From 092526024f7bb9d191c38db9be3711d33ad810c1 Mon Sep 17 00:00:00 2001 From: Noah Date: Wed, 19 May 2021 09:44:11 +0800 Subject: [PATCH] I3RX5F: Add kaeEngine to rsa --- add-kaeEngine-to-rsa.patch | 106 +++++++++++++++++++++++++++++++++++++ java-1.8.0-openjdk.spec | 7 ++- 2 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 add-kaeEngine-to-rsa.patch diff --git a/add-kaeEngine-to-rsa.patch b/add-kaeEngine-to-rsa.patch new file mode 100644 index 0000000..a24acb2 --- /dev/null +++ b/add-kaeEngine-to-rsa.patch @@ -0,0 +1,106 @@ +commit ab97dd8f89c5a3ce17b9d90bc8ae2e407c450012 +Author: Noah +Date: Wed May 19 09:38:34 2021 +0800 + + I3RWVC: Add kaeEngine to rsa + +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c +index 3fbacf77..cbab7bdb 100644 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c +@@ -28,6 +28,8 @@ + #include "kae_exception.h" + #include "org_openeuler_security_openssl_KAERSACipher.h" + ++static ENGINE* kaeEngine = NULL; ++ + typedef int RSACryptOperation(int, const unsigned char*, unsigned char*, RSA*, int); + + typedef int EvpPkeyCryptOperation(EVP_PKEY_CTX*, unsigned char*, size_t*, const unsigned char*, size_t); +@@ -171,12 +173,13 @@ static int RSACryptOAEPPadding(JNIEnv* env, jlong keyAddress, jint inLen, jbyteA + // outLen type should be size_t + // EVP_PKEY_encrypt takes the outLen address as a parameter, and the parameter type is size_t* + size_t outLen = 0; ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; + + EVP_PKEY* pkey = (EVP_PKEY*) keyAddress; + + // new ctx + // rsa encrypt/decrypt init +- if ((pkeyCtx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL || cryptInitOperation(pkeyCtx) <= 0) { ++ if ((pkeyCtx = EVP_PKEY_CTX_new(pkey, kaeEngine)) == NULL || cryptInitOperation(pkeyCtx) <= 0) { + KAE_ThrowFromOpenssl(env, pkeyCtx == NULL ? "EVP_PKEY_CTX_new" : cryptInitName, KAE_ThrowInvalidKeyException); + goto cleanup; + } +@@ -192,8 +195,7 @@ static int RSACryptOAEPPadding(JNIEnv* env, jlong keyAddress, jint inLen, jbyteA + * set rsa mgf1 md + * set rsa oaep md + */ +- if(!SetRSAPadding(env, pkeyCtx, paddingType) || +- !SetRSAMgf1Md(env, pkeyCtx, mgf1MdAlgoUTF) || ++ if(!SetRSAPadding(env, pkeyCtx, paddingType) || !SetRSAMgf1Md(env, pkeyCtx, mgf1MdAlgoUTF) || + !SetRSAOaepMd(env, pkeyCtx, oaepMdAlgoUTF)) { + goto cleanup; + } +@@ -267,6 +269,7 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC + BIGNUM* bnIQMP = NULL; + RSA* rsa = NULL; + EVP_PKEY* pkey = NULL; ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; + + // convert to big num + if ((bnN = KAE_GetBigNumFromByteArray(env, n)) == NULL || +@@ -288,9 +291,9 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC + } + + // new rsa +- rsa = RSA_new(); ++ rsa = RSA_new_method(kaeEngine); + if (rsa == NULL) { +- KAE_ThrowFromOpenssl(env, "RSA_new", KAE_ThrowRuntimeException); ++ KAE_ThrowFromOpenssl(env, "RSA_new_method", KAE_ThrowRuntimeException); + goto cleanup; + } + +@@ -328,6 +331,7 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC + BIGNUM* bnE = NULL; + RSA* rsa = NULL; + EVP_PKEY* pkey = NULL; ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; + + // get public key param n + bnN = KAE_GetBigNumFromByteArray(env, n); +@@ -341,10 +345,10 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC + goto cleanup; + } + +- // new RSA +- rsa = RSA_new(); ++ // new rsa ++ rsa = RSA_new_method(kaeEngine); + if (rsa == NULL) { +- KAE_ThrowFromOpenssl(env, "RSA_new", KAE_ThrowRuntimeException); ++ KAE_ThrowFromOpenssl(env, "RSA_new_method", KAE_ThrowRuntimeException); + goto cleanup; + } + +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c +index ddbc2958..de724593 100644 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c +@@ -65,10 +65,12 @@ static const BIGNUM* (* GetRSAParamFunctionList[])(const RSA*) = { + * step 3.Generate rsa key, and all key information is stored in RSA + */ + static RSA* NewRSA(JNIEnv* env, jint keySize, jbyteArray publicExponent) { +- // RSA_new +- RSA* rsa = RSA_new(); ++ static ENGINE* kaeEngine = NULL; ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; ++ // new rsa ++ RSA* rsa = RSA_new_method(kaeEngine); + if (rsa == NULL) { +- KAE_ThrowFromOpenssl(env, "RSA_new", KAE_ThrowRuntimeException); ++ KAE_ThrowFromOpenssl(env, "RSA_new_method", KAE_ThrowRuntimeException); + return NULL; + } + diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index 204dc48..7a473f9 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -921,7 +921,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever}.%{buildver} -Release: 18 +Release: 19 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -1096,6 +1096,7 @@ Patch167: fix-BoxTypeCachedMax-build-failure-when-jvm-variants.patch Patch168: fix-windows-compile-fail.patch Patch169: Code-style-fix.patch Patch170: kae-phase2.patch +Patch171: add-kaeEngine-to-rsa.patch ############################################# # @@ -1540,6 +1541,7 @@ pushd %{top_level_dir_name} %patch168 -p1 %patch169 -p1 %patch170 -p1 +%patch171 -p1 popd @@ -2157,6 +2159,9 @@ require "copy_jdk_configs.lua" %endif %changelog +* Wed May 19 2021 Noah - 1:1.8.0.282-b08.19 +- add add-kaeEngine-to-rsa.patch + * Mon May 17 2021 Noah - 1:1.8.0.282-b08.18 - add kae-phase2.patch -- Gitee