share/classes/com/sun/java/swing/plaf/gtk/resources/gtk_ko.properties	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/java/swing/plaf/gtk/resources/gtk_ko.properties	Sun May 01 21:26:40 2016 -0700
@@ -39,7 +39,7 @@
 FileChooser.openButton.textAndMnemonic=\uD655\uC778(&O)
 FileChooser.saveDialogTitle.textAndMnemonic=\uC800\uC7A5
 FileChooser.openDialogTitle.textAndMnemonic=\uC5F4\uAE30
-FileChooser.pathLabel.textAndMnemonic=\uC120\uD0DD \uC0AC\uD56D(&S):
+FileChooser.pathLabel.textAndMnemonic=\uC120\uD0DD\uC0AC\uD56D(&S):
 FileChooser.filterLabel.textAndMnemonic=\uD544\uD130:
 FileChooser.foldersLabel.textAndMnemonic=\uD3F4\uB354(&D)
 FileChooser.filesLabel.textAndMnemonic=\uD30C\uC77C(&F)
--- a/src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_ko.properties	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/java/swing/plaf/windows/resources/windows_ko.properties	Sun May 01 21:26:40 2016 -0700
@@ -33,11 +33,11 @@
 FileChooser.listViewButtonToolTip.textAndMnemonic=\uBAA9\uB85D
 FileChooser.listViewButtonAccessibleName=\uBAA9\uB85D
 FileChooser.listViewActionLabel.textAndMnemonic=\uBAA9\uB85D
-FileChooser.detailsViewButtonToolTip.textAndMnemonic=\uC138\uBD80 \uC815\uBCF4
-FileChooser.detailsViewButtonAccessibleName=\uC138\uBD80 \uC815\uBCF4
+FileChooser.detailsViewButtonToolTip.textAndMnemonic=\uC138\uBD80\uC815\uBCF4
+FileChooser.detailsViewButtonAccessibleName=\uC138\uBD80\uC815\uBCF4
 FileChooser.viewMenuButtonToolTipText = \uBCF4\uAE30 \uBA54\uB274
 FileChooser.viewMenuButtonAccessibleName = \uBCF4\uAE30 \uBA54\uB274
-FileChooser.detailsViewActionLabel.textAndMnemonic=\uC138\uBD80 \uC815\uBCF4
+FileChooser.detailsViewActionLabel.textAndMnemonic=\uC138\uBD80\uC815\uBCF4
 FileChooser.refreshActionLabel.textAndMnemonic=\uC0C8\uB85C \uACE0\uCE68
 FileChooser.viewMenuLabel.textAndMnemonic=\uBCF4\uAE30
 FileChooser.fileNameHeader.textAndMnemonic=\uC774\uB984
--- a/src/share/classes/com/sun/jmx/remote/util/EnvHelp.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/jmx/remote/util/EnvHelp.java	Sun May 01 21:26:40 2016 -0700
@@ -1,6 +1,6 @@
 
 /*
- * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,6 +55,21 @@
 public class EnvHelp {
 
     /**
+    * Name of the attribute that specifies a list of class names acceptable
+    * as parameters to the {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
+    * remote method call.
+    * <p>
+    * This list of classes should correspond to the transitive closure of the
+    * credentials class (or classes) used by the installed {@linkplain JMXAuthenticator}
+    * associated with the {@linkplain RMIServer} implementation.
+    * <p>
+    * If the attribute is not set, or is null, then any class is
+    * deemed acceptable.
+    */
+    public static final String CREDENTIAL_TYPES =
+            "jmx.remote.rmi.server.credential.types";
+
+    /**
      * <p>Name of the attribute that specifies a default class loader
      * object.
      * The value associated with this attribute is a ClassLoader object</p>
--- a/src/share/classes/com/sun/rowset/RowSetResourceBundle_de.properties	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/rowset/RowSetResourceBundle_de.properties	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,7 @@
 cachedrowsetimpl.accfailed = acceptChanges nicht erfolgreich
 cachedrowsetimpl.invalidcp = Ung\u00FCltige Cursorposition
 cachedrowsetimpl.illegalop = Ung\u00FCltiger Vorgang bei nicht eingef\u00FCgter Zeile
-cachedrowsetimpl.clonefail = Clonen nicht erfolgreich: {0}
+cachedrowsetimpl.clonefail = Klonen nicht erfolgreich: {0}
 cachedrowsetimpl.invalidcol = Ung\u00FCltiger Spaltenindex
 cachedrowsetimpl.invalcolnm = Ung\u00FCltiger Spaltenname
 cachedrowsetimpl.boolfail = getBoolen bei Wert ( {0} ) in Spalte {1} nicht erfolgreich
--- a/src/share/classes/com/sun/rowset/RowSetResourceBundle_ko.properties	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/rowset/RowSetResourceBundle_ko.properties	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -52,11 +52,11 @@
 cachedrowsetimpl.absolute = \uC808\uB300: \uCEE4\uC11C \uC704\uCE58\uAC00 \uBD80\uC801\uD569\uD569\uB2C8\uB2E4.
 cachedrowsetimpl.relative = \uC0C1\uB300: \uCEE4\uC11C \uC704\uCE58\uAC00 \uBD80\uC801\uD569\uD569\uB2C8\uB2E4.
 cachedrowsetimpl.asciistream = ASCII \uC2A4\uD2B8\uB9BC\uC5D0 \uB300\uD55C \uC77D\uAE30\uB97C \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4.
-cachedrowsetimpl.binstream = \uC774\uC9C4 \uC2A4\uD2B8\uB9BC\uC5D0\uC11C \uC77D\uAE30\uB97C \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4.
+cachedrowsetimpl.binstream = \uBC14\uC774\uB108\uB9AC \uC2A4\uD2B8\uB9BC\uC5D0\uC11C \uC77D\uAE30\uB97C \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4.
 cachedrowsetimpl.failedins = \uD589 \uC0BD\uC785\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4.
 cachedrowsetimpl.updateins = \uD589\uC744 \uC0BD\uC785\uD558\uB294 \uC911 updateRow\uAC00 \uD638\uCD9C\uB418\uC5C8\uC2B5\uB2C8\uB2E4.
 cachedrowsetimpl.movetoins = moveToInsertRow: CONCUR_READ_ONLY
-cachedrowsetimpl.movetoins1 = moveToInsertRow: \uBA54\uD0C0 \uB370\uC774\uD130\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4.
+cachedrowsetimpl.movetoins1 = moveToInsertRow: \uBA54\uD0C0\uB370\uC774\uD130\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4.
 cachedrowsetimpl.movetoins2 = moveToInsertRow: \uC5F4 \uC218\uAC00 \uBD80\uC801\uD569\uD569\uB2C8\uB2E4.
 cachedrowsetimpl.tablename = \uD14C\uC774\uBE14 \uC774\uB984\uC740 \uB110\uC77C \uC218 \uC5C6\uC2B5\uB2C8\uB2E4.
 cachedrowsetimpl.keycols = \uD0A4 \uC5F4\uC774 \uBD80\uC801\uD569\uD569\uB2C8\uB2E4.
@@ -150,7 +150,7 @@
 
 #XmlReaderContentHandler exceptions
 xmlrch.errmap = \uB9F5\uC744 \uC124\uC815\uD558\uB294 \uC911 \uC624\uB958 \uBC1C\uC0DD: {0}
-xmlrch.errmetadata = \uBA54\uD0C0 \uB370\uC774\uD130\uB97C \uC124\uC815\uD558\uB294 \uC911 \uC624\uB958 \uBC1C\uC0DD: {0}
+xmlrch.errmetadata = \uBA54\uD0C0\uB370\uC774\uD130\uB97C \uC124\uC815\uD558\uB294 \uC911 \uC624\uB958 \uBC1C\uC0DD: {0}
 xmlrch.errinsertval = \uAC12\uC744 \uC0BD\uC785\uD558\uB294 \uC911 \uC624\uB958 \uBC1C\uC0DD: {0}
 xmlrch.errconstr = \uD589\uC744 \uC0DD\uC131\uD558\uB294 \uC911 \uC624\uB958 \uBC1C\uC0DD: {0}
 xmlrch.errdel = \uD589\uC744 \uC0AD\uC81C\uD558\uB294 \uC911 \uC624\uB958 \uBC1C\uC0DD: {0}
@@ -160,7 +160,7 @@
 xmlrch.errupdrow = \uD589\uC744 \uC5C5\uB370\uC774\uD2B8\uD558\uB294 \uC911 \uC624\uB958 \uBC1C\uC0DD: {0}
 xmlrch.chars = \uBB38\uC790:
 xmlrch.badvalue = \uC798\uBABB\uB41C \uAC12: \uB110\uC77C \uC218 \uC5C6\uB294 \uC18D\uC131\uC785\uB2C8\uB2E4.
-xmlrch.badvalue1 = \uC798\uBABB\uB41C \uAC12: \uB110\uC77C \uC218 \uC5C6\uB294 \uBA54\uD0C0 \uB370\uC774\uD130\uC785\uB2C8\uB2E4.
+xmlrch.badvalue1 = \uC798\uBABB\uB41C \uAC12: \uB110\uC77C \uC218 \uC5C6\uB294 \uBA54\uD0C0\uB370\uC774\uD130\uC785\uB2C8\uB2E4.
 xmlrch.warning =  ** \uACBD\uACE0: {0}, \uD589: {1}, URI: {2}
 
 #RIOptimisticProvider Exceptions
--- a/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_ko.properties	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/swing/internal/plaf/basic/resources/basic_ko.properties	Sun May 01 21:26:40 2016 -0700
@@ -71,7 +71,7 @@
 FileChooser.directoryOpenButtonToolTip.textAndMnemonic=\uC120\uD0DD\uB41C \uB514\uB809\uD1A0\uB9AC \uC5F4\uAE30
 
 FileChooser.filesListAccessibleName=\uD30C\uC77C \uBAA9\uB85D
-FileChooser.filesDetailsAccessibleName=\uD30C\uC77C \uC138\uBD80 \uC815\uBCF4
+FileChooser.filesDetailsAccessibleName=\uD30C\uC77C \uC138\uBD80\uC815\uBCF4
 
 ############ COLOR CHOOSER STRINGS #############
 ColorChooser.preview.textAndMnemonic=\uBBF8\uB9AC\uBCF4\uAE30
--- a/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_ko.properties	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/swing/internal/plaf/metal/resources/metal_ko.properties	Sun May 01 21:26:40 2016 -0700
@@ -33,9 +33,9 @@
 FileChooser.listViewButtonToolTip.textAndMnemonic=\uBAA9\uB85D
 FileChooser.listViewButtonAccessibleName=\uBAA9\uB85D
 FileChooser.listViewActionLabel.textAndMnemonic=\uBAA9\uB85D
-FileChooser.detailsViewButtonToolTip.textAndMnemonic=\uC138\uBD80 \uC815\uBCF4
-FileChooser.detailsViewButtonAccessibleName=\uC138\uBD80 \uC815\uBCF4
-FileChooser.detailsViewActionLabel.textAndMnemonic=\uC138\uBD80 \uC815\uBCF4
+FileChooser.detailsViewButtonToolTip.textAndMnemonic=\uC138\uBD80\uC815\uBCF4
+FileChooser.detailsViewButtonAccessibleName=\uC138\uBD80\uC815\uBCF4
+FileChooser.detailsViewActionLabel.textAndMnemonic=\uC138\uBD80\uC815\uBCF4
 FileChooser.refreshActionLabel.textAndMnemonic=\uC0C8\uB85C \uACE0\uCE68
 FileChooser.viewMenuLabel.textAndMnemonic=\uBCF4\uAE30
 FileChooser.fileNameHeader.textAndMnemonic=\uC774\uB984
--- a/src/share/classes/com/sun/swing/internal/plaf/synth/resources/synth_ko.properties	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/com/sun/swing/internal/plaf/synth/resources/synth_ko.properties	Sun May 01 21:26:40 2016 -0700
@@ -33,9 +33,9 @@
 FileChooser.listViewButtonToolTip.textAndMnemonic=\uBAA9\uB85D
 FileChooser.listViewButtonAccessibleName=\uBAA9\uB85D
 FileChooser.listViewActionLabel.textAndMnemonic=\uBAA9\uB85D
-FileChooser.detailsViewButtonToolTip.textAndMnemonic=\uC138\uBD80 \uC815\uBCF4
-FileChooser.detailsViewButtonAccessibleName=\uC138\uBD80 \uC815\uBCF4
-FileChooser.detailsViewActionLabel.textAndMnemonic=\uC138\uBD80 \uC815\uBCF4
+FileChooser.detailsViewButtonToolTip.textAndMnemonic=\uC138\uBD80\uC815\uBCF4
+FileChooser.detailsViewButtonAccessibleName=\uC138\uBD80\uC815\uBCF4
+FileChooser.detailsViewActionLabel.textAndMnemonic=\uC138\uBD80\uC815\uBCF4
 FileChooser.refreshActionLabel.textAndMnemonic=\uC0C8\uB85C \uACE0\uCE68
 FileChooser.viewMenuLabel.textAndMnemonic=\uBCF4\uAE30
 FileChooser.fileNameHeader.textAndMnemonic=\uC774\uB984
--- a/src/share/classes/java/io/ObjectInputStream.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/java/io/ObjectInputStream.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,8 +39,11 @@
 import java.util.HashMap;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
-import java.util.concurrent.atomic.AtomicBoolean;
 import static java.io.ObjectStreamClass.processQueue;
+import sun.misc.JavaObjectInputStreamAccess;
+import sun.misc.ObjectStreamClassValidator;
+import sun.misc.SharedSecrets;
+import sun.misc.Unsafe;
 import sun.reflect.misc.ReflectUtil;
 
 /**
@@ -1503,23 +1506,28 @@
         throws IOException
     {
         byte tc = bin.peekByte();
+        ObjectStreamClass descriptor;
         switch (tc) {
             case TC_NULL:
-                return (ObjectStreamClass) readNull();
-
+                descriptor = (ObjectStreamClass) readNull();
+                break;
             case TC_REFERENCE:
-                return (ObjectStreamClass) readHandle(unshared);
-
+                descriptor = (ObjectStreamClass) readHandle(unshared);
+                break;
             case TC_PROXYCLASSDESC:
-                return readProxyDesc(unshared);
-
+                descriptor = readProxyDesc(unshared);
+                break;
             case TC_CLASSDESC:
-                return readNonProxyDesc(unshared);
-
+                descriptor = readNonProxyDesc(unshared);
+                break;
             default:
                 throw new StreamCorruptedException(
                     String.format("invalid type code: %02X", tc));
         }
+        if (descriptor != null) {
+            validateDescriptor(descriptor);
+        }
+        return descriptor;
     }
 
     private boolean isCustomSubclass() {
@@ -1887,6 +1895,8 @@
                 if (obj == null || handles.lookupException(passHandle) != null) {
                     defaultReadFields(null, slotDesc); // skip field values
                 } else if (slotDesc.hasReadObjectMethod()) {
+                    ThreadDeath t = null;
+                    boolean reset = false;
                     SerialCallbackContext oldContext = curContext;
                     if (oldContext != null)
                         oldContext.check();
@@ -1905,10 +1915,19 @@
                          */
                         handles.markException(passHandle, ex);
                     } finally {
-                        curContext.setUsed();
-                        if (oldContext!= null)
-                            oldContext.check();
-                        curContext = oldContext;
+                        do {
+                            try {
+                                curContext.setUsed();
+                                if (oldContext!= null)
+                                    oldContext.check();
+                                curContext = oldContext;
+                                reset = true;
+                            } catch (ThreadDeath x) {
+                                t = x;  // defer until reset is true
+                            }
+                        } while (!reset);
+                        if (t != null)
+                            throw t;
                     }
 
                     /*
@@ -1919,7 +1938,7 @@
                     defaultDataEnd = false;
                 } else {
                     defaultReadFields(obj, slotDesc);
-                }
+                    }
 
                 if (slotDesc.hasWriteObjectData()) {
                     skipCustomData();
@@ -1935,7 +1954,7 @@
                 }
             }
         }
-    }
+            }
 
     /**
      * Skips over all block data and objects until TC_ENDBLOCKDATA is
@@ -1983,27 +2002,27 @@
         if (primVals == null || primVals.length < primDataSize) {
             primVals = new byte[primDataSize];
         }
-        bin.readFully(primVals, 0, primDataSize, false);
+            bin.readFully(primVals, 0, primDataSize, false);
         if (obj != null) {
             desc.setPrimFieldValues(obj, primVals);
         }
 
-        int objHandle = passHandle;
-        ObjectStreamField[] fields = desc.getFields(false);
+            int objHandle = passHandle;
+            ObjectStreamField[] fields = desc.getFields(false);
         Object[] objVals = new Object[desc.getNumObjFields()];
-        int numPrimFields = fields.length - objVals.length;
-        for (int i = 0; i < objVals.length; i++) {
-            ObjectStreamField f = fields[numPrimFields + i];
-            objVals[i] = readObject0(f.isUnshared());
-            if (f.getField() != null) {
-                handles.markDependency(objHandle, passHandle);
+            int numPrimFields = fields.length - objVals.length;
+            for (int i = 0; i < objVals.length; i++) {
+                ObjectStreamField f = fields[numPrimFields + i];
+                objVals[i] = readObject0(f.isUnshared());
+                if (f.getField() != null) {
+                    handles.markDependency(objHandle, passHandle);
+                }
             }
-        }
         if (obj != null) {
             desc.setObjFieldValues(obj, objVals);
         }
-        passHandle = objHandle;
-    }
+            passHandle = objHandle;
+        }
 
     /**
      * Reads in and returns IOException that caused serialization to abort.
@@ -3539,4 +3558,25 @@
         }
     }
 
+    private void validateDescriptor(ObjectStreamClass descriptor) {
+        ObjectStreamClassValidator validating = validator;
+        if (validating != null) {
+            validating.validateDescriptor(descriptor);
+        }
+    }
+
+    // controlled access to ObjectStreamClassValidator
+    private volatile ObjectStreamClassValidator validator;
+
+    private static void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator) {
+        ois.validator = validator;
+    }
+    static {
+        SharedSecrets.setJavaObjectInputStreamAccess(new JavaObjectInputStreamAccess() {
+            @Override
+            public void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator) {
+                ObjectInputStream.setValidator(ois, validator);
+            }
+        });
+    }
 }
--- a/src/share/classes/java/lang/ClassLoader.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/java/lang/ClassLoader.java	Sun May 01 21:26:40 2016 -0700
@@ -654,6 +654,9 @@
         if (!checkName(name))
             throw new NoClassDefFoundError("IllegalName: " + name);
 
+        // Note:  Checking logic in java.lang.invoke.MemberName.checkForTypeAlias
+        // relies on the fact that spoofing is impossible if a class has a name
+        // of the form "java.*"
         if ((name != null) && name.startsWith("java.")) {
             throw new SecurityException
                 ("Prohibited package name: " +
--- a/src/share/classes/java/lang/invoke/MemberName.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/java/lang/invoke/MemberName.java	Sun May 01 21:26:40 2016 -0700
@@ -668,7 +668,7 @@
         assert(isResolved() == isResolved);
     }
 
-    void checkForTypeAlias() {
+    void checkForTypeAlias(Class<?> refc) {
         if (isInvocable()) {
             MethodType type;
             if (this.type instanceof MethodType)
@@ -676,16 +676,16 @@
             else
                 this.type = type = getMethodType();
             if (type.erase() == type)  return;
-            if (VerifyAccess.isTypeVisible(type, clazz))  return;
-            throw new LinkageError("bad method type alias: "+type+" not visible from "+clazz);
+            if (VerifyAccess.isTypeVisible(type, refc))  return;
+            throw new LinkageError("bad method type alias: "+type+" not visible from "+refc);
         } else {
             Class<?> type;
             if (this.type instanceof Class<?>)
                 type = (Class<?>) this.type;
             else
                 this.type = type = getFieldType();
-            if (VerifyAccess.isTypeVisible(type, clazz))  return;
-            throw new LinkageError("bad field type alias: "+type+" not visible from "+clazz);
+            if (VerifyAccess.isTypeVisible(type, refc))  return;
+            throw new LinkageError("bad field type alias: "+type+" not visible from "+refc);
         }
     }
 
@@ -844,10 +844,25 @@
             MemberName m = ref.clone();  // JVM will side-effect the ref
             assert(refKind == m.getReferenceKind());
             try {
+                // There are 4 entities in play here:
+                //   * LC: lookupClass
+                //   * REFC: symbolic reference class (MN.clazz before resolution);
+                //   * DEFC: resolved method holder (MN.clazz after resolution);
+                //   * PTYPES: parameter types (MN.type)
+                //
+                // What we care about when resolving a MemberName is consistency between DEFC and PTYPES.
+                // We do type alias (TA) checks on DEFC to ensure that. DEFC is not known until the JVM
+                // finishes the resolution, so do TA checks right after MHN.resolve() is over.
+                //
+                // All parameters passed by a caller are checked against MH type (PTYPES) on every invocation,
+                // so it is safe to call a MH from any context.
+                //
+                // REFC view on PTYPES doesn't matter, since it is used only as a starting point for resolution and doesn't
+                // participate in method selection.
                 m = MethodHandleNatives.resolve(m, lookupClass);
-                m.checkForTypeAlias();
+                m.checkForTypeAlias(m.getDeclaringClass());
                 m.resolution = null;
-            } catch (LinkageError ex) {
+            } catch (ClassNotFoundException | LinkageError ex) {
                 // JVM reports that the "bytecode behavior" would get an error
                 assert(!m.isResolved());
                 m.resolution = ex;
--- a/src/share/classes/java/lang/invoke/MethodHandleNatives.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/java/lang/invoke/MethodHandleNatives.java	Sun May 01 21:26:40 2016 -0700
@@ -46,7 +46,7 @@
 
     static native void init(MemberName self, Object ref);
     static native void expand(MemberName self);
-    static native MemberName resolve(MemberName self, Class<?> caller) throws LinkageError;
+    static native MemberName resolve(MemberName self, Class<?> caller) throws LinkageError, ClassNotFoundException;
     static native int getMembers(Class<?> defc, String matchName, String matchSig,
             int matchFlags, Class<?> caller, int skip, MemberName[] results);
 
--- a/src/share/classes/java/security/interfaces/DSAKeyPairGenerator.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/java/security/interfaces/DSAKeyPairGenerator.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -62,6 +62,9 @@
  * interface is all that is needed when you accept defaults for algorithm-specific
  * parameters.
  *
+ * <p>Note: Some earlier implementations of this interface may not support
+ * larger sizes of DSA parameters such as 2048 and 3072-bit.
+ *
  * @see java.security.KeyPairGenerator
  */
 public interface DSAKeyPairGenerator {
@@ -78,7 +81,7 @@
      * can be null.
      *
      * @exception InvalidParameterException if the <code>params</code>
-     * value is invalid or null.
+     * value is invalid, null, or unsupported.
      */
    public void initialize(DSAParams params, SecureRandom random)
    throws InvalidParameterException;
@@ -97,7 +100,7 @@
      * default parameters for modulus lengths of 512 and 1024 bits.
      *
      * @param modlen the modulus length in bits. Valid values are any
-     * multiple of 8 between 512 and 1024, inclusive.
+     * multiple of 64 between 512 and 1024, inclusive, 2048, and 3072.
      *
      * @param random the random bit source to use to generate key bits;
      * can be null.
@@ -105,10 +108,9 @@
      * @param genParams whether or not to generate new parameters for
      * the modulus length requested.
      *
-     * @exception InvalidParameterException if <code>modlen</code> is not
-     * between 512 and 1024, or if <code>genParams</code> is false and
-     * there are no precomputed parameters for the requested modulus
-     * length.
+     * @exception InvalidParameterException if <code>modlen</code> is
+     * invalid, or unsupported, or if <code>genParams</code> is false and there
+     * are no precomputed parameters for the requested modulus length.
      */
     public void initialize(int modlen, boolean genParams, SecureRandom random)
     throws InvalidParameterException;
--- a/src/share/classes/java/security/spec/MGF1ParameterSpec.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/java/security/spec/MGF1ParameterSpec.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,7 @@
  * <pre>
  * OAEP-PSSDigestAlgorithms    ALGORITHM-IDENTIFIER ::= {
  *   { OID id-sha1 PARAMETERS NULL   }|
+ *   { OID id-sha224 PARAMETERS NULL   }|
  *   { OID id-sha256 PARAMETERS NULL }|
  *   { OID id-sha384 PARAMETERS NULL }|
  *   { OID id-sha512 PARAMETERS NULL },
--- a/src/share/classes/java/security/spec/PSSParameterSpec.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/java/security/spec/PSSParameterSpec.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,6 +47,7 @@
  * <pre>
  * OAEP-PSSDigestAlgorithms    ALGORITHM-IDENTIFIER ::= {
  *   { OID id-sha1 PARAMETERS NULL   }|
+ *   { OID id-sha224 PARAMETERS NULL   }|
  *   { OID id-sha256 PARAMETERS NULL }|
  *   { OID id-sha384 PARAMETERS NULL }|
  *   { OID id-sha512 PARAMETERS NULL },
--- a/src/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,12 @@
 
 import com.sun.jmx.remote.internal.RMIExporter;
 import com.sun.jmx.remote.util.EnvHelp;
+import java.io.ObjectStreamClass;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.List;
+import sun.reflect.misc.ReflectUtil;
+import sun.rmi.server.DeserializationChecker;
 import sun.rmi.server.UnicastServerRef;
 import sun.rmi.server.UnicastServerRef2;
 
@@ -52,6 +58,9 @@
  * @since 1.5
  */
 public class RMIJRMPServerImpl extends RMIServerImpl {
+
+    private final ExportedWrapper exportedWrapper;
+
     /**
      * <p>Creates a new {@link RMIServer} object that will be exported
      * on the given port using the given socket factories.</p>
@@ -89,10 +98,31 @@
         this.csf = csf;
         this.ssf = ssf;
         this.env = (env == null) ? Collections.<String, Object>emptyMap() : env;
+
+        String[] credentialsTypes
+                = (String[]) this.env.get(EnvHelp.CREDENTIAL_TYPES);
+        List<String> types = null;
+        if (credentialsTypes != null) {
+            types = new ArrayList<>();
+            for (String type : credentialsTypes) {
+                if (type == null) {
+                    throw new IllegalArgumentException("A credential type is null.");
+                }
+                ReflectUtil.checkPackageAccess(type);
+                types.add(type);
+            }
+        }
+        exportedWrapper = types != null ?
+                new ExportedWrapper(this, types) :
+                null;
     }
 
     protected void export() throws IOException {
-        export(this);
+        if (exportedWrapper != null) {
+            export(exportedWrapper);
+        } else {
+            export(this);
+        }
     }
 
     private void export(Remote obj) throws RemoteException {
@@ -142,7 +172,11 @@
      *            RMIJRMPServerImpl has not been exported yet.
      */
     public Remote toStub() throws IOException {
-        return RemoteObject.toStub(this);
+        if (exportedWrapper != null) {
+            return RemoteObject.toStub(exportedWrapper);
+        } else {
+            return RemoteObject.toStub(this);
+        }
     }
 
     /**
@@ -189,11 +223,61 @@
      * server failed.
      */
     protected void closeServer() throws IOException {
-        unexport(this, true);
+        if (exportedWrapper != null) {
+            unexport(exportedWrapper, true);
+        } else {
+            unexport(this, true);
+        }
     }
 
     private final int port;
     private final RMIClientSocketFactory csf;
     private final RMIServerSocketFactory ssf;
     private final Map<String, ?> env;
+
+    private static class ExportedWrapper implements RMIServer, DeserializationChecker {
+        private final RMIServer impl;
+        private final List<String> allowedTypes;
+        private ExportedWrapper(RMIServer impl, List<String> credentialsTypes) {
+            this.impl = impl;
+            allowedTypes = credentialsTypes;
+        }
+
+        @Override
+        public String getVersion() throws RemoteException {
+            return impl.getVersion();
+        }
+
+        @Override
+        public RMIConnection newClient(Object credentials) throws IOException {
+            return impl.newClient(credentials);
+        }
+
+        @Override
+        public void check(Method method, ObjectStreamClass descriptor,
+                int paramIndex, int callID) {
+
+            String type = descriptor.getName();
+            if (!allowedTypes.contains(type)) {
+                throw new ClassCastException("Unsupported type: " + type);
+            }
+        }
+
+        @Override
+        public void checkProxyClass(Method method, String[] ifaces,
+                int paramIndex, int callID) {
+            if (ifaces != null && ifaces.length > 0) {
+                for (String iface : ifaces) {
+                    if (!allowedTypes.contains(iface)) {
+                        throw new ClassCastException("Unsupported type: " + iface);
+                    }
+                }
+            }
+        }
+
+        @Override
+        public void end(int callID) {
+            /* Do nothing */
+        }
+    }
 }
--- a/src/share/classes/sun/applet/resources/MsgAppletViewer_de.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/applet/resources/MsgAppletViewer_de.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,7 +38,7 @@
             {"appletviewer.menuitem.stop", "Stoppen"},
             {"appletviewer.menuitem.save", "Speichern..."},
             {"appletviewer.menuitem.start", "Starten..."},
-            {"appletviewer.menuitem.clone", "Clonen..."},
+            {"appletviewer.menuitem.clone", "Klonen..."},
             {"appletviewer.menuitem.tag", "Tag..."},
             {"appletviewer.menuitem.info", "Informationen..."},
             {"appletviewer.menuitem.edit", "Bearbeiten"},
--- a/src/share/classes/sun/applet/resources/MsgAppletViewer_ko.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/applet/resources/MsgAppletViewer_ko.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -79,7 +79,7 @@
             {"appletviewer.main.err.dupoption", "\uC911\uBCF5\uB41C \uC635\uC158 \uC0AC\uC6A9: {0}"},
             {"appletviewer.main.err.inputfile", "\uC9C0\uC815\uB41C \uC785\uB825 \uD30C\uC77C\uC774 \uC5C6\uC2B5\uB2C8\uB2E4."},
             {"appletviewer.main.err.badurl", "\uC798\uBABB\uB41C URL: {0}({1})"},
-            {"appletviewer.main.err.io", "\uC77D\uB294 \uC911 I/O \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {0}"},
+            {"appletviewer.main.err.io", "\uC77D\uB294 \uC911 I/O \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {0}"},
             {"appletviewer.main.err.readablefile", "{0}\uC774(\uAC00) \uD30C\uC77C\uC774\uBA70 \uC77D\uAE30 \uAC00\uB2A5\uD55C \uC0C1\uD0DC\uC778\uC9C0 \uD655\uC778\uD558\uC2ED\uC2DC\uC624."},
             {"appletviewer.main.err.correcturl", "{0}\uC774(\uAC00) \uC62C\uBC14\uB978 URL\uC785\uB2C8\uAE4C?"},
             {"appletviewer.main.prop.store", "\uC0AC\uC6A9\uC790 \uAD00\uB828 AppletViewer \uC18D\uC131"},
@@ -88,7 +88,7 @@
             {"appletviewer.main.warn.nosecmgr", "\uACBD\uACE0: \uBCF4\uC548\uC744 \uC0AC\uC6A9 \uC548\uD568\uC73C\uB85C \uC124\uC815\uD558\uB294 \uC911\uC785\uB2C8\uB2E4."},
             {"appletviewer.main.debug.cantfinddebug", "\uB514\uBC84\uAC70\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4!"},
             {"appletviewer.main.debug.cantfindmain", "\uB514\uBC84\uAC70\uC5D0\uC11C \uAE30\uBCF8 \uBA54\uC18C\uB4DC\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4!"},
-            {"appletviewer.main.debug.exceptionindebug", "\uB514\uBC84\uAC70\uC5D0 \uC608\uC678 \uC0AC\uD56D\uC774 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4!"},
+            {"appletviewer.main.debug.exceptionindebug", "\uB514\uBC84\uAC70\uC5D0 \uC608\uC678\uC0AC\uD56D\uC774 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4!"},
             {"appletviewer.main.debug.cantaccess", "\uB514\uBC84\uAC70\uC5D0 \uC561\uC138\uC2A4\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4!"},
             {"appletviewer.main.nosecmgr", "\uACBD\uACE0: SecurityManager\uAC00 \uC124\uCE58\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4!"},
             {"appletviewer.main.warning", "\uACBD\uACE0: \uC2DC\uC791\uB41C \uC560\uD50C\uB9BF\uC774 \uC5C6\uC2B5\uB2C8\uB2E4. <applet> \uD0DC\uADF8\uAC00 \uC785\uB825\uB418\uC5C8\uB294\uC9C0 \uD655\uC778\uD558\uC2ED\uC2DC\uC624."},
@@ -98,9 +98,9 @@
             {"appletioexception.loadclass.throw.notloaded", "\uD074\uB798\uC2A4\uAC00 \uB85C\uB4DC\uB418\uC9C0 \uC54A\uC74C: {0}"},
             {"appletclassloader.loadcode.verbose", "{1}\uC744(\uB97C) \uAC00\uC838\uC624\uAE30 \uC704\uD574 {0}\uC5D0 \uB300\uD55C \uC2A4\uD2B8\uB9BC\uC744 \uC5EC\uB294 \uC911"},
             {"appletclassloader.filenotfound", "{0}\uC744(\uB97C) \uAC80\uC0C9\uD558\uB294 \uC911 \uD30C\uC77C\uC744 \uCC3E\uC9C0 \uBABB\uD588\uC2B5\uB2C8\uB2E4."},
-            {"appletclassloader.fileformat", "\uB85C\uB4DC \uC911 \uD30C\uC77C \uD615\uC2DD \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {0}"},
-            {"appletclassloader.fileioexception", "\uB85C\uB4DC \uC911 I/O \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {0}"},
-            {"appletclassloader.fileexception", "\uB85C\uB4DC \uC911 {0} \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {1}"},
+            {"appletclassloader.fileformat", "\uB85C\uB4DC \uC911 \uD30C\uC77C \uD615\uC2DD \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {0}"},
+            {"appletclassloader.fileioexception", "\uB85C\uB4DC \uC911 I/O \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {0}"},
+            {"appletclassloader.fileexception", "\uB85C\uB4DC \uC911 {0} \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {1}"},
             {"appletclassloader.filedeath", "\uB85C\uB4DC \uC911 {0}\uC774(\uAC00) \uC885\uB8CC\uB428: {1}"},
             {"appletclassloader.fileerror", "\uB85C\uB4DC \uC911 {0} \uC624\uB958 \uBC1C\uC0DD: {1}"},
             {"appletclassloader.findclass.verbose.openstream", "{1}\uC744(\uB97C) \uAC00\uC838\uC624\uAE30 \uC704\uD574 {0}\uC5D0 \uB300\uD55C \uC2A4\uD2B8\uB9BC\uC744 \uC5EC\uB294 \uC911"},
@@ -108,7 +108,7 @@
             {"appletclassloader.getresource.verbose.found", "\uC2DC\uC2A4\uD15C \uB9AC\uC18C\uC2A4\uB85C {0} \uB9AC\uC18C\uC2A4\uB97C \uCC3E\uC558\uC2B5\uB2C8\uB2E4."},
             {"appletclassloader.getresourceasstream.verbose", "\uC2DC\uC2A4\uD15C \uB9AC\uC18C\uC2A4\uB85C {0} \uB9AC\uC18C\uC2A4\uB97C \uCC3E\uC558\uC2B5\uB2C8\uB2E4."},
             {"appletpanel.runloader.err", "\uAC1D\uCCB4 \uB610\uB294 \uCF54\uB4DC \uB9E4\uAC1C\uBCC0\uC218\uC785\uB2C8\uB2E4!"},
-            {"appletpanel.runloader.exception", "{0}\uC758 \uC9C1\uB82C\uD654\uB97C \uD574\uC81C\uD558\uB294 \uC911 \uC608\uC678 \uC0AC\uD56D\uC774 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4."},
+            {"appletpanel.runloader.exception", "{0}\uC758 \uC9C1\uB82C\uD654\uB97C \uD574\uC81C\uD558\uB294 \uC911 \uC608\uC678\uC0AC\uD56D\uC774 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4."},
             {"appletpanel.destroyed", "\uC560\uD50C\uB9BF\uC774 \uC0AD\uC81C\uB418\uC5C8\uC2B5\uB2C8\uB2E4."},
             {"appletpanel.loaded", "\uC560\uD50C\uB9BF\uC774 \uB85C\uB4DC\uB418\uC5C8\uC2B5\uB2C8\uB2E4."},
             {"appletpanel.started", "\uC560\uD50C\uB9BF\uC774 \uC2DC\uC791\uB418\uC5C8\uC2B5\uB2C8\uB2E4."},
@@ -120,8 +120,8 @@
             {"appletpanel.nocreate", "\uB85C\uB4DC: {0}\uC744(\uB97C) \uC778\uC2A4\uD134\uC2A4\uD654\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."},
             {"appletpanel.noconstruct", "\uB85C\uB4DC: {0}\uC740(\uB294) \uACF5\uC6A9\uC774 \uC544\uB2C8\uAC70\uB098 \uACF5\uC6A9 \uC0DD\uC131\uC790\uB97C \uD3EC\uD568\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."},
             {"appletpanel.death", "\uC885\uB8CC\uB428"},
-            {"appletpanel.exception", "\uC608\uC678 \uC0AC\uD56D: {0}."},
-            {"appletpanel.exception2", "\uC608\uC678 \uC0AC\uD56D: {0}: {1}."},
+            {"appletpanel.exception", "\uC608\uC678\uC0AC\uD56D: {0}."},
+            {"appletpanel.exception2", "\uC608\uC678\uC0AC\uD56D: {0}: {1}."},
             {"appletpanel.error", "\uC624\uB958: {0}."},
             {"appletpanel.error2", "\uC624\uB958: {0}: {1}."},
             {"appletpanel.notloaded", "\uCD08\uAE30\uD654: \uC560\uD50C\uB9BF\uC774 \uB85C\uB4DC\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."},
@@ -132,9 +132,9 @@
             {"appletpanel.notdisposed", "\uB85C\uB4DC: \uC560\uD50C\uB9BF\uC774 \uBC30\uCE58\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4."},
             {"appletpanel.bail", "\uC911\uB2E8\uB428: \uC911\uB2E8\uD558\uB294 \uC911\uC785\uB2C8\uB2E4."},
             {"appletpanel.filenotfound", "{0}\uC744(\uB97C) \uAC80\uC0C9\uD558\uB294 \uC911 \uD30C\uC77C\uC744 \uCC3E\uC9C0 \uBABB\uD588\uC2B5\uB2C8\uB2E4."},
-            {"appletpanel.fileformat", "\uB85C\uB4DC \uC911 \uD30C\uC77C \uD615\uC2DD \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {0}"},
-            {"appletpanel.fileioexception", "\uB85C\uB4DC \uC911 I/O \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {0}"},
-            {"appletpanel.fileexception", "\uB85C\uB4DC \uC911 {0} \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {1}"},
+            {"appletpanel.fileformat", "\uB85C\uB4DC \uC911 \uD30C\uC77C \uD615\uC2DD \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {0}"},
+            {"appletpanel.fileioexception", "\uB85C\uB4DC \uC911 I/O \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {0}"},
+            {"appletpanel.fileexception", "\uB85C\uB4DC \uC911 {0} \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {1}"},
             {"appletpanel.filedeath", "\uB85C\uB4DC \uC911 {0}\uC774(\uAC00) \uC885\uB8CC\uB428: {1}"},
             {"appletpanel.fileerror", "\uB85C\uB4DC \uC911 {0} \uC624\uB958 \uBC1C\uC0DD: {1}"},
             {"appletpanel.badattribute.exception", "HTML \uAD6C\uBB38 \uBD84\uC11D \uC911: width/height \uC18D\uC131\uC5D0 \uB300\uD55C \uAC12\uC774 \uC62C\uBC14\uB974\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4."},
@@ -162,36 +162,36 @@
             {"appletprops.button.ok", "\uD655\uC778"},
             /* end 4066432 */
             {"appletprops.prop.store", "\uC0AC\uC6A9\uC790 \uAD00\uB828 AppletViewer \uC18D\uC131"},
-            {"appletsecurityexception.checkcreateclassloader", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uD074\uB798\uC2A4 \uB85C\uB354"},
-            {"appletsecurityexception.checkaccess.thread", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uC2A4\uB808\uB4DC"},
-            {"appletsecurityexception.checkaccess.threadgroup", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uC2A4\uB808\uB4DC \uADF8\uB8F9: {0}"},
-            {"appletsecurityexception.checkexit", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uC885\uB8CC: {0}"},
-            {"appletsecurityexception.checkexec", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uC2E4\uD589: {0}"},
-            {"appletsecurityexception.checklink", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uB9C1\uD06C: {0}"},
-            {"appletsecurityexception.checkpropsaccess", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uC18D\uC131"},
-            {"appletsecurityexception.checkpropsaccess.key", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uC18D\uC131 \uC561\uC138\uC2A4 {0}"},
-            {"appletsecurityexception.checkread.exception1", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: {0}, {1}"},
-            {"appletsecurityexception.checkread.exception2", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: file.read: {0}"},
-            {"appletsecurityexception.checkread", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: file.read: {0} == {1}"},
-            {"appletsecurityexception.checkwrite.exception", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: {0}, {1}"},
-            {"appletsecurityexception.checkwrite", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: file.write: {0} == {1}"},
-            {"appletsecurityexception.checkread.fd", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: fd.read"},
-            {"appletsecurityexception.checkwrite.fd", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: fd.write"},
-            {"appletsecurityexception.checklisten", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: socket.listen: {0}"},
-            {"appletsecurityexception.checkaccept", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: socket.accept: {0}:{1}"},
-            {"appletsecurityexception.checkconnect.networknone", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: socket.connect: {0}->{1}"},
-            {"appletsecurityexception.checkconnect.networkhost1", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: {1}\uC5D0\uC11C {0}\uC5D0 \uC811\uC18D\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."},
-            {"appletsecurityexception.checkconnect.networkhost2", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: {0} \uD638\uC2A4\uD2B8 \uB610\uB294 {1}\uC5D0 \uB300\uD55C IP\uB97C \uBD84\uC11D\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. "},
-            {"appletsecurityexception.checkconnect.networkhost3", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: {0} \uD638\uC2A4\uD2B8\uC5D0 \uB300\uD55C IP\uB97C \uBD84\uC11D\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. trustProxy \uC18D\uC131\uC744 \uCC38\uC870\uD558\uC2ED\uC2DC\uC624."},
-            {"appletsecurityexception.checkconnect", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uC811\uC18D: {0}->{1}"},
-            {"appletsecurityexception.checkpackageaccess", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uD328\uD0A4\uC9C0\uC5D0 \uC561\uC138\uC2A4\uD560 \uC218 \uC5C6\uC74C: {0}"},
-            {"appletsecurityexception.checkpackagedefinition", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uD328\uD0A4\uC9C0\uB97C \uC815\uC758\uD560 \uC218 \uC5C6\uC74C: {0}"},
-            {"appletsecurityexception.cannotsetfactory", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uD329\uD1A0\uB9AC\uB97C \uC124\uC815\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."},
-            {"appletsecurityexception.checkmemberaccess", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uBA64\uBC84 \uC561\uC138\uC2A4\uB97C \uD655\uC778\uD558\uC2ED\uC2DC\uC624."},
-            {"appletsecurityexception.checkgetprintjob", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: getPrintJob"},
-            {"appletsecurityexception.checksystemclipboardaccess", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: getSystemClipboard"},
-            {"appletsecurityexception.checkawteventqueueaccess", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: getEventQueue"},
-            {"appletsecurityexception.checksecurityaccess", "\uBCF4\uC548 \uC608\uC678 \uC0AC\uD56D: \uBCF4\uC548 \uC791\uC5C5: {0}"},
+            {"appletsecurityexception.checkcreateclassloader", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uD074\uB798\uC2A4 \uB85C\uB354"},
+            {"appletsecurityexception.checkaccess.thread", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uC2A4\uB808\uB4DC"},
+            {"appletsecurityexception.checkaccess.threadgroup", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uC2A4\uB808\uB4DC \uADF8\uB8F9: {0}"},
+            {"appletsecurityexception.checkexit", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uC885\uB8CC: {0}"},
+            {"appletsecurityexception.checkexec", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uC2E4\uD589: {0}"},
+            {"appletsecurityexception.checklink", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uB9C1\uD06C: {0}"},
+            {"appletsecurityexception.checkpropsaccess", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uC18D\uC131"},
+            {"appletsecurityexception.checkpropsaccess.key", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uC18D\uC131 \uC561\uC138\uC2A4 {0}"},
+            {"appletsecurityexception.checkread.exception1", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: {0}, {1}"},
+            {"appletsecurityexception.checkread.exception2", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: file.read: {0}"},
+            {"appletsecurityexception.checkread", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: file.read: {0} == {1}"},
+            {"appletsecurityexception.checkwrite.exception", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: {0}, {1}"},
+            {"appletsecurityexception.checkwrite", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: file.write: {0} == {1}"},
+            {"appletsecurityexception.checkread.fd", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: fd.read"},
+            {"appletsecurityexception.checkwrite.fd", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: fd.write"},
+            {"appletsecurityexception.checklisten", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: socket.listen: {0}"},
+            {"appletsecurityexception.checkaccept", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: socket.accept: {0}:{1}"},
+            {"appletsecurityexception.checkconnect.networknone", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: socket.connect: {0}->{1}"},
+            {"appletsecurityexception.checkconnect.networkhost1", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: {1}\uC5D0\uC11C {0}\uC5D0 \uC811\uC18D\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."},
+            {"appletsecurityexception.checkconnect.networkhost2", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: {0} \uD638\uC2A4\uD2B8 \uB610\uB294 {1}\uC5D0 \uB300\uD55C IP\uB97C \uBD84\uC11D\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. "},
+            {"appletsecurityexception.checkconnect.networkhost3", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: {0} \uD638\uC2A4\uD2B8\uC5D0 \uB300\uD55C IP\uB97C \uBD84\uC11D\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4. trustProxy \uC18D\uC131\uC744 \uCC38\uC870\uD558\uC2ED\uC2DC\uC624."},
+            {"appletsecurityexception.checkconnect", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uC811\uC18D: {0}->{1}"},
+            {"appletsecurityexception.checkpackageaccess", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uD328\uD0A4\uC9C0\uC5D0 \uC561\uC138\uC2A4\uD560 \uC218 \uC5C6\uC74C: {0}"},
+            {"appletsecurityexception.checkpackagedefinition", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uD328\uD0A4\uC9C0\uB97C \uC815\uC758\uD560 \uC218 \uC5C6\uC74C: {0}"},
+            {"appletsecurityexception.cannotsetfactory", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uD329\uD1A0\uB9AC\uB97C \uC124\uC815\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."},
+            {"appletsecurityexception.checkmemberaccess", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uBA64\uBC84 \uC561\uC138\uC2A4\uB97C \uD655\uC778\uD558\uC2ED\uC2DC\uC624."},
+            {"appletsecurityexception.checkgetprintjob", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: getPrintJob"},
+            {"appletsecurityexception.checksystemclipboardaccess", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: getSystemClipboard"},
+            {"appletsecurityexception.checkawteventqueueaccess", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: getEventQueue"},
+            {"appletsecurityexception.checksecurityaccess", "\uBCF4\uC548 \uC608\uC678\uC0AC\uD56D: \uBCF4\uC548 \uC791\uC5C5: {0}"},
             {"appletsecurityexception.getsecuritycontext.unknown", "\uC54C \uC218 \uC5C6\uB294 \uD074\uB798\uC2A4 \uB85C\uB354 \uC720\uD615\uC785\uB2C8\uB2E4. getContext\uB97C \uD655\uC778\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."},
             {"appletsecurityexception.checkread.unknown", "\uC54C \uC218 \uC5C6\uB294 \uD074\uB798\uC2A4 \uB85C\uB354 \uC720\uD615\uC785\uB2C8\uB2E4. {0} \uC77D\uAE30\uB97C \uD655\uC778\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."},
             {"appletsecurityexception.checkconnect.unknown", "\uC54C \uC218 \uC5C6\uB294 \uD074\uB798\uC2A4 \uB85C\uB354 \uC720\uD615\uC785\uB2C8\uB2E4. \uC811\uC18D\uC744 \uD655\uC778\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4."},
--- a/src/share/classes/sun/awt/resources/awt_de.properties	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/awt/resources/awt_de.properties	Sun May 01 21:26:40 2016 -0700
@@ -44,7 +44,7 @@
 AWT.subtract=NumPad -
 AWT.decimal=NumPad .
 AWT.divide=NumPad /
-AWT.delete=Entf
+AWT.delete=L\u00F6schen
 AWT.numLock=Num
 AWT.scrollLock=Rollen
 AWT.f1=F1
--- a/src/share/classes/sun/invoke/util/VerifyAccess.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/invoke/util/VerifyAccess.java	Sun May 01 21:26:40 2016 -0700
@@ -168,22 +168,66 @@
      * @param refc
      */
     public static boolean isTypeVisible(Class<?> type, Class<?> refc) {
-        if (type == refc)  return true;  // easy check
+        if (type == refc) {
+            return true;  // easy check
+        }
         while (type.isArray())  type = type.getComponentType();
-        if (type.isPrimitive() || type == Object.class)  return true;
-        ClassLoader parent = type.getClassLoader();
-        if (parent == null)  return true;
-        ClassLoader child  = refc.getClassLoader();
-        if (child == null)  return false;
-        if (parent == child || loadersAreRelated(parent, child, true))
+        if (type.isPrimitive() || type == Object.class) {
             return true;
-        // Do it the hard way:  Look up the type name from the refc loader.
-        try {
-            Class<?> res = child.loadClass(type.getName());
-            return (type == res);
-        } catch (ClassNotFoundException ex) {
+        }
+        ClassLoader typeLoader = type.getClassLoader();
+        final ClassLoader refcLoader = refc.getClassLoader();
+        if (typeLoader == refcLoader) {
+            return true;
+        }
+        if (refcLoader == null && typeLoader != null) {
             return false;
         }
+        if (typeLoader == null && type.getName().startsWith("java.")) {
+            // Note:  The API for actually loading classes, ClassLoader.defineClass,
+            // guarantees that classes with names beginning "java." cannot be aliased,
+            // because class loaders cannot load them directly.
+            return true;
+        }
+
+        // Do it the hard way:  Look up the type name from the refc loader.
+        //
+        // Force the refc loader to report and commit to a particular binding for this type name (type.getName()).
+        //
+        // In principle, this query might force the loader to load some unrelated class,
+        // which would cause this query to fail (and the original caller to give up).
+        // This would be wasted effort, but it is expected to be very rare, occurring
+        // only when an attacker is attempting to create a type alias.
+        // In the normal case, one class loader will simply delegate to the other,
+        // and the same type will be visible through both, with no extra loading.
+        //
+        // It is important to go through Class.forName instead of ClassLoader.loadClass
+        // because Class.forName goes through the JVM system dictionary, which records
+        // the class lookup once for all. This means that even if a not-well-behaved class loader
+        // would "change its mind" about the meaning of the name, the Class.forName request
+        // will use the result cached in the JVM system dictionary. Note that the JVM system dictionary
+        // will record the first successful result. Unsuccessful results are not stored.
+        //
+        // We use doPrivileged in order to allow an unprivileged caller to ask an arbitrary
+        // class loader about the binding of the proposed name (type.getName()).
+        // The looked up type ("res") is compared for equality against the proposed
+        // type ("type") and then is discarded.  Thus, the worst that can happen to
+        // the "child" class loader is that it is bothered to load and report a class
+        // that differs from "type"; this happens once due to JVM system dictionary
+        // memoization.  And the caller never gets to look at the alternate type binding
+        // ("res"), whether it exists or not.
+        final String name = type.getName();
+        Class<?> res = java.security.AccessController.doPrivileged(
+                new java.security.PrivilegedAction<Class>() {
+                    public Class<?> run() {
+                        try {
+                            return Class.forName(name, false, refcLoader);
+                        } catch (ClassNotFoundException | LinkageError e) {
+                            return null; // Assume the class is not found
+                        }
+                    }
+            });
+        return (type == res);
     }
 
     /**
--- a/src/share/classes/sun/launcher/resources/launcher_ko.properties	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/launcher/resources/launcher_ko.properties	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -41,7 +41,7 @@
 \uC788\uC2B5\uB2C8\uB2E4.\n
 
 # Translators please note do not translate the options themselves
-java.launcher.X.macosx.usage=\n\uB2E4\uC74C\uC740 Mac OS X\uC5D0 \uD2B9\uC815\uB41C \uC635\uC158\uC785\uB2C8\uB2E4.\n    -XstartOnFirstThread\n                      \uCCAB\uBC88\uC9F8 (AppKit) \uC2A4\uB808\uB4DC\uC5D0 main() \uBA54\uC18C\uB4DC\uB97C \uC2E4\uD589\uD569\uB2C8\uB2E4.\n    -Xdock:name=<application name>"\n                      \uACE0\uC815\uC73C\uB85C \uD45C\uC2DC\uB41C \uAE30\uBCF8 \uC751\uC6A9 \uD504\uB85C\uADF8\uB7A8 \uC774\uB984\uC744 \uBB34\uD6A8\uD654\uD569\uB2C8\uB2E4.\n    -Xdock:icon=<path to icon file>\n                      \uACE0\uC815\uC73C\uB85C \uD45C\uC2DC\uB41C \uAE30\uBCF8 \uC544\uC774\uCF58\uC744 \uBB34\uD6A8\uD654\uD569\uB2C8\uB2E4.\n\n
+java.launcher.X.macosx.usage=\n\uB2E4\uC74C\uC740 Mac OS X\uC5D0 \uD2B9\uC815\uB41C \uC635\uC158\uC785\uB2C8\uB2E4.\n    -XstartOnFirstThread\n                      \uCCAB\uBC88\uC9F8 (AppKit) \uC2A4\uB808\uB4DC\uC5D0 main() \uBA54\uC18C\uB4DC\uB97C \uC2E4\uD589\uD569\uB2C8\uB2E4.\n    -Xdock:name=<application name>"\n                      \uACE0\uC815\uC73C\uB85C \uD45C\uC2DC\uB41C \uAE30\uBCF8 \uC560\uD50C\uB9AC\uCF00\uC774\uC158 \uC774\uB984\uC744 \uBB34\uD6A8\uD654\uD569\uB2C8\uB2E4.\n    -Xdock:icon=<path to icon file>\n                      \uACE0\uC815\uC73C\uB85C \uD45C\uC2DC\uB41C \uAE30\uBCF8 \uC544\uC774\uCF58\uC744 \uBB34\uD6A8\uD654\uD569\uB2C8\uB2E4.\n\n
 
 java.launcher.cls.error1=\uC624\uB958: \uAE30\uBCF8 \uD074\uB798\uC2A4 {0}\uC744(\uB97C) \uCC3E\uAC70\uB098 \uB85C\uB4DC\uD560 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4.
 java.launcher.cls.error2=\uC624\uB958: {1} \uD074\uB798\uC2A4\uC5D0\uC11C \uAE30\uBCF8 \uBA54\uC18C\uB4DC\uAC00 {0}\uC774(\uAC00) \uC544\uB2D9\uB2C8\uB2E4. \uB2E4\uC74C \uD615\uC2DD\uC73C\uB85C \uAE30\uBCF8 \uBA54\uC18C\uB4DC\uB97C \uC815\uC758\uD558\uC2ED\uC2DC\uC624.\n   public static void main(String[] args)
--- a/src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,9 +30,12 @@
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.Serializable;
 import java.lang.management.ManagementFactory;
 import java.net.InetAddress;
 import java.net.MalformedURLException;
+import java.net.Socket;
+import java.net.ServerSocket;
 import java.net.UnknownHostException;
 import java.rmi.NoSuchObjectException;
 import java.rmi.Remote;
@@ -40,6 +43,7 @@
 import java.rmi.registry.Registry;
 import java.rmi.server.RMIClientSocketFactory;
 import java.rmi.server.RMIServerSocketFactory;
+import java.rmi.server.RMISocketFactory;
 import java.rmi.server.RemoteObject;
 import java.rmi.server.UnicastRemoteObject;
 import java.security.KeyStore;
@@ -60,6 +64,8 @@
 import javax.management.remote.rmi.RMIConnectorServer;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManagerFactory;
 import javax.rmi.ssl.SslRMIClientSocketFactory;
 import javax.rmi.ssl.SslRMIServerSocketFactory;
@@ -68,6 +74,7 @@
 import com.sun.jmx.remote.internal.RMIExporter;
 import com.sun.jmx.remote.security.JMXPluggableAuthenticator;
 import com.sun.jmx.remote.util.ClassLogger;
+import com.sun.jmx.remote.util.EnvHelp;
 
 import sun.management.Agent;
 import sun.management.AgentConfigurationError;
@@ -107,6 +114,8 @@
 
         public static final String PORT =
                 "com.sun.management.jmxremote.port";
+        public static final String HOST =
+                "com.sun.management.jmxremote.host";
         public static final String RMI_PORT =
                 "com.sun.management.jmxremote.rmi.port";
         public static final String CONFIG_FILE_NAME =
@@ -425,10 +434,14 @@
             checkAccessFile(accessFileName);
         }
 
+        final String bindAddress =
+                props.getProperty(PropertyNames.HOST);
+
         if (log.debugOn()) {
             log.debug("startRemoteConnectorServer",
                     Agent.getText("jmxremote.ConnectorBootstrap.starting") +
                     "\n\t" + PropertyNames.PORT + "=" + port +
+                    (bindAddress == null ? "" : "\n\t" + PropertyNames.HOST + "=" + bindAddress) +
                     "\n\t" + PropertyNames.RMI_PORT + "=" + rmiPort +
                     "\n\t" + PropertyNames.USE_SSL + "=" + useSsl +
                     "\n\t" + PropertyNames.USE_REGISTRY_SSL + "=" + useRegistrySsl +
@@ -459,7 +472,7 @@
                     sslConfigFileName, enabledCipherSuitesList,
                     enabledProtocolsList, sslNeedClientAuth,
                     useAuthentication, loginConfigName,
-                    passwordFileName, accessFileName);
+                    passwordFileName, accessFileName, bindAddress);
             cs = data.jmxConnectorServer;
             url = data.jmxRemoteURL;
             log.config("startRemoteConnectorServer",
@@ -499,6 +512,9 @@
         // This RMI server should not keep the VM alive
         Map<String, Object> env = new HashMap<String, Object>();
         env.put(RMIExporter.EXPORTER_ATTRIBUTE, new PermanentExporter());
+        env.put(EnvHelp.CREDENTIAL_TYPES, new String[]{
+            String[].class.getName(), String.class.getName()
+        });
 
         // The local connector server need only be available via the
         // loopback connection.
@@ -629,12 +645,13 @@
             String sslConfigFileName,
             String[] enabledCipherSuites,
             String[] enabledProtocols,
-            boolean sslNeedClientAuth) {
+            boolean sslNeedClientAuth,
+            String bindAddress) {
         if (sslConfigFileName == null) {
-            return new SslRMIServerSocketFactory(
+            return new HostAwareSslSocketFactory(
                     enabledCipherSuites,
                     enabledProtocols,
-                    sslNeedClientAuth);
+                    sslNeedClientAuth, bindAddress);
         } else {
             checkRestrictedFile(sslConfigFileName);
             try {
@@ -697,11 +714,11 @@
                 SSLContext ctx = SSLContext.getInstance("SSL");
                 ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
 
-                return new SslRMIServerSocketFactory(
+                return new HostAwareSslSocketFactory(
                         ctx,
                         enabledCipherSuites,
                         enabledProtocols,
-                        sslNeedClientAuth);
+                        sslNeedClientAuth, bindAddress);
             } catch (Exception e) {
                 throw new AgentConfigurationError(AGENT_EXCEPTION, e, e.toString());
             }
@@ -721,7 +738,8 @@
             boolean useAuthentication,
             String loginConfigName,
             String passwordFileName,
-            String accessFileName)
+            String accessFileName,
+            String bindAddress)
             throws IOException, MalformedURLException {
 
         /* Make sure we use non-guessable RMI object IDs.  Otherwise
@@ -729,13 +747,18 @@
          * IDs.  */
         System.setProperty("java.rmi.server.randomIDs", "true");
 
-        JMXServiceURL url = new JMXServiceURL("rmi", null, rmiPort);
+        JMXServiceURL url = new JMXServiceURL("rmi", bindAddress, rmiPort);
 
         Map<String, Object> env = new HashMap<String, Object>();
 
         PermanentExporter exporter = new PermanentExporter();
 
         env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter);
+        env.put(EnvHelp.CREDENTIAL_TYPES, new String[]{
+            String[].class.getName(), String.class.getName()
+        });
+
+        boolean useSocketFactory = bindAddress != null && !useSsl;
 
         if (useAuthentication) {
             if (loginConfigName != null) {
@@ -761,7 +784,7 @@
             csf = new SslRMIClientSocketFactory();
             ssf = createSslRMIServerSocketFactory(
                     sslConfigFileName, enabledCipherSuites,
-                    enabledProtocols, sslNeedClientAuth);
+                    enabledProtocols, sslNeedClientAuth, bindAddress);
         }
 
         if (useSsl) {
@@ -771,6 +794,12 @@
                     ssf);
         }
 
+        if (useSocketFactory) {
+            ssf = new HostAwareSocketFactory(bindAddress);
+            env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE,
+                    ssf);
+        }
+
         JMXConnectorServer connServer = null;
         try {
             connServer =
@@ -790,6 +819,10 @@
             registry =
                     new SingleEntryRegistry(port, csf, ssf,
                     "jmxrmi", exporter.firstExported);
+        } else if (useSocketFactory) {
+            registry =
+                    new SingleEntryRegistry(port, csf, ssf,
+                    "jmxrmi", exporter.firstExported);
         } else {
             registry =
                     new SingleEntryRegistry(port,
@@ -823,4 +856,172 @@
     private static final ClassLogger log =
         new ClassLogger(ConnectorBootstrap.class.getPackage().getName(),
                         "ConnectorBootstrap");
+
+    private static class HostAwareSocketFactory implements RMIServerSocketFactory {
+
+        private final String bindAddress;
+
+        private HostAwareSocketFactory(String bindAddress) {
+             this.bindAddress = bindAddress;
+        }
+
+        @Override
+        public ServerSocket createServerSocket(int port) throws IOException {
+            if (bindAddress == null) {
+                return new ServerSocket(port);
+            } else {
+                try {
+                    InetAddress addr = InetAddress.getByName(bindAddress);
+                    return new ServerSocket(port, 0, addr);
+                } catch (UnknownHostException e) {
+                    return new ServerSocket(port);
+                }
+            }
+        }
+    }
+
+    private static class HostAwareSslSocketFactory extends SslRMIServerSocketFactory {
+
+        private final String bindAddress;
+        private final String[] enabledCipherSuites;
+        private final String[] enabledProtocols;
+        private final boolean needClientAuth;
+        private final SSLContext context;
+
+        private HostAwareSslSocketFactory(String[] enabledCipherSuites,
+                                          String[] enabledProtocols,
+                                          boolean sslNeedClientAuth,
+                                          String bindAddress) throws IllegalArgumentException {
+            this(null, enabledCipherSuites, enabledProtocols, sslNeedClientAuth, bindAddress);
+        }
+
+        private HostAwareSslSocketFactory(SSLContext ctx,
+                                          String[] enabledCipherSuites,
+                                          String[] enabledProtocols,
+                                          boolean sslNeedClientAuth,
+                                          String bindAddress) throws IllegalArgumentException {
+            this.context = ctx;
+            this.bindAddress = bindAddress;
+            this.enabledProtocols = enabledProtocols;
+            this.enabledCipherSuites = enabledCipherSuites;
+            this.needClientAuth = sslNeedClientAuth;
+            checkValues(ctx, enabledCipherSuites, enabledProtocols);
+        }
+
+        @Override
+        public ServerSocket createServerSocket(int port) throws IOException {
+            if (bindAddress != null) {
+                try {
+                    InetAddress addr = InetAddress.getByName(bindAddress);
+                    return new SslServerSocket(port, 0, addr, context,
+                                               enabledCipherSuites, enabledProtocols, needClientAuth);
+                } catch (UnknownHostException e) {
+                    return new SslServerSocket(port, context,
+                                               enabledCipherSuites, enabledProtocols, needClientAuth);
+                }
+            } else {
+                return new SslServerSocket(port, context,
+                                           enabledCipherSuites, enabledProtocols, needClientAuth);
+            }
+        }
+
+        private static void checkValues(SSLContext context,
+                                        String[] enabledCipherSuites,
+                                        String[] enabledProtocols) throws IllegalArgumentException {
+            // Force the initialization of the default at construction time,
+            // rather than delaying it to the first time createServerSocket()
+            // is called.
+            //
+            final SSLSocketFactory sslSocketFactory =
+                    context == null ?
+                        (SSLSocketFactory)SSLSocketFactory.getDefault() : context.getSocketFactory();
+            SSLSocket sslSocket = null;
+            if (enabledCipherSuites != null || enabledProtocols != null) {
+                try {
+                    sslSocket = (SSLSocket) sslSocketFactory.createSocket();
+                } catch (Exception e) {
+                    final String msg = "Unable to check if the cipher suites " +
+                            "and protocols to enable are supported";
+                    throw (IllegalArgumentException)
+                    new IllegalArgumentException(msg).initCause(e);
+                }
+            }
+
+            // Check if all the cipher suites and protocol versions to enable
+            // are supported by the underlying SSL/TLS implementation and if
+            // true create lists from arrays.
+            //
+            if (enabledCipherSuites != null) {
+                sslSocket.setEnabledCipherSuites(enabledCipherSuites);
+            }
+            if (enabledProtocols != null) {
+                sslSocket.setEnabledProtocols(enabledProtocols);
+            }
+        }
+    }
+
+    private static class SslServerSocket extends ServerSocket {
+
+        private static SSLSocketFactory defaultSSLSocketFactory;
+        private final String[] enabledCipherSuites;
+        private final String[] enabledProtocols;
+        private final boolean needClientAuth;
+        private final SSLContext context;
+
+        private SslServerSocket(int port,
+                                SSLContext ctx,
+                                String[] enabledCipherSuites,
+                                String[] enabledProtocols,
+                                boolean needClientAuth) throws IOException {
+            super(port);
+            this.enabledProtocols = enabledProtocols;
+            this.enabledCipherSuites = enabledCipherSuites;
+            this.needClientAuth = needClientAuth;
+            this.context = ctx;
+        }
+
+        private SslServerSocket(int port,
+                                int backlog,
+                                InetAddress bindAddr,
+                                SSLContext ctx,
+                                String[] enabledCipherSuites,
+                                String[] enabledProtocols,
+                                boolean needClientAuth) throws IOException {
+            super(port, backlog, bindAddr);
+            this.enabledProtocols = enabledProtocols;
+            this.enabledCipherSuites = enabledCipherSuites;
+            this.needClientAuth = needClientAuth;
+            this.context = ctx;
+        }
+
+        @Override
+        public Socket accept() throws IOException {
+            final SSLSocketFactory sslSocketFactory =
+                    context == null ?
+                        getDefaultSSLSocketFactory() : context.getSocketFactory();
+            Socket socket = super.accept();
+            SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
+                    socket, socket.getInetAddress().getHostName(),
+                    socket.getPort(), true);
+            sslSocket.setUseClientMode(false);
+            if (enabledCipherSuites != null) {
+                sslSocket.setEnabledCipherSuites(enabledCipherSuites);
+            }
+            if (enabledProtocols != null) {
+                sslSocket.setEnabledProtocols(enabledProtocols);
+            }
+            sslSocket.setNeedClientAuth(needClientAuth);
+            return sslSocket;
+        }
+
+        private static synchronized SSLSocketFactory getDefaultSSLSocketFactory() {
+            if (defaultSSLSocketFactory == null) {
+                defaultSSLSocketFactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
+                return defaultSSLSocketFactory;
+            } else {
+                return defaultSSLSocketFactory;
+            }
+        }
+
+    }
 }
--- a/src/share/classes/sun/management/resources/agent_ko.properties	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/management/resources/agent_ko.properties	Sun May 01 21:26:40 2016 -0700
@@ -1,6 +1,6 @@
 #
 #
-# Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@
 # these are the same as the non-localized level name.
 
 agent.err.error			   = \uC624\uB958
-agent.err.exception                = \uC5D0\uC774\uC804\uD2B8\uC5D0 \uC608\uC678 \uC0AC\uD56D\uC774 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. 
+agent.err.exception                = \uC5D0\uC774\uC804\uD2B8\uC5D0 \uC608\uC678\uC0AC\uD56D\uC774 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. 
 agent.err.warning		   = \uACBD\uACE0
 
 agent.err.configfile.notfound      = \uAD6C\uC131 \uD30C\uC77C\uC744 \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/misc/JavaObjectInputStreamAccess.java	Sun May 01 21:26:40 2016 -0700
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.misc;
+
+import java.io.ObjectInputStream;
+
+/**
+ * The interface to specify methods for accessing {@code ObjectInputStream}
+ * @author sjiang
+ */
+public interface JavaObjectInputStreamAccess {
+    /**
+     * Sets a descriptor validating.
+     * @param ois stream to have the descriptors validated
+     * @param validator validator used to validate a descriptor.
+     */
+    public void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator);
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/misc/ObjectStreamClassValidator.java	Sun May 01 21:26:40 2016 -0700
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.misc;
+
+import java.io.ObjectStreamClass;
+
+/**
+ * A callback used by {@code ObjectInputStream} to do descriptor validation.
+ *
+ * @author sjiang
+ */
+public interface ObjectStreamClassValidator {
+    /**
+     * This method will be called by ObjectInputStream to
+     * check a descriptor just before creating an object described by this descriptor.
+     * The object will not be created if this method throws a {@code RuntimeException}.
+     * @param descriptor descriptor to be checked.
+     */
+    public void validateDescriptor(ObjectStreamClass descriptor);
+}
--- a/src/share/classes/sun/misc/SharedSecrets.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/misc/SharedSecrets.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,6 +28,7 @@
 import java.util.jar.JarFile;
 import java.io.Console;
 import java.io.FileDescriptor;
+import java.io.ObjectInputStream;
 import java.security.ProtectionDomain;
 import java.util.zip.Adler32;
 import javax.security.auth.kerberos.KeyTab;
@@ -58,6 +59,7 @@
     private static JavaUtilZipAccess javaUtilZipAccess;
     private static JavaUtilZipFileAccess javaUtilZipFileAccess;
     private static JavaAWTAccess javaAWTAccess;
+    private static JavaObjectInputStreamAccess javaObjectInputStreamAccess;
 
     public static JavaUtilJarAccess javaUtilJarAccess() {
         if (javaUtilJarAccess == null) {
@@ -199,4 +201,15 @@
         // provision for.
         return javaAWTAccess;
     }
+
+    public static JavaObjectInputStreamAccess getJavaObjectInputStreamAccess() {
+        if (javaObjectInputStreamAccess == null) {
+            unsafe.ensureClassInitialized(ObjectInputStream.class);
+        }
+        return javaObjectInputStreamAccess;
+    }
+
+    public static void setJavaObjectInputStreamAccess(JavaObjectInputStreamAccess access) {
+        javaObjectInputStreamAccess = access;
+    }
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/rmi/server/DeserializationChecker.java	Sun May 01 21:26:40 2016 -0700
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.rmi.server;
+
+import java.io.ObjectStreamClass;
+import java.lang.reflect.Method;
+
+/**
+ * Implementing this interface to have a deserialization control when RMI
+ * dispatches a remote request. If an exported object implements this interface,
+ * RMI dispatching mechanism will call the method {@code check} every time
+ * deserialising a remote object for invoking a method of the exported object.
+ *
+ * @author sjiang
+ */
+public interface DeserializationChecker {
+    /**
+     * Will be called to check a descriptor.
+     * This method may be called 2 times, the first time is when a descriptor is read
+     * from the stream, the second is just before creating an object described
+     * by this descriptor.
+     *
+     * @param method the method invoked from a remote request.
+     * @param descriptor The descriptor of the class of any object deserialised
+     *  while deserialising the parameter. The first descriptor will be that of
+     *  the top level object (the concrete class of the parameter itself);
+     *  Subsequent calls with the same {@code method}, {@code paramIndex} and
+     *  {@code callID} will correspond to objects contained in the parameter.
+     * @param paramIndex an index indicates the position of a parameter in the
+     * method. This index will be reused for deserialising all
+     * objects contained in the parameter object. For example, the parameter
+     * being deserialised is a {@code List}, all deserialisation calls for its
+     * elements will have same index.
+     * @param callID a unique ID identifying one
+     * time method invocation, the same ID is used for deserialization call of
+     * all parameters within the method.
+     */
+    public void check(Method method,
+            ObjectStreamClass descriptor,
+            int paramIndex,
+            int callID);
+
+    /**
+     * Will be called to validate a Proxy interfaces from a remote user before loading it.
+     * @param method the method invoked from a remote request.
+     * @param ifaces a string table of all interfaces implemented by the proxy to be checked.
+     * @param paramIndex an index indicates the position of a parameter in the
+     * method. This index will be reused for deserialising all
+     * objects contained in the parameter object. For example, the parameter
+     * being deserialised is a {@code List}, all deserialisation calls for its
+     * elements will have same index.
+     * @param callID a unique ID identifying one
+     * time method invocation, the same ID is used for deserialization call of
+     * all parameters within the method.
+     */
+    public void checkProxyClass(Method method,
+            String[] ifaces,
+            int paramIndex,
+            int callID);
+
+    /**
+     * Inform of the completion of parameter deserialisation for a method invocation.
+     * This is useful if the last parameter is a complex  object, like a {@code List}
+     * which elements are complex object too.
+     *
+     * The default implementation does nothing.
+     * @param callID the ID identifying a method invocation.
+     */
+    public void end(int callID);
+}
--- a/src/share/classes/sun/rmi/server/MarshalInputStream.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/rmi/server/MarshalInputStream.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,12 +30,12 @@
 import java.io.ObjectInputStream;
 import java.io.ObjectStreamClass;
 import java.io.StreamCorruptedException;
-import java.net.URL;
 import java.util.*;
 import java.security.AccessControlException;
 import java.security.Permission;
-
 import java.rmi.server.RMIClassLoader;
+import sun.misc.ObjectStreamClassValidator;
+import sun.misc.SharedSecrets;
 
 /**
  * MarshalInputStream is an extension of ObjectInputStream.  When resolving
@@ -53,6 +53,11 @@
  * @author      Peter Jones
  */
 public class MarshalInputStream extends ObjectInputStream {
+    interface StreamChecker extends ObjectStreamClassValidator {
+        void checkProxyInterfaceNames(String[] ifaces);
+    }
+
+    private volatile StreamChecker streamChecker = null;
 
     /**
      * Value of "java.rmi.server.useCodebaseOnly" property,
@@ -122,7 +127,7 @@
         throws IOException, StreamCorruptedException
     {
         super(in);
-    }
+                    }
 
     /**
      * Returns a callback previously registered via the setDoneCallback
@@ -239,6 +244,11 @@
     protected Class<?> resolveProxyClass(String[] interfaces)
         throws IOException, ClassNotFoundException
     {
+        StreamChecker checker = streamChecker;
+        if (checker != null) {
+            checker.checkProxyInterfaceNames(interfaces);
+        }
+
         /*
          * Always read annotation written by MarshalOutputStream.
          */
@@ -318,4 +328,28 @@
     void useCodebaseOnly() {
         useCodebaseOnly = true;
     }
+
+    synchronized void setStreamChecker(StreamChecker checker) {
+        streamChecker = checker;
+        SharedSecrets.getJavaObjectInputStreamAccess().setValidator(this, checker);
+    }
+    @Override
+    protected ObjectStreamClass readClassDescriptor() throws IOException,
+            ClassNotFoundException {
+        ObjectStreamClass descriptor = super.readClassDescriptor();
+
+        validateDesc(descriptor);
+
+        return descriptor;
+    }
+
+    private void validateDesc(ObjectStreamClass descriptor) {
+        StreamChecker checker;
+        synchronized (this) {
+            checker = streamChecker;
+        }
+        if (checker != null) {
+            checker.validateDescriptor(descriptor);
+        }
+    }
 }
--- a/src/share/classes/sun/rmi/server/UnicastServerRef.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/rmi/server/UnicastServerRef.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@
 import java.io.IOException;
 import java.io.ObjectInput;
 import java.io.ObjectOutput;
-import java.io.PrintStream;
+import java.io.ObjectStreamClass;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.rmi.MarshalException;
@@ -52,7 +52,9 @@
 import java.util.HashMap;
 import java.util.Map;
 import java.util.WeakHashMap;
+import java.util.concurrent.atomic.AtomicInteger;
 import sun.rmi.runtime.Log;
+import static sun.rmi.server.UnicastRef.marshalValue;
 import sun.rmi.transport.LiveRef;
 import sun.rmi.transport.Target;
 import sun.rmi.transport.tcp.TCPTransport;
@@ -117,6 +119,8 @@
     private static final Map<Class<?>,?> withoutSkeletons =
         Collections.synchronizedMap(new WeakHashMap<Class<?>,Void>());
 
+    private final AtomicInteger methodCallIDCount = new AtomicInteger(0);
+
     /**
      * Create a new (empty) Unicast server remote reference.
      */
@@ -298,14 +302,11 @@
             logCall(obj, method);
 
             // unmarshal parameters
-            Class[] types = method.getParameterTypes();
-            Object[] params = new Object[types.length];
+            Object[] params = null;
 
             try {
                 unmarshalCustomCallData(in);
-                for (int i = 0; i < types.length; i++) {
-                    params[i] = unmarshalValue(types[i], in);
-                }
+                params = unmarshalParameters(obj, method, marshalStream);
             } catch (java.io.IOException e) {
                 throw new UnmarshalException(
                     "error unmarshalling arguments", e);
@@ -566,4 +567,85 @@
             return map;
         }
     }
+
+    /**
+     * Unmarshal parameters for the given method of the given instance over
+     * the given marshalinputstream. Perform any necessary checks.
+     */
+    private Object[] unmarshalParameters(Object obj, Method method, MarshalInputStream in)
+    throws IOException, ClassNotFoundException {
+        return (obj instanceof DeserializationChecker) ?
+            unmarshalParametersChecked((DeserializationChecker)obj, method, in) :
+            unmarshalParametersUnchecked(method, in);
+    }
+
+    /**
+     * Unmarshal parameters for the given method of the given instance over
+     * the given marshalinputstream. Do not perform any additional checks.
+     */
+    private Object[] unmarshalParametersUnchecked(Method method, ObjectInput in)
+    throws IOException, ClassNotFoundException {
+        Class<?>[] types = method.getParameterTypes();
+        Object[] params = new Object[types.length];
+        for (int i = 0; i < types.length; i++) {
+            params[i] = unmarshalValue(types[i], in);
+        }
+        return params;
+    }
+
+    /**
+     * Unmarshal parameters for the given method of the given instance over
+     * the given marshalinputstream. Do perform all additional checks.
+     */
+    private Object[] unmarshalParametersChecked(
+        DeserializationChecker checker,
+        Method method, MarshalInputStream in)
+    throws IOException, ClassNotFoundException {
+        int callID = methodCallIDCount.getAndIncrement();
+        MyChecker myChecker = new MyChecker(checker, method, callID);
+        in.setStreamChecker(myChecker);
+        try {
+            Class<?>[] types = method.getParameterTypes();
+            Object[] values = new Object[types.length];
+            for (int i = 0; i < types.length; i++) {
+                myChecker.setIndex(i);
+                values[i] = unmarshalValue(types[i], in);
+            }
+            myChecker.end(callID);
+            return values;
+        } finally {
+            in.setStreamChecker(null);
+        }
+    }
+
+    private static class MyChecker implements MarshalInputStream.StreamChecker {
+        private final DeserializationChecker descriptorCheck;
+        private final Method method;
+        private final int callID;
+        private int parameterIndex;
+
+        MyChecker(DeserializationChecker descriptorCheck, Method method, int callID) {
+            this.descriptorCheck = descriptorCheck;
+            this.method = method;
+            this.callID = callID;
+        }
+
+        @Override
+        public void validateDescriptor(ObjectStreamClass descriptor) {
+            descriptorCheck.check(method, descriptor, parameterIndex, callID);
+        }
+
+        @Override
+        public void checkProxyInterfaceNames(String[] ifaces) {
+            descriptorCheck.checkProxyClass(method, ifaces, parameterIndex, callID);
+        }
+
+        void setIndex(int parameterIndex) {
+            this.parameterIndex = parameterIndex;
+        }
+
+        void end(int callId) {
+            descriptorCheck.end(callId);
+        }
+    }
 }
--- a/src/share/classes/sun/rmi/server/resources/rmid_ko.properties	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/rmi/server/resources/rmid_ko.properties	Sun May 01 21:26:40 2016 -0700
@@ -1,6 +1,6 @@
 #
 #
-# Copyright (c) 1998, 2005, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -47,7 +47,7 @@
 
 # {0} = the (string) reason text that came with a thrown exception
 # "Activation.main" should not be translated, because it's a codepoint
-rmid.unexpected.exception=Activation.main: \uC608\uC678 \uC0AC\uD56D \uBC1C\uC0DD: {0}
+rmid.unexpected.exception=Activation.main: \uC608\uC678\uC0AC\uD56D \uBC1C\uC0DD: {0}
 
 # "java.home" should not be translated, because it's a property name
 # "ActivatorImpl" should not be translated, because it's a codepoint
@@ -60,7 +60,7 @@
 rmid.exec.policy.invalid=Activation.main: \uC2E4\uD589 \uC815\uCC45 \uD074\uB798\uC2A4\uAC00 \uBD80\uC801\uD569\uD569\uB2C8\uB2E4.
 
 # "rmid" should not be translated
-rmid.exec.policy.exception=rmid: \uC2E4\uD589 \uC815\uCC45\uC744 \uAC00\uC838\uC624\uB824\uB294 \uC2DC\uB3C4\uB85C \uBC1C\uC0DD\uD55C \uC608\uC678 \uC0AC\uD56D:
+rmid.exec.policy.exception=rmid: \uC2E4\uD589 \uC815\uCC45\uC744 \uAC00\uC838\uC624\uB824\uB294 \uC2DC\uB3C4\uB85C \uBC1C\uC0DD\uD55C \uC608\uC678\uC0AC\uD56D:
 
 # "rmid" should not be translated
 rmid.exec.command=rmid: debugExec: "{0}" \uC2E4\uD589 \uC911
--- a/src/share/classes/sun/security/ec/ECDSASignature.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/ec/ECDSASignature.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,6 +44,7 @@
  *
  *   . "NONEwithECDSA"
  *   . "SHA1withECDSA"
+ *   . "SHA224withECDSA"
  *   . "SHA256withECDSA"
  *   . "SHA384withECDSA"
  *   . "SHA512withECDSA"
@@ -165,6 +166,13 @@
         }
     }
 
+    // Nested class for SHA224withECDSA signatures
+    public static final class SHA224 extends ECDSASignature {
+        public SHA224() {
+           super("SHA-224");
+        }
+    }
+
     // Nested class for SHA256withECDSA signatures
     public static final class SHA256 extends ECDSASignature {
         public SHA256() {
--- a/src/share/classes/sun/security/ec/SunECEntries.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/ec/SunECEntries.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -133,17 +133,34 @@
             "sun.security.ec.ECDSASignature$Raw");
         map.put("Signature.SHA1withECDSA",
             "sun.security.ec.ECDSASignature$SHA1");
+        map.put("Alg.Alias.Signature.OID.1.2.840.10045.4.1", "SHA1withECDSA");
+        map.put("Alg.Alias.Signature.1.2.840.10045.4.1", "SHA1withECDSA");
+
+        map.put("Signature.SHA224withECDSA",
+            "sun.security.ec.ECDSASignature$SHA224");
+        map.put("Alg.Alias.Signature.OID.1.2.840.10045.4.3.1", "SHA224withECDSA");
+        map.put("Alg.Alias.Signature.1.2.840.10045.4.3.1", "SHA224withECDSA");
+
         map.put("Signature.SHA256withECDSA",
             "sun.security.ec.ECDSASignature$SHA256");
+        map.put("Alg.Alias.Signature.OID.1.2.840.10045.4.3.2", "SHA256withECDSA");
+        map.put("Alg.Alias.Signature.1.2.840.10045.4.3.2", "SHA256withECDSA");
+
         map.put("Signature.SHA384withECDSA",
             "sun.security.ec.ECDSASignature$SHA384");
+        map.put("Alg.Alias.Signature.OID.1.2.840.10045.4.3.3", "SHA384withECDSA");
+        map.put("Alg.Alias.Signature.1.2.840.10045.4.3.3", "SHA384withECDSA");
+
         map.put("Signature.SHA512withECDSA",
             "sun.security.ec.ECDSASignature$SHA512");
+        map.put("Alg.Alias.Signature.OID.1.2.840.10045.4.3.4", "SHA512withECDSA");
+        map.put("Alg.Alias.Signature.1.2.840.10045.4.3.4", "SHA512withECDSA");
 
         String ecKeyClasses = "java.security.interfaces.ECPublicKey" +
                 "|java.security.interfaces.ECPrivateKey";
         map.put("Signature.NONEwithECDSA SupportedKeyClasses", ecKeyClasses);
         map.put("Signature.SHA1withECDSA SupportedKeyClasses", ecKeyClasses);
+        map.put("Signature.SHA224withECDSA SupportedKeyClasses", ecKeyClasses);
         map.put("Signature.SHA256withECDSA SupportedKeyClasses", ecKeyClasses);
         map.put("Signature.SHA384withECDSA SupportedKeyClasses", ecKeyClasses);
         map.put("Signature.SHA512withECDSA SupportedKeyClasses", ecKeyClasses);
@@ -152,6 +169,7 @@
 
         map.put("Signature.NONEwithECDSA ImplementedIn", "Software");
         map.put("Signature.SHA1withECDSA ImplementedIn", "Software");
+        map.put("Signature.SHA224withECDSA ImplementedIn", "Software");
         map.put("Signature.SHA256withECDSA ImplementedIn", "Software");
         map.put("Signature.SHA384withECDSA ImplementedIn", "Software");
         map.put("Signature.SHA512withECDSA ImplementedIn", "Software");
--- a/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/jgss/wrapper/GSSNameElement.java	Sun May 01 21:26:40 2016 -0700
@@ -159,7 +159,9 @@
             int atPos = krbName.lastIndexOf('@');
             if (atPos != -1) {
                 String atRealm = krbName.substring(atPos);
-                if (nameType.equals(GSSUtil.NT_GSS_KRB5_PRINCIPAL)
+                // getNativeNameType() can modify NT_GSS_KRB5_PRINCIPAL to null
+                if ((nameType == null
+                            || nameType.equals(GSSUtil.NT_GSS_KRB5_PRINCIPAL))
                         && new String(nameBytes).endsWith(atRealm)) {
                     // Created from Kerberos name with realm, no need to check
                 } else {
--- a/src/share/classes/sun/security/pkcs11/P11Cipher.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/pkcs11/P11Cipher.java	Sun May 01 21:26:40 2016 -0700
@@ -165,6 +165,10 @@
     // if we do the padding
     private int bytesBuffered;
 
+    // length of key size in bytes; currently only used by AES given its oid
+    // specification mandates a fixed size of the key
+    private int fixedKeySize = -1;
+
     P11Cipher(Token token, String algorithm, long mechanism)
             throws PKCS11Exception, NoSuchAlgorithmException {
         super();
@@ -173,19 +177,26 @@
         this.mechanism = mechanism;
 
         String algoParts[] = algorithm.split("/");
-        keyAlgorithm = algoParts[0];
 
-        if (keyAlgorithm.equals("AES")) {
+        if (algoParts[0].startsWith("AES")) {
             blockSize = 16;
-        } else if (keyAlgorithm.equals("RC4") ||
-                keyAlgorithm.equals("ARCFOUR")) {
-            blockSize = 0;
-        } else { // DES, DESede, Blowfish
-            blockSize = 8;
+            int index = algoParts[0].indexOf('_');
+            if (index != -1) {
+                // should be well-formed since we specify what we support
+                fixedKeySize = Integer.parseInt(algoParts[0].substring(index+1))/8;
+            }
+            keyAlgorithm = "AES";
+        } else {
+            keyAlgorithm = algoParts[0];
+            if (keyAlgorithm.equals("RC4") ||
+                    keyAlgorithm.equals("ARCFOUR")) {
+                blockSize = 0;
+            } else { // DES, DESede, Blowfish
+                blockSize = 8;
+            }
+            this.blockMode =
+                (algoParts.length > 1 ? parseMode(algoParts[1]) : MODE_ECB);
         }
-        this.blockMode =
-                (algoParts.length > 1 ? parseMode(algoParts[1]) : MODE_ECB);
-
         String defPadding = (blockSize == 0 ? "NoPadding" : "PKCS5Padding");
         String paddingStr =
                 (algoParts.length > 2 ? algoParts[2] : defPadding);
@@ -334,6 +345,9 @@
             SecureRandom random)
             throws InvalidKeyException, InvalidAlgorithmParameterException {
         cancelOperation();
+        if (fixedKeySize != -1 && key.getEncoded().length != fixedKeySize) {
+            throw new InvalidKeyException("Key size is invalid");
+        }
         switch (opmode) {
             case Cipher.ENCRYPT_MODE:
                 encrypt = true;
--- a/src/share/classes/sun/security/pkcs11/P11Digest.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/pkcs11/P11Digest.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,7 +39,7 @@
 
 /**
  * MessageDigest implementation class. This class currently supports
- * MD2, MD5, SHA-1, SHA-256, SHA-384, and SHA-512.
+ * MD2, MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.
  *
  * Note that many digest operations are on fairly small amounts of data
  * (less than 100 bytes total). For example, the 2nd hashing in HMAC or
@@ -49,13 +49,12 @@
  * @author  Andreas Sterbenz
  * @since   1.5
  */
-final class P11Digest extends MessageDigestSpi {
+final class P11Digest extends MessageDigestSpi implements Cloneable {
 
-    /* unitialized, fields uninitialized, no session acquired */
+    /* fields initialized, no session acquired */
     private final static int S_BLANK    = 1;
 
-    // data in buffer, all fields valid, session acquired
-    // but digest not initialized
+    /* data in buffer, session acquired, but digest not initialized */
     private final static int S_BUFFERED = 2;
 
     /* session initialized for digesting */
@@ -69,8 +68,8 @@
     // algorithm name
     private final String algorithm;
 
-    // mechanism id
-    private final long mechanism;
+    // mechanism id object
+    private final CK_MECHANISM mechanism;
 
     // length of the digest in bytes
     private final int digestLength;
@@ -81,11 +80,8 @@
     // current state, one of S_* above
     private int state;
 
-    // one byte buffer for the update(byte) method, initialized on demand
-    private byte[] oneByte;
-
     // buffer to reduce number of JNI calls
-    private final byte[] buffer;
+    private byte[] buffer;
 
     // offset into the buffer
     private int bufOfs;
@@ -94,7 +90,7 @@
         super();
         this.token = token;
         this.algorithm = algorithm;
-        this.mechanism = mechanism;
+        this.mechanism = new CK_MECHANISM(mechanism);
         switch ((int)mechanism) {
         case (int)CKM_MD2:
         case (int)CKM_MD5:
@@ -103,6 +99,9 @@
         case (int)CKM_SHA_1:
             digestLength = 20;
             break;
+        case (int)CKM_SHA224:
+            digestLength = 28;
+            break;
         case (int)CKM_SHA256:
             digestLength = 32;
             break;
@@ -117,7 +116,6 @@
         }
         buffer = new byte[BUFFER_SIZE];
         state = S_BLANK;
-        engineReset();
     }
 
     // see JCA spec
@@ -125,44 +123,31 @@
         return digestLength;
     }
 
-    private void cancelOperation() {
-        token.ensureValid();
-        if (session == null) {
-            return;
-        }
-        if ((state != S_INIT) || (token.explicitCancel == false)) {
-            return;
-        }
-        // need to explicitly "cancel" active op by finishing it
-        try {
-            token.p11.C_DigestFinal(session.id(), buffer, 0, buffer.length);
-        } catch (PKCS11Exception e) {
-            throw new ProviderException("cancel() failed", e);
-        } finally {
-            state = S_BUFFERED;
-        }
-    }
-
     private void fetchSession() {
         token.ensureValid();
         if (state == S_BLANK) {
-            engineReset();
+            try {
+                session = token.getOpSession();
+                state = S_BUFFERED;
+            } catch (PKCS11Exception e) {
+                throw new ProviderException("No more session available", e);
+            }
         }
     }
 
     // see JCA spec
     protected void engineReset() {
-        try {
-            cancelOperation();
-            bufOfs = 0;
-            if (session == null) {
-                session = token.getOpSession();
+        token.ensureValid();
+
+        if (session != null) {
+            if (state == S_INIT && token.explicitCancel == true) {
+                session = token.killSession(session);
+            } else {
+                session = token.releaseSession(session);
             }
-            state = S_BUFFERED;
-        } catch (PKCS11Exception e) {
-            state = S_BLANK;
-            throw new ProviderException("reset() failed, ", e);
         }
+        state = S_BLANK;
+        bufOfs = 0;
     }
 
     // see JCA spec
@@ -180,18 +165,22 @@
     protected int engineDigest(byte[] digest, int ofs, int len)
             throws DigestException {
         if (len < digestLength) {
-            throw new DigestException("Length must be at least " + digestLength);
+            throw new DigestException("Length must be at least " +
+                    digestLength);
         }
+
         fetchSession();
         try {
             int n;
             if (state == S_BUFFERED) {
-                n = token.p11.C_DigestSingle(session.id(),
-                        new CK_MECHANISM(mechanism),
-                        buffer, 0, bufOfs, digest, ofs, len);
+                n = token.p11.C_DigestSingle(session.id(), mechanism, buffer, 0,
+                        bufOfs, digest, ofs, len);
+                bufOfs = 0;
             } else {
                 if (bufOfs != 0) {
-                    doUpdate(buffer, 0, bufOfs);
+                    token.p11.C_DigestUpdate(session.id(), 0, buffer, 0,
+                            bufOfs);
+                    bufOfs = 0;
                 }
                 n = token.p11.C_DigestFinal(session.id(), digest, ofs, len);
             }
@@ -202,36 +191,44 @@
         } catch (PKCS11Exception e) {
             throw new ProviderException("digest() failed", e);
         } finally {
-            state = S_BLANK;
-            bufOfs = 0;
-            session = token.releaseSession(session);
+            engineReset();
         }
     }
 
     // see JCA spec
     protected void engineUpdate(byte in) {
-        if (oneByte == null) {
-            oneByte = new byte[1];
-        }
-        oneByte[0] = in;
-        engineUpdate(oneByte, 0, 1);
+        byte[] temp = { in };
+        engineUpdate(temp, 0, 1);
     }
 
     // see JCA spec
     protected void engineUpdate(byte[] in, int ofs, int len) {
-        fetchSession();
         if (len <= 0) {
             return;
         }
-        if ((bufOfs != 0) && (bufOfs + len > buffer.length)) {
-            doUpdate(buffer, 0, bufOfs);
-            bufOfs = 0;
-        }
-        if (bufOfs + len > buffer.length) {
-            doUpdate(in, ofs, len);
-        } else {
-            System.arraycopy(in, ofs, buffer, bufOfs, len);
-            bufOfs += len;
+
+        fetchSession();
+        try {
+            if (state == S_BUFFERED) {
+                token.p11.C_DigestInit(session.id(), mechanism);
+                state = S_INIT;
+            }
+            if ((bufOfs != 0) && (bufOfs + len > buffer.length)) {
+                // process the buffered data
+                token.p11.C_DigestUpdate(session.id(), 0, buffer, 0, bufOfs);
+                bufOfs = 0;
+            }
+            if (bufOfs + len > buffer.length) {
+                // process the new data
+                token.p11.C_DigestUpdate(session.id(), 0, in, ofs, len);
+             } else {
+                // buffer the new data
+                System.arraycopy(in, ofs, buffer, bufOfs, len);
+                bufOfs += len;
+            }
+        } catch (PKCS11Exception e) {
+            engineReset();
+            throw new ProviderException("update() failed", e);
         }
     }
 
@@ -239,11 +236,7 @@
     // the master secret is sensitive. We may want to consider making this
     // method public in a future release.
     protected void implUpdate(SecretKey key) throws InvalidKeyException {
-        fetchSession();
-        if (bufOfs != 0) {
-            doUpdate(buffer, 0, bufOfs);
-            bufOfs = 0;
-        }
+
         // SunJSSE calls this method only if the key does not have a RAW
         // encoding, i.e. if it is sensitive. Therefore, no point in calling
         // SecretKeyFactory to try to convert it. Just verify it ourselves.
@@ -252,60 +245,77 @@
         }
         P11Key p11Key = (P11Key)key;
         if (p11Key.token != token) {
-            throw new InvalidKeyException("Not a P11Key of this provider: " + key);
+            throw new InvalidKeyException("Not a P11Key of this provider: " +
+                    key);
         }
+
+        fetchSession();
         try {
             if (state == S_BUFFERED) {
-                token.p11.C_DigestInit(session.id(), new CK_MECHANISM(mechanism));
+                token.p11.C_DigestInit(session.id(), mechanism);
                 state = S_INIT;
             }
+
+            if (bufOfs != 0) {
+                token.p11.C_DigestUpdate(session.id(), 0, buffer, 0, bufOfs);
+                bufOfs = 0;
+            }
             token.p11.C_DigestKey(session.id(), p11Key.keyID);
         } catch (PKCS11Exception e) {
+            engineReset();
             throw new ProviderException("update(SecretKey) failed", e);
         }
     }
 
     // see JCA spec
     protected void engineUpdate(ByteBuffer byteBuffer) {
-        fetchSession();
         int len = byteBuffer.remaining();
         if (len <= 0) {
             return;
         }
+
         if (byteBuffer instanceof DirectBuffer == false) {
             super.engineUpdate(byteBuffer);
             return;
         }
+
+        fetchSession();
         long addr = ((DirectBuffer)byteBuffer).address();
         int ofs = byteBuffer.position();
         try {
             if (state == S_BUFFERED) {
-                token.p11.C_DigestInit(session.id(), new CK_MECHANISM(mechanism));
+                token.p11.C_DigestInit(session.id(), mechanism);
                 state = S_INIT;
-                if (bufOfs != 0) {
-                    doUpdate(buffer, 0, bufOfs);
-                    bufOfs = 0;
-                }
+            }
+            if (bufOfs != 0) {
+                token.p11.C_DigestUpdate(session.id(), 0, buffer, 0, bufOfs);
+                bufOfs = 0;
             }
             token.p11.C_DigestUpdate(session.id(), addr + ofs, null, 0, len);
             byteBuffer.position(ofs + len);
         } catch (PKCS11Exception e) {
+            engineReset();
             throw new ProviderException("update() failed", e);
         }
     }
 
-    private void doUpdate(byte[] in, int ofs, int len) {
-        if (len <= 0) {
-            return;
+    public Object clone() throws CloneNotSupportedException {
+        P11Digest copy = (P11Digest) super.clone();
+        copy.buffer = buffer.clone();
+        try {
+            if (session != null) {
+                copy.session = copy.token.getOpSession();
+            }
+            if (state == S_INIT) {
+                byte[] stateValues =
+                    token.p11.C_GetOperationState(session.id());
+                token.p11.C_SetOperationState(copy.session.id(),
+                                              stateValues, 0, 0);
+            }
+        } catch (PKCS11Exception e) {
+            throw (CloneNotSupportedException)
+                (new CloneNotSupportedException(algorithm).initCause(e));
         }
-        try {
-            if (state == S_BUFFERED) {
-                token.p11.C_DigestInit(session.id(), new CK_MECHANISM(mechanism));
-                state = S_INIT;
-            }
-            token.p11.C_DigestUpdate(session.id(), 0, in, ofs, len);
-        } catch (PKCS11Exception e) {
-            throw new ProviderException("update() failed", e);
-        }
+        return copy;
     }
 }
--- a/src/share/classes/sun/security/pkcs11/P11Mac.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/pkcs11/P11Mac.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,8 +40,8 @@
 
 /**
  * MAC implementation class. This class currently supports HMAC using
- * MD5, SHA-1, SHA-256, SHA-384, and SHA-512 and the SSL3 MAC using MD5
- * and SHA-1.
+ * MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 and the SSL3 MAC
+ * using MD5 and SHA-1.
  *
  * Note that unlike other classes (e.g. Signature), this does not
  * composite various operations if the token only supports part of the
@@ -107,6 +107,9 @@
         case (int)CKM_SHA_1_HMAC:
             macLength = 20;
             break;
+        case (int)CKM_SHA224_HMAC:
+            macLength = 28;
+            break;
         case (int)CKM_SHA256_HMAC:
             macLength = 32;
             break;
--- a/src/share/classes/sun/security/pkcs11/P11Signature.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/pkcs11/P11Signature.java	Sun May 01 21:26:40 2016 -0700
@@ -54,12 +54,14 @@
  *   . MD2withRSA
  *   . MD5withRSA
  *   . SHA1withRSA
+ *   . SHA224withRSA
  *   . SHA256withRSA
  *   . SHA384withRSA
  *   . SHA512withRSA
  * . ECDSA
  *   . NONEwithECDSA
  *   . SHA1withECDSA
+ *   . SHA224withECDSA
  *   . SHA256withECDSA
  *   . SHA384withECDSA
  *   . SHA512withECDSA
@@ -144,6 +146,7 @@
         case (int)CKM_MD2_RSA_PKCS:
         case (int)CKM_MD5_RSA_PKCS:
         case (int)CKM_SHA1_RSA_PKCS:
+        case (int)CKM_SHA224_RSA_PKCS:
         case (int)CKM_SHA256_RSA_PKCS:
         case (int)CKM_SHA384_RSA_PKCS:
         case (int)CKM_SHA512_RSA_PKCS:
@@ -182,6 +185,8 @@
                 String digestAlg;
                 if (algorithm.equals("SHA1withECDSA")) {
                     digestAlg = "SHA-1";
+                } else if (algorithm.equals("SHA224withECDSA")) {
+                    digestAlg = "SHA-224";
                 } else if (algorithm.equals("SHA256withECDSA")) {
                     digestAlg = "SHA-256";
                 } else if (algorithm.equals("SHA384withECDSA")) {
@@ -208,6 +213,9 @@
             } else if (algorithm.equals("MD2withRSA")) {
                 md = MessageDigest.getInstance("MD2");
                 digestOID = AlgorithmId.MD2_oid;
+            } else if (algorithm.equals("SHA224withRSA")) {
+                md = MessageDigest.getInstance("SHA-224");
+                digestOID = AlgorithmId.SHA224_oid;
             } else if (algorithm.equals("SHA256withRSA")) {
                 md = MessageDigest.getInstance("SHA-256");
                 digestOID = AlgorithmId.SHA256_oid;
@@ -333,6 +341,8 @@
             encodedLength = 34;
         } else if (algorithm.equals("SHA1withRSA")) {
             encodedLength = 35;
+        } else if (algorithm.equals("SHA224withRSA")) {
+            encodedLength = 47;
         } else if (algorithm.equals("SHA256withRSA")) {
             encodedLength = 51;
         } else if (algorithm.equals("SHA384withRSA")) {
--- a/src/share/classes/sun/security/pkcs11/SunPKCS11.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/pkcs11/SunPKCS11.java	Sun May 01 21:26:40 2016 -0700
@@ -343,6 +343,7 @@
                 System.out.println("Library info:");
                 System.out.println(p11Info);
             }
+
             if ((slotID < 0) || showInfo) {
                 long[] slots = p11.C_GetSlotList(false);
                 if (showInfo) {
@@ -399,12 +400,8 @@
         return System.identityHashCode(this);
     }
 
-    private static String[] s(String s1) {
-        return new String[] {s1};
-    }
-
-    private static String[] s(String s1, String s2) {
-        return new String[] {s1, s2};
+    private static String[] s(String ...aliases) {
+        return aliases;
     }
 
     private static final class Descriptor {
@@ -521,24 +518,39 @@
                 m(CKM_MD2));
         d(MD, "MD5",            P11Digest,
                 m(CKM_MD5));
-        d(MD, "SHA1",           P11Digest,              s("SHA", "SHA-1"),
+        d(MD, "SHA1",           P11Digest,
+                s("SHA", "SHA-1", "1.3.14.3.2.26", "OID.1.3.14.3.2.26"),
                 m(CKM_SHA_1));
+
+        d(MD, "SHA-224",        P11Digest,
+                s("2.16.840.1.101.3.4.2.4", "OID.2.16.840.1.101.3.4.2.4"),
+                m(CKM_SHA224));
         d(MD, "SHA-256",        P11Digest,
+                s("2.16.840.1.101.3.4.2.1", "OID.2.16.840.1.101.3.4.2.1"),
                 m(CKM_SHA256));
         d(MD, "SHA-384",        P11Digest,
+                s("2.16.840.1.101.3.4.2.2", "OID.2.16.840.1.101.3.4.2.2"),
                 m(CKM_SHA384));
         d(MD, "SHA-512",        P11Digest,
+                s("2.16.840.1.101.3.4.2.3", "OID.2.16.840.1.101.3.4.2.3"),
                 m(CKM_SHA512));
 
         d(MAC, "HmacMD5",       P11MAC,
                 m(CKM_MD5_HMAC));
         d(MAC, "HmacSHA1",      P11MAC,
+                s("1.2.840.113549.2.7", "OID.1.2.840.113549.2.7"),
                 m(CKM_SHA_1_HMAC));
+        d(MAC, "HmacSHA224",    P11MAC,
+                s("1.2.840.113549.2.8", "OID.1.2.840.113549.2.8"),
+                m(CKM_SHA224_HMAC));
         d(MAC, "HmacSHA256",    P11MAC,
+                s("1.2.840.113549.2.9", "OID.1.2.840.113549.2.9"),
                 m(CKM_SHA256_HMAC));
         d(MAC, "HmacSHA384",    P11MAC,
+                s("1.2.840.113549.2.10", "OID.1.2.840.113549.2.10"),
                 m(CKM_SHA384_HMAC));
         d(MAC, "HmacSHA512",    P11MAC,
+                s("1.2.840.113549.2.11", "OID.1.2.840.113549.2.11"),
                 m(CKM_SHA512_HMAC));
         d(MAC, "SslMacMD5",     P11MAC,
                 m(CKM_SSL3_MD5_MAC));
@@ -548,6 +560,7 @@
         d(KPG, "RSA",           P11KeyPairGenerator,
                 m(CKM_RSA_PKCS_KEY_PAIR_GEN));
         d(KPG, "DSA",           P11KeyPairGenerator,
+                s("1.3.14.3.2.12", "1.2.840.10040.4.1", "OID.1.2.840.10040.4.1"),
                 m(CKM_DSA_KEY_PAIR_GEN));
         d(KPG, "DH",            P11KeyPairGenerator,    s("DiffieHellman"),
                 m(CKM_DH_PKCS_KEY_PAIR_GEN));
@@ -570,6 +583,7 @@
         d(KF, "RSA",            P11RSAKeyFactory,
                 m(CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_RSA_PKCS, CKM_RSA_X_509));
         d(KF, "DSA",            P11DSAKeyFactory,
+                s("1.3.14.3.2.12", "1.2.840.10040.4.1", "OID.1.2.840.10040.4.1"),
                 m(CKM_DSA_KEY_PAIR_GEN, CKM_DSA, CKM_DSA_SHA1));
         d(KF, "DH",             P11DHKeyFactory,        s("DiffieHellman"),
                 m(CKM_DH_PKCS_KEY_PAIR_GEN, CKM_DH_PKCS_DERIVE));
@@ -596,6 +610,7 @@
         d(SKF, "DESede",        P11SecretKeyFactory,
                 m(CKM_DES3_CBC));
         d(SKF, "AES",           P11SecretKeyFactory,
+                s("2.16.840.1.101.3.4.1", "OID.2.16.840.1.101.3.4.1"),
                 m(CKM_AES_CBC));
         d(SKF, "Blowfish",      P11SecretKeyFactory,
                 m(CKM_BLOWFISH_CBC));
@@ -621,10 +636,28 @@
                 m(CKM_DES3_ECB));
         d(CIP, "AES/CBC/NoPadding",             P11Cipher,
                 m(CKM_AES_CBC));
+        d(CIP, "AES_128/CBC/NoPadding",          P11Cipher,
+                s("2.16.840.1.101.3.4.1.2", "OID.2.16.840.1.101.3.4.1.2"),
+                m(CKM_AES_CBC));
+        d(CIP, "AES_192/CBC/NoPadding",          P11Cipher,
+                s("2.16.840.1.101.3.4.1.22", "OID.2.16.840.1.101.3.4.1.22"),
+                m(CKM_AES_CBC));
+        d(CIP, "AES_256/CBC/NoPadding",          P11Cipher,
+                s("2.16.840.1.101.3.4.1.42", "OID.2.16.840.1.101.3.4.1.42"),
+                m(CKM_AES_CBC));
         d(CIP, "AES/CBC/PKCS5Padding",          P11Cipher,
                 m(CKM_AES_CBC_PAD, CKM_AES_CBC));
         d(CIP, "AES/ECB/NoPadding",             P11Cipher,
                 m(CKM_AES_ECB));
+        d(CIP, "AES_128/ECB/NoPadding",          P11Cipher,
+                s("2.16.840.1.101.3.4.1.1", "OID.2.16.840.1.101.3.4.1.1"),
+                m(CKM_AES_ECB));
+        d(CIP, "AES_192/ECB/NoPadding",          P11Cipher,
+                s("2.16.840.1.101.3.4.1.21", "OID.2.16.840.1.101.3.4.1.21"),
+                m(CKM_AES_ECB));
+        d(CIP, "AES_256/ECB/NoPadding",          P11Cipher,
+                s("2.16.840.1.101.3.4.1.41", "OID.2.16.840.1.101.3.4.1.41"),
+                m(CKM_AES_ECB));
         d(CIP, "AES/ECB/PKCS5Padding",          P11Cipher,      s("AES"),
                 m(CKM_AES_ECB));
         d(CIP, "AES/CTR/NoPadding",             P11Cipher,
@@ -640,31 +673,50 @@
         d(CIP, "RSA/ECB/NoPadding",             P11RSACipher,
                 m(CKM_RSA_X_509));
 
-        d(SIG, "RawDSA",        P11Signature,           s("NONEwithDSA"),
+        d(SIG, "RawDSA",        P11Signature,   s("NONEwithDSA"),
                 m(CKM_DSA));
-        d(SIG, "DSA",           P11Signature,           s("SHA1withDSA"),
+        d(SIG, "DSA",           P11Signature,
+                s("SHA1withDSA", "1.3.14.3.2.13", "1.3.14.3.2.27",
+                  "1.2.840.10040.4.3", "OID.1.2.840.10040.4.3"),
                 m(CKM_DSA_SHA1, CKM_DSA));
         d(SIG, "NONEwithECDSA", P11Signature,
                 m(CKM_ECDSA));
-        d(SIG, "SHA1withECDSA", P11Signature,           s("ECDSA"),
+        d(SIG, "SHA1withECDSA", P11Signature,
+                s("ECDSA", "1.2.840.10045.4.1", "OID.1.2.840.10045.4.1"),
                 m(CKM_ECDSA_SHA1, CKM_ECDSA));
+        d(SIG, "SHA224withECDSA",       P11Signature,
+                s("1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"),
+                m(CKM_ECDSA));
         d(SIG, "SHA256withECDSA",       P11Signature,
+                s("1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"),
                 m(CKM_ECDSA));
         d(SIG, "SHA384withECDSA",       P11Signature,
+                s("1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3"),
                 m(CKM_ECDSA));
         d(SIG, "SHA512withECDSA",       P11Signature,
+                s("1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"),
                 m(CKM_ECDSA));
         d(SIG, "MD2withRSA",    P11Signature,
+                s("1.2.840.113549.1.1.2", "OID.1.2.840.113549.1.1.2"),
                 m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
         d(SIG, "MD5withRSA",    P11Signature,
+                s("1.2.840.113549.1.1.4", "OID.1.2.840.113549.1.1.4"),
                 m(CKM_MD5_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
         d(SIG, "SHA1withRSA",   P11Signature,
+                s("1.2.840.113549.1.1.5", "OID.1.2.840.113549.1.1.5",
+                  "1.3.14.3.2.29"),
                 m(CKM_SHA1_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
+        d(SIG, "SHA224withRSA", P11Signature,
+                s("1.2.840.113549.1.1.14", "OID.1.2.840.113549.1.1.14"),
+                m(CKM_SHA224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
         d(SIG, "SHA256withRSA", P11Signature,
+                s("1.2.840.113549.1.1.11", "OID.1.2.840.113549.1.1.11"),
                 m(CKM_SHA256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
         d(SIG, "SHA384withRSA", P11Signature,
+                s("1.2.840.113549.1.1.12", "OID.1.2.840.113549.1.1.12"),
                 m(CKM_SHA384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
         d(SIG, "SHA512withRSA", P11Signature,
+                s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"),
                 m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509));
 
         /*
--- a/src/share/classes/sun/security/pkcs11/wrapper/Functions.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/pkcs11/wrapper/Functions.java	Sun May 01 21:26:40 2016 -0700
@@ -614,6 +614,7 @@
         addMech(CKM_X9_42_DH_DERIVE,            "CKM_X9_42_DH_DERIVE");
         addMech(CKM_X9_42_DH_HYBRID_DERIVE,     "CKM_X9_42_DH_HYBRID_DERIVE");
         addMech(CKM_X9_42_MQV_DERIVE,           "CKM_X9_42_MQV_DERIVE");
+        addMech(CKM_SHA224_RSA_PKCS,            "CKM_SHA224_RSA_PKCS");
         addMech(CKM_SHA256_RSA_PKCS,            "CKM_SHA256_RSA_PKCS");
         addMech(CKM_SHA384_RSA_PKCS,            "CKM_SHA384_RSA_PKCS");
         addMech(CKM_SHA512_RSA_PKCS,            "CKM_SHA512_RSA_PKCS");
@@ -659,6 +660,9 @@
         addMech(CKM_RIPEMD160,                  "CKM_RIPEMD160");
         addMech(CKM_RIPEMD160_HMAC,             "CKM_RIPEMD160_HMAC");
         addMech(CKM_RIPEMD160_HMAC_GENERAL,     "CKM_RIPEMD160_HMAC_GENERAL");
+        addMech(CKM_SHA224,                     "CKM_SHA224");
+        addMech(CKM_SHA224_HMAC,                "CKM_SHA224_HMAC");
+        addMech(CKM_SHA224_HMAC_GENERAL,        "CKM_SHA224_HMAC_GENERAL");
         addMech(CKM_SHA256,                     "CKM_SHA256");
         addMech(CKM_SHA256_HMAC,                "CKM_SHA256_HMAC");
         addMech(CKM_SHA256_HMAC_GENERAL,        "CKM_SHA256_HMAC_GENERAL");
@@ -718,6 +722,7 @@
         addMech(CKM_MD5_KEY_DERIVATION,         "CKM_MD5_KEY_DERIVATION");
         addMech(CKM_MD2_KEY_DERIVATION,         "CKM_MD2_KEY_DERIVATION");
         addMech(CKM_SHA1_KEY_DERIVATION,        "CKM_SHA1_KEY_DERIVATION");
+        addMech(CKM_SHA224_KEY_DERIVATION,      "CKM_SHA224_KEY_DERIVATION");
         addMech(CKM_SHA256_KEY_DERIVATION,      "CKM_SHA256_KEY_DERIVATION");
         addMech(CKM_SHA384_KEY_DERIVATION,      "CKM_SHA384_KEY_DERIVATION");
         addMech(CKM_SHA512_KEY_DERIVATION,      "CKM_SHA512_KEY_DERIVATION");
--- a/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -133,14 +133,15 @@
      * @preconditions (pkcs11ModulePath <> null)
      * @postconditions
      */
-    PKCS11(String pkcs11ModulePath, String functionListName) throws IOException {
+    PKCS11(String pkcs11ModulePath, String functionListName)
+            throws IOException {
         connect(pkcs11ModulePath, functionListName);
         this.pkcs11ModulePath = pkcs11ModulePath;
     }
 
-    public static synchronized PKCS11 getInstance(String pkcs11ModulePath, String functionList,
-            CK_C_INITIALIZE_ARGS pInitArgs, boolean omitInitialize)
-            throws IOException, PKCS11Exception {
+    public static synchronized PKCS11 getInstance(String pkcs11ModulePath,
+            String functionList, CK_C_INITIALIZE_ARGS pInitArgs,
+            boolean omitInitialize) throws IOException, PKCS11Exception {
         // we may only call C_Initialize once per native .so/.dll
         // so keep a cache using the (non-canonicalized!) path
         PKCS11 pkcs11 = moduleMap.get(pkcs11ModulePath);
@@ -177,7 +178,8 @@
      * @preconditions (pkcs11ModulePath <> null)
      * @postconditions
      */
-    private native void connect(String pkcs11ModulePath, String functionListName) throws IOException;
+    private native void connect(String pkcs11ModulePath, String functionListName)
+            throws IOException;
 
     /**
      * Disconnects the PKCS#11 library from this object. After calling this
@@ -255,7 +257,8 @@
      * @preconditions
      * @postconditions (result <> null)
      */
-    public native long[] C_GetSlotList(boolean tokenPresent) throws PKCS11Exception;
+    public native long[] C_GetSlotList(boolean tokenPresent)
+            throws PKCS11Exception;
 
 
     /**
@@ -287,7 +290,8 @@
      * @preconditions
      * @postconditions (result <> null)
      */
-    public native CK_TOKEN_INFO C_GetTokenInfo(long slotID) throws PKCS11Exception;
+    public native CK_TOKEN_INFO C_GetTokenInfo(long slotID)
+            throws PKCS11Exception;
 
 
     /**
@@ -322,7 +326,8 @@
      * @preconditions
      * @postconditions (result <> null)
      */
-    public native CK_MECHANISM_INFO C_GetMechanismInfo(long slotID, long type) throws PKCS11Exception;
+    public native CK_MECHANISM_INFO C_GetMechanismInfo(long slotID, long type)
+            throws PKCS11Exception;
 
 
     /**
@@ -339,7 +344,8 @@
      * @preconditions
      * @postconditions
      */
-//    public native void C_InitToken(long slotID, char[] pPin, char[] pLabel) throws PKCS11Exception;
+//    public native void C_InitToken(long slotID, char[] pPin, char[] pLabel)
+//            throws PKCS11Exception;
 
 
     /**
@@ -354,7 +360,8 @@
      * @preconditions
      * @postconditions
      */
-//    public native void C_InitPIN(long hSession, char[] pPin) throws PKCS11Exception;
+//    public native void C_InitPIN(long hSession, char[] pPin)
+//            throws PKCS11Exception;
 
 
     /**
@@ -371,7 +378,8 @@
      * @preconditions
      * @postconditions
      */
-//    public native void C_SetPIN(long hSession, char[] pOldPin, char[] pNewPin) throws PKCS11Exception;
+//    public native void C_SetPIN(long hSession, char[] pOldPin, char[] pNewPin)
+//            throws PKCS11Exception;
 
 
 
@@ -398,7 +406,8 @@
      * @preconditions
      * @postconditions
      */
-    public native long C_OpenSession(long slotID, long flags, Object pApplication, CK_NOTIFY Notify) throws PKCS11Exception;
+    public native long C_OpenSession(long slotID, long flags,
+            Object pApplication, CK_NOTIFY Notify) throws PKCS11Exception;
 
 
     /**
@@ -440,7 +449,8 @@
      * @preconditions
      * @postconditions (result <> null)
      */
-    public native CK_SESSION_INFO C_GetSessionInfo(long hSession) throws PKCS11Exception;
+    public native CK_SESSION_INFO C_GetSessionInfo(long hSession)
+            throws PKCS11Exception;
 
 
     /**
@@ -457,7 +467,8 @@
      * @preconditions
      * @postconditions (result <> null)
      */
-//    public native byte[] C_GetOperationState(long hSession) throws PKCS11Exception;
+    public native byte[] C_GetOperationState(long hSession)
+            throws PKCS11Exception;
 
 
     /**
@@ -478,7 +489,8 @@
      * @preconditions
      * @postconditions
      */
-//    public native void C_SetOperationState(long hSession, byte[] pOperationState, long hEncryptionKey, long hAuthenticationKey) throws PKCS11Exception;
+    public native void C_SetOperationState(long hSession, byte[] pOperationState,
+            long hEncryptionKey, long hAuthenticationKey) throws PKCS11Exception;
 
 
     /**
@@ -495,7 +507,8 @@
      * @preconditions
      * @postconditions
      */
-    public native void C_Login(long hSession, long userType, char[] pPin) throws PKCS11Exception;
+    public native void C_Login(long hSession, long userType, char[] pPin)
+            throws PKCS11Exception;
 
 
     /**
@@ -531,7 +544,8 @@
      * @preconditions
      * @postconditions
      */
-    public native long C_CreateObject(long hSession, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;
+    public native long C_CreateObject(long hSession, CK_ATTRIBUTE[] pTemplate)
+            throws PKCS11Exception;
 
 
     /**
@@ -552,7 +566,8 @@
      * @preconditions
      * @postconditions
      */
-    public native long C_CopyObject(long hSession, long hObject, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;
+    public native long C_CopyObject(long hSession, long hObject,
+            CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;
 
 
     /**
@@ -567,7 +582,8 @@
      * @preconditions
      * @postconditions
      */
-    public native void C_DestroyObject(long hSession, long hObject) throws PKCS11Exception;
+    public native void C_DestroyObject(long hSession, long hObject)
+            throws PKCS11Exception;
 
 
     /**
@@ -584,7 +600,8 @@
      * @preconditions
      * @postconditions
      */
-//    public native long C_GetObjectSize(long hSession, long hObject) throws PKCS11Exception;
+//    public native long C_GetObjectSize(long hSession, long hObject)
+//            throws PKCS11Exception;
 
 
     /**
@@ -604,7 +621,8 @@
      * @preconditions (pTemplate <> null)
      * @postconditions (result <> null)
      */
-    public native void C_GetAttributeValue(long hSession, long hObject, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;
+    public native void C_GetAttributeValue(long hSession, long hObject,
+            CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;
 
 
     /**
@@ -623,7 +641,8 @@
      * @preconditions (pTemplate <> null)
      * @postconditions
      */
-    public native void C_SetAttributeValue(long hSession, long hObject, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;
+    public native void C_SetAttributeValue(long hSession, long hObject,
+            CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;
 
 
     /**
@@ -640,7 +659,8 @@
      * @preconditions
      * @postconditions
      */
-    public native void C_FindObjectsInit(long hSession, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;
+    public native void C_FindObjectsInit(long hSession, CK_ATTRIBUTE[] pTemplate)
+            throws PKCS11Exception;
 
 
     /**
@@ -659,7 +679,8 @@
      * @preconditions
      * @postconditions (result <> null)
      */
-    public native long[] C_FindObjects(long hSession, long ulMaxObjectCount) throws PKCS11Exception;
+    public native long[] C_FindObjects(long hSession, long ulMaxObjectCount)
+            throws PKCS11Exception;
 
 
     /**
@@ -695,7 +716,8 @@
      * @preconditions
      * @postconditions
      */
-    public native void C_EncryptInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception;
+    public native void C_EncryptInit(long hSession, CK_MECHANISM pMechanism,
+            long hKey) throws PKCS11Exception;
 
 
     /**
@@ -713,7 +735,8 @@
      * @preconditions (pData <> null)
      * @postconditions (result <> null)
      */
-    public native int C_Encrypt(long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOfs, int outLen) throws PKCS11Exception;
+    public native int C_Encrypt(long hSession, byte[] in, int inOfs, int inLen,
+            byte[] out, int outOfs, int outLen) throws PKCS11Exception;
 
 
     /**
@@ -732,7 +755,9 @@
      * @preconditions (pPart <> null)
      * @postconditions
      */
-    public native int C_EncryptUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen, long directOut, byte[] out, int outOfs, int outLen) throws PKCS11Exception;
+    public native int C_EncryptUpdate(long hSession, long directIn, byte[] in,
+            int inOfs, int inLen, long directOut, byte[] out, int outOfs,
+            int outLen) throws PKCS11Exception;
 
 
     /**
@@ -749,7 +774,8 @@
      * @preconditions
      * @postconditions (result <> null)
      */
-    public native int C_EncryptFinal(long hSession, long directOut, byte[] out, int outOfs, int outLen) throws PKCS11Exception;
+    public native int C_EncryptFinal(long hSession, long directOut, byte[] out,
+            int outOfs, int outLen) throws PKCS11Exception;
 
 
     /**
@@ -766,7 +792,8 @@
      * @preconditions
      * @postconditions
      */
-    public native void C_DecryptInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception;
+    public native void C_DecryptInit(long hSession, CK_MECHANISM pMechanism,
+            long hKey) throws PKCS11Exception;
 
 
     /**
@@ -785,7 +812,8 @@
      * @preconditions (pEncryptedPart <> null)
      * @postconditions (result <> null)
      */
-    public native int C_Decrypt(long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOfs, int outLen) throws PKCS11Exception;
+    public native int C_Decrypt(long hSession, byte[] in, int inOfs, int inLen,
+            byte[] out, int outOfs, int outLen) throws PKCS11Exception;
 
 
     /**
@@ -805,7 +833,9 @@
      * @preconditions (pEncryptedPart <> null)
      * @postconditions
      */
-    public native int C_DecryptUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen, long directOut, byte[] out, int outOfs, int outLen) throws PKCS11Exception;
+    public native int C_DecryptUpdate(long hSession, long directIn, byte[] in,
+            int inOfs, int inLen, long directOut, byte[] out, int outOfs,
+            int outLen) throws PKCS11Exception;
 
 
     /**
@@ -822,7 +852,8 @@
      * @preconditions
      * @postconditions (result <> null)
      */
-    public native int C_DecryptFinal(long hSession, long directOut, byte[] out, int outOfs, int outLen) throws PKCS11Exception;
+    public native int C_DecryptFinal(long hSession, long directOut, byte[] out,
+            int outOfs, int outLen) throws PKCS11Exception;
 
 
 
@@ -842,7 +873,8 @@
      * @preconditions
      * @postconditions
      */
-    public native void C_DigestInit(long hSession, CK_MECHANISM pMechanism) throws PKCS11Exception;
+    public native void C_DigestInit(long hSession, CK_MECHANISM pMechanism)
+            throws PKCS11Exception;
 
 
     // note that C_DigestSingle does not exist in PKCS#11
@@ -863,7 +895,9 @@
      * @preconditions (data <> null)
      * @postconditions (result <> null)
      */
-    public native int C_DigestSingle(long hSession, CK_MECHANISM pMechanism, byte[] in, int inOfs, int inLen, byte[] digest, int digestOfs, int digestLen) throws PKCS11Exception;
+    public native int C_DigestSingle(long hSession, CK_MECHANISM pMechanism,
+            byte[] in, int inOfs, int inLen, byte[] digest, int digestOfs,
+            int digestLen) throws PKCS11Exception;
 
 
     /**
@@ -879,7 +913,8 @@
      * @preconditions (pPart <> null)
      * @postconditions
      */
-    public native void C_DigestUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen) throws PKCS11Exception;
+    public native void C_DigestUpdate(long hSession, long directIn, byte[] in,
+            int inOfs, int inLen) throws PKCS11Exception;
 
 
     /**
@@ -896,7 +931,8 @@
      * @preconditions
      * @postconditions
      */
-    public native void C_DigestKey(long hSession, long hKey) throws PKCS11Exception;
+    public native void C_DigestKey(long hSession, long hKey)
+            throws PKCS11Exception;
 
 
     /**
@@ -912,7 +948,8 @@
      * @preconditions
      * @postconditions (result <> null)
      */
-    public native int C_DigestFinal(long hSession, byte[] pDigest, int digestOfs, int digestLen) throws PKCS11Exception;
+    public native int C_DigestFinal(long hSession, byte[] pDigest, int digestOfs,
+            int digestLen) throws PKCS11Exception;
 
 
 
@@ -937,7 +974,8 @@
      * @preconditions
      * @postconditions
      */
-    public native void C_SignInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception;
+    public native void C_SignInit(long hSession, CK_MECHANISM pMechanism,
+            long hKey) throws PKCS11Exception;
 
 
     /**
@@ -957,7 +995,8 @@
      * @preconditions (pData <> null)
      * @postconditions (result <> null)
      */
-    public native byte[] C_Sign(long hSession, byte[] pData) throws PKCS11Exception;
+    public native byte[] C_Sign(long hSession, byte[] pData)
+            throws PKCS11Exception;
 
 
     /**
@@ -974,7 +1013,8 @@
      * @preconditions (pPart <> null)
      * @postconditions
      */
-    public native void C_SignUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen) throws PKCS11Exception;
+    public native void C_SignUpdate(long hSession, long directIn, byte[] in,
+            int inOfs, int inLen) throws PKCS11Exception;
 
 
     /**
@@ -991,7 +1031,8 @@
      * @preconditions
      * @postconditions (result <> null)
      */
-    public native byte[] C_SignFinal(long hSession, int expectedLen) throws PKCS11Exception;
+    public native byte[] C_SignFinal(long hSession, int expectedLen)
+            throws PKCS11Exception;
 
 
     /**
@@ -1009,7 +1050,8 @@
      * @preconditions
      * @postconditions
      */
-    public native void C_SignRecoverInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception;
+    public native void C_SignRecoverInit(long hSession, CK_MECHANISM pMechanism,
+            long hKey) throws PKCS11Exception;
 
 
     /**
@@ -1028,7 +1070,9 @@
      * @preconditions (pData <> null)
      * @postconditions (result <> null)
      */
-    public native int C_SignRecover(long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOufs, int outLen) throws PKCS11Exception;
+    public native int C_SignRecover(long hSession, byte[] in, int inOfs,
+            int inLen, byte[] out, int outOufs, int outLen)
+            throws PKCS11Exception;
 
 
 
@@ -1052,7 +1096,8 @@
      * @preconditions
      * @postconditions
      */
-    public native void C_VerifyInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception;
+    public native void C_VerifyInit(long hSession, CK_MECHANISM pMechanism,
+            long hKey) throws PKCS11Exception;
 
 
     /**
@@ -1071,7 +1116,8 @@
      * @preconditions (pData <> null) and (pSignature <> null)
      * @postconditions
      */
-    public native void C_Verify(long hSession, byte[] pData, byte[] pSignature) throws PKCS11Exception;
+    public native void C_Verify(long hSession, byte[] pData, byte[] pSignature)
+            throws PKCS11Exception;
 
 
     /**
@@ -1088,7 +1134,8 @@
      * @preconditions (pPart <> null)
      * @postconditions
      */
-    public native void C_VerifyUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen) throws PKCS11Exception;
+    public native void C_VerifyUpdate(long hSession, long directIn, byte[] in,
+            int inOfs, int inLen) throws PKCS11Exception;
 
 
     /**
@@ -1104,7 +1151,8 @@
      * @preconditions (pSignature <> null)
      * @postconditions
      */
-    public native void C_VerifyFinal(long hSession, byte[] pSignature) throws PKCS11Exception;
+    public native void C_VerifyFinal(long hSession, byte[] pSignature)
+            throws PKCS11Exception;
 
 
     /**
@@ -1122,7 +1170,8 @@
      * @preconditions
      * @postconditions
      */
-    public native void C_VerifyRecoverInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception;
+    public native void C_VerifyRecoverInit(long hSession,
+            CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception;
 
 
     /**
@@ -1140,7 +1189,9 @@
      * @preconditions (pSignature <> null)
      * @postconditions (result <> null)
      */
-    public native int C_VerifyRecover(long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOufs, int outLen) throws PKCS11Exception;
+    public native int C_VerifyRecover(long hSession, byte[] in, int inOfs,
+            int inLen, byte[] out, int outOufs, int outLen)
+            throws PKCS11Exception;
 
 
 
@@ -1164,7 +1215,8 @@
      * @preconditions (pPart <> null)
      * @postconditions
      */
-//    public native byte[] C_DigestEncryptUpdate(long hSession, byte[] pPart) throws PKCS11Exception;
+//    public native byte[] C_DigestEncryptUpdate(long hSession, byte[] pPart)
+//            throws PKCS11Exception;
 
 
     /**
@@ -1184,7 +1236,8 @@
      * @preconditions (pEncryptedPart <> null)
      * @postconditions
      */
-//    public native byte[] C_DecryptDigestUpdate(long hSession, byte[] pEncryptedPart) throws PKCS11Exception;
+//    public native byte[] C_DecryptDigestUpdate(long hSession,
+//            byte[] pEncryptedPart) throws PKCS11Exception;
 
 
     /**
@@ -1204,7 +1257,8 @@
      * @preconditions (pPart <> null)
      * @postconditions
      */
-//    public native byte[] C_SignEncryptUpdate(long hSession, byte[] pPart) throws PKCS11Exception;
+//    public native byte[] C_SignEncryptUpdate(long hSession, byte[] pPart)
+//            throws PKCS11Exception;
 
 
     /**
@@ -1224,7 +1278,8 @@
      * @preconditions (pEncryptedPart <> null)
      * @postconditions
      */
-//    public native byte[] C_DecryptVerifyUpdate(long hSession, byte[] pEncryptedPart) throws PKCS11Exception;
+//    public native byte[] C_DecryptVerifyUpdate(long hSession,
+//            byte[] pEncryptedPart) throws PKCS11Exception;
 
 
 
@@ -1250,7 +1305,8 @@
      * @preconditions
      * @postconditions
      */
-    public native long C_GenerateKey(long hSession, CK_MECHANISM pMechanism, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;
+    public native long C_GenerateKey(long hSession, CK_MECHANISM pMechanism,
+            CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;
 
 
     /**
@@ -1280,9 +1336,8 @@
      * @postconditions (result <> null) and (result.length == 2)
      */
     public native long[] C_GenerateKeyPair(long hSession,
-                                   CK_MECHANISM pMechanism,
-                                   CK_ATTRIBUTE[] pPublicKeyTemplate,
-                                   CK_ATTRIBUTE[] pPrivateKeyTemplate) throws PKCS11Exception;
+            CK_MECHANISM pMechanism, CK_ATTRIBUTE[] pPublicKeyTemplate,
+            CK_ATTRIBUTE[] pPrivateKeyTemplate) throws PKCS11Exception;
 
 
 
@@ -1305,7 +1360,8 @@
      * @preconditions
      * @postconditions (result <> null)
      */
-    public native byte[] C_WrapKey(long hSession, CK_MECHANISM pMechanism, long hWrappingKey, long hKey) throws PKCS11Exception;
+    public native byte[] C_WrapKey(long hSession, CK_MECHANISM pMechanism,
+            long hWrappingKey, long hKey) throws PKCS11Exception;
 
 
     /**
@@ -1331,8 +1387,8 @@
      * @postconditions
      */
     public native long C_UnwrapKey(long hSession, CK_MECHANISM pMechanism,
-                          long hUnwrappingKey, byte[] pWrappedKey,
-                          CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;
+            long hUnwrappingKey, byte[] pWrappedKey, CK_ATTRIBUTE[] pTemplate)
+            throws PKCS11Exception;
 
 
     /**
@@ -1356,7 +1412,7 @@
      * @postconditions
      */
     public native long C_DeriveKey(long hSession, CK_MECHANISM pMechanism,
-                          long hBaseKey, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;
+            long hBaseKey, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;
 
 
 
@@ -1377,7 +1433,8 @@
      * @preconditions (pSeed <> null)
      * @postconditions
      */
-    public native void C_SeedRandom(long hSession, byte[] pSeed) throws PKCS11Exception;
+    public native void C_SeedRandom(long hSession, byte[] pSeed)
+            throws PKCS11Exception;
 
 
     /**
@@ -1393,7 +1450,8 @@
      * @preconditions (randomData <> null)
      * @postconditions
      */
-    public native void C_GenerateRandom(long hSession, byte[] randomData) throws PKCS11Exception;
+    public native void C_GenerateRandom(long hSession, byte[] randomData)
+            throws PKCS11Exception;
 
 
 
@@ -1413,7 +1471,8 @@
      * @preconditions
      * @postconditions
      */
-//    public native void C_GetFunctionStatus(long hSession) throws PKCS11Exception;
+//    public native void C_GetFunctionStatus(long hSession)
+//            throws PKCS11Exception;
 
 
     /**
@@ -1450,7 +1509,8 @@
      * @preconditions (pRserved == null)
      * @postconditions
      */
-//    public native long C_WaitForSlotEvent(long flags, Object pRserved) throws PKCS11Exception;
+//    public native long C_WaitForSlotEvent(long flags, Object pRserved)
+//            throws PKCS11Exception;
 
     /**
      * Returns the string representation of this object.
@@ -1476,7 +1536,8 @@
 // parent. Used for tokens that only support single threaded access
 static class SynchronizedPKCS11 extends PKCS11 {
 
-    SynchronizedPKCS11(String pkcs11ModulePath, String functionListName) throws IOException {
+    SynchronizedPKCS11(String pkcs11ModulePath, String functionListName)
+            throws IOException {
         super(pkcs11ModulePath, functionListName);
     }
 
@@ -1484,7 +1545,8 @@
         super.C_Initialize(pInitArgs);
     }
 
-    public synchronized void C_Finalize(Object pReserved) throws PKCS11Exception {
+    public synchronized void C_Finalize(Object pReserved)
+            throws PKCS11Exception {
         super.C_Finalize(pReserved);
     }
 
@@ -1492,39 +1554,48 @@
         return super.C_GetInfo();
     }
 
-    public synchronized long[] C_GetSlotList(boolean tokenPresent) throws PKCS11Exception {
+    public synchronized long[] C_GetSlotList(boolean tokenPresent)
+            throws PKCS11Exception {
         return super.C_GetSlotList(tokenPresent);
     }
 
-    public synchronized CK_SLOT_INFO C_GetSlotInfo(long slotID) throws PKCS11Exception {
+    public synchronized CK_SLOT_INFO C_GetSlotInfo(long slotID)
+            throws PKCS11Exception {
         return super.C_GetSlotInfo(slotID);
     }
 
-    public synchronized CK_TOKEN_INFO C_GetTokenInfo(long slotID) throws PKCS11Exception {
+    public synchronized CK_TOKEN_INFO C_GetTokenInfo(long slotID)
+            throws PKCS11Exception {
         return super.C_GetTokenInfo(slotID);
     }
 
-    public synchronized long[] C_GetMechanismList(long slotID) throws PKCS11Exception {
+    public synchronized long[] C_GetMechanismList(long slotID)
+            throws PKCS11Exception {
         return super.C_GetMechanismList(slotID);
     }
 
-    public synchronized CK_MECHANISM_INFO C_GetMechanismInfo(long slotID, long type) throws PKCS11Exception {
+    public synchronized CK_MECHANISM_INFO C_GetMechanismInfo(long slotID,
+            long type) throws PKCS11Exception {
         return super.C_GetMechanismInfo(slotID, type);
     }
 
-    public synchronized long C_OpenSession(long slotID, long flags, Object pApplication, CK_NOTIFY Notify) throws PKCS11Exception {
+    public synchronized long C_OpenSession(long slotID, long flags,
+            Object pApplication, CK_NOTIFY Notify) throws PKCS11Exception {
         return super.C_OpenSession(slotID, flags, pApplication, Notify);
     }
 
-    public synchronized void C_CloseSession(long hSession) throws PKCS11Exception {
+    public synchronized void C_CloseSession(long hSession)
+            throws PKCS11Exception {
         super.C_CloseSession(hSession);
     }
 
-    public synchronized CK_SESSION_INFO C_GetSessionInfo(long hSession) throws PKCS11Exception {
+    public synchronized CK_SESSION_INFO C_GetSessionInfo(long hSession)
+            throws PKCS11Exception {
         return super.C_GetSessionInfo(hSession);
     }
 
-    public synchronized void C_Login(long hSession, long userType, char[] pPin) throws PKCS11Exception {
+    public synchronized void C_Login(long hSession, long userType, char[] pPin)
+            throws PKCS11Exception {
         super.C_Login(hSession, userType, pPin);
     }
 
@@ -1532,157 +1603,207 @@
         super.C_Logout(hSession);
     }
 
-    public synchronized long C_CreateObject(long hSession, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
+    public synchronized long C_CreateObject(long hSession,
+            CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
         return super.C_CreateObject(hSession, pTemplate);
     }
 
-    public synchronized long C_CopyObject(long hSession, long hObject, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
+    public synchronized long C_CopyObject(long hSession, long hObject,
+            CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
         return super.C_CopyObject(hSession, hObject, pTemplate);
     }
 
-    public synchronized void C_DestroyObject(long hSession, long hObject) throws PKCS11Exception {
+    public synchronized void C_DestroyObject(long hSession, long hObject)
+            throws PKCS11Exception {
         super.C_DestroyObject(hSession, hObject);
     }
 
-    public synchronized void C_GetAttributeValue(long hSession, long hObject, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
+    public synchronized void C_GetAttributeValue(long hSession, long hObject,
+            CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
         super.C_GetAttributeValue(hSession, hObject, pTemplate);
     }
 
-    public synchronized void C_SetAttributeValue(long hSession, long hObject, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
+    public synchronized void C_SetAttributeValue(long hSession, long hObject,
+            CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
         super.C_SetAttributeValue(hSession, hObject, pTemplate);
     }
 
-    public synchronized void C_FindObjectsInit(long hSession, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
+    public synchronized void C_FindObjectsInit(long hSession,
+            CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
         super.C_FindObjectsInit(hSession, pTemplate);
     }
 
-    public synchronized long[] C_FindObjects(long hSession, long ulMaxObjectCount) throws PKCS11Exception {
+    public synchronized long[] C_FindObjects(long hSession,
+            long ulMaxObjectCount) throws PKCS11Exception {
         return super.C_FindObjects(hSession, ulMaxObjectCount);
     }
 
-    public synchronized void C_FindObjectsFinal(long hSession) throws PKCS11Exception {
+    public synchronized void C_FindObjectsFinal(long hSession)
+            throws PKCS11Exception {
         super.C_FindObjectsFinal(hSession);
     }
 
-    public synchronized void C_EncryptInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception {
+    public synchronized void C_EncryptInit(long hSession,
+            CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception {
         super.C_EncryptInit(hSession, pMechanism, hKey);
     }
 
-    public synchronized int C_Encrypt(long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOfs, int outLen) throws PKCS11Exception {
+    public synchronized int C_Encrypt(long hSession, byte[] in, int inOfs,
+            int inLen, byte[] out, int outOfs, int outLen)
+            throws PKCS11Exception {
         return super.C_Encrypt(hSession, in, inOfs, inLen, out, outOfs, outLen);
     }
 
-    public synchronized int C_EncryptUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen, long directOut, byte[] out, int outOfs, int outLen) throws PKCS11Exception {
-        return super.C_EncryptUpdate(hSession, directIn, in, inOfs, inLen, directOut, out, outOfs, outLen);
+    public synchronized int C_EncryptUpdate(long hSession, long directIn,
+            byte[] in, int inOfs, int inLen, long directOut, byte[] out,
+            int outOfs, int outLen) throws PKCS11Exception {
+        return super.C_EncryptUpdate(hSession, directIn, in, inOfs, inLen,
+                directOut, out, outOfs, outLen);
     }
 
-    public synchronized int C_EncryptFinal(long hSession, long directOut, byte[] out, int outOfs, int outLen) throws PKCS11Exception {
+    public synchronized int C_EncryptFinal(long hSession, long directOut,
+            byte[] out, int outOfs, int outLen) throws PKCS11Exception {
         return super.C_EncryptFinal(hSession, directOut, out, outOfs, outLen);
     }
 
-    public synchronized void C_DecryptInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception {
+    public synchronized void C_DecryptInit(long hSession,
+            CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception {
         super.C_DecryptInit(hSession, pMechanism, hKey);
     }
 
-    public synchronized int C_Decrypt(long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOfs, int outLen) throws PKCS11Exception {
+    public synchronized int C_Decrypt(long hSession, byte[] in, int inOfs,
+            int inLen, byte[] out, int outOfs, int outLen)
+            throws PKCS11Exception {
         return super.C_Decrypt(hSession, in, inOfs, inLen, out, outOfs, outLen);
     }
 
-    public synchronized int C_DecryptUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen, long directOut, byte[] out, int outOfs, int outLen) throws PKCS11Exception {
-        return super.C_DecryptUpdate(hSession, directIn, in, inOfs, inLen, directOut, out, outOfs, outLen);
+    public synchronized int C_DecryptUpdate(long hSession, long directIn,
+            byte[] in, int inOfs, int inLen, long directOut, byte[] out,
+            int outOfs, int outLen) throws PKCS11Exception {
+        return super.C_DecryptUpdate(hSession, directIn, in, inOfs, inLen,
+                directOut, out, outOfs, outLen);
     }
 
-    public synchronized int C_DecryptFinal(long hSession, long directOut, byte[] out, int outOfs, int outLen) throws PKCS11Exception {
+    public synchronized int C_DecryptFinal(long hSession, long directOut,
+            byte[] out, int outOfs, int outLen) throws PKCS11Exception {
         return super.C_DecryptFinal(hSession, directOut, out, outOfs, outLen);
     }
 
-    public synchronized void C_DigestInit(long hSession, CK_MECHANISM pMechanism) throws PKCS11Exception {
+    public synchronized void C_DigestInit(long hSession, CK_MECHANISM pMechanism)
+            throws PKCS11Exception {
         super.C_DigestInit(hSession, pMechanism);
     }
 
-    public synchronized int C_DigestSingle(long hSession, CK_MECHANISM pMechanism, byte[] in, int inOfs, int inLen, byte[] digest, int digestOfs, int digestLen) throws PKCS11Exception {
-        return super.C_DigestSingle(hSession, pMechanism, in, inOfs, inLen, digest, digestOfs, digestLen);
+    public synchronized int C_DigestSingle(long hSession,
+            CK_MECHANISM pMechanism, byte[] in, int inOfs, int inLen,
+            byte[] digest, int digestOfs, int digestLen) throws PKCS11Exception {
+        return super.C_DigestSingle(hSession, pMechanism, in, inOfs, inLen,
+                digest, digestOfs, digestLen);
     }
 
-    public synchronized void C_DigestUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen) throws PKCS11Exception {
+    public synchronized void C_DigestUpdate(long hSession, long directIn,
+            byte[] in, int inOfs, int inLen) throws PKCS11Exception {
         super.C_DigestUpdate(hSession, directIn, in, inOfs, inLen);
     }
 
-    public synchronized void C_DigestKey(long hSession, long hKey) throws PKCS11Exception {
+    public synchronized void C_DigestKey(long hSession, long hKey)
+            throws PKCS11Exception {
         super.C_DigestKey(hSession, hKey);
     }
 
-    public synchronized int C_DigestFinal(long hSession, byte[] pDigest, int digestOfs, int digestLen) throws PKCS11Exception {
+    public synchronized int C_DigestFinal(long hSession, byte[] pDigest,
+            int digestOfs, int digestLen) throws PKCS11Exception {
         return super.C_DigestFinal(hSession, pDigest, digestOfs, digestLen);
     }
 
-    public synchronized void C_SignInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception {
+    public synchronized void C_SignInit(long hSession, CK_MECHANISM pMechanism,
+            long hKey) throws PKCS11Exception {
         super.C_SignInit(hSession, pMechanism, hKey);
     }
 
-    public synchronized byte[] C_Sign(long hSession, byte[] pData) throws PKCS11Exception {
+    public synchronized byte[] C_Sign(long hSession, byte[] pData)
+            throws PKCS11Exception {
         return super.C_Sign(hSession, pData);
     }
 
-    public synchronized void C_SignUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen) throws PKCS11Exception {
+    public synchronized void C_SignUpdate(long hSession, long directIn,
+            byte[] in, int inOfs, int inLen) throws PKCS11Exception {
         super.C_SignUpdate(hSession, directIn, in, inOfs, inLen);
     }
 
-    public synchronized byte[] C_SignFinal(long hSession, int expectedLen) throws PKCS11Exception {
+    public synchronized byte[] C_SignFinal(long hSession, int expectedLen)
+            throws PKCS11Exception {
         return super.C_SignFinal(hSession, expectedLen);
     }
 
-    public synchronized void C_SignRecoverInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception {
+    public synchronized void C_SignRecoverInit(long hSession,
+            CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception {
         super.C_SignRecoverInit(hSession, pMechanism, hKey);
     }
 
-    public synchronized int C_SignRecover(long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOufs, int outLen) throws PKCS11Exception {
-        return super.C_SignRecover(hSession, in, inOfs, inLen, out, outOufs, outLen);
+    public synchronized int C_SignRecover(long hSession, byte[] in, int inOfs,
+            int inLen, byte[] out, int outOufs, int outLen)
+            throws PKCS11Exception {
+        return super.C_SignRecover(hSession, in, inOfs, inLen, out, outOufs,
+                outLen);
     }
 
-    public synchronized void C_VerifyInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception {
+    public synchronized void C_VerifyInit(long hSession, CK_MECHANISM pMechanism,
+            long hKey) throws PKCS11Exception {
         super.C_VerifyInit(hSession, pMechanism, hKey);
     }
 
-    public synchronized void C_Verify(long hSession, byte[] pData, byte[] pSignature) throws PKCS11Exception {
+    public synchronized void C_Verify(long hSession, byte[] pData,
+            byte[] pSignature) throws PKCS11Exception {
         super.C_Verify(hSession, pData, pSignature);
     }
 
-    public synchronized void C_VerifyUpdate(long hSession, long directIn, byte[] in, int inOfs, int inLen) throws PKCS11Exception {
+    public synchronized void C_VerifyUpdate(long hSession, long directIn,
+            byte[] in, int inOfs, int inLen) throws PKCS11Exception {
         super.C_VerifyUpdate(hSession, directIn, in, inOfs, inLen);
     }
 
-    public synchronized void C_VerifyFinal(long hSession, byte[] pSignature) throws PKCS11Exception {
+    public synchronized void C_VerifyFinal(long hSession, byte[] pSignature)
+            throws PKCS11Exception {
         super.C_VerifyFinal(hSession, pSignature);
     }
 
-    public synchronized void C_VerifyRecoverInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception {
+    public synchronized void C_VerifyRecoverInit(long hSession,
+            CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception {
         super.C_VerifyRecoverInit(hSession, pMechanism, hKey);
     }
 
-    public synchronized int C_VerifyRecover(long hSession, byte[] in, int inOfs, int inLen, byte[] out, int outOufs, int outLen) throws PKCS11Exception {
-        return super.C_VerifyRecover(hSession, in, inOfs, inLen, out, outOufs, outLen);
+    public synchronized int C_VerifyRecover(long hSession, byte[] in, int inOfs,
+            int inLen, byte[] out, int outOufs, int outLen)
+            throws PKCS11Exception {
+        return super.C_VerifyRecover(hSession, in, inOfs, inLen, out, outOufs,
+                outLen);
     }
 
-    public synchronized long C_GenerateKey(long hSession, CK_MECHANISM pMechanism, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
+    public synchronized long C_GenerateKey(long hSession,
+            CK_MECHANISM pMechanism, CK_ATTRIBUTE[] pTemplate)
+            throws PKCS11Exception {
         return super.C_GenerateKey(hSession, pMechanism, pTemplate);
     }
 
     public synchronized long[] C_GenerateKeyPair(long hSession,
-                                   CK_MECHANISM pMechanism,
-                                   CK_ATTRIBUTE[] pPublicKeyTemplate,
-                                   CK_ATTRIBUTE[] pPrivateKeyTemplate) throws PKCS11Exception {
-        return super.C_GenerateKeyPair(hSession, pMechanism, pPublicKeyTemplate, pPrivateKeyTemplate);
+            CK_MECHANISM pMechanism, CK_ATTRIBUTE[] pPublicKeyTemplate,
+            CK_ATTRIBUTE[] pPrivateKeyTemplate)
+            throws PKCS11Exception {
+        return super.C_GenerateKeyPair(hSession, pMechanism, pPublicKeyTemplate,
+                pPrivateKeyTemplate);
     }
 
-    public synchronized byte[] C_WrapKey(long hSession, CK_MECHANISM pMechanism, long hWrappingKey, long hKey) throws PKCS11Exception {
+    public synchronized byte[] C_WrapKey(long hSession, CK_MECHANISM pMechanism,
+            long hWrappingKey, long hKey) throws PKCS11Exception {
         return super.C_WrapKey(hSession, pMechanism, hWrappingKey, hKey);
     }
 
     public synchronized long C_UnwrapKey(long hSession, CK_MECHANISM pMechanism,
-                          long hUnwrappingKey, byte[] pWrappedKey,
-                          CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
-        return super.C_UnwrapKey(hSession, pMechanism, hUnwrappingKey, pWrappedKey, pTemplate);
+            long hUnwrappingKey, byte[] pWrappedKey, CK_ATTRIBUTE[] pTemplate)
+            throws PKCS11Exception {
+        return super.C_UnwrapKey(hSession, pMechanism, hUnwrappingKey,
+                pWrappedKey, pTemplate);
     }
 
     public synchronized long C_DeriveKey(long hSession, CK_MECHANISM pMechanism,
@@ -1690,14 +1811,14 @@
         return super.C_DeriveKey(hSession, pMechanism, hBaseKey, pTemplate);
     }
 
-    public synchronized void C_SeedRandom(long hSession, byte[] pSeed) throws PKCS11Exception {
+    public synchronized void C_SeedRandom(long hSession, byte[] pSeed)
+            throws PKCS11Exception {
         super.C_SeedRandom(hSession, pSeed);
     }
 
-    public synchronized void C_GenerateRandom(long hSession, byte[] randomData) throws PKCS11Exception {
+    public synchronized void C_GenerateRandom(long hSession, byte[] randomData)
+            throws PKCS11Exception {
         super.C_GenerateRandom(hSession, randomData);
     }
-
 }
-
 }
--- a/src/share/classes/sun/security/provider/DSA.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/provider/DSA.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,14 +45,15 @@
 
 /**
  * The Digital Signature Standard (using the Digital Signature
- * Algorithm), as described in fips186 of the National Instute of
- * Standards and Technology (NIST), using fips180-1 (SHA-1).
+ * Algorithm), as described in fips186-3 of the National Instute of
+ * Standards and Technology (NIST), using SHA digest algorithms
+ * from FIPS180-3.
  *
  * This file contains both the signature implementation for the
- * commonly used SHA1withDSA (DSS) as well as RawDSA, used by TLS
- * among others. RawDSA expects the 20 byte SHA-1 digest as input
- * via update rather than the original data like other signature
- * implementations.
+ * commonly used SHA1withDSA (DSS), SHA224withDSA, SHA256withDSA,
+ * as well as RawDSA, used by TLS among others. RawDSA expects
+ * the 20 byte SHA-1 digest as input via update rather than the
+ * original data like other signature implementations.
  *
  * @author Benjamin Renaud
  *
@@ -78,128 +79,30 @@
     /* The private key, if any */
     private BigInteger presetX;
 
-    /* The random seed used to generate k */
-    private int[] Kseed;
-
-    /* The random seed used to generate k (specified by application) */
-    private byte[] KseedAsByteArray;
-
-    /*
-     * The random seed used to generate k
-     * (prevent the same Kseed from being used twice in a row
-     */
-    private int[] previousKseed;
-
     /* The RNG used to output a seed for generating k */
     private SecureRandom signingRandom;
 
+    /* The message digest object used */
+    private final MessageDigest md;
+
     /**
      * Construct a blank DSA object. It must be
      * initialized before being usable for signing or verifying.
      */
-    DSA() {
+    DSA(MessageDigest md) {
         super();
+        this.md = md;
     }
 
-    /**
-     * Return the 20 byte hash value and reset the digest.
-     */
-    abstract byte[] getDigest() throws SignatureException;
-
-    /**
-     * Reset the digest.
-     */
-    abstract void resetDigest();
-
-    /**
-     * Standard SHA1withDSA implementation.
-     */
-    public static final class SHA1withDSA extends DSA {
-
-        /* The SHA hash for the data */
-        private final MessageDigest dataSHA;
-
-        public SHA1withDSA() throws NoSuchAlgorithmException {
-            dataSHA = MessageDigest.getInstance("SHA-1");
-        }
-
-        /**
-         * Update a byte to be signed or verified.
-         */
-        protected void engineUpdate(byte b) {
-            dataSHA.update(b);
-        }
-
-        /**
-         * Update an array of bytes to be signed or verified.
-         */
-        protected void engineUpdate(byte[] data, int off, int len) {
-            dataSHA.update(data, off, len);
-        }
-
-        protected void engineUpdate(ByteBuffer b) {
-            dataSHA.update(b);
-        }
-
-        byte[] getDigest() {
-            return dataSHA.digest();
-        }
-
-        void resetDigest() {
-            dataSHA.reset();
-        }
-    }
-
-    /**
-     * RawDSA implementation.
-     *
-     * RawDSA requires the data to be exactly 20 bytes long. If it is
-     * not, a SignatureException is thrown when sign()/verify() is called
-     * per JCA spec.
-     */
-    public static final class RawDSA extends DSA {
-
-        // length of the SHA-1 digest (20 bytes)
-        private final static int SHA1_LEN = 20;
-
-        // 20 byte digest buffer
-        private final byte[] digestBuffer;
-
-        // offset into the buffer
-        private int ofs;
-
-        public RawDSA() {
-            digestBuffer = new byte[SHA1_LEN];
-        }
-
-        protected void engineUpdate(byte b) {
-            if (ofs == SHA1_LEN) {
-                ofs = SHA1_LEN + 1;
-                return;
-            }
-            digestBuffer[ofs++] = b;
-        }
-
-        protected void engineUpdate(byte[] data, int off, int len) {
-            if (ofs + len > SHA1_LEN) {
-                ofs = SHA1_LEN + 1;
-                return;
-            }
-            System.arraycopy(data, off, digestBuffer, ofs, len);
-            ofs += len;
-        }
-
-        byte[] getDigest() throws SignatureException {
-            if (ofs != SHA1_LEN) {
-                throw new SignatureException
-                        ("Data for RawDSA must be exactly 20 bytes long");
-            }
-            ofs = 0;
-            return digestBuffer;
-        }
-
-        void resetDigest() {
-            ofs = 0;
+    private static void checkKey(DSAParams params, int digestLen, String mdAlgo)
+        throws InvalidKeyException {
+        // FIPS186-3 states in sec4.2 that a hash function which provides
+        // a lower security strength than the (L, N) pair ordinarily should
+        // not be used.
+        int valueN = params.getQ().bitLength();
+        if (valueN > digestLen) {
+            throw new InvalidKeyException("The security strength of " +
+                mdAlgo + " digest algorithm is not sufficient for this key size");
         }
     }
 
@@ -217,13 +120,30 @@
             throw new InvalidKeyException("not a DSA private key: " +
                                           privateKey);
         }
+
         java.security.interfaces.DSAPrivateKey priv =
             (java.security.interfaces.DSAPrivateKey)privateKey;
+
+        // check for algorithm specific constraints before doing initialization
+        DSAParams params = priv.getParams();
+        if (params == null) {
+            throw new InvalidKeyException("DSA private key lacks parameters");
+        }
+
+        // check key size against hash output size for signing
+        // skip this check for verification to minimize impact on existing apps
+        if (md.getAlgorithm() != "NullDigest20") {
+            checkKey(params, md.getDigestLength()*8, md.getAlgorithm());
+        }
+
+        this.params = params;
         this.presetX = priv.getX();
         this.presetY = null;
-        initialize(priv.getParams());
+        this.presetP = params.getP();
+        this.presetQ = params.getQ();
+        this.presetG = params.getG();
+        this.md.reset();
     }
-
     /**
      * Initialize the DSA object with a DSA public key.
      *
@@ -240,17 +160,41 @@
         }
         java.security.interfaces.DSAPublicKey pub =
             (java.security.interfaces.DSAPublicKey)publicKey;
+
+        // check for algorithm specific constraints before doing initialization
+        DSAParams params = pub.getParams();
+        if (params == null) {
+            throw new InvalidKeyException("DSA public key lacks parameters");
+        }
+        this.params = params;
         this.presetY = pub.getY();
         this.presetX = null;
-        initialize(pub.getParams());
+        this.presetP = params.getP();
+        this.presetQ = params.getQ();
+        this.presetG = params.getG();
+        this.md.reset();
     }
 
-    private void initialize(DSAParams params) throws InvalidKeyException {
-        resetDigest();
-        setParams(params);
+    /**
+     * Update a byte to be signed or verified.
+     */
+    protected void engineUpdate(byte b) {
+        md.update(b);
     }
 
     /**
+     * Update an array of bytes to be signed or verified.
+     */
+    protected void engineUpdate(byte[] data, int off, int len) {
+        md.update(data, off, len);
+    }
+
+    protected void engineUpdate(ByteBuffer b) {
+        md.update(b);
+    }
+
+
+    /**
      * Sign all the data thus far updated. The signature is formatted
      * according to the Canonical Encoding Rules, returned as a DER
      * sequence of Integer, r and s.
@@ -352,23 +296,41 @@
         }
     }
 
+    @Deprecated
+    protected void engineSetParameter(String key, Object param) {
+        throw new InvalidParameterException("No parameter accepted");
+    }
+
+    @Deprecated
+    protected Object engineGetParameter(String key) {
+        return null;
+    }
+
     private BigInteger generateR(BigInteger p, BigInteger q, BigInteger g,
                          BigInteger k) {
         BigInteger temp = g.modPow(k, p);
-        return temp.remainder(q);
-   }
+        return temp.mod(q);
+    }
 
     private BigInteger generateS(BigInteger x, BigInteger q,
             BigInteger r, BigInteger k) throws SignatureException {
 
-        byte[] s2 = getDigest();
-        BigInteger temp = new BigInteger(1, s2);
+        byte[] s2;
+        try {
+            s2 = md.digest();
+        } catch (RuntimeException re) {
+            // Only for RawDSA due to its 20-byte length restriction
+            throw new SignatureException(re.getMessage());
+        }
+        // get the leftmost min(N, outLen) bits of the digest value
+        int nBytes = q.bitLength()/8;
+        if (nBytes < s2.length) {
+            s2 = Arrays.copyOfRange(s2, 0, nBytes);
+        }
+        BigInteger z = new BigInteger(1, s2);
         BigInteger k1 = k.modInverse(q);
 
-        BigInteger s = x.multiply(r);
-        s = temp.add(s);
-        s = k1.multiply(s);
-        return s.remainder(q);
+        return x.multiply(r).add(z).multiply(k1).mod(q);
     }
 
     private BigInteger generateW(BigInteger p, BigInteger q,
@@ -380,62 +342,42 @@
              BigInteger q, BigInteger g, BigInteger w, BigInteger r)
              throws SignatureException {
 
-        byte[] s2 = getDigest();
-        BigInteger temp = new BigInteger(1, s2);
+        byte[] s2;
+        try {
+            s2 = md.digest();
+        } catch (RuntimeException re) {
+            // Only for RawDSA due to its 20-byte length restriction
+            throw new SignatureException(re.getMessage());
+        }
+        // get the leftmost min(N, outLen) bits of the digest value
+        int nBytes = q.bitLength()/8;
+        if (nBytes < s2.length) {
+            s2 = Arrays.copyOfRange(s2, 0, nBytes);
+        }
+        BigInteger z = new BigInteger(1, s2);
 
-        temp = temp.multiply(w);
-        BigInteger u1 = temp.remainder(q);
-
-        BigInteger u2 = (r.multiply(w)).remainder(q);
+        BigInteger u1 = z.multiply(w).mod(q);
+        BigInteger u2 = (r.multiply(w)).mod(q);
 
         BigInteger t1 = g.modPow(u1,p);
         BigInteger t2 = y.modPow(u2,p);
         BigInteger t3 = t1.multiply(t2);
-        BigInteger t5 = t3.remainder(p);
-        return t5.remainder(q);
+        BigInteger t5 = t3.mod(p);
+        return t5.mod(q);
     }
 
-    /*
-     * Please read bug report 4044247 for an alternative, faster,
-     * NON-FIPS approved method to generate K
-     */
-    private BigInteger generateK(BigInteger q) {
+    // NOTE: This following impl is defined in FIPS 186-4 AppendixB.2.1.
+    protected BigInteger generateK(BigInteger q) {
+        SecureRandom random = getSigningRandom();
+        byte[] kValue = new byte[(q.bitLength() + 7)/8 + 8];
 
-        BigInteger k = null;
-
-        // The application specified a Kseed for us to use.
-        // Note that we do not allow usage of the same Kseed twice in a row
-        if (Kseed != null && !Arrays.equals(Kseed, previousKseed)) {
-            k = generateK(Kseed, q);
-            if (k.signum() > 0 && k.compareTo(q) < 0) {
-                previousKseed = new int [Kseed.length];
-                System.arraycopy(Kseed, 0, previousKseed, 0, Kseed.length);
-                return k;
-            }
-        }
-
-        // The application did not specify a Kseed for us to use.
-        // We'll generate a new Kseed by getting random bytes from
-        // a SecureRandom object.
-        SecureRandom random = getSigningRandom();
-
-        while (true) {
-            int[] seed = new int[5];
-
-            for (int i = 0; i < 5; i++)
-                seed[i] = random.nextInt();
-            k = generateK(seed, q);
-            if (k.signum() > 0 && k.compareTo(q) < 0) {
-                previousKseed = new int [seed.length];
-                System.arraycopy(seed, 0, previousKseed, 0, seed.length);
-                return k;
-            }
-        }
+        random.nextBytes(kValue);
+        return new BigInteger(1, kValue).mod(q.subtract(BigInteger.ONE)).add(BigInteger.ONE);
     }
 
     // Use the application-specified SecureRandom Object if provided.
     // Otherwise, use our default SecureRandom Object.
-    private SecureRandom getSigningRandom() {
+    protected SecureRandom getSigningRandom() {
         if (signingRandom == null) {
             if (appRandom != null) {
                 signingRandom = appRandom;
@@ -447,171 +389,6 @@
     }
 
     /**
-     * Compute k for a DSA signature.
-     *
-     * @param seed the seed for generating k. This seed should be
-     * secure. This is what is refered to as the KSEED in the DSA
-     * specification.
-     *
-     * @param g the g parameter from the DSA key pair.
-     */
-    private BigInteger generateK(int[] seed, BigInteger q) {
-
-        // check out t in the spec.
-        int[] t = { 0xEFCDAB89, 0x98BADCFE, 0x10325476,
-                    0xC3D2E1F0, 0x67452301 };
-        //
-        int[] tmp = DSA.SHA_7(seed, t);
-        byte[] tmpBytes = new byte[tmp.length * 4];
-        for (int i = 0; i < tmp.length; i++) {
-            int k = tmp[i];
-            for (int j = 0; j < 4; j++) {
-                tmpBytes[(i * 4) + j] = (byte) (k >>> (24 - (j * 8)));
-            }
-        }
-        BigInteger k = new BigInteger(1, tmpBytes).mod(q);
-        return k;
-    }
-
-   // Constants for each round
-    private static final int round1_kt = 0x5a827999;
-    private static final int round2_kt = 0x6ed9eba1;
-    private static final int round3_kt = 0x8f1bbcdc;
-    private static final int round4_kt = 0xca62c1d6;
-
-   /**
-    * Computes set 1 thru 7 of SHA-1 on m1. */
-   static int[] SHA_7(int[] m1, int[] h) {
-
-       int[] W = new int[80];
-       System.arraycopy(m1,0,W,0,m1.length);
-       int temp = 0;
-
-        for (int t = 16; t <= 79; t++){
-            temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
-            W[t] = ((temp << 1) | (temp >>>(32 - 1)));
-        }
-
-       int a = h[0],b = h[1],c = h[2], d = h[3], e = h[4];
-       for (int i = 0; i < 20; i++) {
-            temp = ((a<<5) | (a>>>(32-5))) +
-                ((b&c)|((~b)&d))+ e + W[i] + round1_kt;
-            e = d;
-            d = c;
-            c = ((b<<30) | (b>>>(32-30)));
-            b = a;
-            a = temp;
-        }
-
-        // Round 2
-        for (int i = 20; i < 40; i++) {
-            temp = ((a<<5) | (a>>>(32-5))) +
-                (b ^ c ^ d) + e + W[i] + round2_kt;
-            e = d;
-            d = c;
-            c = ((b<<30) | (b>>>(32-30)));
-            b = a;
-            a = temp;
-        }
-
-        // Round 3
-        for (int i = 40; i < 60; i++) {
-            temp = ((a<<5) | (a>>>(32-5))) +
-                ((b&c)|(b&d)|(c&d)) + e + W[i] + round3_kt;
-            e = d;
-            d = c;
-            c = ((b<<30) | (b>>>(32-30)));
-            b = a;
-            a = temp;
-        }
-
-        // Round 4
-        for (int i = 60; i < 80; i++) {
-            temp = ((a<<5) | (a>>>(32-5))) +
-                (b ^ c ^ d) + e + W[i] + round4_kt;
-            e = d;
-            d = c;
-            c = ((b<<30) | (b>>>(32-30)));
-            b = a;
-            a = temp;
-        }
-       int[] md = new int[5];
-       md[0] = h[0] + a;
-       md[1] = h[1] + b;
-       md[2] = h[2] + c;
-       md[3] = h[3] + d;
-       md[4] = h[4] + e;
-       return md;
-   }
-
-
-    /**
-     * This implementation recognizes the following parameter:<dl>
-     *
-     * <dt><tt>Kseed</tt>
-     *
-     * <dd>a byte array.
-     *
-     * </dl>
-     *
-     * @deprecated
-     */
-    @Deprecated
-    protected void engineSetParameter(String key, Object param) {
-        if (key.equals("KSEED")) {
-            if (param instanceof byte[]) {
-                Kseed = byteArray2IntArray((byte[])param);
-                KseedAsByteArray = (byte[])param;
-            } else {
-                debug("unrecognized param: " + key);
-                throw new InvalidParameterException("Kseed not a byte array");
-            }
-        } else {
-            throw new InvalidParameterException("invalid parameter");
-        }
-    }
-
-    /**
-     * Return the value of the requested parameter. Recognized
-     * parameters are:
-     *
-     * <dl>
-     *
-     * <dt><tt>Kseed</tt>
-     *
-     * <dd>a byte array.
-     *
-     * </dl>
-     *
-     * @return the value of the requested parameter.
-     *
-     * @see java.security.SignatureEngine
-     *
-     * @deprecated
-     */
-    @Deprecated
-    protected Object engineGetParameter(String key) {
-        if (key.equals("KSEED")) {
-            return KseedAsByteArray;
-        } else {
-            return null;
-        }
-    }
-
-    /**
-     * Set the algorithm object.
-     */
-    private void setParams(DSAParams params) throws InvalidKeyException {
-        if (params == null) {
-            throw new InvalidKeyException("DSA public key lacks parameters");
-        }
-        this.params = params;
-        this.presetP = params.getP();
-        this.presetQ = params.getQ();
-        this.presetG = params.getG();
-    }
-
-    /**
      * Return a human readable rendition of the engine.
      */
     public String toString() {
@@ -632,38 +409,6 @@
         return printable;
     }
 
-    /*
-     * Utility routine for converting a byte array into an int array
-     */
-    private int[] byteArray2IntArray(byte[] byteArray) {
-
-        int j = 0;
-        byte[] newBA;
-        int mod = byteArray.length % 4;
-
-        // guarantee that the incoming byteArray is a multiple of 4
-        // (pad with 0's)
-        switch (mod) {
-            case 3:     newBA = new byte[byteArray.length + 1]; break;
-            case 2:     newBA = new byte[byteArray.length + 2]; break;
-            case 1:     newBA = new byte[byteArray.length + 3]; break;
-            default:    newBA = new byte[byteArray.length + 0]; break;
-        }
-        System.arraycopy(byteArray, 0, newBA, 0, byteArray.length);
-
-        // copy each set of 4 bytes in the byte array into an integer
-        int[] newSeed = new int[newBA.length / 4];
-        for (int i = 0; i < newBA.length; i += 4) {
-            newSeed[j] = newBA[i + 3] & 0xFF;
-            newSeed[j] |= (newBA[i + 2] << 8) & 0xFF00;
-            newSeed[j] |= (newBA[i + 1] << 16) & 0xFF0000;
-            newSeed[j] |= (newBA[i + 0] << 24) & 0xFF000000;
-            j++;
-        }
-
-        return newSeed;
-    }
-
     private static void debug(Exception e) {
         if (debug) {
             e.printStackTrace();
@@ -675,4 +420,113 @@
             System.err.println(s);
         }
     }
+
+    /**
+     * Standard SHA224withDSA implementation as defined in FIPS186-3.
+     */
+    public static final class SHA224withDSA extends DSA {
+        public SHA224withDSA() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA-224"));
+        }
+    }
+
+    /**
+     * Standard SHA256withDSA implementation as defined in FIPS186-3.
+     */
+    public static final class SHA256withDSA extends DSA {
+        public SHA256withDSA() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA-256"));
+        }
+    }
+
+    /**
+     * Standard SHA1withDSA implementation.
+     */
+    public static final class SHA1withDSA extends DSA {
+        public SHA1withDSA() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA-1"));
+        }
+    }
+
+    /**
+     * RawDSA implementation.
+     *
+     * RawDSA requires the data to be exactly 20 bytes long. If it is
+     * not, a SignatureException is thrown when sign()/verify() is called
+     * per JCA spec.
+     */
+    public static final class RawDSA extends DSA {
+        // Internal special-purpose MessageDigest impl for RawDSA
+        // Only override whatever methods used
+        // NOTE: no clone support
+        public static final class NullDigest20 extends MessageDigest {
+            // 20 byte digest buffer
+            private final byte[] digestBuffer = new byte[20];
+
+            // offset into the buffer; use Integer.MAX_VALUE to indicate
+            // out-of-bound condition
+            private int ofs = 0;
+
+            protected NullDigest20() {
+                super("NullDigest20");
+            }
+            protected void engineUpdate(byte input) {
+                if (ofs == digestBuffer.length) {
+                    ofs = Integer.MAX_VALUE;
+                } else {
+                    digestBuffer[ofs++] = input;
+                }
+            }
+            protected void engineUpdate(byte[] input, int offset, int len) {
+                if (ofs + len > digestBuffer.length) {
+                    ofs = Integer.MAX_VALUE;
+                } else {
+                    System.arraycopy(input, offset, digestBuffer, ofs, len);
+                    ofs += len;
+                }
+            }
+            protected final void engineUpdate(ByteBuffer input) {
+                int inputLen = input.remaining();
+                if (ofs + inputLen > digestBuffer.length) {
+                    ofs = Integer.MAX_VALUE;
+                } else {
+                    input.get(digestBuffer, ofs, inputLen);
+                    ofs += inputLen;
+                }
+            }
+            protected byte[] engineDigest() throws RuntimeException {
+                if (ofs != digestBuffer.length) {
+                    throw new RuntimeException
+                        ("Data for RawDSA must be exactly 20 bytes long");
+                }
+                reset();
+                return digestBuffer;
+            }
+            protected int engineDigest(byte[] buf, int offset, int len)
+                throws DigestException {
+                if (ofs != digestBuffer.length) {
+                    throw new DigestException
+                        ("Data for RawDSA must be exactly 20 bytes long");
+                }
+                if (len < digestBuffer.length) {
+                    throw new DigestException
+                        ("Output buffer too small; must be at least 20 bytes");
+                }
+                System.arraycopy(digestBuffer, 0, buf, offset, digestBuffer.length);
+                reset();
+                return digestBuffer.length;
+            }
+
+            protected void engineReset() {
+                ofs = 0;
+            }
+            protected final int engineGetDigestLength() {
+                return digestBuffer.length;
+            }
+        }
+
+        public RawDSA() throws NoSuchAlgorithmException {
+            super(new NullDigest20());
+        }
+    }
 }
--- a/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,8 +48,9 @@
 public class DSAKeyPairGenerator extends KeyPairGenerator
 implements java.security.interfaces.DSAKeyPairGenerator {
 
-    /* The modulus length */
-    private int modlen;
+    /* Length for prime P and subPrime Q in bits */
+    private int plen;
+    private int qlen;
 
     /* whether to force new parameters to be generated for each KeyPair */
     private boolean forceNewParameters;
@@ -65,20 +66,23 @@
         initialize(1024, null);
     }
 
-    private static void checkStrength(int strength) {
-        if ((strength < 512) || (strength > 1024) || (strength % 64 != 0)) {
+    private static void checkStrength(int sizeP, int sizeQ) {
+        if ((sizeP >= 512) && (sizeP <= 1024) && (sizeP % 64 == 0)
+            && sizeQ == 160) {
+            // traditional - allow for backward compatibility
+            // L=multiples of 64 and between 512 and 1024 (inclusive)
+            // N=160
+        } else if (sizeP == 2048 && (sizeQ == 224 || sizeQ == 256)) {
+            // L=2048, N=224 or 256
+        } else {
             throw new InvalidParameterException
-                ("Modulus size must range from 512 to 1024 "
-                 + "and be a multiple of 64");
+                ("Unsupported prime and subprime size combination: " +
+                 sizeP + ", " + sizeQ);
         }
     }
 
     public void initialize(int modlen, SecureRandom random) {
-        checkStrength(modlen);
-        this.random = random;
-        this.modlen = modlen;
-        this.params = null;
-        this.forceNewParameters = false;
+        initialize(modlen, false, random);
     }
 
     /**
@@ -86,18 +90,27 @@
      * is false, a set of pre-computed parameters is used.
      */
     public void initialize(int modlen, boolean genParams, SecureRandom random) {
-        checkStrength(modlen);
+        int subPrimeLen = -1;
+        if (modlen <= 1024) {
+            subPrimeLen = 160;
+        } else if (modlen == 2048) {
+            subPrimeLen = 224;
+        }
+        checkStrength(modlen, subPrimeLen);
         if (genParams) {
             params = null;
         } else {
-            params = ParameterCache.getCachedDSAParameterSpec(modlen);
+            params = ParameterCache.getCachedDSAParameterSpec(modlen,
+                subPrimeLen);
             if (params == null) {
                 throw new InvalidParameterException
                     ("No precomputed parameters for requested modulus size "
                      + "available");
             }
+
         }
-        this.modlen = modlen;
+        this.plen = modlen;
+        this.qlen = subPrimeLen;
         this.random = random;
         this.forceNewParameters = genParams;
     }
@@ -136,9 +149,11 @@
     }
 
     private void initialize0(DSAParameterSpec params, SecureRandom random) {
-        int modlen = params.getP().bitLength();
-        checkStrength(modlen);
-        this.modlen = modlen;
+        int sizeP = params.getP().bitLength();
+        int sizeQ = params.getQ().bitLength();
+        checkStrength(sizeP, sizeQ);
+        this.plen = sizeP;
+        this.qlen = sizeQ;
         this.params = params;
         this.random = random;
         this.forceNewParameters = false;
@@ -156,11 +171,11 @@
         try {
             if (forceNewParameters) {
                 // generate new parameters each time
-                spec = ParameterCache.getNewDSAParameterSpec(modlen, random);
+                spec = ParameterCache.getNewDSAParameterSpec(plen, qlen, random);
             } else {
                 if (params == null) {
                     params =
-                        ParameterCache.getDSAParameterSpec(modlen, random);
+                        ParameterCache.getDSAParameterSpec(plen, qlen, random);
                 }
                 spec = params;
             }
@@ -203,43 +218,14 @@
      */
     private BigInteger generateX(SecureRandom random, BigInteger q) {
         BigInteger x = null;
+        byte[] temp = new byte[qlen];
         while (true) {
-            int[] seed = new int[5];
-            for (int i = 0; i < 5; i++) {
-                seed[i] = random.nextInt();
-            }
-            x = generateX(seed, q);
+            random.nextBytes(temp);
+            x = new BigInteger(1, temp).mod(q);
             if (x.signum() > 0 && (x.compareTo(q) < 0)) {
-                break;
+                return x;
             }
         }
-        return x;
-    }
-
-    /**
-     * Given a seed, generate the private key component of the key
-     * pair. In the terminology used in the DSA specification
-     * (FIPS-186) seed is the XSEED quantity.
-     *
-     * @param seed the seed to use to generate the private key.
-     */
-    BigInteger generateX(int[] seed, BigInteger q) {
-
-        // check out t in the spec.
-        int[] t = { 0x67452301, 0xEFCDAB89, 0x98BADCFE,
-                    0x10325476, 0xC3D2E1F0 };
-        //
-
-        int[] tmp = DSA.SHA_7(seed, t);
-        byte[] tmpBytes = new byte[tmp.length * 4];
-        for (int i = 0; i < tmp.length; i++) {
-            int k = tmp[i];
-            for (int j = 0; j < 4; j++) {
-                tmpBytes[(i * 4) + j] = (byte) (k >>> (24 - (j * 8)));
-            }
-        }
-        BigInteger x = new BigInteger(1, tmpBytes).mod(q);
-        return x;
     }
 
     /**
--- a/src/share/classes/sun/security/provider/DSAParameterGenerator.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/provider/DSAParameterGenerator.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,11 +32,14 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.InvalidParameterException;
+import java.security.MessageDigest;
 import java.security.SecureRandom;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
 import java.security.spec.DSAParameterSpec;
 
+import sun.security.spec.DSAGenParameterSpec;
+
 /**
  * This class generates parameters for the DSA algorithm. It uses a default
  * prime modulus size of 1024 bits, which can be overwritten during
@@ -54,8 +57,14 @@
 
 public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
 
-    // the modulus length
-    private int modLen = 1024; // default
+    // the default parameters
+    private static final DSAGenParameterSpec DEFAULTS =
+        new DSAGenParameterSpec(1024, 160, 160);
+
+    // the length of prime P, subPrime Q, and seed in bits
+    private int valueL = -1;
+    private int valueN = -1;
+    private int seedLen = -1;
 
     // the source of randomness
     private SecureRandom random;
@@ -65,11 +74,7 @@
     private static final BigInteger ONE = BigInteger.valueOf(1);
     private static final BigInteger TWO = BigInteger.valueOf(2);
 
-    // Make a SHA-1 hash function
-    private SHA sha;
-
     public DSAParameterGenerator() {
-        this.sha = new SHA();
     }
 
     /**
@@ -80,19 +85,18 @@
      * @param random the source of randomness
      */
     protected void engineInit(int strength, SecureRandom random) {
-        /*
-         * Bruce Schneier, "Applied Cryptography", 2nd Edition,
-         * Description of DSA:
-         * [...] The algorithm uses the following parameter:
-         * p=a prime number L bits long, when L ranges from 512 to 1024 and is
-         * a multiple of 64. [...]
-         */
-        if ((strength < 512) || (strength > 1024) || (strength % 64 != 0)) {
+        if ((strength >= 512) && (strength <= 1024) && (strength % 64 == 0)) {
+            this.valueN = 160;
+        } else if (strength == 2048) {
+            this.valueN = 224;
+//      } else if (strength == 3072) {
+//          this.valueN = 256;
+        } else {
             throw new InvalidParameterException
-                ("Prime size must range from 512 to 1024 "
-                 + "and be a multiple of 64");
+                ("Prime size should be 512 - 1024, or 2048");
         }
-        this.modLen = strength;
+        this.valueL = strength;
+        this.seedLen = valueN;
         this.random = random;
     }
 
@@ -100,7 +104,7 @@
      * Initializes this parameter generator with a set of
      * algorithm-specific parameter generation values.
      *
-     * @param params the set of algorithm-specific parameter generation values
+     * @param genParamSpec the set of algorithm-specific parameter generation values
      * @param random the source of randomness
      *
      * @exception InvalidAlgorithmParameterException if the given parameter
@@ -109,7 +113,19 @@
     protected void engineInit(AlgorithmParameterSpec genParamSpec,
                               SecureRandom random)
         throws InvalidAlgorithmParameterException {
+        if (!(genParamSpec instanceof DSAGenParameterSpec)) {
             throw new InvalidAlgorithmParameterException("Invalid parameter");
+        }
+        DSAGenParameterSpec dsaGenParams = (DSAGenParameterSpec) genParamSpec;
+        if (dsaGenParams.getPrimePLength() > 2048) {
+            throw new InvalidParameterException
+                ("Prime size should be 512 - 1024, or 2048");
+        }
+        // directly initialize using the already validated values
+        this.valueL = dsaGenParams.getPrimePLength();
+        this.valueN = dsaGenParams.getSubprimeQLength();
+        this.seedLen = dsaGenParams.getSeedLength();
+        this.random = random;
     }
 
     /**
@@ -123,15 +139,21 @@
             if (this.random == null) {
                 this.random = new SecureRandom();
             }
-
-            BigInteger[] pAndQ = generatePandQ(this.random, this.modLen);
+            if (valueL == -1) {
+                try {
+                    engineInit(DEFAULTS, this.random);
+                } catch (InvalidAlgorithmParameterException iape) {
+                    // should never happen
+                }
+            }
+            BigInteger[] pAndQ = generatePandQ(this.random, valueL,
+                                               valueN, seedLen);
             BigInteger paramP = pAndQ[0];
             BigInteger paramQ = pAndQ[1];
             BigInteger paramG = generateG(paramP, paramQ);
 
-            DSAParameterSpec dsaParamSpec = new DSAParameterSpec(paramP,
-                                                                 paramQ,
-                                                                 paramG);
+            DSAParameterSpec dsaParamSpec =
+                new DSAParameterSpec(paramP, paramQ, paramG);
             algParams = AlgorithmParameters.getInstance("DSA", "SUN");
             algParams.init(dsaParamSpec);
         } catch (InvalidParameterSpecException e) {
@@ -156,102 +178,98 @@
      *
      * @param random the source of randomness to generate the
      * seed
-     * @param L the size of <code>p</code>, in bits.
+     * @param valueL the size of <code>p</code>, in bits.
+     * @param valueN the size of <code>q</code>, in bits.
+     * @param seedLen the length of <code>seed</code>, in bits.
      *
      * @return an array of BigInteger, with <code>p</code> at index 0 and
-     * <code>q</code> at index 1.
+     * <code>q</code> at index 1, the seed at index 2, and the counter value
+     * at index 3.
      */
-    BigInteger[] generatePandQ(SecureRandom random, int L) {
-        BigInteger[] result = null;
-        byte[] seed = new byte[20];
+    private static BigInteger[] generatePandQ(SecureRandom random, int valueL,
+                                              int valueN, int seedLen) {
+        String hashAlg = null;
+        if (valueN == 160) {
+            hashAlg = "SHA";
+        } else if (valueN == 224) {
+            hashAlg = "SHA-224";
+        } else if (valueN == 256) {
+            hashAlg = "SHA-256";
+        }
+        MessageDigest hashObj = null;
+        try {
+            hashObj = MessageDigest.getInstance(hashAlg);
+        } catch (NoSuchAlgorithmException nsae) {
+            // should never happen
+            nsae.printStackTrace();
+        }
 
-        while(result == null) {
-            for (int i = 0; i < 20; i++) {
-                seed[i] = (byte)random.nextInt();
-            }
-            result = generatePandQ(seed, L);
+        /* Step 3, 4: Useful variables */
+        int outLen = hashObj.getDigestLength()*8;
+        int n = (valueL - 1) / outLen;
+        int b = (valueL - 1) % outLen;
+        byte[] seedBytes = new byte[seedLen/8];
+        BigInteger twoSl = TWO.pow(seedLen);
+        int primeCertainty = 80; // for 1024-bit prime P
+        if (valueL == 2048) {
+            primeCertainty = 112;
+            //} else if (valueL == 3072) {
+            //    primeCertainty = 128;
         }
-        return result;
-    }
 
-    /*
-     * Generates the prime and subprime parameters for DSA.
-     *
-     * <p>The seed parameter corresponds to the <code>SEED</code> parameter
-     * referenced in the FIPS specification of the DSA algorithm,
-     * and L is the size of <code>p</code>, in bits.
-     *
-     * @param seed the seed to generate the parameters
-     * @param L the size of <code>p</code>, in bits.
-     *
-     * @return an array of BigInteger, with <code>p</code> at index 0,
-     * <code>q</code> at index 1, the seed at index 2, and the counter value
-     * at index 3, or null if the seed does not yield suitable numbers.
-     */
-    BigInteger[] generatePandQ(byte[] seed, int L) {
+        BigInteger resultP, resultQ, seed = null;
+        int counter;
+        while (true) {
+            do {
+                /* Step 5 */
+                random.nextBytes(seedBytes);
+                seed = new BigInteger(1, seedBytes);
 
-        /* Useful variables */
-        int g = seed.length * 8;
-        int n = (L - 1) / 160;
-        int b = (L - 1) % 160;
+                /* Step 6 */
+                BigInteger U = new BigInteger(1, hashObj.digest(seedBytes)).
+                    mod(TWO.pow(valueN - 1));
 
-        BigInteger SEED = new BigInteger(1, seed);
-        BigInteger TWOG = TWO.pow(2 * g);
+                /* Step 7 */
+                resultQ = TWO.pow(valueN - 1).add(U).add(ONE). subtract(U.mod(TWO));
+            } while (!resultQ.isProbablePrime(primeCertainty));
 
-        /* Step 2 (Step 1 is getting seed). */
-        byte[] U1 = SHA(seed);
-        byte[] U2 = SHA(toByteArray((SEED.add(ONE)).mod(TWOG)));
+            /* Step 10 */
+            BigInteger offset = ONE;
+            /* Step 11 */
+            for (counter = 0; counter < 4*valueL; counter++) {
+                BigInteger V[] = new BigInteger[n + 1];
+                /* Step 11.1 */
+                for (int j = 0; j <= n; j++) {
+                    BigInteger J = BigInteger.valueOf(j);
+                    BigInteger tmp = (seed.add(offset).add(J)).mod(twoSl);
+                    byte[] vjBytes = hashObj.digest(toByteArray(tmp));
+                    V[j] = new BigInteger(1, vjBytes);
+                }
+                /* Step 11.2 */
+                BigInteger W = V[0];
+                for (int i = 1; i < n; i++) {
+                    W = W.add(V[i].multiply(TWO.pow(i * outLen)));
+                }
+                W = W.add((V[n].mod(TWO.pow(b))).multiply(TWO.pow(n * outLen)));
+                /* Step 11.3 */
+                BigInteger twoLm1 = TWO.pow(valueL - 1);
+                BigInteger X = W.add(twoLm1);
+                /* Step 11.4, 11.5 */
+                BigInteger c = X.mod(resultQ.multiply(TWO));
+                resultP = X.subtract(c.subtract(ONE));
+                /* Step 11.6, 11.7 */
+                if (resultP.compareTo(twoLm1) > -1
+                    && resultP.isProbablePrime(primeCertainty)) {
+                    /* Step 11.8 */
+                    BigInteger[] result = {resultP, resultQ, seed,
+                                           BigInteger.valueOf(counter)};
+                    return result;
+                }
+                /* Step 11.9 */
+                offset = offset.add(BigInteger.valueOf(n)).add(ONE);
+             }
+        }
 
-        xor(U1, U2);
-        byte[] U = U1;
-
-        /* Step 3: For q by setting the msb and lsb to 1 */
-        U[0] |= 0x80;
-        U[19] |= 1;
-        BigInteger q = new BigInteger(1, U);
-
-        /* Step 5 */
-         if (!q.isProbablePrime(80)) {
-             return null;
-
-         } else {
-             BigInteger V[] = new BigInteger[n + 1];
-             BigInteger offset = TWO;
-
-             /* Step 6 */
-             for (int counter = 0; counter < 4096; counter++) {
-
-                 /* Step 7 */
-                 for (int k = 0; k <= n; k++) {
-                     BigInteger K = BigInteger.valueOf(k);
-                     BigInteger tmp = (SEED.add(offset).add(K)).mod(TWOG);
-                     V[k] = new BigInteger(1, SHA(toByteArray(tmp)));
-                 }
-
-                 /* Step 8 */
-                 BigInteger W = V[0];
-                 for (int i = 1; i < n; i++) {
-                     W = W.add(V[i].multiply(TWO.pow(i * 160)));
-                 }
-                 W = W.add((V[n].mod(TWO.pow(b))).multiply(TWO.pow(n * 160)));
-
-                 BigInteger TWOLm1 = TWO.pow(L - 1);
-                 BigInteger X = W.add(TWOLm1);
-
-                 /* Step 9 */
-                 BigInteger c = X.mod(q.multiply(TWO));
-                 BigInteger p = X.subtract(c.subtract(ONE));
-
-                 /* Step 10 - 13 */
-                 if (p.compareTo(TWOLm1) > -1 && p.isProbablePrime(80)) {
-                     BigInteger[] result = {p, q, SEED,
-                                            BigInteger.valueOf(counter)};
-                     return result;
-                 }
-                 offset = offset.add(BigInteger.valueOf(n)).add(ONE);
-             }
-             return null;
-         }
     }
 
     /*
@@ -262,31 +280,24 @@
      *
      * @param the <code>g</code>
      */
-    BigInteger generateG(BigInteger p, BigInteger q) {
+    private static BigInteger generateG(BigInteger p, BigInteger q) {
         BigInteger h = ONE;
+        /* Step 1 */
         BigInteger pMinusOneOverQ = (p.subtract(ONE)).divide(q);
-        BigInteger g = ONE;
-        while (g.compareTo(TWO) < 0) {
-            g = h.modPow(pMinusOneOverQ, p);
+        BigInteger resultG = ONE;
+        while (resultG.compareTo(TWO) < 0) {
+            /* Step 3 */
+            resultG = h.modPow(pMinusOneOverQ, p);
             h = h.add(ONE);
         }
-        return g;
-    }
-
-    /*
-     * Returns the SHA-1 digest of some data
-     */
-    private byte[] SHA(byte[] array) {
-        sha.engineReset();
-        sha.engineUpdate(array, 0, array.length);
-        return sha.engineDigest();
+        return resultG;
     }
 
     /*
      * Converts the result of a BigInteger.toByteArray call to an exact
      * signed magnitude representation for any positive number.
      */
-    private byte[] toByteArray(BigInteger bigInt) {
+    private static byte[] toByteArray(BigInteger bigInt) {
         byte[] result = bigInt.toByteArray();
         if (result[0] == 0) {
             byte[] tmp = new byte[result.length - 1];
@@ -295,13 +306,4 @@
         }
         return result;
     }
-
-    /*
-     * XORs U2 into U1
-     */
-    private void xor(byte[] U1, byte[] U2) {
-        for (int i = 0; i < U1.length; i++) {
-            U1[i] ^= U2[i];
-        }
-    }
 }
--- a/src/share/classes/sun/security/provider/DigestBase.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/provider/DigestBase.java	Sun May 01 21:26:40 2016 -0700
@@ -39,7 +39,6 @@
  *  . abstract void implCompress(byte[] b, int ofs);
  *  . abstract void implDigest(byte[] out, int ofs);
  *  . abstract void implReset();
- *  . public abstract Object clone();
  *
  * See the inline documentation for details.
  *
@@ -61,7 +60,7 @@
     // buffer to store partial blocks, blockSize bytes large
     // Subclasses should not access this array directly except possibly in their
     // implDigest() method. See MD5.java as an example.
-    final byte[] buffer;
+    byte[] buffer;
     // offset into buffer
     private int bufOfs;
 
@@ -83,18 +82,6 @@
         buffer = new byte[blockSize];
     }
 
-    /**
-     * Constructor for cloning. Replicates common data.
-     */
-    DigestBase(DigestBase base) {
-        this.algorithm = base.algorithm;
-        this.digestLength = base.digestLength;
-        this.blockSize = base.blockSize;
-        this.buffer = base.buffer.clone();
-        this.bufOfs = base.bufOfs;
-        this.bytesProcessed = base.bytesProcessed;
-    }
-
     // return digest length. See JCA doc.
     protected final int engineGetDigestLength() {
         return digestLength;
@@ -206,12 +193,11 @@
      */
     abstract void implReset();
 
-    /**
-     * Clone this digest. Should be implemented as "return new MyDigest(this)".
-     * That constructor should first call "super(baseDigest)" and then copy
-     * subclass specific data.
-     */
-    public abstract Object clone();
+    public Object clone() throws CloneNotSupportedException {
+        DigestBase copy = (DigestBase) super.clone();
+        copy.buffer = copy.buffer.clone();
+        return copy;
+    }
 
     // padding used for the MD5, and SHA-* message digests
     static final byte[] padding;
@@ -223,5 +209,4 @@
         padding = new byte[136];
         padding[0] = (byte)0x80;
     }
-
 }
--- a/src/share/classes/sun/security/provider/MD2.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/provider/MD2.java	Sun May 01 21:26:40 2016 -0700
@@ -39,14 +39,14 @@
 public final class MD2 extends DigestBase {
 
     // state, 48 ints
-    private final int[] X;
+    private int[] X;
 
     // checksum, 16 ints. they are really bytes, but byte arithmetic in
     // the JVM is much slower that int arithmetic.
-    private final int[] C;
+    private int[] C;
 
     // temporary store for checksum C during final digest
-    private final byte[] cBytes;
+    private byte[] cBytes;
 
     /**
      * Create a new MD2 digest. Called by the JCA framework
@@ -58,15 +58,12 @@
         cBytes = new byte[16];
     }
 
-    private MD2(MD2 base) {
-        super(base);
-        this.X = base.X.clone();
-        this.C = base.C.clone();
-        cBytes = new byte[16];
-    }
-
-    public Object clone() {
-        return new MD2(this);
+    public Object clone() throws CloneNotSupportedException {
+        MD2 copy = (MD2) super.clone();
+        copy.X = copy.X.clone();
+        copy.C = copy.C.clone();
+        copy.cBytes = new byte[16];
+        return copy;
     }
 
     // reset state and checksum
--- a/src/share/classes/sun/security/provider/MD4.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/provider/MD4.java	Sun May 01 21:26:40 2016 -0700
@@ -44,9 +44,9 @@
 public final class MD4 extends DigestBase {
 
     // state of this object
-    private final int[] state;
+    private int[] state;
     // temporary buffer, used by implCompress()
-    private final int[] x;
+    private int[] x;
 
     // rotation constants
     private static final int S11 = 3;
@@ -91,16 +91,12 @@
         implReset();
     }
 
-    // Cloning constructor
-    private MD4(MD4 base) {
-        super(base);
-        this.state = base.state.clone();
-        this.x = new int[16];
-    }
-
     // clone this object
-    public Object clone() {
-        return new MD4(this);
+    public Object clone() throws CloneNotSupportedException {
+        MD4 copy = (MD4) super.clone();
+        copy.state = copy.state.clone();
+        copy.x = new int[16];
+        return copy;
     }
 
     /**
--- a/src/share/classes/sun/security/provider/MD5.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/provider/MD5.java	Sun May 01 21:26:40 2016 -0700
@@ -39,9 +39,9 @@
 public final class MD5 extends DigestBase {
 
     // state of this object
-    private final int[] state;
+    private int[] state;
     // temporary buffer, used by implCompress()
-    private final int[] x;
+    private int[] x;
 
     // rotation constants
     private static final int S11 = 7;
@@ -69,16 +69,12 @@
         implReset();
     }
 
-    // Cloning constructor
-    private MD5(MD5 base) {
-        super(base);
-        this.state = base.state.clone();
-        this.x = new int[16];
-    }
-
     // clone this object
-    public Object clone() {
-        return new MD5(this);
+    public Object clone() throws CloneNotSupportedException {
+        MD5 copy = (MD5) super.clone();
+        copy.state = copy.state.clone();
+        copy.x = new int[16];
+        return copy;
     }
 
     /**
--- a/src/share/classes/sun/security/provider/ParameterCache.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/provider/ParameterCache.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 package sun.security.provider;
 
 import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
 import java.math.BigInteger;
 
 import java.security.*;
@@ -34,6 +35,8 @@
 
 import javax.crypto.spec.DHParameterSpec;
 
+import sun.security.spec.DSAGenParameterSpec;
+
 /**
  * Cache for DSA and DH parameter specs. Used by the KeyPairGenerators
  * in the Sun, SunJCE, and SunPKCS11 provider if no parameters have been
@@ -55,11 +58,17 @@
     private final static Map<Integer,DHParameterSpec> dhCache;
 
     /**
-     * Return cached DSA parameters for the given keylength, or null if none
-     * are available in the cache.
+     * Return cached DSA parameters for the given length combination of
+     * prime and subprime, or null if none are available in the cache.
      */
-    public static DSAParameterSpec getCachedDSAParameterSpec(int keyLength) {
-        return dsaCache.get(Integer.valueOf(keyLength));
+    public static DSAParameterSpec getCachedDSAParameterSpec(int primeLen,
+            int subprimeLen) {
+        // ensure the sum is unique in all cases, i.e.
+        // case#1: (512 <= p <= 1024) AND q=160
+        // case#2: p=2048 AND q=224
+        // case#3: p=2048 AND q=256
+        // (NOT-YET-SUPPORTED)case#4: p=3072 AND q=256
+        return dsaCache.get(Integer.valueOf(primeLen+subprimeLen));
     }
 
     /**
@@ -71,18 +80,39 @@
     }
 
     /**
-     * Return DSA parameters for the given keylength. Uses cache if possible,
-     * generates new parameters and adds them to the cache otherwise.
+     * Return DSA parameters for the given primeLen. Uses cache if
+     * possible, generates new parameters and adds them to the cache
+     * otherwise.
      */
-    public static DSAParameterSpec getDSAParameterSpec(int keyLength,
+    public static DSAParameterSpec getDSAParameterSpec(int primeLen,
             SecureRandom random)
-            throws NoSuchAlgorithmException, InvalidParameterSpecException {
-        DSAParameterSpec spec = getCachedDSAParameterSpec(keyLength);
+            throws NoSuchAlgorithmException, InvalidParameterSpecException,
+                   InvalidAlgorithmParameterException {
+        if (primeLen <= 1024) {
+            return getDSAParameterSpec(primeLen, 160, random);
+        } else if (primeLen == 2048) {
+            return getDSAParameterSpec(primeLen, 224, random);
+        } else {
+            return null;
+        }
+    }
+
+    /**
+     * Return DSA parameters for the given primeLen and subprimeLen.
+     * Uses cache if possible, generates new parameters and adds them to the
+     * cache otherwise.
+     */
+    public static DSAParameterSpec getDSAParameterSpec(int primeLen,
+            int subprimeLen, SecureRandom random)
+            throws NoSuchAlgorithmException, InvalidParameterSpecException,
+                   InvalidAlgorithmParameterException {
+        DSAParameterSpec spec =
+            getCachedDSAParameterSpec(primeLen, subprimeLen);
         if (spec != null) {
             return spec;
         }
-        spec = getNewDSAParameterSpec(keyLength, random);
-        dsaCache.put(Integer.valueOf(keyLength), spec);
+        spec = getNewDSAParameterSpec(primeLen, subprimeLen, random);
+        dsaCache.put(Integer.valueOf(primeLen + subprimeLen), spec);
         return spec;
     }
 
@@ -107,28 +137,28 @@
     }
 
     /**
-     * Return new DSA parameters for the given keylength. Do not lookup in
-     * cache and do not cache the newly generated parameters. This method
-     * really only exists for the legacy method
+     * Return new DSA parameters for the given length combination of prime and
+     * sub prime. Do not lookup in cache and do not cache the newly generated
+     * parameters. This method really only exists for the legacy method
      * DSAKeyPairGenerator.initialize(int, boolean, SecureRandom).
      */
-    public static DSAParameterSpec getNewDSAParameterSpec(int keyLength,
-            SecureRandom random)
-            throws NoSuchAlgorithmException, InvalidParameterSpecException {
+    public static DSAParameterSpec getNewDSAParameterSpec(int primeLen,
+            int subprimeLen, SecureRandom random)
+            throws NoSuchAlgorithmException, InvalidParameterSpecException,
+                   InvalidAlgorithmParameterException {
         AlgorithmParameterGenerator gen =
                 AlgorithmParameterGenerator.getInstance("DSA");
-        gen.init(keyLength, random);
+        DSAGenParameterSpec genParams =
+            new DSAGenParameterSpec(primeLen, subprimeLen);
+        gen.init(genParams, random);
         AlgorithmParameters params = gen.generateParameters();
         DSAParameterSpec spec = params.getParameterSpec(DSAParameterSpec.class);
         return spec;
     }
 
     static {
-        // XXX change to ConcurrentHashMap once available
-        dhCache = Collections.synchronizedMap
-                        (new HashMap<Integer,DHParameterSpec>());
-        dsaCache = Collections.synchronizedMap
-                        (new HashMap<Integer,DSAParameterSpec>());
+        dhCache = new ConcurrentHashMap<Integer,DHParameterSpec>();
+        dsaCache = new ConcurrentHashMap<Integer,DSAParameterSpec>();
 
         /*
          * We support precomputed parameter for 512, 768 and 1024 bit
@@ -210,17 +240,99 @@
                            "83dfe15ae59f06928b665e807b552564014c3bfecf" +
                            "492a", 16);
 
-        dsaCache.put(Integer.valueOf(512),
+        dsaCache.put(Integer.valueOf(512+160),
                                 new DSAParameterSpec(p512, q512, g512));
-        dsaCache.put(Integer.valueOf(768),
+        dsaCache.put(Integer.valueOf(768+160),
                                 new DSAParameterSpec(p768, q768, g768));
-        dsaCache.put(Integer.valueOf(1024),
+        dsaCache.put(Integer.valueOf(1024+160),
                                 new DSAParameterSpec(p1024, q1024, g1024));
+        /*
+         * L = 2048, N = 224
+         * SEED = 584236080cfa43c09b02354135f4cc5198a19efada08bd866d601ba4
+         * counter = 2666
+         */
+        BigInteger p2048_224 =
+            new BigInteger("8f7935d9b9aae9bfabed887acf4951b6f32ec59e3b" +
+                           "af3718e8eac4961f3efd3606e74351a9c4183339b8" +
+                           "09e7c2ae1c539ba7475b85d011adb8b47987754984" +
+                           "695cac0e8f14b3360828a22ffa27110a3d62a99345" +
+                           "3409a0fe696c4658f84bdd20819c3709a01057b195" +
+                           "adcd00233dba5484b6291f9d648ef883448677979c" +
+                           "ec04b434a6ac2e75e9985de23db0292fc1118c9ffa" +
+                           "9d8181e7338db792b730d7b9e349592f6809987215" +
+                           "3915ea3d6b8b4653c633458f803b32a4c2e0f27290" +
+                           "256e4e3f8a3b0838a1c450e4e18c1a29a37ddf5ea1" +
+                           "43de4b66ff04903ed5cf1623e158d487c608e97f21" +
+                           "1cd81dca23cb6e380765f822e342be484c05763939" +
+                           "601cd667", 16);
+
+        BigInteger q2048_224 =
+            new BigInteger("baf696a68578f7dfdee7fa67c977c785ef32b233ba" +
+                           "e580c0bcd5695d", 16);
+
+        BigInteger g2048_224 =
+            new BigInteger("16a65c58204850704e7502a39757040d34da3a3478" +
+                           "c154d4e4a5c02d242ee04f96e61e4bd0904abdac8f" +
+                           "37eeb1e09f3182d23c9043cb642f88004160edf9ca" +
+                           "09b32076a79c32a627f2473e91879ba2c4e744bd20" +
+                           "81544cb55b802c368d1fa83ed489e94e0fa0688e32" +
+                           "428a5c78c478c68d0527b71c9a3abb0b0be12c4468" +
+                           "9639e7d3ce74db101a65aa2b87f64c6826db3ec72f" +
+                           "4b5599834bb4edb02f7c90e9a496d3a55d535bebfc" +
+                           "45d4f619f63f3dedbb873925c2f224e07731296da8" +
+                           "87ec1e4748f87efb5fdeb75484316b2232dee553dd" +
+                           "af02112b0d1f02da30973224fe27aeda8b9d4b2922" +
+                           "d9ba8be39ed9e103a63c52810bc688b7e2ed4316e1" +
+                           "ef17dbde", 16);
+        dsaCache.put(Integer.valueOf(2048+224),
+                     new DSAParameterSpec(p2048_224, q2048_224, g2048_224));
+
+        /*
+         * L = 2048, N = 256
+         * SEED = b0b4417601b59cbc9d8ac8f935cadaec4f5fbb2f23785609ae466748d9b5a536
+         * counter = 497
+         */
+        BigInteger p2048_256 =
+            new BigInteger("95475cf5d93e596c3fcd1d902add02f427f5f3c721" +
+                           "0313bb45fb4d5bb2e5fe1cbd678cd4bbdd84c9836b" +
+                           "e1f31c0777725aeb6c2fc38b85f48076fa76bcd814" +
+                           "6cc89a6fb2f706dd719898c2083dc8d896f84062e2" +
+                           "c9c94d137b054a8d8096adb8d51952398eeca852a0" +
+                           "af12df83e475aa65d4ec0c38a9560d5661186ff98b" +
+                           "9fc9eb60eee8b030376b236bc73be3acdbd74fd61c" +
+                           "1d2475fa3077b8f080467881ff7e1ca56fee066d79" +
+                           "506ade51edbb5443a563927dbc4ba520086746175c" +
+                           "8885925ebc64c6147906773496990cb714ec667304" +
+                           "e261faee33b3cbdf008e0c3fa90650d97d3909c927" +
+                           "5bf4ac86ffcb3d03e6dfc8ada5934242dd6d3bcca2" +
+                           "a406cb0b", 16);
+
+        BigInteger q2048_256 =
+            new BigInteger("f8183668ba5fc5bb06b5981e6d8b795d30b8978d43" +
+                           "ca0ec572e37e09939a9773", 16);
+
+        BigInteger g2048_256 =
+            new BigInteger("42debb9da5b3d88cc956e08787ec3f3a09bba5f48b" +
+                           "889a74aaf53174aa0fbe7e3c5b8fcd7a53bef563b0" +
+                           "e98560328960a9517f4014d3325fc7962bf1e04937" +
+                           "0d76d1314a76137e792f3f0db859d095e4a5b93202" +
+                           "4f079ecf2ef09c797452b0770e1350782ed57ddf79" +
+                           "4979dcef23cb96f183061965c4ebc93c9c71c56b92" +
+                           "5955a75f94cccf1449ac43d586d0beee43251b0b22" +
+                           "87349d68de0d144403f13e802f4146d882e057af19" +
+                           "b6f6275c6676c8fa0e3ca2713a3257fd1b27d0639f" +
+                           "695e347d8d1cf9ac819a26ca9b04cb0eb9b7b03598" +
+                           "8d15bbac65212a55239cfc7e58fae38d7250ab9991" +
+                           "ffbc97134025fe8ce04c4399ad96569be91a546f49" +
+                           "78693c7a", 16);
+        dsaCache.put(Integer.valueOf(2048+256),
+                                new DSAParameterSpec(p2048_256, q2048_256, g2048_256));
 
         // use DSA parameters for DH as well
         dhCache.put(Integer.valueOf(512), new DHParameterSpec(p512, g512));
         dhCache.put(Integer.valueOf(768), new DHParameterSpec(p768, g768));
         dhCache.put(Integer.valueOf(1024), new DHParameterSpec(p1024, g1024));
+        dhCache.put(Integer.valueOf(2048), new DHParameterSpec(p2048_224, g2048_224));
     }
 
 }
--- a/src/share/classes/sun/security/provider/SHA.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/provider/SHA.java	Sun May 01 21:26:40 2016 -0700
@@ -47,10 +47,10 @@
     // 64 bytes are included in each hash block so the low order
     // bits of count are used to know how to pack the bytes into ints
     // and to know when to compute the block and start the next one.
-    private final int[] W;
+    private int[] W;
 
     // state of this
-    private final int[] state;
+    private int[] state;
 
     /**
      * Creates a new SHA object.
@@ -62,19 +62,14 @@
         implReset();
     }
 
-    /**
-     * Creates a SHA object.with state (for cloning) */
-    private SHA(SHA base) {
-        super(base);
-        this.state = base.state.clone();
-        this.W = new int[80];
-    }
-
     /*
      * Clones this object.
      */
-    public Object clone() {
-        return new SHA(this);
+    public Object clone() throws CloneNotSupportedException {
+        SHA copy = (SHA) super.clone();
+        copy.state = copy.state.clone();
+        copy.W = new int[80];
+        return copy;
     }
 
     /**
--- a/src/share/classes/sun/security/provider/SHA2.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/provider/SHA2.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,7 +40,7 @@
  * @author      Valerie Peng
  * @author      Andreas Sterbenz
  */
-public final class SHA2 extends DigestBase {
+abstract class SHA2 extends DigestBase {
 
     private static final int ITERATION = 64;
     // Constants for each round
@@ -64,46 +64,30 @@
     };
 
     // buffer used by implCompress()
-    private final int[] W;
+    private int[] W;
 
     // state of this object
-    private final int[] state;
+    private int[] state;
+
+    // initial state value. different between SHA-224 and SHA-256
+    private final int[] initialHashes;
 
     /**
      * Creates a new SHA object.
      */
-    public SHA2() {
-        super("SHA-256", 32, 64);
+    SHA2(String name, int digestLength, int[] initialHashes) {
+        super(name, digestLength, 64);
+        this.initialHashes = initialHashes;
         state = new int[8];
         W = new int[64];
         implReset();
     }
 
     /**
-     * Creates a SHA2 object.with state (for cloning)
-     */
-    private SHA2(SHA2 base) {
-        super(base);
-        this.state = base.state.clone();
-        this.W = new int[64];
-    }
-
-    public Object clone() {
-        return new SHA2(this);
-    }
-
-    /**
      * Resets the buffers and hash value to start a new hash.
      */
     void implReset() {
-        state[0] = 0x6a09e667;
-        state[1] = 0xbb67ae85;
-        state[2] = 0x3c6ef372;
-        state[3] = 0xa54ff53a;
-        state[4] = 0x510e527f;
-        state[5] = 0x9b05688c;
-        state[6] = 0x1f83d9ab;
-        state[7] = 0x5be0cd19;
+        System.arraycopy(initialHashes, 0, state, 0, state.length);
     }
 
     void implDigest(byte[] out, int ofs) {
@@ -242,4 +226,38 @@
         state[7] += h;
     }
 
+    public Object clone() throws CloneNotSupportedException {
+        SHA2 copy = (SHA2) super.clone();
+        copy.state = copy.state.clone();
+        copy.W = new int[64];
+        return copy;
+    }
+
+    /**
+     * SHA-224 implementation class.
+     */
+    public static final class SHA224 extends SHA2 {
+        private static final int[] INITIAL_HASHES = {
+            0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
+            0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
+        };
+
+        public SHA224() {
+            super("SHA-224", 28, INITIAL_HASHES);
+        }
+    }
+
+    /**
+     * SHA-256 implementation class.
+     */
+    public static final class SHA256 extends SHA2 {
+        private static final int[] INITIAL_HASHES = {
+            0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
+            0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
+        };
+
+        public SHA256() {
+            super("SHA-256", 32, INITIAL_HASHES);
+        }
+    }
 }
--- a/src/share/classes/sun/security/provider/SHA5.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/provider/SHA5.java	Sun May 01 21:26:40 2016 -0700
@@ -82,10 +82,10 @@
     };
 
     // buffer used by implCompress()
-    private final long[] W;
+    private long[] W;
 
     // state of this object
-    private final long[] state;
+    private long[] state;
 
     // initial state value. different between SHA-384 and SHA-512
     private final long[] initialHashes;
@@ -101,16 +101,6 @@
         implReset();
     }
 
-    /**
-     * Creates a SHA object with state (for cloning)
-     */
-    SHA5(SHA5 base) {
-        super(base);
-        this.initialHashes = base.initialHashes;
-        this.state = base.state.clone();
-        this.W = new long[80];
-    }
-
     final void implReset() {
         System.arraycopy(initialHashes, 0, state, 0, state.length);
     }
@@ -255,6 +245,13 @@
         state[7] += h;
     }
 
+    public Object clone() throws CloneNotSupportedException {
+        SHA5 copy = (SHA5) super.clone();
+        copy.state = copy.state.clone();
+        copy.W = new long[80];
+        return copy;
+    }
+
     /**
      * SHA-512 implementation class.
      */
@@ -270,14 +267,6 @@
         public SHA512() {
             super("SHA-512", 64, INITIAL_HASHES);
         }
-
-        private SHA512(SHA512 base) {
-            super(base);
-        }
-
-        public Object clone() {
-            return new SHA512(this);
-        }
     }
 
     /**
@@ -295,14 +284,5 @@
         public SHA384() {
             super("SHA-384", 48, INITIAL_HASHES);
         }
-
-        private SHA384(SHA384 base) {
-            super(base);
-        }
-
-        public Object clone() {
-            return new SHA384(this);
-        }
     }
-
 }
--- a/src/share/classes/sun/security/provider/SunEntries.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/provider/SunEntries.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,6 +43,14 @@
  *   identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and
  *   "OID.1.2.840.10040.4.3".
  *
+ * - SHA-2 is a set of message digest schemes described in FIPS 180-2.
+ *   SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384,
+ *   and SHA-512.
+ *
+ * - SHA-224withDSA/SHA-256withDSA are the signature schemes
+ *   described in FIPS 186-3. The associated object identifiers are
+ *   "OID.2.16.840.1.101.3.4.3.1", and "OID.2.16.840.1.101.3.4.3.2".
+
  * - DSA is the key generation scheme as described in FIPS 186.
  *   Aliases for DSA include the OID strings "OID.1.3.14.3.2.12"
  *   and "OID.1.2.840.10040.4.1".
@@ -102,11 +110,15 @@
         map.put("Signature.SHA1withDSA", "sun.security.provider.DSA$SHA1withDSA");
         map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA");
         map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA");
+        map.put("Signature.SHA224withDSA", "sun.security.provider.DSA$SHA224withDSA");
+        map.put("Signature.SHA256withDSA", "sun.security.provider.DSA$SHA256withDSA");
 
         String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
                 "|java.security.interfaces.DSAPrivateKey";
         map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses);
         map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses);
+        map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses);
+        map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses);
 
         map.put("Alg.Alias.Signature.DSA", "SHA1withDSA");
         map.put("Alg.Alias.Signature.DSS", "SHA1withDSA");
@@ -120,6 +132,10 @@
         map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
         map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA");
         map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA");
+        map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1", "SHA224withDSA");
+        map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA");
+        map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2", "SHA256withDSA");
+        map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA");
 
         /*
          *  Key Pair Generator engines
@@ -139,10 +155,22 @@
 
         map.put("Alg.Alias.MessageDigest.SHA-1", "SHA");
         map.put("Alg.Alias.MessageDigest.SHA1", "SHA");
+        map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA");
+        map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA");
 
-        map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2");
+        map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224");
+        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224");
+        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4", "SHA-224");
+
+        map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256");
+        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256");
+        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1", "SHA-256");
         map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384");
+        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384");
+        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2", "SHA-384");
         map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512");
+        map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512");
+        map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3", "SHA-512");
 
         /*
          * Algorithm Parameter Generator engines
@@ -155,15 +183,17 @@
          */
         map.put("AlgorithmParameters.DSA",
             "sun.security.provider.DSAParameters");
+        map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA");
+        map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA");
         map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA");
-        map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA");
 
         /*
          * Key factories
          */
         map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory");
+        map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA");
+        map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");
         map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA");
-        map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");
 
         /*
          * Certificates
@@ -220,9 +250,13 @@
         /*
          * KeySize
          */
+        map.put("Signature.NONEwithDSA KeySize", "1024");
         map.put("Signature.SHA1withDSA KeySize", "1024");
-        map.put("KeyPairGenerator.DSA KeySize", "1024");
-        map.put("AlgorithmParameterGenerator.DSA KeySize", "1024");
+        map.put("Signature.SHA224withDSA KeySize", "2048");
+        map.put("Signature.SHA256withDSA KeySize", "2048");
+
+        map.put("KeyPairGenerator.DSA KeySize", "2048");
+        map.put("AlgorithmParameterGenerator.DSA KeySize", "2048");
 
         /*
          * Implementation type: software or hardware
--- a/src/share/classes/sun/security/rsa/RSASignature.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/rsa/RSASignature.java	Sun May 01 21:26:40 2016 -0700
@@ -39,8 +39,8 @@
  * PKCS#1 RSA signatures with the various message digest algorithms.
  * This file contains an abstract base class with all the logic plus
  * a nested static class for each of the message digest algorithms
- * (see end of the file). We support MD2, MD5, SHA-1, SHA-256, SHA-384,
- * and SHA-512.
+ * (see end of the file). We support MD2, MD5, SHA-1, SHA-224, SHA-256,
+ * SHA-384, and SHA-512.
  *
  * @since   1.5
  * @author  Andreas Sterbenz
@@ -278,6 +278,13 @@
         }
     }
 
+    // Nested class for SHA224withRSA signatures
+    public static final class SHA224withRSA extends RSASignature {
+        public SHA224withRSA() {
+            super("SHA-224", AlgorithmId.SHA224_oid, 11);
+        }
+    }
+
     // Nested class for SHA256withRSA signatures
     public static final class SHA256withRSA extends RSASignature {
         public SHA256withRSA() {
--- a/src/share/classes/sun/security/rsa/SunRsaSignEntries.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/rsa/SunRsaSignEntries.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -52,6 +52,8 @@
                 "sun.security.rsa.RSASignature$MD5withRSA");
         map.put("Signature.SHA1withRSA",
                 "sun.security.rsa.RSASignature$SHA1withRSA");
+        map.put("Signature.SHA224withRSA",
+                "sun.security.rsa.RSASignature$SHA224withRSA");
         map.put("Signature.SHA256withRSA",
                 "sun.security.rsa.RSASignature$SHA256withRSA");
         map.put("Signature.SHA384withRSA",
@@ -66,6 +68,7 @@
         map.put("Signature.MD2withRSA SupportedKeyClasses", rsaKeyClasses);
         map.put("Signature.MD5withRSA SupportedKeyClasses", rsaKeyClasses);
         map.put("Signature.SHA1withRSA SupportedKeyClasses", rsaKeyClasses);
+        map.put("Signature.SHA224withRSA SupportedKeyClasses", rsaKeyClasses);
         map.put("Signature.SHA256withRSA SupportedKeyClasses", rsaKeyClasses);
         map.put("Signature.SHA384withRSA SupportedKeyClasses", rsaKeyClasses);
         map.put("Signature.SHA512withRSA SupportedKeyClasses", rsaKeyClasses);
@@ -88,6 +91,9 @@
         map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA");
         map.put("Alg.Alias.Signature.1.3.14.3.2.29",            "SHA1withRSA");
 
+        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.14",     "SHA224withRSA");
+        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA");
+
         map.put("Alg.Alias.Signature.1.2.840.113549.1.1.11",     "SHA256withRSA");
         map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA");
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/security/spec/DSAGenParameterSpec.java	Sun May 01 21:26:40 2016 -0700
@@ -0,0 +1,129 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package sun.security.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * This immutable class specifies the set of parameters used for
+ * generating DSA parameters as specified in
+ * <a href="http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf">FIPS 186-3 Digital Signature Standard (DSS)</a>.
+ *
+ * @see AlgorithmParameterSpec
+ *
+ * @since 8
+ */
+public final class DSAGenParameterSpec implements AlgorithmParameterSpec {
+
+    private final int pLen;
+    private final int qLen;
+    private final int seedLen;
+
+    /**
+     * Creates a domain parameter specification for DSA parameter
+     * generation using <code>primePLen</code> and <code>subprimeQLen</code>.
+     * The value of <code>subprimeQLen</code> is also used as the default
+     * length of the domain parameter seed in bits.
+     * @param primePLen the desired length of the prime P in bits.
+     * @param subprimeQLen the desired length of the sub-prime Q in bits.
+     * @exception IllegalArgumentException if <code>primePLen</code>
+     * or <code>subprimeQLen</code> is illegal per the specification of
+     * FIPS 186-3.
+     */
+    public DSAGenParameterSpec(int primePLen, int subprimeQLen) {
+        this(primePLen, subprimeQLen, subprimeQLen);
+    }
+
+    /**
+     * Creates a domain parameter specification for DSA parameter
+     * generation using <code>primePLen</code>, <code>subprimeQLen</code>,
+     * and <code>seedLen</code>.
+     * @param primePLen the desired length of the prime P in bits.
+     * @param subprimeQLen the desired length of the sub-prime Q in bits.
+     * @param seedLen the desired length of the domain parameter seed in bits,
+     * shall be equal to or greater than <code>subprimeQLen</code>.
+     * @exception IllegalArgumentException if <code>primePLenLen</code>,
+     * <code>subprimeQLen</code>, or <code>seedLen</code> is illegal per the
+     * specification of FIPS 186-3.
+     */
+    public DSAGenParameterSpec(int primePLen, int subprimeQLen, int seedLen) {
+        switch (primePLen) {
+        case 1024:
+            if (subprimeQLen != 160) {
+                throw new IllegalArgumentException
+                    ("subprimeQLen must be 160 when primePLen=1024");
+            }
+            break;
+        case 2048:
+            if (subprimeQLen != 224 && subprimeQLen != 256) {
+               throw new IllegalArgumentException
+                   ("subprimeQLen must be 224 or 256 when primePLen=2048");
+            }
+            break;
+        case 3072:
+            if (subprimeQLen != 256) {
+                throw new IllegalArgumentException
+                    ("subprimeQLen must be 256 when primePLen=3072");
+            }
+            break;
+        default:
+            throw new IllegalArgumentException
+                ("primePLen must be 1024, 2048, or 3072");
+        }
+        if (seedLen < subprimeQLen) {
+            throw new IllegalArgumentException
+                ("seedLen must be equal to or greater than subprimeQLen");
+        }
+        this.pLen = primePLen;
+        this.qLen = subprimeQLen;
+        this.seedLen = seedLen;
+    }
+
+    /**
+     * Returns the desired length of the prime P of the
+     * to-be-generated DSA domain parameters in bits.
+     * @return the length of the prime P.
+     */
+    public int getPrimePLength() {
+        return pLen;
+    }
+
+    /**
+     * Returns the desired length of the sub-prime Q of the
+     * to-be-generated DSA domain parameters in bits.
+     * @return the length of the sub-prime Q.
+     */
+    public int getSubprimeQLength() {
+        return qLen;
+    }
+
+    /**
+     * Returns the desired length of the domain parameter seed in bits.
+     * @return the length of the domain parameter seed.
+     */
+    public int getSeedLength() {
+        return seedLen;
+    }
+}
--- a/src/share/classes/sun/security/ssl/ServerHandshaker.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java	Sun May 01 21:26:40 2016 -0700
@@ -41,6 +41,8 @@
 
 import javax.security.auth.Subject;
 
+import sun.security.action.GetPropertyAction;
+import sun.security.util.KeyUtil;
 import sun.security.util.LegacyAlgorithmConstraints;
 import sun.security.ssl.HandshakeMessage.*;
 import sun.security.ssl.CipherSuite.*;
@@ -102,6 +104,50 @@
                     LegacyAlgorithmConstraints.PROPERTY_TLS_LEGACY_ALGS,
                     new SSLAlgorithmDecomposer());
 
+    // Flag to use smart ephemeral DH key which size matches the corresponding
+    // authentication key
+    private static final boolean useSmartEphemeralDHKeys;
+
+    // Flag to use legacy ephemeral DH key which size is 512 bits for
+    // exportable cipher suites, and 768 bits for others
+    private static final boolean useLegacyEphemeralDHKeys;
+
+    // The customized ephemeral DH key size for non-exportable cipher suites.
+    private static final int customizedDHKeySize;
+
+    static {
+        String property = AccessController.doPrivileged(
+                    new GetPropertyAction("jdk.tls.ephemeralDHKeySize"));
+        if (property == null || property.length() == 0) {
+            useLegacyEphemeralDHKeys = false;
+            useSmartEphemeralDHKeys = false;
+            customizedDHKeySize = -1;
+        } else if ("matched".equals(property)) {
+            useLegacyEphemeralDHKeys = false;
+            useSmartEphemeralDHKeys = true;
+            customizedDHKeySize = -1;
+        } else if ("legacy".equals(property)) {
+            useLegacyEphemeralDHKeys = true;
+            useSmartEphemeralDHKeys = false;
+            customizedDHKeySize = -1;
+        } else {
+            useLegacyEphemeralDHKeys = false;
+            useSmartEphemeralDHKeys = false;
+
+            try {
+                customizedDHKeySize = parseUnsignedInt(property);
+                if (customizedDHKeySize < 1024 || customizedDHKeySize > 2048) {
+                    throw new IllegalArgumentException(
+                        "Customized DH key size should be positive integer " +
+                        "between 1024 and 2048 bits, inclusive");
+                }
+            } catch (NumberFormatException nfe) {
+                throw new IllegalArgumentException(
+                        "Invalid system property jdk.tls.ephemeralDHKeySize");
+            }
+        }
+    }
+
     /*
      * Constructor ... use the keys found in the auth context.
      */
@@ -1081,7 +1127,7 @@
                 }
             }
 
-            setupEphemeralDHKeys(suite.exportable);
+            setupEphemeralDHKeys(suite.exportable, privateKey);
             break;
         case K_ECDHE_RSA:
             // need RSA certs for authentication
@@ -1128,7 +1174,8 @@
             if (setupPrivateKeyAndChain("DSA") == false) {
                 return false;
             }
-            setupEphemeralDHKeys(suite.exportable);
+
+            setupEphemeralDHKeys(suite.exportable, privateKey);
             break;
         case K_ECDHE_ECDSA:
             // get preferable peer signature algorithm for server key exchange
@@ -1177,7 +1224,7 @@
             break;
         case K_DH_ANON:
             // no certs needed for anonymous
-            setupEphemeralDHKeys(suite.exportable);
+            setupEphemeralDHKeys(suite.exportable, null);
             break;
         case K_ECDH_ANON:
             // no certs needed for anonymous
@@ -1227,15 +1274,70 @@
      * Acquire some "ephemeral" Diffie-Hellman  keys for this handshake.
      * We don't reuse these, for improved forward secrecy.
      */
-    private void setupEphemeralDHKeys(boolean export) {
+    private void setupEphemeralDHKeys(boolean export, Key key) {
         /*
-         * Diffie-Hellman keys ... we use 768 bit private keys due
-         * to the "use twice as many key bits as bits you want secret"
-         * rule of thumb, assuming we want the same size premaster
-         * secret with Diffie-Hellman and RSA key exchanges.  Except
-         * that exportable ciphers max out at 512 bits modulus values.
+         * 768 bits ephemeral DH private keys were used to be used in
+         * ServerKeyExchange except that exportable ciphers max out at 512
+         * bits modulus values. We still adhere to this behavior in legacy
+         * mode (system property "jdk.tls.ephemeralDHKeySize" is defined
+         * as "legacy").
+         *
+         * Older versions of OpenJDK don't support DH keys bigger
+         * than 1024 bits. We have to consider the compatibility requirement.
+         * 1024 bits DH key is always used for non-exportable cipher suites
+         * in default mode (system property "jdk.tls.ephemeralDHKeySize"
+         * is not defined).
+         *
+         * However, if applications want more stronger strength, setting
+         * system property "jdk.tls.ephemeralDHKeySize" to "matched"
+         * is a workaround to use ephemeral DH key which size matches the
+         * corresponding authentication key. For example, if the public key
+         * size of an authentication certificate is 2048 bits, then the
+         * ephemeral DH key size should be 2048 bits accordingly unless
+         * the cipher suite is exportable.  This key sizing scheme keeps
+         * the cryptographic strength consistent between authentication
+         * keys and key-exchange keys.
+         *
+         * Applications may also want to customize the ephemeral DH key size
+         * to a fixed length for non-exportable cipher suites. This can be
+         * approached by setting system property "jdk.tls.ephemeralDHKeySize"
+         * to a valid positive integer between 1024 and 2048 bits, inclusive.
+         *
+         * Note that the minimum acceptable key size is 1024 bits except
+         * exportable cipher suites or legacy mode.
+         *
+         * Note that the maximum acceptable key size is 2048 bits because
+         * DH keys bigger than 2048 are not always supported by underlying
+         * JCE providers.
+         *
+         * Note that per RFC 2246, the key size limit of DH is 512 bits for
+         * exportable cipher suites.  Because of the weakness, exportable
+         * cipher suites are deprecated since TLS v1.1 and they are not
+         * enabled by default in Oracle provider. The legacy behavior is
+         * reserved and 512 bits DH key is always used for exportable
+         * cipher suites.
          */
-        dh = new DHCrypt((export ? 512 : 768), sslContext.getSecureRandom());
+        int keySize = export ? 512 : 1024;           // default mode
+        if (!export) {
+            if (useLegacyEphemeralDHKeys) {          // legacy mode
+                keySize = 768;
+            } else if (useSmartEphemeralDHKeys) {    // matched mode
+                if (key != null) {
+                    int ks = KeyUtil.getKeySize(key);
+                    // Note that SunJCE provider only supports 2048 bits DH
+                    // keys bigger than 1024.  Please DON'T use value other
+                    // than 1024 and 2048 at present.  We may improve the
+                    // underlying providers and key size here in the future.
+                    //
+                    // keySize = ks <= 1024 ? 1024 : (ks >= 2048 ? 2048 : ks);
+                    keySize = ks <= 1024 ? 1024 : 2048;
+                } // Otherwise, anonymous cipher suites, 1024-bit is used.
+            } else if (customizedDHKeySize > 0) {    // customized mode
+                keySize = customizedDHKeySize;
+            }
+        }
+
+        dh = new DHCrypt(keySize, sslContext.getSecureRandom());
     }
 
     // Setup the ephemeral ECDH parameters.
@@ -1747,4 +1849,98 @@
 
         session.setPeerCertificates(peerCerts);
     }
+
+    /**
+     * Parses the string argument as an unsigned integer in the radix
+     * specified by the second argument.  An unsigned integer maps the
+     * values usually associated with negative numbers to positive
+     * numbers larger than {@code MAX_VALUE}.
+     *
+     * The characters in the string must all be digits of the
+     * specified radix (as determined by whether {@link
+     * java.lang.Character#digit(char, int)} returns a nonnegative
+     * value), except that the first character may be an ASCII plus
+     * sign {@code '+'} ({@code '\u005Cu002B'}). The resulting
+     * integer value is returned.
+     *
+     * <p>An exception of type {@code NumberFormatException} is
+     * thrown if any of the following situations occurs:
+     * <ul>
+     * <li>The first argument is {@code null} or is a string of
+     * length zero.
+     *
+     * <li>The radix is either smaller than
+     * {@link java.lang.Character#MIN_RADIX} or
+     * larger than {@link java.lang.Character#MAX_RADIX}.
+     *
+     * <li>Any character of the string is not a digit of the specified
+     * radix, except that the first character may be a plus sign
+     * {@code '+'} ({@code '\u005Cu002B'}) provided that the
+     * string is longer than length 1.
+     *
+     * <li>The value represented by the string is larger than the
+     * largest unsigned {@code int}, 2<sup>32</sup>-1.
+     *
+     * </ul>
+     *
+     *
+     * @param      s   the {@code String} containing the unsigned integer
+     *                  representation to be parsed
+     * @param      radix   the radix to be used while parsing {@code s}.
+     * @return     the integer represented by the string argument in the
+     *             specified radix.
+     * @throws     NumberFormatException if the {@code String}
+     *             does not contain a parsable {@code int}.
+     */
+    private static int parseUnsignedInt(String s, int radix)
+                throws NumberFormatException {
+        if (s == null)  {
+            throw new NumberFormatException("null");
+        }
+
+        int len = s.length();
+        if (len > 0) {
+            char firstChar = s.charAt(0);
+            if (firstChar == '-') {
+                throw new
+                    NumberFormatException(String.format("Illegal leading minus sign " +
+                                                       "on unsigned string %s.", s));
+            } else {
+                if (len <= 5 || // Integer.MAX_VALUE in Character.MAX_RADIX is 6 digits
+                    (radix == 10 && len <= 9) ) { // Integer.MAX_VALUE in base 10 is 10 digits
+                    return Integer.parseInt(s, radix);
+                } else {
+                    long ell = Long.parseLong(s, radix);
+                    if ((ell & 0xffff_ffff_0000_0000L) == 0) {
+                        return (int) ell;
+                    } else {
+                        throw new
+                            NumberFormatException(String.format("String value %s exceeds " +
+                                                                "range of unsigned int.", s));
+                    }
+                }
+            }
+        } else {
+            throw new NumberFormatException("For input string: \"" + s + "\"");
+        }
+    }
+
+    /**
+     * Parses the string argument as an unsigned decimal integer. The
+     * characters in the string must all be decimal digits, except
+     * that the first character may be an an ASCII plus sign {@code
+     * '+'} ({@code '\u005Cu002B'}). The resulting integer value
+     * is returned, exactly as if the argument and the radix 10 were
+     * given as arguments to the {@link
+     * #parseUnsignedInt(java.lang.String, int)} method.
+     *
+     * @param s   a {@code String} containing the unsigned {@code int}
+     *            representation to be parsed
+     * @return    the unsigned integer value represented by the argument in decimal.
+     * @throws    NumberFormatException  if the string does not contain a
+     *            parsable unsigned integer.
+     */
+    private static int parseUnsignedInt(String s) throws NumberFormatException {
+        return parseUnsignedInt(s, 10);
+    }
 }
--- a/src/share/classes/sun/security/util/AuthResources_ko.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/util/AuthResources_ko.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -88,7 +88,7 @@
         {"Keystore.alias.","\uD0A4 \uC800\uC7A5\uC18C \uBCC4\uCE6D: "},
         {"Keystore.password.","\uD0A4 \uC800\uC7A5\uC18C \uBE44\uBC00\uBC88\uD638: "},
         {"Private.key.password.optional.",
-            "\uC804\uC6A9 \uD0A4 \uBE44\uBC00\uBC88\uD638(\uC120\uD0DD \uC0AC\uD56D): "},
+            "\uC804\uC6A9 \uD0A4 \uBE44\uBC00\uBC88\uD638(\uC120\uD0DD\uC0AC\uD56D): "},
 
         // com.sun.security.auth.module.Krb5LoginModule
         {"Kerberos.username.defUsername.",
--- a/src/share/classes/sun/security/x509/AlgorithmId.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/security/x509/AlgorithmId.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -175,9 +175,9 @@
             // it's NULL. They are ---
             // rfc3370 2.1: Implementations SHOULD generate SHA-1
             // AlgorithmIdentifiers with absent parameters.
-            // rfc3447 C1: When id-sha1, id-sha256, id-sha384 and id-sha512
-            // are used in an AlgorithmIdentifier the parameters (which are
-            // optional) SHOULD be omitted.
+            // rfc3447 C1: When id-sha1, id-sha224, id-sha256, id-sha384 and
+            // id-sha512 are used in an AlgorithmIdentifier the parameters
+            // (which are optional) SHOULD be omitted.
             // rfc3279 2.3.2: The id-dsa algorithm syntax includes optional
             // domain parameters... When omitted, the parameters component
             // MUST be omitted entirely
@@ -185,6 +185,7 @@
             // is used, the AlgorithmIdentifier parameters field MUST be absent.
             /*if (
                 algid.equals((Object)SHA_oid) ||
+                algid.equals((Object)SHA224_oid) ||
                 algid.equals((Object)SHA256_oid) ||
                 algid.equals((Object)SHA384_oid) ||
                 algid.equals((Object)SHA512_oid) ||
@@ -488,7 +489,10 @@
             name.equalsIgnoreCase("SHA512")) {
             return AlgorithmId.SHA512_oid;
         }
-
+        if (name.equalsIgnoreCase("SHA-224") ||
+            name.equalsIgnoreCase("SHA224")) {
+            return AlgorithmId.SHA224_oid;
+        }
 
         // Various public key algorithms
         if (name.equalsIgnoreCase("RSA")) {
@@ -504,6 +508,9 @@
         if (name.equalsIgnoreCase("EC")) {
             return EC_oid;
         }
+        if (name.equalsIgnoreCase("ECDH")) {
+            return AlgorithmId.ECDH_oid;
+        }
 
         // Common signature types
         if (name.equalsIgnoreCase("MD5withRSA")
@@ -523,6 +530,12 @@
             || name.equalsIgnoreCase("SHA-1/DSA")) {
             return AlgorithmId.sha1WithDSA_oid;
         }
+        if (name.equalsIgnoreCase("SHA224WithDSA")) {
+            return AlgorithmId.sha224WithDSA_oid;
+        }
+        if (name.equalsIgnoreCase("SHA256WithDSA")) {
+            return AlgorithmId.sha256WithDSA_oid;
+        }
         if (name.equalsIgnoreCase("SHA1WithRSA")
             || name.equalsIgnoreCase("SHA1/RSA")) {
             return AlgorithmId.sha1WithRSAEncryption_oid;
@@ -625,6 +638,9 @@
     public static final ObjectIdentifier SHA_oid =
     ObjectIdentifier.newInternal(new int[] {1, 3, 14, 3, 2, 26});
 
+    public static final ObjectIdentifier SHA224_oid =
+    ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 4});
+
     public static final ObjectIdentifier SHA256_oid =
     ObjectIdentifier.newInternal(new int[] {2, 16, 840, 1, 101, 3, 4, 2, 1});
 
@@ -650,6 +666,7 @@
     public static final ObjectIdentifier DSA_oid;
     public static final ObjectIdentifier DSA_OIW_oid;
     public static final ObjectIdentifier EC_oid = oid(1, 2, 840, 10045, 2, 1);
+    public static final ObjectIdentifier ECDH_oid = oid(1, 3, 132, 1, 12);
     public static final ObjectIdentifier RSA_oid;
     public static final ObjectIdentifier RSAEncryption_oid;
 
@@ -664,6 +681,8 @@
                                        { 1, 2, 840, 113549, 1, 1, 5 };
     private static final int sha1WithRSAEncryption_OIW_data[] =
                                        { 1, 3, 14, 3, 2, 29 };
+    private static final int sha224WithRSAEncryption_data[] =
+                                       { 1, 2, 840, 113549, 1, 1, 14 };
     private static final int sha256WithRSAEncryption_data[] =
                                        { 1, 2, 840, 113549, 1, 1, 11 };
     private static final int sha384WithRSAEncryption_data[] =
@@ -681,12 +700,17 @@
     public static final ObjectIdentifier md5WithRSAEncryption_oid;
     public static final ObjectIdentifier sha1WithRSAEncryption_oid;
     public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid;
+    public static final ObjectIdentifier sha224WithRSAEncryption_oid;
     public static final ObjectIdentifier sha256WithRSAEncryption_oid;
     public static final ObjectIdentifier sha384WithRSAEncryption_oid;
     public static final ObjectIdentifier sha512WithRSAEncryption_oid;
     public static final ObjectIdentifier shaWithDSA_OIW_oid;
     public static final ObjectIdentifier sha1WithDSA_OIW_oid;
     public static final ObjectIdentifier sha1WithDSA_oid;
+    public static final ObjectIdentifier sha224WithDSA_oid =
+                                            oid(2, 16, 840, 1, 101, 3, 4, 3, 1);
+    public static final ObjectIdentifier sha256WithDSA_oid =
+                                            oid(2, 16, 840, 1, 101, 3, 4, 3, 2);
 
     public static final ObjectIdentifier sha1WithECDSA_oid =
                                             oid(1, 2, 840, 10045, 4, 1);
@@ -718,7 +742,6 @@
     public static ObjectIdentifier pbeWithSHA1AndRC2_40_oid =
         ObjectIdentifier.newInternal(new int[] {1, 2, 840, 113549, 1, 12, 1, 6});
 
-
     static {
     /*
      * Note the preferred OIDs are named simply with no "OIW" or
@@ -810,6 +833,14 @@
             ObjectIdentifier.newInternal(sha1WithRSAEncryption_OIW_data);
 
     /**
+     * Identifies a signing algorithm where a SHA224 digest is
+     * encrypted using an RSA private key; defined by PKCS #1.
+     * OID = 1.2.840.113549.1.1.14
+     */
+        sha224WithRSAEncryption_oid =
+            ObjectIdentifier.newInternal(sha224WithRSAEncryption_data);
+
+    /**
      * Identifies a signing algorithm where a SHA256 digest is
      * encrypted using an RSA private key; defined by PKCS #1.
      * OID = 1.2.840.113549.1.1.11
@@ -859,6 +890,7 @@
         nameTable.put(MD5_oid, "MD5");
         nameTable.put(MD2_oid, "MD2");
         nameTable.put(SHA_oid, "SHA");
+        nameTable.put(SHA224_oid, "SHA224");
         nameTable.put(SHA256_oid, "SHA256");
         nameTable.put(SHA384_oid, "SHA384");
         nameTable.put(SHA512_oid, "SHA512");
@@ -869,6 +901,8 @@
         nameTable.put(DSA_oid, "DSA");
         nameTable.put(DSA_OIW_oid, "DSA");
         nameTable.put(EC_oid, "EC");
+        nameTable.put(ECDH_oid, "ECDH");
+
         nameTable.put(sha1WithECDSA_oid, "SHA1withECDSA");
         nameTable.put(sha224WithECDSA_oid, "SHA224withECDSA");
         nameTable.put(sha256WithECDSA_oid, "SHA256withECDSA");
@@ -879,8 +913,11 @@
         nameTable.put(sha1WithDSA_oid, "SHA1withDSA");
         nameTable.put(sha1WithDSA_OIW_oid, "SHA1withDSA");
         nameTable.put(shaWithDSA_OIW_oid, "SHA1withDSA");
+        nameTable.put(sha224WithDSA_oid, "SHA224withDSA");
+        nameTable.put(sha256WithDSA_oid, "SHA256withDSA");
         nameTable.put(sha1WithRSAEncryption_oid, "SHA1withRSA");
         nameTable.put(sha1WithRSAEncryption_OIW_oid, "SHA1withRSA");
+        nameTable.put(sha224WithRSAEncryption_oid, "SHA224withRSA");
         nameTable.put(sha256WithRSAEncryption_oid, "SHA256withRSA");
         nameTable.put(sha384WithRSAEncryption_oid, "SHA384withRSA");
         nameTable.put(sha512WithRSAEncryption_oid, "SHA512withRSA");
--- a/src/share/classes/sun/tools/jar/resources/jar_ko.properties	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/tools/jar/resources/jar_ko.properties	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -44,4 +44,4 @@
 out.inflated=\ \uC99D\uAC00\uB428: {0}
 out.size=(\uC785\uB825 = {0}) (\uCD9C\uB825 = {1})
 
-usage=\uC0AC\uC6A9\uBC95: jar {ctxui}[vfmn0PMe] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\n\uC635\uC158:\n    -c  \uC0C8 \uC544\uCE74\uC774\uBE0C\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4.\n    -t  \uC544\uCE74\uC774\uBE0C\uC5D0 \uB300\uD55C \uBAA9\uCC28\uB97C \uB098\uC5F4\uD569\uB2C8\uB2E4.\n    -x  \uBA85\uBA85\uB41C(\uB610\uB294 \uBAA8\uB4E0) \uD30C\uC77C\uC744 \uC544\uCE74\uC774\uBE0C\uC5D0\uC11C \uCD94\uCD9C\uD569\uB2C8\uB2E4.\n    -u  \uAE30\uC874 \uC544\uCE74\uC774\uBE0C\uB97C \uC5C5\uB370\uC774\uD2B8\uD569\uB2C8\uB2E4.\n    -v  \uD45C\uC900 \uCD9C\uB825\uC5D0 \uC0C1\uC138 \uC815\uBCF4 \uCD9C\uB825\uC744 \uC0DD\uC131\uD569\uB2C8\uB2E4.\n    -f  \uC544\uCE74\uC774\uBE0C \uD30C\uC77C \uC774\uB984\uC744 \uC9C0\uC815\uD569\uB2C8\uB2E4.\n    -m  \uC9C0\uC815\uB41C Manifest \uD30C\uC77C\uC758 Manifest \uC815\uBCF4\uB97C \uD3EC\uD568\uD569\uB2C8\uB2E4.\n    -n  \uC0C8 \uC544\uCE74\uC774\uBE0C\uB97C \uC0DD\uC131\uD55C \uD6C4 Pack200 \uC815\uADDC\uD654\uB97C \uC218\uD589\uD569\uB2C8\uB2E4.\n    -e  jar \uC2E4\uD589 \uD30C\uC77C\uC5D0 \uBC88\uB4E4\uB85C \uC81C\uACF5\uB41C \uB3C5\uB9BD\uD615 \uC751\uC6A9 \uD504\uB85C\uADF8\uB7A8\uC758 \n        \uC751\uC6A9 \uD504\uB85C\uADF8\uB7A8 \uC2DC\uC791 \uC9C0\uC810\uC744 \uC9C0\uC815\uD569\uB2C8\uB2E4.\n    -0  \uC800\uC7A5 \uC804\uC6A9: ZIP \uC555\uCD95\uC744 \uC0AC\uC6A9\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.\n    -P  \uD30C\uC77C \uC774\uB984\uC5D0\uC11C \uC120\uD589 '/'(\uC808\uB300 \uACBD\uB85C) \uBC0F ".."(\uC0C1\uC704 \uB514\uB809\uD1A0\uB9AC) \uAD6C\uC131 \uC694\uC18C\uB97C \uC720\uC9C0\uD569\uB2C8\uB2E4.\n    -M  \uD56D\uBAA9\uC5D0 \uB300\uD574 Manifest \uD30C\uC77C\uC744 \uC0DD\uC131\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.\n    -i  \uC9C0\uC815\uB41C jar \uD30C\uC77C\uC5D0 \uB300\uD55C \uC778\uB371\uC2A4 \uC815\uBCF4\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4.\n    -C  \uC9C0\uC815\uB41C \uB514\uB809\uD1A0\uB9AC\uB85C \uBCC0\uACBD\uD558\uACE0 \uB2E4\uC74C \uD30C\uC77C\uC744 \uD3EC\uD568\uD569\uB2C8\uB2E4.\n\uD2B9\uC815 \uD30C\uC77C\uC774 \uB514\uB809\uD1A0\uB9AC\uC77C \uACBD\uC6B0 \uC21C\uD658\uC801\uC73C\uB85C \uCC98\uB9AC\uB429\uB2C8\uB2E4.\nManifest \uD30C\uC77C \uC774\uB984, \uC544\uCE74\uC774\uBE0C \uD30C\uC77C \uC774\uB984 \uBC0F \uC2DC\uC791 \uC9C0\uC810 \uC774\uB984\uC740\n'm', 'f' \uBC0F 'e' \uD50C\uB798\uADF8\uC640 \uB3D9\uC77C\uD55C \uC21C\uC11C\uB85C \uC9C0\uC815\uB429\uB2C8\uB2E4.\n\n\uC608 1: classes.jar\uB77C\uB294 \uC544\uCE74\uC774\uBE0C\uC5D0 \uB450 \uD074\uB798\uC2A4 \uD30C\uC77C\uC744 \uC544\uCE74\uC774\uBE0C\uD558\uB294 \uBC29\uBC95: \n       jar cvf classes.jar Foo.class Bar.class \n\uC608 2: \uAE30\uC874 Manifest \uD30C\uC77C 'mymanifest'\uB97C \uC0AC\uC6A9\uD558\uC5EC\n           foo/ \uB514\uB809\uD1A0\uB9AC\uC758 \uBAA8\uB4E0 \uD30C\uC77C\uC744 'classes.jar'\uB85C \uC544\uCE74\uC774\uBE0C\uD558\uB294 \uBC29\uBC95: \n       jar cvfm classes.jar mymanifest -C foo/ .
+usage=\uC0AC\uC6A9\uBC95: jar {ctxui}[vfmn0PMe] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\n\uC635\uC158:\n    -c  \uC0C8 \uC544\uCE74\uC774\uBE0C\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4.\n    -t  \uC544\uCE74\uC774\uBE0C\uC5D0 \uB300\uD55C \uBAA9\uCC28\uB97C \uB098\uC5F4\uD569\uB2C8\uB2E4.\n    -x  \uBA85\uBA85\uB41C(\uB610\uB294 \uBAA8\uB4E0) \uD30C\uC77C\uC744 \uC544\uCE74\uC774\uBE0C\uC5D0\uC11C \uCD94\uCD9C\uD569\uB2C8\uB2E4.\n    -u  \uAE30\uC874 \uC544\uCE74\uC774\uBE0C\uB97C \uC5C5\uB370\uC774\uD2B8\uD569\uB2C8\uB2E4.\n    -v  \uD45C\uC900 \uCD9C\uB825\uC5D0 \uC0C1\uC138 \uC815\uBCF4 \uCD9C\uB825\uC744 \uC0DD\uC131\uD569\uB2C8\uB2E4.\n    -f  \uC544\uCE74\uC774\uBE0C \uD30C\uC77C \uC774\uB984\uC744 \uC9C0\uC815\uD569\uB2C8\uB2E4.\n    -m  \uC9C0\uC815\uB41C Manifest \uD30C\uC77C\uC758 Manifest \uC815\uBCF4\uB97C \uD3EC\uD568\uD569\uB2C8\uB2E4.\n    -n  \uC0C8 \uC544\uCE74\uC774\uBE0C\uB97C \uC0DD\uC131\uD55C \uD6C4 Pack200 \uC815\uADDC\uD654\uB97C \uC218\uD589\uD569\uB2C8\uB2E4.\n    -e  jar \uC2E4\uD589 \uD30C\uC77C\uC5D0 \uBC88\uB4E4\uB85C \uC81C\uACF5\uB41C \uB3C5\uB9BD\uD615 \uC560\uD50C\uB9AC\uCF00\uC774\uC158\uC758 \n        \uC560\uD50C\uB9AC\uCF00\uC774\uC158 \uC2DC\uC791 \uC9C0\uC810\uC744 \uC9C0\uC815\uD569\uB2C8\uB2E4.\n    -0  \uC800\uC7A5 \uC804\uC6A9: ZIP \uC555\uCD95\uC744 \uC0AC\uC6A9\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.\n    -P  \uD30C\uC77C \uC774\uB984\uC5D0\uC11C \uC120\uD589 '/'(\uC808\uB300 \uACBD\uB85C) \uBC0F ".."(\uC0C1\uC704 \uB514\uB809\uD1A0\uB9AC) \uAD6C\uC131 \uC694\uC18C\uB97C \uC720\uC9C0\uD569\uB2C8\uB2E4.\n    -M  \uD56D\uBAA9\uC5D0 \uB300\uD574 Manifest \uD30C\uC77C\uC744 \uC0DD\uC131\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.\n    -i  \uC9C0\uC815\uB41C jar \uD30C\uC77C\uC5D0 \uB300\uD55C \uC778\uB371\uC2A4 \uC815\uBCF4\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4.\n    -C  \uC9C0\uC815\uB41C \uB514\uB809\uD1A0\uB9AC\uB85C \uBCC0\uACBD\uD558\uACE0 \uB2E4\uC74C \uD30C\uC77C\uC744 \uD3EC\uD568\uD569\uB2C8\uB2E4.\n\uD2B9\uC815 \uD30C\uC77C\uC774 \uB514\uB809\uD1A0\uB9AC\uC77C \uACBD\uC6B0 \uC21C\uD658\uC801\uC73C\uB85C \uCC98\uB9AC\uB429\uB2C8\uB2E4.\nManifest \uD30C\uC77C \uC774\uB984, \uC544\uCE74\uC774\uBE0C \uD30C\uC77C \uC774\uB984 \uBC0F \uC2DC\uC791 \uC9C0\uC810 \uC774\uB984\uC740\n'm', 'f' \uBC0F 'e' \uD50C\uB798\uADF8\uC640 \uB3D9\uC77C\uD55C \uC21C\uC11C\uB85C \uC9C0\uC815\uB429\uB2C8\uB2E4.\n\n\uC608 1: classes.jar\uB77C\uB294 \uC544\uCE74\uC774\uBE0C\uC5D0 \uB450 \uD074\uB798\uC2A4 \uD30C\uC77C\uC744 \uC544\uCE74\uC774\uBE0C\uD558\uB294 \uBC29\uBC95: \n       jar cvf classes.jar Foo.class Bar.class \n\uC608 2: \uAE30\uC874 Manifest \uD30C\uC77C 'mymanifest'\uB97C \uC0AC\uC6A9\uD558\uC5EC\n           foo/ \uB514\uB809\uD1A0\uB9AC\uC758 \uBAA8\uB4E0 \uD30C\uC77C\uC744 'classes.jar'\uB85C \uC544\uCE74\uC774\uBE0C\uD558\uB294 \uBC29\uBC95: \n       jar cvfm classes.jar mymanifest -C foo/ .
--- a/src/share/classes/sun/util/resources/TimeZoneNames.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/util/resources/TimeZoneNames.java	Sun May 01 21:26:40 2016 -0700
@@ -402,7 +402,7 @@
             {"America/Mendoza", AGT},
             {"America/Menominee", CST},
             {"America/Merida", CST},
-            {"America/Metlakatla", PST},
+            {"America/Metlakatla", AKST},
             {"America/Mexico_City", CST},
             {"America/Miquelon", new String[] {"Pierre & Miquelon Standard Time", "PMST",
                                                "Pierre & Miquelon Daylight Time", "PMDT"}},
@@ -505,7 +505,7 @@
             {"Asia/Brunei", new String[] {"Brunei Time", "BNT",
                                           "Brunei Summer Time", "BNST"}},
             {"Asia/Calcutta", IST},
-            {"Asia/Chita", IRKT},
+            {"Asia/Chita", YAKT},
             {"Asia/Choibalsan", new String[] {"Choibalsan Time", "CHOT",
                                               "Choibalsan Summer Time", "CHOST"}},
             {"Asia/Chongqing", CTT},
@@ -539,8 +539,7 @@
             {"Asia/Kashgar", XJT},
             {"Asia/Kathmandu", NPT},
             {"Asia/Katmandu", NPT},
-            {"Asia/Khandyga", new String[] {"Khandyga Time", "YAKT",
-                                            "Khandyga Summer Time", "YAKST"}},
+            {"Asia/Khandyga", YAKT},
             {"Asia/Kolkata", IST},
             {"Asia/Krasnoyarsk", KRAT},
             {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_de.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/util/resources/TimeZoneNames_de.java	Sun May 01 21:26:40 2016 -0700
@@ -402,7 +402,7 @@
             {"America/Mendoza", AGT},
             {"America/Menominee", CST},
             {"America/Merida", CST},
-            {"America/Metlakatla", PST},
+            {"America/Metlakatla", AKST},
             {"America/Mexico_City", CST},
             {"America/Miquelon", new String[] {"Pierre & Miquelon Normalzeit", "PMST",
                                                "Pierre & Miquelon Sommerzeit", "PMDT"}},
@@ -505,7 +505,7 @@
             {"Asia/Brunei", new String[] {"Brunei Zeit", "BNT",
                                           "Brunei Sommerzeit", "BNST"}},
             {"Asia/Calcutta", IST},
-            {"Asia/Chita", IRKT},
+            {"Asia/Chita", YAKT},
             {"Asia/Choibalsan", new String[] {"Choibalsan Zeit", "CHOT",
                                               "Choibalsan Sommerzeit", "CHOST"}},
             {"Asia/Chongqing", CTT},
@@ -539,8 +539,7 @@
             {"Asia/Kashgar", XJT},
             {"Asia/Kathmandu", NPT},
             {"Asia/Katmandu", NPT},
-            {"Asia/Khandyga", new String[] {"Chandyga Zeit", "YAKT",
-                                            "Chandyga Sommerzeit", "YAKST"}},
+            {"Asia/Khandyga", YAKT},
             {"Asia/Kolkata", IST},
             {"Asia/Krasnoyarsk", KRAT},
             {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_es.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/util/resources/TimeZoneNames_es.java	Sun May 01 21:26:40 2016 -0700
@@ -402,7 +402,7 @@
             {"America/Mendoza", AGT},
             {"America/Menominee", CST},
             {"America/Merida", CST},
-            {"America/Metlakatla", PST},
+            {"America/Metlakatla", AKST},
             {"America/Mexico_City", CST},
             {"America/Miquelon", new String[] {"Hora est\u00e1ndar de Pierre & Miquelon", "PMST",
                                                "Hora de verano de Pierre & Miquelon", "PMDT"}},
@@ -505,7 +505,7 @@
             {"Asia/Brunei", new String[] {"Hora de Brunei", "BNT",
                                           "Hora de verano de Brunei", "BNST"}},
             {"Asia/Calcutta", IST},
-            {"Asia/Chita", IRKT},
+            {"Asia/Chita", YAKT},
             {"Asia/Choibalsan", new String[] {"Hora de Choibalsan", "CHOT",
                                               "Hora de verano de Choibalsan", "CHOST"}},
             {"Asia/Chongqing", CTT},
@@ -539,8 +539,7 @@
             {"Asia/Kashgar", XJT},
             {"Asia/Kathmandu", NPT},
             {"Asia/Katmandu", NPT},
-            {"Asia/Khandyga", new String[] {"Hora de Khandyga", "YAKT",
-                                            "Hora de verano de Khandyga", "YAKST"}},
+            {"Asia/Khandyga", YAKT},
             {"Asia/Kolkata", IST},
             {"Asia/Krasnoyarsk", KRAT},
             {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_fr.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/util/resources/TimeZoneNames_fr.java	Sun May 01 21:26:40 2016 -0700
@@ -402,7 +402,7 @@
             {"America/Mendoza", AGT},
             {"America/Menominee", CST},
             {"America/Merida", CST},
-            {"America/Metlakatla", PST},
+            {"America/Metlakatla", AKST},
             {"America/Mexico_City", CST},
             {"America/Miquelon", new String[] {"Heure normale de Saint-Pierre et Miquelon", "PMST",
                                                "Heure avanc\u00e9e de Saint-Pierre et Miquelon", "PMDT"}},
@@ -505,7 +505,7 @@
             {"Asia/Brunei", new String[] {"Heure du Brunei", "BNT",
                                           "Heure d'\u00e9t\u00e9 du Brunei", "BNST"}},
             {"Asia/Calcutta", IST},
-            {"Asia/Chita", IRKT},
+            {"Asia/Chita", YAKT},
             {"Asia/Choibalsan", new String[] {"Heure de Choibalsan", "CHOT",
                                               "Heure d'\u00e9t\u00e9 de Choibalsan", "CHOST"}},
             {"Asia/Chongqing", CTT},
@@ -539,8 +539,7 @@
             {"Asia/Kashgar", XJT},
             {"Asia/Kathmandu", NPT},
             {"Asia/Katmandu", NPT},
-            {"Asia/Khandyga", new String[] {"Heure de Khandyga", "YAKT",
-                                            "Heure d'\u00E9t\u00E9 de Khandyga", "YAKST"}},
+            {"Asia/Khandyga", YAKT},
             {"Asia/Kolkata", IST},
             {"Asia/Krasnoyarsk", KRAT},
             {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_it.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/util/resources/TimeZoneNames_it.java	Sun May 01 21:26:40 2016 -0700
@@ -402,7 +402,7 @@
             {"America/Mendoza", AGT},
             {"America/Menominee", CST},
             {"America/Merida", CST},
-            {"America/Metlakatla", PST},
+            {"America/Metlakatla", AKST},
             {"America/Mexico_City", CST},
             {"America/Miquelon", new String[] {"Ora solare di Saint-Pierre e Miquelon", "PMST",
                                                "Ora legale di Saint-Pierre e Miquelon", "PMDT"}},
@@ -505,7 +505,7 @@
             {"Asia/Brunei", new String[] {"Ora del Brunei", "BNT",
                                           "Ora estiva del Brunei", "BNST"}},
             {"Asia/Calcutta", IST},
-            {"Asia/Chita", IRKT},
+            {"Asia/Chita", YAKT},
             {"Asia/Choibalsan", new String[] {"Ora di Choibalsan", "CHOT",
                                               "Ora estiva di Choibalsan", "CHOST"}},
             {"Asia/Chongqing", CTT},
@@ -539,8 +539,7 @@
             {"Asia/Kashgar", XJT},
             {"Asia/Kathmandu", NPT},
             {"Asia/Katmandu", NPT},
-            {"Asia/Khandyga", new String[] {"Ora di Khandyga", "YAKT",
-                                            "Ora estiva di Khandyga", "YAKST"}},
+            {"Asia/Khandyga", YAKT},
             {"Asia/Kolkata", IST},
             {"Asia/Krasnoyarsk", KRAT},
             {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_ja.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/util/resources/TimeZoneNames_ja.java	Sun May 01 21:26:40 2016 -0700
@@ -402,7 +402,7 @@
             {"America/Mendoza", AGT},
             {"America/Menominee", CST},
             {"America/Merida", CST},
-            {"America/Metlakatla", PST},
+            {"America/Metlakatla", AKST},
             {"America/Mexico_City", CST},
             {"America/Miquelon", new String[] {"\u30b5\u30f3\u30d4\u30a8\u30fc\u30eb\u30fb\u30df\u30af\u30ed\u30f3\u8af8\u5cf6\u6a19\u6e96\u6642", "PMST",
                                                "\u30b5\u30f3\u30d4\u30a8\u30fc\u30eb\u30fb\u30df\u30af\u30ed\u30f3\u8af8\u5cf6\u590f\u6642\u9593", "PMDT"}},
@@ -505,7 +505,7 @@
             {"Asia/Brunei", new String[] {"\u30d6\u30eb\u30cd\u30a4\u6642\u9593", "BNT",
                                           "\u30d6\u30eb\u30cd\u30a4\u590f\u6642\u9593", "BNST"}},
             {"Asia/Calcutta", IST},
-            {"Asia/Chita", IRKT},
+            {"Asia/Chita", YAKT},
             {"Asia/Choibalsan", new String[] {"\u30c1\u30e7\u30a4\u30d0\u30eb\u30b5\u30f3\u6642\u9593", "CHOT",
                                               "\u30c1\u30e7\u30a4\u30d0\u30eb\u30b5\u30f3\u590f\u6642\u9593", "CHOST"}},
             {"Asia/Chongqing", CTT},
@@ -539,8 +539,7 @@
             {"Asia/Kashgar", XJT},
             {"Asia/Kathmandu", NPT},
             {"Asia/Katmandu", NPT},
-            {"Asia/Khandyga", new String[] {"\u30CF\u30F3\u30C9\u30A5\u30A4\u30AC\u6642\u9593", "YAKT",
-                                            "\u30CF\u30F3\u30C9\u30A5\u30A4\u30AC\u590F\u6642\u9593", "YAKST"}},
+            {"Asia/Khandyga", YAKT},
             {"Asia/Kolkata", IST},
             {"Asia/Krasnoyarsk", KRAT},
             {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_ko.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/util/resources/TimeZoneNames_ko.java	Sun May 01 21:26:40 2016 -0700
@@ -402,7 +402,7 @@
             {"America/Mendoza", AGT},
             {"America/Menominee", CST},
             {"America/Merida", CST},
-            {"America/Metlakatla", PST},
+            {"America/Metlakatla", AKST},
             {"America/Mexico_City", CST},
             {"America/Miquelon", new String[] {"\ud53c\uc5d0\ub974 \ubbf8\ud06c\ub860 \ud45c\uc900\uc2dc", "PMST",
                                                "\ud53c\uc5d0\ub974 \ubbf8\ud06c\ub860 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "PMDT"}},
@@ -505,7 +505,7 @@
             {"Asia/Brunei", new String[] {"\ube0c\ub8e8\ub098\uc774 \uc2dc\uac04", "BNT",
                                           "\ube0c\ub8e8\ub098\uc774 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "BNST"}},
             {"Asia/Calcutta", IST},
-            {"Asia/Chita", IRKT},
+            {"Asia/Chita", YAKT},
             {"Asia/Choibalsan", new String[] {"Choibalsan \uc2dc\uac04", "CHOT",
                                               "Choibalsan \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "CHOST"}},
             {"Asia/Chongqing", CTT},
@@ -539,8 +539,7 @@
             {"Asia/Kashgar", XJT},
             {"Asia/Kathmandu", NPT},
             {"Asia/Katmandu", NPT},
-            {"Asia/Khandyga", new String[] {"\uD55C\uB514\uAC00 \uD45C\uC900\uC2DC", "YAKT",
-                                            "\uD55C\uB514\uAC00 \uC77C\uAD11 \uC808\uC57D \uC2DC\uAC04", "YAKST"}},
+            {"Asia/Khandyga", YAKT},
             {"Asia/Kolkata", IST},
             {"Asia/Krasnoyarsk", KRAT},
             {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java	Sun May 01 21:26:40 2016 -0700
@@ -402,7 +402,7 @@
             {"America/Mendoza", AGT},
             {"America/Menominee", CST},
             {"America/Merida", CST},
-            {"America/Metlakatla", PST},
+            {"America/Metlakatla", AKST},
             {"America/Mexico_City", CST},
             {"America/Miquelon", new String[] {"Fuso hor\u00e1rio padr\u00e3o de S\u00e3o Pedro e Miquelon", "PMST",
                                                "Hor\u00e1rio de luz natural de S\u00e3o Pedro e Miquelon", "PMDT"}},
@@ -505,7 +505,7 @@
             {"Asia/Brunei", new String[] {"Fuso hor\u00e1rio de Brunei", "BNT",
                                           "Fuso hor\u00e1rio de ver\u00e3o de Brunei", "BNST"}},
             {"Asia/Calcutta", IST},
-            {"Asia/Chita", IRKT},
+            {"Asia/Chita", YAKT},
             {"Asia/Choibalsan", new String[] {"Fuso hor\u00e1rio de Choibalsan", "CHOT",
                                               "Fuso hor\u00e1rio de ver\u00e3o de Choibalsan", "CHOST"}},
             {"Asia/Chongqing", CTT},
@@ -539,8 +539,7 @@
             {"Asia/Kashgar", XJT},
             {"Asia/Kathmandu", NPT},
             {"Asia/Katmandu", NPT},
-            {"Asia/Khandyga", new String[] {"Hor\u00E1rio de Khandyga", "YAKT",
-                                            "Hor\u00E1rio de Ver\u00E3o de Khandyga", "YAKST"}},
+            {"Asia/Khandyga", YAKT},
             {"Asia/Kolkata", IST},
             {"Asia/Krasnoyarsk", KRAT},
             {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_sv.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/util/resources/TimeZoneNames_sv.java	Sun May 01 21:26:40 2016 -0700
@@ -402,7 +402,7 @@
             {"America/Mendoza", AGT},
             {"America/Menominee", CST},
             {"America/Merida", CST},
-            {"America/Metlakatla", PST},
+            {"America/Metlakatla", AKST},
             {"America/Mexico_City", CST},
             {"America/Miquelon", new String[] {"Saint-Pierre-et-Miquelon, normaltid", "PMST",
                                                "Saint-Pierre-et-Miquelon, sommartid", "PMDT"}},
@@ -509,7 +509,7 @@
                                               "Choibalsan, sommartid", "CHOST"}},
             {"Asia/Chongqing", CTT},
             {"Asia/Chungking", CTT},
-            {"Asia/Chita", IRKT},
+            {"Asia/Chita", YAKT},
             {"Asia/Colombo", IST},
             {"Asia/Dacca", BDT},
             {"Asia/Dhaka", BDT},
@@ -539,8 +539,7 @@
             {"Asia/Kashgar", XJT},
             {"Asia/Kathmandu", NPT},
             {"Asia/Katmandu", NPT},
-            {"Asia/Khandyga", new String[] {"Khandyga, normaltid", "YAKT",
-                                            "Khandyga, sommartid", "YAKST"}},
+            {"Asia/Khandyga", YAKT},
             {"Asia/Kolkata", IST},
             {"Asia/Krasnoyarsk", KRAT},
             {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java	Sun May 01 21:26:40 2016 -0700
@@ -402,7 +402,7 @@
             {"America/Mendoza", AGT},
             {"America/Menominee", CST},
             {"America/Merida", CST},
-            {"America/Metlakatla", PST},
+            {"America/Metlakatla", AKST},
             {"America/Mexico_City", CST},
             {"America/Miquelon", new String[] {"\u76ae\u57c3\u5c14\u5c9b\u53ca\u5bc6\u514b\u9686\u5c9b\u6807\u51c6\u65f6\u95f4", "PMST",
                                                "\u76ae\u57c3\u5c14\u5c9b\u53ca\u5bc6\u514b\u9686\u5c9b\u590f\u4ee4\u65f6", "PMDT"}},
@@ -505,7 +505,7 @@
             {"Asia/Brunei", new String[] {"\u6587\u83b1\u65f6\u95f4", "BNT",
                                           "\u6587\u83b1\u590f\u4ee4\u65f6", "BNST"}},
             {"Asia/Calcutta", IST},
-            {"Asia/Chita", IRKT},
+            {"Asia/Chita", YAKT},
             {"Asia/Choibalsan", new String[] {"Choibalsan \u65f6\u95f4", "CHOT",
                                               "Choibalsan \u590f\u4ee4\u65f6", "CHOST"}},
             {"Asia/Chongqing", CTT},
@@ -539,8 +539,7 @@
             {"Asia/Kashgar", XJT},
             {"Asia/Kathmandu", NPT},
             {"Asia/Katmandu", NPT},
-            {"Asia/Khandyga", new String[] {"\u6C49\u5FB7\u52A0\u65F6\u95F4", "YAKT",
-                                            "\u6C49\u5FB7\u52A0\u590F\u4EE4\u65F6", "YAKST"}},
+            {"Asia/Khandyga", YAKT},
             {"Asia/Kolkata", IST},
             {"Asia/Krasnoyarsk", KRAT},
             {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java	Sun May 01 21:26:40 2016 -0700
@@ -402,7 +402,7 @@
             {"America/Mendoza", AGT},
             {"America/Menominee", CST},
             {"America/Merida", CST},
-            {"America/Metlakatla", PST},
+            {"America/Metlakatla", AKST},
             {"America/Mexico_City", CST},
             {"America/Miquelon", new String[] {"\u76ae\u57c3\u723e\u5cf6\u53ca\u5bc6\u514b\u9686\u5cf6\u6a19\u6e96\u6642\u9593", "PMST",
                                                "\u76ae\u57c3\u723e\u5cf6\u53ca\u5bc6\u514b\u9686\u5cf6\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "PMDT"}},
@@ -505,7 +505,7 @@
             {"Asia/Brunei", new String[] {"\u6c76\u840a\u6642\u9593", "BNT",
                                           "\u6c76\u840a\u590f\u4ee4\u6642\u9593", "BNST"}},
             {"Asia/Calcutta", IST},
-            {"Asia/Chita", IRKT},
+            {"Asia/Chita", YAKT},
             {"Asia/Choibalsan", new String[] {"\u5de7\u5df4\u5c71 (Choibalsan) \u6642\u9593", "CHOT",
                                               "\u5de7\u5df4\u5c71 (Choibalsan) \u590f\u4ee4\u6642\u9593", "CHOST"}},
             {"Asia/Chongqing", CTT},
@@ -539,8 +539,7 @@
             {"Asia/Kashgar", XJT},
             {"Asia/Kathmandu", NPT},
             {"Asia/Katmandu", NPT},
-            {"Asia/Khandyga", new String[] {"\u6F22\u5730\u52A0 (Khandyga) \u6642\u9593", "YAKT",
-                                            "\u6F22\u5730\u52A0 (Khandyga) \u590F\u4EE4\u6642\u9593", "YAKST"}},
+            {"Asia/Khandyga", YAKT},
             {"Asia/Kolkata", IST},
             {"Asia/Krasnoyarsk", KRAT},
             {"Asia/Kuala_Lumpur", MYT},
--- a/src/share/lib/management/management.properties	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/lib/management/management.properties	Sun May 01 21:26:40 2016 -0700
@@ -316,3 +316,16 @@
 
 # For a non-default password file location use the following line
 # com.sun.management.jmxremote.access.file=filepath
+#
+
+# ################ Management agent listen interface #########################
+#
+# com.sun.management.jmxremote.host=<host-or-interface-name>
+#      Specifies the local interface on which the JMX RMI agent will bind.
+#      This is useful when running on machines which have several
+#      interfaces defined. It makes it possible to listen to a specific
+#      subnet accessible through that interface.
+#
+#      The format of the value for that property is any string accepted
+#      by java.net.InetAddress.getByName(String).
+#
--- a/src/share/lib/security/sunpkcs11-solaris.cfg	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/lib/security/sunpkcs11-solaris.cfg	Sun May 01 21:26:40 2016 -0700
@@ -17,23 +17,27 @@
 attributes = compatibility
 
 disabledMechanisms = {
-# the following mechanisms are disabled due to lack of digest cloning support
-# need to fix 6414899 first
+  CKM_DSA_KEY_PAIR_GEN
+# the following mechanisms are disabled due to CKR_SAVED_STATE_INVALID bug
+# (Solaris bug 7058108)
   CKM_MD2
   CKM_MD5
   CKM_SHA_1
+# the following mechanisms are disabled due to no cloning support
+# (Solaris bug 7050617)
   CKM_SHA256
   CKM_SHA384
   CKM_SHA512
-  CKM_DSA_KEY_PAIR_GEN
-# the following mechanisms are disabled due to performance issues (Solaris bug 6337157)
+# the following mechanisms are disabled due to performance issues
+# (Solaris bug 6337157)
   CKM_DSA_SHA1
   CKM_MD5_RSA_PKCS
   CKM_SHA1_RSA_PKCS
   CKM_SHA256_RSA_PKCS
   CKM_SHA384_RSA_PKCS
   CKM_SHA512_RSA_PKCS
-# the following mechanisms are disabled to ensure backward compatibility (Solaris bug 6545046)
+# the following mechanisms are disabled to ensure backward compatibility
+# (Solaris bug 6545046)
   CKM_DES_CBC_PAD
   CKM_DES3_CBC_PAD
   CKM_AES_CBC_PAD
--- a/src/share/native/sun/font/layout/DeviceTables.cpp	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/native/sun/font/layout/DeviceTables.cpp	Sun May 01 21:26:40 2016 -0700
@@ -45,9 +45,12 @@
 
 le_int16 DeviceTable::getAdjustment(const LEReferenceTo<DeviceTable>&base, le_uint16 ppem, LEErrorCode &success) const
 {
+    le_int16 result = 0;
+    if (LE_FAILURE(success)) {
+        return result;
+    }
     le_uint16 start = SWAPW(startSize);
     le_uint16 format = SWAPW(deltaFormat) - 1;
-    le_int16 result = 0;
 
     if (ppem >= start && ppem <= SWAPW(endSize) && format < FORMAT_COUNT) {
         le_uint16 sizeIndex = ppem - start;
--- a/src/share/native/sun/font/layout/LigatureSubstProc.cpp	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/native/sun/font/layout/LigatureSubstProc.cpp	Sun May 01 21:26:40 2016 -0700
@@ -71,6 +71,10 @@
 {
   LEErrorCode success = LE_NO_ERROR;
   const LigatureSubstitutionStateEntry *entry = entryTable.getAlias(index, success);
+  if (LE_FAILURE(success)) {
+      currGlyph++;
+      return 0;
+  }
 
     ByteOffset newState = SWAPW(entry->newStateOffset);
     le_uint16 flags = SWAPW(entry->flags);
@@ -91,6 +95,10 @@
 
     if (actionOffset != 0) {
       LEReferenceTo<LigatureActionEntry> ap(stHeader, success, actionOffset);
+      if (LE_FAILURE(success)) {
+          currGlyph++;
+          return newState;
+      }
         LigatureActionEntry action;
         le_int32 offset, i = 0, j = 0;
         le_int32 stack[nComponents];
@@ -101,6 +109,10 @@
 
             if (j++ > 0) {
                 ap.addObject(success);
+                if (LE_FAILURE(success)) {
+                    currGlyph++;
+                    return newState;
+                }
             }
 
             action = SWAPL(*ap.getAlias());
@@ -124,9 +136,17 @@
                 return newState; // get out! bad font
               }
               i += SWAPW(offsetTable.getObject(LE_GET_GLYPH(glyphStorage[componentGlyph]), success));
+              if (LE_FAILURE(success)) {
+                  currGlyph++;
+                  return newState;
+              }
 
                 if (action & (lafLast | lafStore))  {
                   LEReferenceTo<TTGlyphID> ligatureOffset(stHeader, success, i);
+                  if (LE_FAILURE(success)) {
+                      currGlyph++;
+                      return newState;
+                  }
                   TTGlyphID ligatureGlyph = SWAPW(*ligatureOffset.getAlias());
 
                   glyphStorage[componentGlyph] = LE_SET_GLYPH(glyphStorage[componentGlyph], ligatureGlyph);
--- a/src/share/native/sun/font/layout/LigatureSubstProc2.cpp	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/native/sun/font/layout/LigatureSubstProc2.cpp	Sun May 01 21:26:40 2016 -0700
@@ -95,6 +95,10 @@
 
     if (actionOffset != 0) {
         LEReferenceTo<LigatureActionEntry> ap(stHeader, success, ligActionOffset); // byte offset
+        if (LE_FAILURE(success)) {
+            currGlyph+= dir;
+            return nextStateIndex;
+        }
         ap.addObject(ligActionIndex, success);
         LEReferenceToArrayOf<TTGlyphID> ligatureTable(stHeader, success, ligatureOffset, LE_UNBOUNDED_ARRAY);
         LigatureActionEntry action;
@@ -114,6 +118,10 @@
             if (j++ > 0) {
                 ap.addObject(success);
             }
+            if (LE_FAILURE(success)) {
+                currGlyph+= dir;
+                return nextStateIndex;
+            }
 
             action = SWAPL(*ap.getAlias());
 
@@ -129,9 +137,17 @@
                   return nextStateIndex; // get out! bad font
                 }
                 i += SWAPW(componentTable(LE_GET_GLYPH(glyphStorage[componentGlyph]) + (SignExtend(offset, lafComponentOffsetMask)),success));
+                if (LE_FAILURE(success)) {
+                    currGlyph+= dir;
+                    return nextStateIndex;
+                }
 
                 if (action & (lafLast | lafStore))  {
                   TTGlyphID ligatureGlyph = SWAPW(ligatureTable(i,success));
+                  if (LE_FAILURE(success)) {
+                      currGlyph+= dir;
+                      return nextStateIndex;
+                  }
                     glyphStorage[componentGlyph] = LE_SET_GLYPH(glyphStorage[componentGlyph], ligatureGlyph);
                     if(mm==nComponents) {
                       LE_DEBUG_BAD_FONT("exceeded nComponents");
--- a/src/share/native/sun/font/layout/StateTableProcessor2.cpp	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/native/sun/font/layout/StateTableProcessor2.cpp	Sun May 01 21:26:40 2016 -0700
@@ -60,6 +60,7 @@
   entryTableOffset = SWAPL(stHeader->entryTableOffset);
 
   classTable = LEReferenceTo<LookupTable>(stHeader, success, classTableOffset);
+  if (LE_FAILURE(success)) return;
   format = SWAPW(classTable->format);
 
   stateArray = LEReferenceToArrayOf<EntryTableIndex2>(stHeader, success, stateArrayOffset, LE_UNBOUNDED_ARRAY);
--- a/src/share/native/sun/java2d/cmm/lcms/cmscgats.c	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/native/sun/java2d/cmm/lcms/cmscgats.c	Sun May 01 21:26:40 2016 -0700
@@ -2545,9 +2545,11 @@
     for (i=0; i < t->nSamples; i++) {
 
         fld = GetDataFormat(it8, i);
+        if (fld != NULL) {
         if (cmsstrcasecmp(fld, cSample) == 0)
             return i;
     }
+    }
 
     return -1;
 
--- a/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  */
 
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
@@ -96,8 +96,8 @@
 #define P11_ENABLE_C_CLOSESESSION
 #undef  P11_ENABLE_C_CLOSEALLSESSIONS
 #define P11_ENABLE_C_GETSESSIONINFO
-#undef  P11_ENABLE_C_GETOPERATIONSTATE
-#undef  P11_ENABLE_C_SETOPERATIONSTATE
+#define P11_ENABLE_C_GETOPERATIONSTATE
+#define P11_ENABLE_C_SETOPERATIONSTATE
 #define P11_ENABLE_C_LOGIN
 #define P11_ENABLE_C_LOGOUT
 #define P11_ENABLE_C_CREATEOBJECT
--- a/src/solaris/classes/sun/awt/X11/XBaseWindow.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/solaris/classes/sun/awt/X11/XBaseWindow.java	Sun May 01 21:26:40 2016 -0700
@@ -661,7 +661,7 @@
         XToolkit.awtLock();
         try {
             XAtom xa = XAtom.get(XAtom.XA_WM_CLASS);
-            xa.setProperty8(getWindow(), cl[0] + '\0' + cl[1]);
+            xa.setProperty8(getWindow(), cl[0] + '\0' + cl[1] + '\0');
         } finally {
             XToolkit.awtUnlock();
         }
--- a/src/solaris/native/sun/awt/fontpath.c	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/solaris/native/sun/awt/fontpath.c	Sun May 01 21:26:40 2016 -0700
@@ -1177,8 +1177,8 @@
             continue;
         }
         pattern = (*FcNameParse)((FcChar8 *)fcName);
+        (*env)->ReleaseStringUTFChars(env, fcNameStr, (const char*)fcName);
         if (pattern == NULL) {
-            (*env)->ReleaseStringUTFChars(env, fcNameStr, (const char*)fcName);
             closeFontConfig(libfontconfig, JNI_FALSE);
             return;
         }
@@ -1196,7 +1196,6 @@
         fontset = (*FcFontSort)(NULL, pattern, FcTrue, NULL, &result);
         if (fontset == NULL) {
             (*FcPatternDestroy)(pattern);
-            (*env)->ReleaseStringUTFChars(env, fcNameStr, (const char*)fcName);
             closeFontConfig(libfontconfig, JNI_FALSE);
             return;
         }
@@ -1228,7 +1227,6 @@
             }
             (*FcPatternDestroy)(pattern);
             (*FcFontSetDestroy)(fontset);
-            (*env)->ReleaseStringUTFChars(env, fcNameStr, (const char*)fcName);
             closeFontConfig(libfontconfig, JNI_FALSE);
             return;
         }
@@ -1269,8 +1267,6 @@
                 free(file);
                 (*FcPatternDestroy)(pattern);
                 (*FcFontSetDestroy)(fontset);
-                (*env)->ReleaseStringUTFChars(env,
-                                              fcNameStr, (const char*)fcName);
                 closeFontConfig(libfontconfig, JNI_FALSE);
                 return;
             }
@@ -1315,6 +1311,16 @@
         if (includeFallbacks) {
             fcFontArr =
                 (*env)->NewObjectArray(env, fontCount, fcFontClass, NULL);
+            if (IS_NULL(fcFontArr)) {
+                free(family);
+                free(fullname);
+                free(styleStr);
+                free(file);
+                (*FcPatternDestroy)(pattern);
+                (*FcFontSetDestroy)(fontset);
+                closeFontConfig(libfontconfig, JNI_FALSE);
+                return;
+            }
             (*env)->SetObjectField(env,fcCompFontObj, fcAllFontsID, fcFontArr);
         }
         fn=0;
@@ -1323,18 +1329,23 @@
             if (family[j] != NULL) {
                 jobject fcFont =
                     (*env)->NewObject(env, fcFontClass, fcFontCons);
+                if (IS_NULL(fcFont)) break;
                 jstr = (*env)->NewStringUTF(env, (const char*)family[j]);
+                if (IS_NULL(jstr)) break;
                 (*env)->SetObjectField(env, fcFont, familyNameID, jstr);
                 if (file[j] != NULL) {
                     jstr = (*env)->NewStringUTF(env, (const char*)file[j]);
+                    if (IS_NULL(jstr)) break;
                     (*env)->SetObjectField(env, fcFont, fontFileID, jstr);
                 }
                 if (styleStr[j] != NULL) {
                     jstr = (*env)->NewStringUTF(env, (const char*)styleStr[j]);
+                    if (IS_NULL(jstr)) break;
                     (*env)->SetObjectField(env, fcFont, styleNameID, jstr);
                 }
                 if (fullname[j] != NULL) {
                     jstr = (*env)->NewStringUTF(env, (const char*)fullname[j]);
+                    if (IS_NULL(jstr)) break;
                     (*env)->SetObjectField(env, fcFont, fullNameID, jstr);
                 }
                 if (fn==0) {
@@ -1348,7 +1359,6 @@
                 }
             }
         }
-        (*env)->ReleaseStringUTFChars (env, fcNameStr, (const char*)fcName);
         (*FcFontSetDestroy)(fontset);
         (*FcPatternDestroy)(pattern);
         free(family);
--- a/src/windows/classes/sun/security/mscapi/RSASignature.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/windows/classes/sun/security/mscapi/RSASignature.java	Sun May 01 21:26:40 2016 -0700
@@ -51,6 +51,7 @@
  *
  *  . "NONEwithRSA"
  *  . "SHA1withRSA"
+ *  . "SHA224withRSA"
  *  . "SHA256withRSA"
  *  . "SHA384withRSA"
  *  . "SHA512withRSA"
@@ -61,8 +62,8 @@
  *
  * NOTE: NONEwithRSA must be supplied with a pre-computed message digest.
  *       Only the following digest algorithms are supported: MD5, SHA-1,
- *       SHA-256, SHA-384, SHA-512 and a special-purpose digest algorithm
- *       which is a concatenation of SHA-1 and MD5 digests.
+ *       SHA-224, SHA-256, SHA-384, SHA-512 and a special-purpose digest
+ *       algorithm which is a concatenation of SHA-1 and MD5 digests.
  *
  * @since   1.6
  * @author  Stanley Man-Kit Ho
@@ -184,6 +185,8 @@
                 setDigestName("SHA-512");
             } else if (offset == 16) {
                 setDigestName("MD5");
+            } else if (offset == 28) {
+                setDigestName("SHA-224");
             } else {
                 throw new SignatureException(
                     "Message digest length is not supported");
@@ -203,6 +206,12 @@
         }
     }
 
+    public static final class SHA224 extends RSASignature {
+        public SHA224() {
+            super("SHA-224");
+        }
+    }
+
     public static final class SHA256 extends RSASignature {
         public SHA256() {
             super("SHA-256");
--- a/src/windows/classes/sun/security/mscapi/SunMSCAPI.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/src/windows/classes/sun/security/mscapi/SunMSCAPI.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -81,18 +81,30 @@
          */
         // NONEwithRSA must be supplied with a pre-computed message digest.
         // Only the following digest algorithms are supported: MD5, SHA-1,
-        // SHA-256, SHA-384, SHA-512 and a special-purpose digest algorithm
-        // which is a concatenation of SHA-1 and MD5 digests.
+        // SHA-224, SHA-256, SHA-384, SHA-512 and a special-purpose digest
+        // algorithm which is a concatenation of SHA-1 and MD5 digests.
         map.put("Signature.NONEwithRSA",
             "sun.security.mscapi.RSASignature$Raw");
         map.put("Signature.SHA1withRSA",
             "sun.security.mscapi.RSASignature$SHA1");
+        map.put("Signature.SHA224withRSA",
+            "sun.security.mscapi.RSASignature$SHA224");
+        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.14",     "SHA224withRSA");
+        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA");
         map.put("Signature.SHA256withRSA",
             "sun.security.mscapi.RSASignature$SHA256");
+        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.11",     "SHA256withRSA");
+        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA");
         map.put("Signature.SHA384withRSA",
             "sun.security.mscapi.RSASignature$SHA384");
+        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.12",     "SHA384withRSA");
+        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA");
+
         map.put("Signature.SHA512withRSA",
             "sun.security.mscapi.RSASignature$SHA512");
+        map.put("Alg.Alias.Signature.1.2.840.113549.1.1.13",     "SHA512withRSA");
+        map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA");
+
         map.put("Signature.MD5withRSA",
             "sun.security.mscapi.RSASignature$MD5");
         map.put("Signature.MD2withRSA",
@@ -103,6 +115,8 @@
             "sun.security.mscapi.Key");
         map.put("Signature.SHA1withRSA SupportedKeyClasses",
             "sun.security.mscapi.Key");
+        map.put("Signature.SHA224withRSA SupportedKeyClasses",
+            "sun.security.mscapi.Key");
         map.put("Signature.SHA256withRSA SupportedKeyClasses",
             "sun.security.mscapi.Key");
         map.put("Signature.SHA384withRSA SupportedKeyClasses",
--- a/test/ProblemList.txt	Mon Feb 01 17:33:13 2016 -0800
+++ b/test/ProblemList.txt	Sun May 01 21:26:40 2016 -0700
@@ -43,11 +43,11 @@
 #
 # List items  are testnames followed by labels, all MUST BE commented
 #   as to why they are here and use a label:
-#     generic-all       Problems on all platforms
-#     generic-ARCH      Where ARCH is one of: sparc, sparcv9, x64, i586, etc.
-#     OSNAME-all        Where OSNAME is one of: solaris, linux, windows
-#     OSNAME-ARCH       Specific on to one OSNAME and ARCH, e.g. solaris-x64
-#     OSNAME-REV        Specific on to one OSNAME and REV, e.g. solaris-5.8
+#     generic-all   Problems on all platforms
+#     generic-ARCH  Where ARCH is one of: sparc, sparcv9, x64, i586, etc.
+#     OSNAME-all    Where OSNAME is one of: solaris, linux, windows, macosx, aix
+#     OSNAME-ARCH   Specific on to one OSNAME and ARCH, e.g. solaris-amd64
+#     OSNAME-REV    Specific on to one OSNAME and REV, e.g. solaris-5.8
 #
 # More than one label is allowed but must be on the same line.
 #
@@ -221,6 +221,11 @@
 # Windows i586 failure, callback did not complete
 javax/management/eventService/LeaseManagerDeadlockTest.java     windows-all
 
+# 8030957
+com/sun/management/OperatingSystemMXBean/GetProcessCpuLoad.java aix-all
+com/sun/management/OperatingSystemMXBean/GetSystemCpuLoad.java  aix-all
+javax/management/MBeanServer/OldMBeanServerTest.java            aix-all
+
 ############################################################################
 
 # jdk_math
--- a/test/com/sun/corba/5036554/TestCorbaBug.sh	Mon Feb 01 17:33:13 2016 -0800
+++ b/test/com/sun/corba/5036554/TestCorbaBug.sh	Sun May 01 21:26:40 2016 -0700
@@ -48,7 +48,7 @@
 # set platform-dependent variables
 OS=`uname -s`
 case "$OS" in
-  SunOS | Linux | Darwin | *BSD )
+  SunOS | Linux | Darwin | *BSD | AIX )
     PS=":"
     FS="/"
     ;;
--- a/test/com/sun/corba/cachedSocket/7056731.sh	Mon Feb 01 17:33:13 2016 -0800
+++ b/test/com/sun/corba/cachedSocket/7056731.sh	Sun May 01 21:26:40 2016 -0700
@@ -31,7 +31,7 @@
 
 OS=`uname -s`
 case "$OS" in
-  SunOS | Linux | Darwin )
+  SunOS | Linux | Darwin | AIX )
     PS=":"
     FS="/"
     ;;
--- a/test/com/sun/crypto/provider/Cipher/RSA/TestOAEP.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/test/com/sun/crypto/provider/Cipher/RSA/TestOAEP.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -58,6 +58,7 @@
         Cipher.getInstance("RSA/ECB/OAEPwithMD5andMGF1Padding");
         Cipher.getInstance("RSA/ECB/OAEPwithSHA1andMGF1Padding");
         Cipher.getInstance("RSA/ECB/OAEPwithSHA-1andMGF1Padding");
+        Cipher.getInstance("RSA/ECB/OAEPwithSHA-224andMGF1Padding");
         Cipher.getInstance("RSA/ECB/OAEPwithSHA-256andMGF1Padding");
         Cipher.getInstance("RSA/ECB/OAEPwithSHA-384andMGF1Padding");
         Cipher.getInstance("RSA/ECB/OAEPwithSHA-512andMGF1Padding");
@@ -88,6 +89,18 @@
         // tests alias works
         testEncryptDecrypt("SHA-1", 16);
 
+        // basic test using SHA-224
+        testEncryptDecrypt("SHA-224", 0);
+        testEncryptDecrypt("SHA-224", 16);
+        testEncryptDecrypt("SHA-224", 38);
+        try {
+            testEncryptDecrypt("SHA-224", 39);
+            throw new Exception("Unexpectedly completed call");
+        } catch (IllegalBlockSizeException e) {
+            // ok
+            System.out.println(e);
+        }
+
         // basic test using SHA-256
         testEncryptDecrypt("SHA-256", 0);
         testEncryptDecrypt("SHA-256", 16);
@@ -195,6 +208,7 @@
         System.out.println("Done (" + (stop - start) + " ms).");
     }
 
+    // NOTE: OAEP can process up to (modLen - 2*digestLen - 2) bytes of data
     private static void testEncryptDecrypt(String hashAlg, int dataLength) throws Exception {
         System.out.println("Testing OAEP with hash " + hashAlg + ", " + dataLength + " bytes");
         Cipher c = Cipher.getInstance("RSA/ECB/OAEPwith" + hashAlg + "andMGF1Padding", cp);
--- a/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPParameterSpec.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -121,6 +121,7 @@
     public static void main(String[] argv) throws Exception {
         boolean status = true;
         byte[] p = { (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04 };
+        status &= runTest("SHA-224", MGF1ParameterSpec.SHA224, p);
         status &= runTest("SHA-256", MGF1ParameterSpec.SHA256, p);
         status &= runTest("SHA-384", MGF1ParameterSpec.SHA384, p);
         status &= runTest("SHA-512", MGF1ParameterSpec.SHA512, p);
--- a/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/test/com/sun/crypto/provider/Cipher/RSA/TestOAEPWithParams.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,10 +47,10 @@
     private static Random random = new Random();
 
     private static String MD[] = {
-        "MD5", "SHA1", "SHA-256"
+        "MD5", "SHA1", "SHA-224", "SHA-256"
     };
     private static int DATA_LENGTH[] = {
-        62, 54, 30
+        62, 54, 34, 30
     };
     public static void main(String[] args) throws Exception {
         long start = System.currentTimeMillis();
--- a/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 6330287 6331386
+ * @bug 6330287 6331386 7044060
  * @summary verify that DHKeyPairGenerator returns keys of the expected size
  * (modulus and exponent)
  * -and-
@@ -57,7 +57,8 @@
      * Sizes and values for various lengths.
      */
     private enum Sizes {
-        two56(256), three84(384), five12(512), seven68(768), ten24(1024);
+        two56(256), three84(384), five12(512), seven68(768), ten24(1024),
+        twenty48(2048);
 
         private final int intSize;
         private final BigInteger bigIntValue;
@@ -82,7 +83,8 @@
         KeyPair kp;
         KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH", "SunJCE");
 
-        // Sun's default uses a default psize of 1024/lsize of 512
+        // Sun's default uses a default psize of 1024 and
+        // lsize of (pSize / 2) but at least 384 bits
         kp = kpg.generateKeyPair();
         checkKeyPair(kp, Sizes.ten24, Sizes.five12);
 
@@ -114,6 +116,20 @@
         kp = kpg.generateKeyPair();
         checkKeyPair(kp, Sizes.seven68, Sizes.three84);
 
+        // test w/ only pSize
+        kpg.initialize(Sizes.twenty48.getIntSize());
+        kp = kpg.generateKeyPair();
+        checkKeyPair(kp, Sizes.twenty48, Sizes.ten24);
+
+        publicKey = (DHPublicKey)kp.getPublic();
+        p = publicKey.getParams().getP();
+        g = publicKey.getParams().getG();
+
+        // test w/ all values specified
+        kpg.initialize(new DHParameterSpec(p, g, Sizes.five12.getIntSize()));
+        kp = kpg.generateKeyPair();
+        checkKeyPair(kp, Sizes.twenty48, Sizes.five12);
+
         System.out.println("OK");
     }
 
--- a/test/com/sun/crypto/provider/KeyGenerator/Test4628062.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/test/com/sun/crypto/provider/KeyGenerator/Test4628062.java	Sun May 01 21:26:40 2016 -0700
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 4628062
+ * @bug 4628062 4963723
  * @summary Verify that AES KeyGenerator supports default initialization
  *      when init is not called
  * @author Valerie Peng
@@ -34,39 +34,45 @@
 
 public class Test4628062 {
 
-    private static final String ALGO = "AES";
-    private static final int[] KEYSIZES =
-        { 16, 24, 32 }; // in bytes
+    private static final int[] AES_SIZES = { 16, 24, 32 }; // in bytes
+    private static final int[] HMACSHA224_SIZES = { 28 };
+    private static final int[] HMACSHA256_SIZES = { 32 };
+    private static final int[] HMACSHA384_SIZES = { 48 };
+    private static final int[] HMACSHA512_SIZES = { 64 };
 
-    public boolean execute() throws Exception {
-        KeyGenerator kg = KeyGenerator.getInstance(ALGO, "SunJCE");
+    public boolean execute(String algo, int[] keySizes) throws Exception {
+        KeyGenerator kg = KeyGenerator.getInstance(algo, "SunJCE");
 
         // TEST FIX 4628062
         Key keyWithDefaultSize = kg.generateKey();
         byte[] encoding = keyWithDefaultSize.getEncoded();
-        if (encoding.length == 0) {
+        int defKeyLen = encoding.length ;
+        if (defKeyLen == 0) {
             throw new Exception("default key length is 0!");
+        } else if (defKeyLen != keySizes[0]) {
+            throw new Exception("default key length mismatch!");
         }
 
         // BONUS TESTS
-        // 1. call init(int keysize) with various valid key sizes
-        // and see if the generated key is the right size.
-        for (int i=0; i<KEYSIZES.length; i++) {
-            kg.init(KEYSIZES[i]*8); // in bits
-            Key key = kg.generateKey();
-            if (key.getEncoded().length != KEYSIZES[i]) {
-                throw new Exception("key is generated with the wrong length!");
+        if (keySizes.length > 1) {
+            // 1. call init(int keysize) with various valid key sizes
+            // and see if the generated key is the right size.
+            for (int i=0; i<keySizes.length; i++) {
+                kg.init(keySizes[i]*8); // in bits
+                Key key = kg.generateKey();
+                if (key.getEncoded().length != keySizes[i]) {
+                    throw new Exception("key is generated with the wrong length!");
+                }
+            }
+            // 2. call init(int keysize) with invalid key size and see
+            // if the expected InvalidParameterException is thrown.
+            try {
+                kg.init(keySizes[0]*8+1);
+            } catch (InvalidParameterException ex) {
+            } catch (Exception ex) {
+                throw new Exception("wrong exception is thrown for invalid key size!");
             }
         }
-        // 2. call init(int keysize) with invalid key size and see
-        // if the expected InvalidParameterException is thrown.
-        try {
-            kg.init(KEYSIZES[0]*8+1);
-        } catch (InvalidParameterException ex) {
-        } catch (Exception ex) {
-            throw new Exception("wrong exception is thrown for invalid key size!");
-        }
-
         // passed all tests...hooray!
         return true;
     }
@@ -76,8 +82,20 @@
 
         Test4628062 test = new Test4628062();
         String testName = test.getClass().getName();
-        if (test.execute()) {
-            System.out.println(testName + ": Passed!");
+        if (test.execute("AES", AES_SIZES)) {
+            System.out.println(testName + ": AES Passed!");
+        }
+        if (test.execute("HmacSHA224", HMACSHA224_SIZES)) {
+            System.out.println(testName + ": HmacSHA224 Passed!");
+        }
+        if (test.execute("HmacSHA256", HMACSHA256_SIZES)) {
+            System.out.println(testName + ": HmacSHA256 Passed!");
+        }
+        if (test.execute("HmacSHA384", HMACSHA384_SIZES)) {
+            System.out.println(testName + ": HmacSHA384 Passed!");
+        }
+        if (test.execute("HmacSHA512", HMACSHA512_SIZES)) {
+            System.out.println(testName + ": HmacSHA512 Passed!");
         }
     }
 }
--- a/test/com/sun/crypto/provider/Mac/MacClone.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/test/com/sun/crypto/provider/Mac/MacClone.java	Sun May 01 21:26:40 2016 -0700
@@ -28,15 +28,33 @@
  * @author Jan Luehe
  */
 import javax.crypto.*;
+import javax.crypto.spec.SecretKeySpec;
 
 public class MacClone {
 
     public static void main(String[] args) throws Exception {
 
+        String[] algos = { "HmacMD5", "HmacSHA1", "HmacSHA224", "HmacSHA256",
+                           "HmacSHA384", "HmacSHA512" };
+        KeyGenerator kgen = KeyGenerator.getInstance("DES");
+        SecretKey skey = kgen.generateKey();
+        for (String algo : algos) {
+            doTest(algo, skey);
+        }
+
+        String[] algos2 = { "HmacPBESHA1" };
+        skey = new SecretKeySpec("whatever".getBytes(), "PBE");
+        for (String algo : algos2) {
+            doTest(algo, skey);
+        }
+        System.out.println("Test Passed");
+    }
+
+    private static void doTest(String algo, SecretKey skey) throws Exception {
         //
-        // Clone uninitialized Mac object
+        // Clone an uninitialized Mac object
         //
-        Mac mac = Mac.getInstance("HmacSHA1", "SunJCE");
+        Mac mac = Mac.getInstance(algo, "SunJCE");
         Mac macClone = (Mac)mac.clone();
         System.out.println(macClone.getProvider().toString());
         System.out.println(macClone.getAlgorithm());
@@ -51,12 +69,9 @@
         }
 
         //
-        // Clone initialized Mac object
+        // Clone an initialized Mac object
         //
-        KeyGenerator kgen = KeyGenerator.getInstance("DES");
-        SecretKey skey = kgen.generateKey();
-
-        mac = Mac.getInstance("HmacSHA1", "SunJCE");
+        mac = Mac.getInstance(algo, "SunJCE");
         mac.init(skey);
         macClone = (Mac)mac.clone();
         System.out.println(macClone.getProvider().toString());
@@ -66,7 +81,20 @@
         byte[] macFinal = mac.doFinal();
         byte[] macCloneFinal = macClone.doFinal();
         if (!java.util.Arrays.equals(macFinal, macCloneFinal)) {
-            throw new Exception("MAC results are different");
-        }
+            throw new Exception("ERROR: MAC result of init clone is different");
+        } else System.out.println("MAC check#1 passed");
+
+        //
+        // Clone an updated Mac object
+        //
+        mac.update((byte)0x12);
+        macClone = (Mac)mac.clone();
+        mac.update((byte)0x34);
+        macClone.update((byte)0x34);
+        macFinal = mac.doFinal();
+        macCloneFinal = macClone.doFinal();
+        if (!java.util.Arrays.equals(macFinal, macCloneFinal)) {
+            throw new Exception("ERROR: MAC result of updated clone is different");
+        } else System.out.println("MAC check#2 passed");
     }
 }
--- a/test/com/sun/crypto/provider/Mac/MacKAT.java	Mon Feb 01 17:33:13 2016 -0800
+++ b/test/com/sun/crypto/provider/Mac/MacKAT.java	Sun May 01 21:26:40 2016 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 4846410 6313661
+ * @bug 4846410 6313661 4963723
  * @summary Basic known-answer-test for Hmac and SslMac algorithms
  * @author Andreas Sterbenz
  */
@@ -147,7 +147,9 @@
     private static Test t(String alg, String input, String macvalue, String key) {
         return new MacTest(alg, b(input), b(macvalue), b(key));
     }
-
+    private static Test t(String alg, String input, String macvalue, byte[] key) {
+        return new MacTest(alg, b(input), b(macvalue), key);
+    }
     private static Test t(String alg, byte[] input, String macvalue, String key) {
         return new MacTest(alg, input, b(macvalue), b(key));
     }
@@ -155,8 +157,8 @@
     private static Test t(String alg, byte[] input, String macvalue, byte[] key) {
         return new MacTest(alg, input, b(macvalue), key);
     }
-
     private final static byte[] ALONG, BLONG, BKEY;
+    private final static byte[] BKEY_20, DDDATA_50, AAKEY_20, CDDATA_50, AAKEY_131;
 
     static {
         ALONG = new byte[1024 * 128];
@@ -166,6 +168,16 @@
         random.nextBytes(BLONG);
         BKEY = new byte[128];
         random.nextBytes(BKEY);
+        BKEY_20 = new byte[20];
+        Arrays.fill(BKEY_20, (byte) 0x0b);
+        DDDATA_50 = new byte[50];
+        Arrays.fill(DDDATA_50, (byte) 0xdd);
+        AAKEY_20 = new byte[20];
+        Arrays.fill(AAKEY_20, (byte) 0xaa);
+        CDDATA_50 = new byte[50];
+        Arrays.fill(CDDATA_50, (byte) 0xcd);
+        AAKEY_131 = new byte[131];
+        Arrays.fill(AAKEY_131, (byte) 0xaa);
     }
 
     private final static Test[] tests = {
@@ -203,15 +215,24 @@
                 "1b:34:61:29:05:0d:73:db:25:d0:dd:64:06:29:f6:8a"),
         t("HmacSHA512", BLONG, "fb:cf:4b:c6:d5:49:5a:5b:0b:d9:2a:32:f5:fa:68:d2:68:a4:0f:ae:53:fc:49:12:e6:1d:53:cf:b2:cb:c5:c5:f2:2d:86:bd:14:61:30:c3:a6:6f:44:1f:77:9b:aa:a1:22:48:a9:dd:d0:45:86:d1:a1:82:53:13:c4:03:06:a3",
                 BKEY),
+        // Test vectors From RFC4231
+        t("HmacSHA224", s("Hi There"), "89:6f:b1:12:8a:bb:df:19:68:32:10:7c:d4:9d:f3:3f:47:b4:b1:16:99:12:ba:4f:53:68:4b:22", BKEY_20),
+        t("HmacSHA224", s("what do ya want for nothing?"), "a3:0e:01:09:8b:c6:db:bf:45:69:0f:3a:7e:9e:6d:0f:8b:be:a2:a3:9e:61:48:00:8f:d0:5e:44", s("Jefe")),
+        t("HmacSHA224", DDDATA_50, "7f:b3:cb:35:88:c6:c1:f6:ff:a9:69:4d:7d:6a:d2:64:93:65:b0:c1:f6:5d:69:d1:ec:83:33:ea", AAKEY_20),
+        t("HmacSHA224", CDDATA_50, "6c:11:50:68:74:01:3c:ac:6a:2a:bc:1b:b3:82:62:7c:ec:6a:90:d8:6e:fc:01:2d:e7:af:ec:5a", "01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f:10:11:12:13:14:15:16:17:18:19"),
+        t("HmacSHA224", s("Test Using Larger Than Block-Size Key - Hash Key First"), "95:e9:a0:db:96:20:95:ad:ae:be:9b:2d:6f:0d:bc:e2:d4:99:f1:12:f2:d2:b7:27:3f:a6:87:0e", AAKEY_131),
+        t("HmacSHA224", s("This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm."), "3a:85:41:66:ac:5d:9f:02:3f:54:d5:17:d0:b3:9d:bd:94:67:70:db:9c:2b:95:c9:f6:f5:65:d1", AAKEY_131),
     };
 
     static void runTests(Test[] tests) throws Exception {
         long start = System.currentTimeMillis();
         Provider p = Security.getProvider("SunJCE");
         System.out.println("Testing provider " + p.getName() + "...");
+        Mac.getInstance("HmacSHA224", p);
         Mac.getInstance("HmacSHA256", p);
         Mac.getInstance("HmacSHA384", p);
         Mac.getInstance("HmacSHA512", p);
+        KeyGenerator.getInstance("HmacSHA224", p);
         KeyGenerator.getInstance("HmacSHA256", p);
         KeyGenerator.getInstance("HmacSHA384", p);
         KeyGenerator.getInstance("HmacSHA512", p);
--- a/test/com/sun/jdi/CatchPatternTest.sh	Mon Feb 01 17:33:13 2016 -0800
+++ b/test/com/sun/jdi/CatchPatternTest.sh	Sun May 01 21:26:40 2016 -0700
@@ -35,44 +35,44 @@
     cat <<EOF > $classname.java.1
 public class $classname {
     public void bark(int i) {
-	System.out.println(" bark: " + i);
-	switch (i) {
-	case 0:
-	    throw new IllegalArgumentException("IllegalArgumentException");
-	case 1:
-	    throw new ArithmeticException("ArithmeticException");
-	case 2:
-	    throw new IllegalMonitorStateException("IllegalMonitorStateException");
-	case 3:
-	    throw new IndexOutOfBoundsException("IndexOutOfBoundsException");
-	default:
-	    throw new Error("should not happen");
-	}
+        System.out.println(" bark: " + i);
+        switch (i) {
+        case 0:
+            throw new IllegalArgumentException("IllegalArgumentException");
+        case 1:
+            throw new ArithmeticException("ArithmeticException");
+        case 2:
+            throw new IllegalMonitorStateException("IllegalMonitorStateException");
+        case 3:
+            throw new IndexOutOfBoundsException("IndexOutOfBoundsException");
+        default:
+            throw new Error("should not happen");
+        }
     }
     public void loop(int max) {
-	for (int i = 0; i <= max; i++) {
-	    try {
-		bark(i);
-	    } catch(RuntimeException re) {
-		System.out.println(" loop: " + re.getMessage() +
-				   " caught and ignored.");
-	    }
-	}
+        for (int i = 0; i <= max; i++) {
+            try {
+                bark(i);
+            } catch(RuntimeException re) {
+                System.out.println(" loop: " + re.getMessage() +
+                       " caught and ignored.");
+            }
+        }
     }
     public void partOne() {
         loop(2);
-	System.out.println("partOne completed");
+        System.out.println("partOne completed");
     }
     public void partTwo() {
         loop(3);
-	System.out.println("partTwo completed");
+        System.out.println("partTwo completed");
     }
     public static void main(String[] args) {
-	System.out.println("Howdy!"