diff --git a/6896810.patch b/6896810.patch deleted file mode 100644 index 7d0b5f786ba0f0995ce01424d15a17d6763f0783..0000000000000000000000000000000000000000 --- a/6896810.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 26ad7960db3c1d445d3a3b8a47f426af0062d0ce Mon Sep 17 00:00:00 2001 -Date: Fri, 22 Jan 2021 16:33:27 +0800 -Subject: 6896810: Pin.java fails with OOME during System.out.println - -Summary: : Pin.java fails with OOME during System.out.println -LLT: jdk8u/jdk/test/java/lang/ref/SoftReference/Pin.java -Bug url: https://bugs.openjdk.java.net/browse/JDK-6896810 - ---- - jdk/test/java/lang/ref/SoftReference/Pin.java | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/jdk/test/java/lang/ref/SoftReference/Pin.java b/jdk/test/java/lang/ref/SoftReference/Pin.java -index dbdf9be1b..38cd56da2 100644 ---- a/jdk/test/java/lang/ref/SoftReference/Pin.java -+++ b/jdk/test/java/lang/ref/SoftReference/Pin.java -@@ -76,6 +76,7 @@ public class Pin { - Thread.sleep(100); // yield, for what it's worth - } - } catch (OutOfMemoryError e) { -+ chain = null; // Free memory for further work. - System.err.println("Got OutOfMemoryError, as expected."); - } - --- -2.19.0 - diff --git a/8031818.patch b/8031818.patch new file mode 100644 index 0000000000000000000000000000000000000000..2517af5a33bab2f7a4cc866e8ed760b11e7dc90d --- /dev/null +++ b/8031818.patch @@ -0,0 +1,30 @@ +From 3c4faec7c6ace3004f9ee9fd5ea8fa56f22f1028 Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Tue, 9 Mar 2021 17:27:50 +0800 +Subject: [PATCH] [Backport]8031818: Experimental VM flag for enforcing + safe object construction + +Reference: https://bugs.openjdk.java.net/browse/JDK-8031818 + + +Signed-off-by: Sun Jianye +--- + hotspot/src/share/vm/opto/parse1.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hotspot/src/share/vm/opto/parse1.cpp b/hotspot/src/share/vm/opto/parse1.cpp +index 2d6daa159..513747de0 100644 +--- a/hotspot/src/share/vm/opto/parse1.cpp ++++ b/hotspot/src/share/vm/opto/parse1.cpp +@@ -958,7 +958,7 @@ void Parse::do_exits() { + // stores. We want to quarantee the same behaviour as on platforms + // with total store order, although this is not required by the Java + // memory model. So as with finals, we add a barrier here. +- if (wrote_final() PPC64_ONLY(|| (wrote_volatile() && method()->is_initializer()))) { ++ if (method()->is_initializer() && (wrote_final() PPC64_ONLY(|| wrote_volatile()))) { + // This method (which must be a constructor by the rules of Java) + // wrote a final. The effects of all initializations must be + // committed to memory before any code after the constructor +-- +2.19.0 + diff --git a/8080289-8040213-8189067-move-the-store-out-of-the-loop.patch b/8080289-8040213-8189067-move-the-store-out-of-the-loop.patch index 70b841b8bac5db2881372a73c4c8f78f1e25d080..e7505411e3c9a40b9f01f35d845ecff3f0dcb100 100644 --- a/8080289-8040213-8189067-move-the-store-out-of-the-loop.patch +++ b/8080289-8040213-8189067-move-the-store-out-of-the-loop.patch @@ -9,10 +9,10 @@ Bug url: https://bugs.openjdk.java.net/browse/JDK-8080289 https://bugs.openjdk.j hotspot/src/share/vm/opto/loopnode.cpp | 2 +- hotspot/src/share/vm/opto/loopnode.hpp | 4 +- hotspot/src/share/vm/opto/loopopts.cpp | 191 +++++++++++ - hotspot/src/share/vm/opto/memnode.cpp | 58 ++-- + hotspot/src/share/vm/opto/memnode.cpp | 60 ++-- hotspot/src/share/vm/opto/phaseX.hpp | 9 +- .../loopopts/TestMoveStoresOutOfLoops.java | 310 ++++++++++++++++++ - 6 files changed, 545 insertions(+), 29 deletions(-) + 6 files changed, 547 insertions(+), 29 deletions(-) create mode 100644 hotspot/test/compiler/loopopts/TestMoveStoresOutOfLoops.java diff --git a/hotspot/src/share/vm/opto/loopnode.cpp b/hotspot/src/share/vm/opto/loopnode.cpp @@ -270,7 +270,7 @@ diff --git a/hotspot/src/share/vm/opto/memnode.cpp b/hotspot/src/share/vm/opto/m index 3ecbe1ce0..1bab75927 100644 --- a/hotspot/src/share/vm/opto/memnode.cpp +++ b/hotspot/src/share/vm/opto/memnode.cpp -@@ -2313,33 +2313,39 @@ Node *StoreNode::Ideal(PhaseGVN *phase, bool can_reshape) { +@@ -2313,33 +2313,41 @@ Node *StoreNode::Ideal(PhaseGVN *phase, bool can_reshape) { // unsafe if I have intervening uses... Also disallowed for StoreCM // since they must follow each StoreP operation. Redundant StoreCMs // are eliminated just before matching in final_graph_reshape. @@ -315,7 +315,9 @@ index 3ecbe1ce0..1bab75927 100644 + st->Opcode() == Op_StoreVector || + Opcode() == Op_StoreVector || + phase->C->get_alias_index(adr_type()) == Compile::AliasIdxRaw || -+ (Opcode() == Op_StoreL && st->Opcode() == Op_StoreI), // expanded ClearArrayNode ++ (Opcode() == Op_StoreL && st->Opcode() == Op_StoreI) || // expanded ClearArrayNode ++ (Opcode() == Op_StoreI && st->Opcode() == Op_StoreL) || // initialization by arraycopy ++ (is_mismatched_access() || mem->as_Store()->is_mismatched_access()), + err_msg_res("no mismatched stores, except on raw memory: %s %s", NodeClassNames[Opcode()], NodeClassNames[st->Opcode()])); + + if (st->in(MemNode::Address)->eqv_uncast(address) && diff --git a/8080911.patch b/8080911.patch deleted file mode 100644 index 21107cb9e042e1e31a289f3cfb09405541a2cfef..0000000000000000000000000000000000000000 --- a/8080911.patch +++ /dev/null @@ -1,31 +0,0 @@ -From adf268747c4627968329fb223d5286f5400402b6 Mon Sep 17 00:00:00 2001 -Date: Fri, 22 Jan 2021 16:58:26 +0800 -Subject: 8080911: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently - -Summary: : backport JDK-8080911 -LLT: NA -Bug url: https://bugs.openjdk.java.net/browse/JDK-8080911 ---- - jdk/src/share/classes/sun/security/krb5/Config.java | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/jdk/src/share/classes/sun/security/krb5/Config.java b/jdk/src/share/classes/sun/security/krb5/Config.java -index ec19a3029..117acb840 100644 ---- a/jdk/src/share/classes/sun/security/krb5/Config.java -+++ b/jdk/src/share/classes/sun/security/krb5/Config.java -@@ -146,8 +146,10 @@ public class Config { - * java.security.krb5.kdc not specified, error reading configuration file. - */ - -- public static synchronized void refresh() throws KrbException { -- singleton = new Config(); -+ public static void refresh() throws KrbException { -+ synchronized (Config.class) { -+ singleton = new Config(); -+ } - KdcComm.initStatic(); - EType.initStatic(); - Checksum.initStatic(); --- -2.19.0 - diff --git a/8129626.patch b/8129626.patch deleted file mode 100644 index 14abc07e2b6bb6aa71657a19f83ffa7478f82950..0000000000000000000000000000000000000000 --- a/8129626.patch +++ /dev/null @@ -1,106 +0,0 @@ -From f73bb08c6d1578eae9c5f47253a81dd06e51beba Mon Sep 17 00:00:00 2001 -Date: Fri, 22 Jan 2021 11:39:09 +0800 -Subject: Backport of JDK-8129626 - -summary: G1: set_in_progress() and clear_started() needs a barrier on non-TSO platforms -LLT: - -Bug url: https://bugs.openjdk.java.net/browse/JDK-8129626 ---- - .../g1/concurrentMarkThread.cpp | 4 +-- - .../g1/concurrentMarkThread.hpp | 29 +++++++++++-------- - .../gc_implementation/g1/g1CollectedHeap.cpp | 2 +- - 3 files changed, 19 insertions(+), 16 deletions(-) - -diff --git a/hotspot/src/share/vm/gc_implementation/g1/concurrentMarkThread.cpp b/hotspot/src/share/vm/gc_implementation/g1/concurrentMarkThread.cpp -index b56e30923..53fe0837b 100644 ---- a/hotspot/src/share/vm/gc_implementation/g1/concurrentMarkThread.cpp -+++ b/hotspot/src/share/vm/gc_implementation/g1/concurrentMarkThread.cpp -@@ -43,8 +43,7 @@ SurrogateLockerThread* - ConcurrentMarkThread::ConcurrentMarkThread(ConcurrentMark* cm) : - ConcurrentGCThread(), - _cm(cm), -- _started(false), -- _in_progress(false), -+ _state(Idle), - _vtime_accum(0.0), - _vtime_mark_accum(0.0) { - create_and_start(); -@@ -341,7 +340,6 @@ void ConcurrentMarkThread::sleepBeforeNextCycle() { - - if (started()) { - set_in_progress(); -- clear_started(); - } - } - -diff --git a/hotspot/src/share/vm/gc_implementation/g1/concurrentMarkThread.hpp b/hotspot/src/share/vm/gc_implementation/g1/concurrentMarkThread.hpp -index caa7f429c..5f5f70ac4 100644 ---- a/hotspot/src/share/vm/gc_implementation/g1/concurrentMarkThread.hpp -+++ b/hotspot/src/share/vm/gc_implementation/g1/concurrentMarkThread.hpp -@@ -46,8 +46,14 @@ class ConcurrentMarkThread: public ConcurrentGCThread { - - private: - ConcurrentMark* _cm; -- volatile bool _started; -- volatile bool _in_progress; -+ -+ enum State { -+ Idle, -+ Started, -+ InProgress -+ }; -+ -+ volatile State _state; - - void sleepBeforeNextCycle(); - -@@ -71,23 +77,22 @@ class ConcurrentMarkThread: public ConcurrentGCThread { - - ConcurrentMark* cm() { return _cm; } - -- void set_started() { assert(!_in_progress, "cycle in progress"); _started = true; } -- void clear_started() { assert(_in_progress, "must be starting a cycle"); _started = false; } -- bool started() { return _started; } -- -- void set_in_progress() { assert(_started, "must be starting a cycle"); _in_progress = true; } -- void clear_in_progress() { assert(!_started, "must not be starting a new cycle"); _in_progress = false; } -- bool in_progress() { return _in_progress; } -+ void set_idle() { assert(_state != Started, "must not be starting a new cycle"); _state = Idle; } -+ bool idle() { return _state == Idle; } -+ void set_started() { assert(_state == Idle, "cycle in progress"); _state = Started; } -+ bool started() { return _state == Started; } -+ void set_in_progress() { assert(_state == Started, "must be starting a cycle"); _state = InProgress; } -+ bool in_progress() { return _state == InProgress; } - -- // This flag returns true from the moment a marking cycle is -+ // Returns true from the moment a marking cycle is - // initiated (during the initial-mark pause when started() is set) - // to the moment when the cycle completes (just after the next - // marking bitmap has been cleared and in_progress() is -- // cleared). While this flag is true we will not start another cycle -+ // cleared). While during_cycle() is true we will not start another cycle - // so that cycles do not overlap. We cannot use just in_progress() - // as the CM thread might take some time to wake up before noticing - // that started() is set and set in_progress(). -- bool during_cycle() { return started() || in_progress(); } -+ bool during_cycle() { return !idle(); } - - // shutdown - void stop(); -diff --git a/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp b/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp -index 4eccf9805..97643e792 100644 ---- a/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp -+++ b/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp -@@ -2409,7 +2409,7 @@ void G1CollectedHeap::increment_old_marking_cycles_completed(bool concurrent) { - // is set) so that if a waiter requests another System.gc() it doesn't - // incorrectly see that a marking cycle is still in progress. - if (concurrent) { -- _cmThread->clear_in_progress(); -+ _cmThread->set_idle(); - } - - // This notify_all() will ensure that a thread that called --- -2.19.0 - diff --git a/8140597-Postpone-the-initial-mark-request-until-the-.patch b/8140597-Postpone-the-initial-mark-request-until-the-.patch old mode 100755 new mode 100644 diff --git a/8144993.patch b/8144993.patch index 0254e94d68afe7d90e15e6a2dea4aea311b87c4f..6fae92aebf47bb154d1895c46bab85042286c846 100644 --- a/8144993.patch +++ b/8144993.patch @@ -82,7 +82,7 @@ diff --git a/hotspot/src/share/vm/opto/macro.cpp b/hotspot/src/share/vm/opto/mac index 3c13f973f..628ee6656 100644 --- a/hotspot/src/share/vm/opto/macro.cpp +++ b/hotspot/src/share/vm/opto/macro.cpp -@@ -1402,11 +1402,20 @@ void PhaseMacroExpand::expand_allocate_common( +@@ -1402,14 +1402,23 @@ void PhaseMacroExpand::expand_allocate_common( // If initialization is performed by an array copy, any required // MemBarStoreStore was already added. If the object does not @@ -102,11 +102,14 @@ index 3c13f973f..628ee6656 100644 + // implementation: CMS and G1 will not scan newly created object, + // so it's safe to skip storestore barrier when allocation does + // not escape. - if ( AARCH64_ONLY ( !alloc->does_not_escape_thread() && -+ !alloc->is_allocation_MemBar_redundant() && - (init == NULL || - !init->is_complete_with_arraycopy()) ) - NOT_AARCH64 ( init == NULL || + #ifndef AARCH64 + if (init == NULL || (!init->is_complete_with_arraycopy() && !init->does_not_escape())) { + #else + if (!alloc->does_not_escape_thread() && ++ !alloc->is_allocation_MemBar_redundant() && + (init == NULL || !init->is_complete_with_arraycopy())) { + #endif + if (init == NULL || init->req() < InitializeNode::RawStores) { diff --git a/hotspot/src/share/vm/opto/parse1.cpp b/hotspot/src/share/vm/opto/parse1.cpp index 2d6daa159..da0c6dd68 100644 --- a/hotspot/src/share/vm/opto/parse1.cpp diff --git a/8160369.patch b/8160369.patch index dd304263c83aa672657c6173347db28ca4dbbd63..13262d70a9b832e6a050361f7c857ba78d64a7e6 100644 --- a/8160369.patch +++ b/8160369.patch @@ -6,50 +6,12 @@ Summary::[Backport of JDK-8160369 and it's subtasks] Memory fences needed ar LLT: bug url: https://bugs.openjdk.java.net/browse/JDK-8160369 --- - .../g1/g1BlockOffsetTable.cpp | 2 +- - .../g1/g1BlockOffsetTable.inline.hpp | 4 +- .../vm/gc_implementation/g1/g1RemSet.cpp | 101 +++++++++---- - .../vm/gc_implementation/g1/heapRegion.cpp | 140 ++++++++++-------- + .../vm/gc_implementation/g1/heapRegion.cpp | 25 +--- .../vm/gc_implementation/g1/heapRegion.hpp | 2 + .../gc_implementation/g1/heapRegionType.hpp | 3 + - .../parNew/parNewGeneration.cpp | 21 ++- - 7 files changed, 173 insertions(+), 100 deletions(-) + 4 files changed, 82 insertions(+), 49 deletions(-) -diff --git a/hotspot/src/share/vm/gc_implementation/g1/g1BlockOffsetTable.cpp b/hotspot/src/share/vm/gc_implementation/g1/g1BlockOffsetTable.cpp -index ead98e24a..1977fc83d 100644 ---- a/hotspot/src/share/vm/gc_implementation/g1/g1BlockOffsetTable.cpp -+++ b/hotspot/src/share/vm/gc_implementation/g1/g1BlockOffsetTable.cpp -@@ -264,7 +264,7 @@ G1BlockOffsetArray::forward_to_block_containing_addr_slow(HeapWord* q, - while (n <= next_boundary) { - q = n; - oop obj = oop(q); -- if (obj->klass_or_null() == NULL) return q; -+ if (obj->klass_or_null_acquire() == NULL) return q; - n += block_size(q); - } - assert(q <= next_boundary && n > next_boundary, "Consequence of loop"); -diff --git a/hotspot/src/share/vm/gc_implementation/g1/g1BlockOffsetTable.inline.hpp b/hotspot/src/share/vm/gc_implementation/g1/g1BlockOffsetTable.inline.hpp -index bcfd52a4a..ffc56a0ba 100644 ---- a/hotspot/src/share/vm/gc_implementation/g1/g1BlockOffsetTable.inline.hpp -+++ b/hotspot/src/share/vm/gc_implementation/g1/g1BlockOffsetTable.inline.hpp -@@ -166,7 +166,7 @@ forward_to_block_containing_addr_const(HeapWord* q, HeapWord* n, - while (n <= addr) { - q = n; - oop obj = oop(q); -- if (obj->klass_or_null() == NULL) return q; -+ if (obj->klass_or_null_acquire() == NULL) return q; - n += block_size(q); - } - assert(q <= n, "wrong order for q and addr"); -@@ -177,7 +177,7 @@ forward_to_block_containing_addr_const(HeapWord* q, HeapWord* n, - inline HeapWord* - G1BlockOffsetArray::forward_to_block_containing_addr(HeapWord* q, - const void* addr) { -- if (oop(q)->klass_or_null() == NULL) return q; -+ if (oop(q)->klass_or_null_acquire() == NULL) return q; - HeapWord* n = q + block_size(q); - // In the normal case, where the query "addr" is a card boundary, and the - // offset table chunks are the same size as cards, the block starting at diff --git a/hotspot/src/share/vm/gc_implementation/g1/g1RemSet.cpp b/hotspot/src/share/vm/gc_implementation/g1/g1RemSet.cpp index 4cad9234c..b062947c8 100644 --- a/hotspot/src/share/vm/gc_implementation/g1/g1RemSet.cpp @@ -188,57 +150,6 @@ diff --git a/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp b/hotspot/ index 794911ef6..7c48501f3 100644 --- a/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp +++ b/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp -@@ -375,6 +375,50 @@ void HeapRegion::note_self_forwarding_removal_end(bool during_initial_mark, - _prev_marked_bytes = marked_bytes; - } - -+// Humongous objects are allocated directly in the old-gen. Need -+// special handling for concurrent processing encountering an -+// in-progress allocation. -+static bool do_oops_on_card_in_humongous(MemRegion mr, -+ FilterOutOfRegionClosure* cl, -+ HeapRegion* hr, -+ G1CollectedHeap* g1h) { -+ assert(hr->isHumongous(), "precondition"); -+ HeapRegion* sr = hr->humongous_start_region(); -+ oop obj = oop(sr->bottom()); -+ -+ // If concurrent and klass_or_null is NULL, then space has been -+ // allocated but the object has not yet been published by setting -+ // the klass. That can only happen if the card is stale. However, -+ // we've already set the card clean, so we must return failure, -+ // since the allocating thread could have performed a write to the -+ // card that might be missed otherwise. -+ if (!g1h->is_gc_active() && (obj->klass_or_null_acquire() == NULL)) { -+ return false; -+ } -+ -+ // We have a well-formed humongous object at the start of sr. -+ // Only filler objects follow a humongous object in the containing -+ // regions, and we can ignore those. So only process the one -+ // humongous object. -+ if (!g1h->is_obj_dead(obj, sr)) { -+ if (obj->is_objArray() || (sr->bottom() < mr.start())) { -+ // objArrays are always marked precisely, so limit processing -+ // with mr. Non-objArrays might be precisely marked, and since -+ // it's humongous it's worthwhile avoiding full processing. -+ // However, the card could be stale and only cover filler -+ // objects. That should be rare, so not worth checking for; -+ // instead let it fall out from the bounded iteration. -+ obj->oop_iterate(cl, mr); -+ } else { -+ // If obj is not an objArray and mr contains the start of the -+ // obj, then this could be an imprecise mark, and we need to -+ // process the entire object. -+ obj->oop_iterate(cl); -+ } -+ } -+ return true; -+} -+ - HeapWord* - HeapRegion::object_iterate_mem_careful(MemRegion mr, - ObjectClosure* cl) { @@ -399,9 +443,6 @@ HeapRegion::object_iterate_mem_careful(MemRegion mr, } else if (!g1h->is_obj_dead(obj)) { cl->do_object(obj); @@ -249,7 +160,7 @@ index 794911ef6..7c48501f3 100644 cur += block_size(cur); } return NULL; -@@ -411,30 +452,14 @@ bool HeapRegion::oops_on_card_seq_iterate_careful(MemRegion mr, +@@ -454,29 +495,9 @@ bool HeapRegion::oops_on_card_seq_iterate_careful(MemRegion mr, FilterOutOfRegionClosure* cl, jbyte* card_ptr) { assert(card_ptr != NULL, "pre-condition"); @@ -267,7 +178,6 @@ index 794911ef6..7c48501f3 100644 - if (mr.is_empty()) { - return true; - } -- // Otherwise, find the obj that extends onto mr.start(). - - // The intersection of the incoming mr (for the card) and the - // allocated part of the region is non-empty. This implies that @@ -277,92 +187,10 @@ index 794911ef6..7c48501f3 100644 - // safely know if this region is young. - if (is_young()) { - return true; -+ // Special handling for humongous regions. -+ if (isHumongous()) { -+ return do_oops_on_card_in_humongous(mr, cl, this, g1h); - } -+ assert(is_old(), "precondition"); +- } // We can only clean the card here, after we make the decision that // the card is not young. -@@ -446,50 +471,37 @@ bool HeapRegion::oops_on_card_seq_iterate_careful(MemRegion mr, - HeapWord* const start = mr.start(); - HeapWord* const end = mr.end(); - -- // Update BOT as needed while finding start of (potential) object. -+ // Find the obj that extends onto mr.start(). -+ // Update BOT as needed while finding start of (possibly dead) -+ // object containing the start of the region. - HeapWord* cur = block_start(start); -- assert(cur <= start, "Postcondition"); -- -- oop obj; -- -- HeapWord* next = cur; -- do { -- cur = next; -- obj = oop(cur); -- if (obj->klass_or_null() == NULL) { -- // Ran into an unparseable point. -- assert(!g1h->is_gc_active(), -- err_msg("Unparsable heap during GC at " PTR_FORMAT, p2i(cur))); -- return false; -- } -- // Otherwise... -- next = cur + block_size(cur); -- } while (next <= start); -- -- // If we finish the above loop...We have a parseable object that -- // begins on or before the start of the memory region, and ends -- // inside or spans the entire region. -- assert(cur <= start, "Loop postcondition"); -- assert(obj->klass_or_null() != NULL, "Loop postcondition"); -+#ifdef ASSERT -+ { -+ assert(cur <= start, -+ err_msg("cur: " PTR_FORMAT ", start: " PTR_FORMAT, p2i(cur), p2i(start))); -+ HeapWord* next = cur + block_size(cur); -+ assert(start < next, -+ err_msg("start: " PTR_FORMAT ", next: " PTR_FORMAT, p2i(start), p2i(next))); -+ } -+#endif - - do { -- obj = oop(cur); -- assert((cur + block_size(cur)) > (HeapWord*)obj, "Loop invariant"); -- if (obj->klass_or_null() == NULL) { -- // Ran into an unparseable point. -- assert(!g1h->is_gc_active(), -- err_msg("Unparsable heap during GC at " PTR_FORMAT, p2i(cur))); -- return false; -- } -- -- // Advance the current pointer. "obj" still points to the object to iterate. -- cur = cur + block_size(cur); -+ oop obj = oop(cur); -+ assert(obj->is_oop(true), err_msg("Not an oop at " PTR_FORMAT, p2i(obj))); -+ assert(obj->klass_or_null() != NULL, -+ err_msg("Unparsable heap at " PTR_FORMAT, p2i(obj))); -+ -+ if (g1h->is_obj_dead(obj, this)) { -+ // Carefully step over dead object. -+ cur += block_size(cur); -+ } else { -+ // Step over live object, and process its references. -+ cur += obj->size(); -+ // Non-objArrays are usually marked imprecise at the object -+ // start, in which case we need to iterate over them in full. -+ // objArrays are precisely marked, but can still be iterated -+ // over in full if completely covered. - -- if (!g1h->is_obj_dead(obj)) { -- // Non-objArrays are sometimes marked imprecise at the object start. We -- // always need to iterate over them in full. -- // We only iterate over object arrays in full if they are completely contained -- // in the memory region. - if (!obj->is_objArray() || (((HeapWord*)obj) >= start && cur <= end)) { - obj->oop_iterate(cl); - } else { diff --git a/hotspot/src/share/vm/gc_implementation/g1/heapRegion.hpp b/hotspot/src/share/vm/gc_implementation/g1/heapRegion.hpp index 52ef1d0d2..8a45b3915 100644 --- a/hotspot/src/share/vm/gc_implementation/g1/heapRegion.hpp @@ -390,55 +218,6 @@ index a9a4fbc25..007dabf19 100644 // Setters void set_free() { set(FreeTag); } -diff --git a/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp b/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp -index f05b4f177..9481dba10 100644 ---- a/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp -+++ b/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp -@@ -1551,22 +1551,25 @@ bool ParNewGeneration::take_from_overflow_list_work(ParScanThreadState* par_scan - return false; - } - assert(prefix != NULL && prefix != BUSY, "Error"); -- size_t i = 1; - oop cur = prefix; -- while (i < objsFromOverflow && cur->klass_or_null() != NULL) { -- i++; cur = cur->list_ptr_from_klass(); -+ for (size_t i = 1; i < objsFromOverflow; ++i) { -+ oop next = cur->list_ptr_from_klass(); -+ if (next == NULL) break; -+ cur = next; - } -+ assert(cur != NULL, "Loop postcondition"); - - // Reattach remaining (suffix) to overflow list -- if (cur->klass_or_null() == NULL) { -+ oop suffix = cur->list_ptr_from_klass(); -+ if (suffix == NULL) { - // Write back the NULL in lieu of the BUSY we wrote - // above and it is still the same value. - if (_overflow_list == BUSY) { - (void) Atomic::cmpxchg_ptr(NULL, &_overflow_list, BUSY); - } - } else { -- assert(cur->klass_or_null() != (Klass*)(address)BUSY, "Error"); -- oop suffix = cur->list_ptr_from_klass(); // suffix will be put back on global list -+ assert(suffix != BUSY, "Error"); -+ // suffix will be put back on global list - cur->set_klass_to_list_ptr(NULL); // break off suffix - // It's possible that the list is still in the empty(busy) state - // we left it in a short while ago; in that case we may be -@@ -1586,8 +1589,10 @@ bool ParNewGeneration::take_from_overflow_list_work(ParScanThreadState* par_scan - // Too bad, someone else got in in between; we'll need to do a splice. - // Find the last item of suffix list - oop last = suffix; -- while (last->klass_or_null() != NULL) { -- last = last->list_ptr_from_klass(); -+ while (true) { -+ oop next = last->list_ptr_from_klass(); -+ if (next == NULL) break; -+ last = next; - } - // Atomically prepend suffix to current overflow list - observed_overflow_list = _overflow_list; -- 2.19.0 diff --git a/8168996-backport-of-C2-crash-at-postaloc.cpp-140-ass.patch b/8168996-backport-of-C2-crash-at-postaloc.cpp-140-ass.patch deleted file mode 100755 index 627bb7997425b7e10cee50a1f89757b31c2b457c..0000000000000000000000000000000000000000 --- a/8168996-backport-of-C2-crash-at-postaloc.cpp-140-ass.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 9b140509c32b5878c1abdc16ec0edfd3e9f2f600 Mon Sep 17 00:00:00 2001 -Date: Fri, 29 Jan 2021 09:34:07 +0800 -Subject: 8168996: backport of C2 crash at postaloc.cpp:140 : - assert(false) failed: unexpected yanked node - -DTS/AR: DTS2021012903VX2SP0H00 -Summary: : Prevent MemBarAcquire from keeping a LoadNNode alive by adding it to the worklist if it is the only user of a DecodeNNode. -LLT: NA -Patch Type: backport -Bug url: https://bugs.openjdk.java.net/browse/JDK-8168996 ---- - hotspot/src/share/vm/opto/node.cpp | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hotspot/src/share/vm/opto/node.cpp b/hotspot/src/share/vm/opto/node.cpp -index 60b390c09..a0d9acca4 100644 ---- a/hotspot/src/share/vm/opto/node.cpp -+++ b/hotspot/src/share/vm/opto/node.cpp -@@ -1168,8 +1168,8 @@ bool Node::has_special_unique_user() const { - if( this->is_Store() ) { - // Condition for back-to-back stores folding. - return n->Opcode() == op && n->in(MemNode::Memory) == this; -- } else if (this->is_Load()) { -- // Condition for removing an unused LoadNode from the MemBarAcquire precedence input -+ } else if (this->is_Load() || this->is_DecodeN()) { -+ // Condition for removing an unused LoadNode or DecodeNNode from the MemBarAcquire precedence input - return n->Opcode() == Op_MemBarAcquire; - } else if( op == Op_AddL ) { - // Condition for convL2I(addL(x,y)) ==> addI(convL2I(x),convL2I(y)) --- -2.19.0 - diff --git a/8171410.patch b/8171410.patch deleted file mode 100644 index 166c1239aa7b2c7e3e9124ba7f5ec04b24a27d9c..0000000000000000000000000000000000000000 --- a/8171410.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 3665377e22f4896b5c7480ebc8c2138e9fc2fe16 Mon Sep 17 00:00:00 2001 -Date: Fri, 22 Jan 2021 15:31:06 +0800 -Subject: aarch64: long multiplyExact shifts by 31 instead of 63 - -Summary: : long multiplyExact shifts by 31 instead of 63 -LLT: NA -Bug url: https://bugs.openjdk.java.net/browse/JDK-8171410 ---- - hotspot/src/cpu/aarch64/vm/aarch64.ad | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/hotspot/src/cpu/aarch64/vm/aarch64.ad b/hotspot/src/cpu/aarch64/vm/aarch64.ad -index 48d3628e9..38de0098b 100644 ---- a/hotspot/src/cpu/aarch64/vm/aarch64.ad -+++ b/hotspot/src/cpu/aarch64/vm/aarch64.ad -@@ -12582,7 +12582,7 @@ instruct overflowMulL_reg(rFlagsReg cr, iRegL op1, iRegL op2) - - format %{ "mul rscratch1, $op1, $op2\t#overflow check long\n\t" - "smulh rscratch2, $op1, $op2\n\t" -- "cmp rscratch2, rscratch1, ASR #31\n\t" -+ "cmp rscratch2, rscratch1, ASR #63\n\t" - "movw rscratch1, #0x80000000\n\t" - "cselw rscratch1, rscratch1, zr, NE\n\t" - "cmpw rscratch1, #1" %} -@@ -12590,7 +12590,7 @@ instruct overflowMulL_reg(rFlagsReg cr, iRegL op1, iRegL op2) - ins_encode %{ - __ mul(rscratch1, $op1$$Register, $op2$$Register); // Result bits 0..63 - __ smulh(rscratch2, $op1$$Register, $op2$$Register); // Result bits 64..127 -- __ cmp(rscratch2, rscratch1, Assembler::ASR, 31); // Top is pure sign ext -+ __ cmp(rscratch2, rscratch1, Assembler::ASR, 63); // Top is pure sign ext - __ movw(rscratch1, 0x80000000); // Develop 0 (EQ), - __ cselw(rscratch1, rscratch1, zr, Assembler::NE); // or 0x80000000 (NE) - __ cmpw(rscratch1, 1); // 0x80000000 - 1 => VS -@@ -12608,7 +12608,7 @@ instruct overflowMulL_reg_branch(cmpOp cmp, iRegL op1, iRegL op2, label labl, rF - - format %{ "mul rscratch1, $op1, $op2\t#overflow check long\n\t" - "smulh rscratch2, $op1, $op2\n\t" -- "cmp rscratch2, rscratch1, ASR #31\n\t" -+ "cmp rscratch2, rscratch1, ASR #63\n\t" - "b$cmp $labl" %} - ins_cost(4 * INSN_COST); // Branch is rare so treat as INSN_COST - ins_encode %{ -@@ -12616,7 +12616,7 @@ instruct overflowMulL_reg_branch(cmpOp cmp, iRegL op1, iRegL op2, label labl, rF - Assembler::Condition cond = (Assembler::Condition)$cmp$$cmpcode; - __ mul(rscratch1, $op1$$Register, $op2$$Register); // Result bits 0..63 - __ smulh(rscratch2, $op1$$Register, $op2$$Register); // Result bits 64..127 -- __ cmp(rscratch2, rscratch1, Assembler::ASR, 31); // Top is pure sign ext -+ __ cmp(rscratch2, rscratch1, Assembler::ASR, 63); // Top is pure sign ext - __ br(cond == Assembler::VS ? Assembler::NE : Assembler::EQ, *L); - %} - --- -2.19.0 - diff --git a/818172_overflow_when_strength_reducing_interger_multiply.patch b/818172_overflow_when_strength_reducing_interger_multiply.patch new file mode 100644 index 0000000000000000000000000000000000000000..3003af4e8e7c956078cc60c3ac2c63721357a823 --- /dev/null +++ b/818172_overflow_when_strength_reducing_interger_multiply.patch @@ -0,0 +1,22 @@ +diff --git a/hotspot/src/cpu/aarch64/vm/c1_LIRGenerator_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/c1_LIRGenerator_aarch64.cpp +index 6d0b4acbd..ecd4bd4a6 100644 +--- a/hotspot/src/cpu/aarch64/vm/c1_LIRGenerator_aarch64.cpp ++++ b/hotspot/src/cpu/aarch64/vm/c1_LIRGenerator_aarch64.cpp +@@ -607,12 +607,12 @@ void LIRGenerator::do_ArithmeticOp_Int(ArithmeticOp* x) { + } else { + assert (x->op() == Bytecodes::_imul, "expect imul"); + if (right.is_constant()) { +- int c = right.get_jint_constant(); +- if (! is_power_of_2(c) && ! is_power_of_2(c + 1) && ! is_power_of_2(c - 1)) { +- // Cannot use constant op. +- right.load_item(); ++ jint c = right.get_jint_constant(); ++ if (c > 0 && c < max_jint && (is_power_of_2(c) || is_power_of_2(c - 1) || is_power_of_2(c + 1))) { ++ right_arg->dont_load_item(); + } else { +- right.dont_load_item(); ++ // Cannot use constant op. ++ right_arg->load_item(); + } + } else { + right.load_item(); diff --git a/8191129.patch b/8191129.patch deleted file mode 100644 index cf83204baa841b87906a2c8babb213d5b352fd4b..0000000000000000000000000000000000000000 --- a/8191129.patch +++ /dev/null @@ -1,115 +0,0 @@ -From 8591ace51cb262bc6f35b4213f2ebac8a4b9111f Mon Sep 17 00:00:00 2001 -Date: Fri, 22 Jan 2021 14:29:52 +0800 -Subject: Backport of JDK-8191129 - -summary: AARCH64: Invalid value passed to critical JNI function -LLT: -Bug url: https://bugs.openjdk.java.net/browse/JDK-8191129 ---- - .../cpu/aarch64/vm/sharedRuntime_aarch64.cpp | 2 +- - .../src/cpu/aarch64/vm/vm_version_aarch64.cpp | 3 +++ - hotspot/src/share/vm/runtime/arguments.cpp | 22 ------------------- - hotspot/src/share/vm/runtime/arguments.hpp | 22 +++++++++++++++++++ - 4 files changed, 26 insertions(+), 23 deletions(-) - -diff --git a/hotspot/src/cpu/aarch64/vm/sharedRuntime_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/sharedRuntime_aarch64.cpp -index 55c2b5d6d..7143db519 100644 ---- a/hotspot/src/cpu/aarch64/vm/sharedRuntime_aarch64.cpp -+++ b/hotspot/src/cpu/aarch64/vm/sharedRuntime_aarch64.cpp -@@ -1545,7 +1545,7 @@ nmethod* SharedRuntime::generate_native_wrapper(MacroAssembler* masm, - // critical natives they are offset down. - GrowableArray arg_order(2 * total_in_args); - VMRegPair tmp_vmreg; -- tmp_vmreg.set1(r19->as_VMReg()); -+ tmp_vmreg.set2(r19->as_VMReg()); - - if (!is_critical_native) { - for (int i = total_in_args - 1, c_arg = total_c_args - 1; i >= 0; i--, c_arg--) { -diff --git a/hotspot/src/cpu/aarch64/vm/vm_version_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/vm_version_aarch64.cpp -index 211baa9dc..ae7265dfc 100644 ---- a/hotspot/src/cpu/aarch64/vm/vm_version_aarch64.cpp -+++ b/hotspot/src/cpu/aarch64/vm/vm_version_aarch64.cpp -@@ -30,6 +30,7 @@ - #include "runtime/java.hpp" - #include "runtime/stubCodeGenerator.hpp" - #include "vm_version_aarch64.hpp" -+#include "runtime/arguments.hpp" - #ifdef TARGET_OS_FAMILY_linux - # include "os_linux.inline.hpp" - #endif -@@ -339,4 +340,6 @@ void VM_Version::initialize() { - g.generate_getPsrInfo()); - - get_processor_features(); -+ -+ UNSUPPORTED_OPTION(CriticalJNINatives, "CriticalJNINatives"); - } -diff --git a/hotspot/src/share/vm/runtime/arguments.cpp b/hotspot/src/share/vm/runtime/arguments.cpp -index bd789f637..a9eb3fb10 100644 ---- a/hotspot/src/share/vm/runtime/arguments.cpp -+++ b/hotspot/src/share/vm/runtime/arguments.cpp -@@ -79,28 +79,6 @@ - #endif - #define DEFAULT_JAVA_LAUNCHER "generic" - --// Disable options not supported in this release, with a warning if they --// were explicitly requested on the command-line --#define UNSUPPORTED_OPTION(opt, description) \ --do { \ -- if (opt) { \ -- if (FLAG_IS_CMDLINE(opt)) { \ -- warning(description " is disabled in this release."); \ -- } \ -- FLAG_SET_DEFAULT(opt, false); \ -- } \ --} while(0) -- --#define UNSUPPORTED_GC_OPTION(gc) \ --do { \ -- if (gc) { \ -- if (FLAG_IS_CMDLINE(gc)) { \ -- warning(#gc " is not supported in this VM. Using Serial GC."); \ -- } \ -- FLAG_SET_DEFAULT(gc, false); \ -- } \ --} while(0) -- - char** Arguments::_jvm_flags_array = NULL; - int Arguments::_num_jvm_flags = 0; - char** Arguments::_jvm_args_array = NULL; -diff --git a/hotspot/src/share/vm/runtime/arguments.hpp b/hotspot/src/share/vm/runtime/arguments.hpp -index 86c415e6a..a5cd59ea6 100644 ---- a/hotspot/src/share/vm/runtime/arguments.hpp -+++ b/hotspot/src/share/vm/runtime/arguments.hpp -@@ -39,6 +39,28 @@ extern "C" { - typedef jint (JNICALL *vfprintf_hook_t)(FILE *fp, const char *format, va_list args) ATTRIBUTE_PRINTF(2, 0); - } - -+// Disable options not supported in this release, with a warning if they -+// were explicitly requested on the command-line -+#define UNSUPPORTED_OPTION(opt, description) \ -+do { \ -+ if (opt) { \ -+ if (FLAG_IS_CMDLINE(opt)) { \ -+ warning(description " is disabled in this release."); \ -+ } \ -+ FLAG_SET_DEFAULT(opt, false); \ -+ } \ -+} while(0) -+ -+#define UNSUPPORTED_GC_OPTION(gc) \ -+do { \ -+ if (gc) { \ -+ if (FLAG_IS_CMDLINE(gc)) { \ -+ warning(#gc " is not supported in this VM. Using Serial GC."); \ -+ } \ -+ FLAG_SET_DEFAULT(gc, false); \ -+ } \ -+} while(0) -+ - // Forward declarations - - class SysClassPath; --- -2.19.0 - diff --git a/8191915.patch b/8191915.patch deleted file mode 100644 index 2f2526d9c6f7f2831a2ca3b1948d4ac970eb0a7e..0000000000000000000000000000000000000000 --- a/8191915.patch +++ /dev/null @@ -1,161 +0,0 @@ -From a1125b79426556114c36a807ccd95bd916b07dab Mon Sep 17 00:00:00 2001 -Date: Fri, 22 Jan 2021 15:26:12 +0800 -Subject: 8191915: java.lang.Math.multiplyExact not throw an - exception for certain values - -Summary: C2: java.lang.Math.multiplyExact not throw an exception for certain values -LLT: hotspot/test/compiler/intrinsics/mathexact/LongMulOverflowTest.java -Bug url: https://bugs.openjdk.java.net/browse/JDK-8191915 ---- - hotspot/src/share/vm/opto/mathexactnode.cpp | 42 ++++++++----- - hotspot/src/share/vm/opto/mathexactnode.hpp | 4 +- - .../mathexact/LongMulOverflowTest.java | 61 +++++++++++++++++++ - 3 files changed, 90 insertions(+), 17 deletions(-) - create mode 100644 hotspot/test/compiler/intrinsics/mathexact/LongMulOverflowTest.java - -diff --git a/hotspot/src/share/vm/opto/mathexactnode.cpp b/hotspot/src/share/vm/opto/mathexactnode.cpp -index 00466ad3d..661cc745b 100644 ---- a/hotspot/src/share/vm/opto/mathexactnode.cpp -+++ b/hotspot/src/share/vm/opto/mathexactnode.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -117,23 +117,33 @@ bool OverflowSubLNode::will_overflow(jlong v1, jlong v2) const { - return SubHelper::will_overflow(v1, v2); - } - --bool OverflowMulLNode::will_overflow(jlong val1, jlong val2) const { -- jlong result = val1 * val2; -- jlong ax = (val1 < 0 ? -val1 : val1); -- jlong ay = (val2 < 0 ? -val2 : val2); -- -- bool overflow = false; -- if ((ax | ay) & CONST64(0xFFFFFFFF00000000)) { -- // potential overflow if any bit in upper 32 bits are set -- if ((val1 == min_jlong && val2 == -1) || (val2 == min_jlong && val1 == -1)) { -- // -1 * Long.MIN_VALUE will overflow -- overflow = true; -- } else if (val2 != 0 && (result / val2 != val1)) { -- overflow = true; -- } -+bool OverflowMulLNode::is_overflow(jlong val1, jlong val2) { -+ // x * { 0, 1 } will never overflow. Even for x = min_jlong -+ if (val1 == 0 || val2 == 0 || val1 == 1 || val2 == 1) { -+ return false; -+ } -+ -+ // x * min_jlong for x not in { 0, 1 } overflows -+ // even -1 as -1 * min_jlong is an overflow -+ if (val1 == min_jlong || val2 == min_jlong) { -+ return true; - } - -- return overflow; -+ // if (x * y) / y == x there is no overflow -+ // -+ // the multiplication here is done as unsigned to avoid undefined behaviour which -+ // can be used by the compiler to assume that the check further down (result / val2 != val1) -+ // is always false and breaks the overflow check -+ julong v1 = (julong) val1; -+ julong v2 = (julong) val2; -+ julong tmp = v1 * v2; -+ jlong result = (jlong) tmp; -+ -+ if (result / val2 != val1) { -+ return true; -+ } -+ -+ return false; - } - - bool OverflowAddINode::can_overflow(const Type* t1, const Type* t2) const { -diff --git a/hotspot/src/share/vm/opto/mathexactnode.hpp b/hotspot/src/share/vm/opto/mathexactnode.hpp -index 3e037cf56..0a59ebd96 100644 ---- a/hotspot/src/share/vm/opto/mathexactnode.hpp -+++ b/hotspot/src/share/vm/opto/mathexactnode.hpp -@@ -129,8 +129,10 @@ public: - OverflowMulLNode(Node* in1, Node* in2) : OverflowLNode(in1, in2) {} - virtual int Opcode() const; - -- virtual bool will_overflow(jlong v1, jlong v2) const; -+ virtual bool will_overflow(jlong v1, jlong v2) const { return is_overflow(v1, v2); } - virtual bool can_overflow(const Type* t1, const Type* t2) const; -+ -+ static bool is_overflow(jlong v1, jlong v2); - }; - - #endif -diff --git a/hotspot/test/compiler/intrinsics/mathexact/LongMulOverflowTest.java b/hotspot/test/compiler/intrinsics/mathexact/LongMulOverflowTest.java -new file mode 100644 -index 000000000..69bd8f157 ---- /dev/null -+++ b/hotspot/test/compiler/intrinsics/mathexact/LongMulOverflowTest.java -@@ -0,0 +1,61 @@ -+/* -+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+/* -+ * @test -+ * @bug 8191915 -+ * @summary Regression test for multiplyExact intrinsic -+ * @compile AddExactICondTest.java -+ * @run main/othervm -Xcomp -XX:-TieredCompilation compiler.intrinsics.mathexact.LongMulOverflowTest -+ */ -+ -+package compiler.intrinsics.mathexact; -+ -+public class LongMulOverflowTest { -+ public static void main(String[] args) { -+ LongMulOverflowTest test = new LongMulOverflowTest(); -+ for (int i = 0; i < 10; ++i) { -+ try { -+ test.runTest(); -+ throw new RuntimeException("Error, runTest() did not overflow!"); -+ } catch (ArithmeticException e) { -+ // success -+ } -+ -+ try { -+ test.runTestOverflow(); -+ throw new RuntimeException("Error, runTestOverflow() did not overflow!"); -+ } catch (ArithmeticException e) { -+ // success -+ } -+ } -+ } -+ -+ public void runTest() { -+ java.lang.Math.multiplyExact(Long.MIN_VALUE, 7); -+ } -+ -+ public void runTestOverflow() { -+ java.lang.Math.multiplyExact((Long.MAX_VALUE / 2) + 1, 2); -+ } -+} --- -2.19.0 - diff --git a/8193518.patch b/8193518.patch new file mode 100644 index 0000000000000000000000000000000000000000..92b9a11ddbe33f0d93336715f8854a7ba488bf96 --- /dev/null +++ b/8193518.patch @@ -0,0 +1,57 @@ +From ffcc6a489a09be7b10e06e9bece5fe2aa06d336d Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Tue, 9 Mar 2021 16:58:48 +0800 +Subject: [PATCH] [Backport]8193518: C2:Vector registers sometimes + corrupted at safepoint + +Reference: https://bugs.openjdk.java.net/browse/JDK-8193518 + + +Signed-off-by: He Xuejin +--- + hotspot/src/share/vm/opto/compile.hpp | 6 +++--- + hotspot/src/share/vm/opto/superword.cpp | 4 +++- + 2 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/hotspot/src/share/vm/opto/compile.hpp b/hotspot/src/share/vm/opto/compile.hpp +index fd750b10e..93fa11737 100644 +--- a/hotspot/src/share/vm/opto/compile.hpp ++++ b/hotspot/src/share/vm/opto/compile.hpp +@@ -316,7 +316,7 @@ class Compile : public Phase { + bool _has_unsafe_access; // True if the method _may_ produce faults in unsafe loads or stores. + bool _has_stringbuilder; // True StringBuffers or StringBuilders are allocated + bool _has_boxed_value; // True if a boxed object is allocated +- int _max_vector_size; // Maximum size of generated vectors ++ uint _max_vector_size; // Maximum size of generated vectors + uint _trap_hist[trapHistLength]; // Cumulative traps + bool _trap_can_recompile; // Have we emitted a recompiling trap? + uint _decompile_count; // Cumulative decompilation counts. +@@ -581,8 +581,8 @@ class Compile : public Phase { + void set_has_stringbuilder(bool z) { _has_stringbuilder = z; } + bool has_boxed_value() const { return _has_boxed_value; } + void set_has_boxed_value(bool z) { _has_boxed_value = z; } +- int max_vector_size() const { return _max_vector_size; } +- void set_max_vector_size(int s) { _max_vector_size = s; } ++ uint max_vector_size() const { return _max_vector_size; } ++ void set_max_vector_size(uint s) { _max_vector_size = s; } + void set_trap_count(uint r, uint c) { assert(r < trapHistLength, "oob"); _trap_hist[r] = c; } + uint trap_count(uint r) const { assert(r < trapHistLength, "oob"); return _trap_hist[r]; } + bool trap_can_recompile() const { return _trap_can_recompile; } +diff --git a/hotspot/src/share/vm/opto/superword.cpp b/hotspot/src/share/vm/opto/superword.cpp +index a14210ee2..2b7e7af21 100644 +--- a/hotspot/src/share/vm/opto/superword.cpp ++++ b/hotspot/src/share/vm/opto/superword.cpp +@@ -1480,7 +1480,9 @@ void SuperWord::output() { + #endif + } + } +- C->set_max_vector_size(max_vlen_in_bytes); ++ if (max_vlen_in_bytes > C->max_vector_size()) { ++ C->set_max_vector_size(max_vlen_in_bytes); ++ } + } + + //------------------------------vector_opd--------------------------- +-- +2.19.0 + diff --git a/8214418-half-closed-SSLEngine-status-may-cause-appli.patch b/8214418-half-closed-SSLEngine-status-may-cause-appli.patch old mode 100755 new mode 100644 diff --git a/8214535-support-Jmap-parallel.patch b/8214535-support-Jmap-parallel.patch old mode 100755 new mode 100644 diff --git a/8231841-debug.cpp-help-is-missing-an-AArch64-line-fo.patch b/8231841-debug.cpp-help-is-missing-an-AArch64-line-fo.patch old mode 100755 new mode 100644 diff --git a/8240353.patch b/8240353.patch deleted file mode 100644 index ddc27ca933a543ba2f707400dfe256bc02341112..0000000000000000000000000000000000000000 --- a/8240353.patch +++ /dev/null @@ -1,49 +0,0 @@ -diff --git a/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp -index e25061f7d..2df587d96 100644 ---- a/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp -+++ b/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp -@@ -1,6 +1,6 @@ - /* - * Copyright (c) 2013, Red Hat Inc. -- * Copyright (c) 2000, 2019, Oracle and/or its affiliates. -+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. - * All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * -@@ -434,12 +434,9 @@ int LIR_Assembler::emit_unwind_handler() { - } - - if (compilation()->env()->dtrace_method_probes()) { -- __ call_Unimplemented(); --#if 0 -- __ movptr(Address(rsp, 0), rax); -- __ mov_metadata(Address(rsp, sizeof(void*)), method()->constant_encoding()); -- __ call(RuntimeAddress(CAST_FROM_FN_PTR(address, SharedRuntime::dtrace_method_exit))); --#endif -+ __ mov(c_rarg0, rthread); -+ __ mov_metadata(c_rarg1, method()->constant_encoding()); -+ __ call_VM_leaf(CAST_FROM_FN_PTR(address, SharedRuntime::dtrace_method_exit), c_rarg0, c_rarg1); - } - - if (method()->is_synchronized() || compilation()->env()->dtrace_method_probes()) { -diff --git a/hotspot/src/cpu/aarch64/vm/c1_Runtime1_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/c1_Runtime1_aarch64.cpp -index c1e48ac97..e774f2140 100644 ---- a/hotspot/src/cpu/aarch64/vm/c1_Runtime1_aarch64.cpp -+++ b/hotspot/src/cpu/aarch64/vm/c1_Runtime1_aarch64.cpp -@@ -1319,6 +1319,16 @@ OopMapSet* Runtime1::generate_code_for(StubID id, StubAssembler* sasm) { - } - break; - -+ case dtrace_object_alloc_id: -+ { // c_rarg0: object -+ StubFrame f(sasm, "dtrace_object_alloc", dont_gc_arguments); -+ save_live_registers(sasm); -+ -+ __ call_VM_leaf(CAST_FROM_FN_PTR(address, SharedRuntime::dtrace_object_alloc), c_rarg0); -+ -+ restore_live_registers(sasm); -+ } -+ break; - - default: - { StubFrame f(sasm, "unimplemented entry", dont_gc_arguments); diff --git a/8247691_incorrect_handling_of_VM_exceptions_in_C1_deopt_stub.patch b/8247691_incorrect_handling_of_VM_exceptions_in_C1_deopt_stub.patch new file mode 100755 index 0000000000000000000000000000000000000000..e66ffad04fe187dc7f35dc9aed6835a48f5e5ebf --- /dev/null +++ b/8247691_incorrect_handling_of_VM_exceptions_in_C1_deopt_stub.patch @@ -0,0 +1,14 @@ +diff --git a/hotspot/src/cpu/aarch64/vm/c1_Runtime1_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/c1_Runtime1_aarch64.cpp +index d16cfda1..5e457dd1 100644 +--- a/hotspot/src/cpu/aarch64/vm/c1_Runtime1_aarch64.cpp ++++ b/hotspot/src/cpu/aarch64/vm/c1_Runtime1_aarch64.cpp +@@ -597,7 +597,8 @@ OopMapSet* Runtime1::generate_patching(StubAssembler* sasm, address target) { + __ verify_not_null_oop(r0); + + // load throwing pc: this is the return address of the stub +- __ mov(r3, lr); ++ // Note that lr register has been destroyed by the call. ++ __ ldr(r3, Address(rfp, wordSize)); + + #ifdef ASSERT + // check that fields in JavaThread for exception oop and issuing pc are empty diff --git a/8248336.patch b/8248336.patch deleted file mode 100644 index 6d2c5546b2e8101cf394d1a8746ccb7327e2f457..0000000000000000000000000000000000000000 --- a/8248336.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0fc0d41f2af723a0abdb3c73100137f847b1d820 Mon Sep 17 00:00:00 2001 -Date: Fri, 22 Jan 2021 16:40:43 +0800 -Subject: 8248336: AArch64: C2: offset overflow in - BoxLockNode::emit - -Summary: : offset overflow in BoxLockNode::emit -LLT: jtreg -Bug url: https://bugs.openjdk.java.net/browse/JDK-8248336 ---- - hotspot/src/cpu/aarch64/vm/aarch64.ad | 16 ++++++++++------ - 1 file changed, 10 insertions(+), 6 deletions(-) - -diff --git a/hotspot/src/cpu/aarch64/vm/aarch64.ad b/hotspot/src/cpu/aarch64/vm/aarch64.ad -index 38de0098b..accce6720 100644 ---- a/hotspot/src/cpu/aarch64/vm/aarch64.ad -+++ b/hotspot/src/cpu/aarch64/vm/aarch64.ad -@@ -1828,16 +1828,20 @@ void BoxLockNode::emit(CodeBuffer &cbuf, PhaseRegAlloc *ra_) const { - int offset = ra_->reg2offset(in_RegMask(0).find_first_elem()); - int reg = ra_->get_encode(this); - -- if (Assembler::operand_valid_for_add_sub_immediate(offset)) { -- __ add(as_Register(reg), sp, offset); -- } else { -- ShouldNotReachHere(); -- } -+ // This add will handle any 24-bit signed offset. 24 bits allows an -+ // 8 megabyte stack frame. -+ __ add(as_Register(reg), sp, offset); - } - - uint BoxLockNode::size(PhaseRegAlloc *ra_) const { - // BoxLockNode is not a MachNode, so we can't just call MachNode::size(ra_). -- return 4; -+ int offset = ra_->reg2offset(in_RegMask(0).find_first_elem()); -+ -+ if (Assembler::operand_valid_for_add_sub_immediate(offset)) { -+ return NativeInstruction::instruction_size; -+ } else { -+ return 2 * NativeInstruction::instruction_size; -+ } - } - - //============================================================================= --- -2.19.0 - diff --git a/8254078-DataOutputStream-is-very-slow-post-disabling.patch b/8254078-DataOutputStream-is-very-slow-post-disabling.patch old mode 100755 new mode 100644 diff --git a/8259886-Improve-SSL-session-cache-performance-and-sc.patch b/8259886-Improve-SSL-session-cache-performance-and-sc.patch old mode 100755 new mode 100644 diff --git a/8264640.patch b/8264640.patch new file mode 100755 index 0000000000000000000000000000000000000000..4aefd2e5396bc208f16d8f63dca8e260d42b15d8 --- /dev/null +++ b/8264640.patch @@ -0,0 +1,20 @@ +diff --git a/hotspot/src/share/vm/gc_implementation/parNew/parOopClosures.inline.hpp b/hotspot/src/share/vm/gc_implementation/parNew/parOopClosures.inline.hpp +index 2a3e32071..887e47216 100644 +--- a/hotspot/src/share/vm/gc_implementation/parNew/parOopClosures.inline.hpp ++++ b/hotspot/src/share/vm/gc_implementation/parNew/parOopClosures.inline.hpp +@@ -38,6 +38,7 @@ template inline void ParScanWeakRefClosure::do_oop_work(T* p) { + // we need to ensure that it is copied (see comment in + // ParScanClosure::do_oop_work). + Klass* objK = obj->klass(); ++ OrderAccess::loadload(); + markOop m = obj->mark(); + oop new_obj; + if (m->is_marked()) { // Contains forwarding pointer. +@@ -101,6 +102,7 @@ inline void ParScanClosure::do_oop_work(T* p, + // overwritten with an overflow next pointer after the object is + // forwarded. + Klass* objK = obj->klass(); ++ OrderAccess::loadload(); + markOop m = obj->mark(); + oop new_obj; + if (m->is_marked()) { // Contains forwarding pointer. diff --git a/8266187_Memory_leak_in_appendBootClassPath.patch b/8266187_Memory_leak_in_appendBootClassPath.patch new file mode 100755 index 0000000000000000000000000000000000000000..6cf7b3248071c6a7871a403a037b10521b6f834d --- /dev/null +++ b/8266187_Memory_leak_in_appendBootClassPath.patch @@ -0,0 +1,12 @@ +diff --git a/jdk/src/share/instrument/InvocationAdapter.c b/jdk/src/share/instrument/InvocationAdapter.c +index 5aa189b0..b06cf5cb 100644 +--- a/jdk/src/share/instrument/InvocationAdapter.c ++++ b/jdk/src/share/instrument/InvocationAdapter.c +@@ -829,6 +829,7 @@ appendBootClassPath( JPLISAgent* agent, + + resolved = resolve(parent, path); + jvmtierr = (*jvmtienv)->AddToBootstrapClassLoaderSearch(jvmtienv, resolved); ++ free(resolved); + } + + /* print warning if boot class path not updated */ diff --git a/8266929_huawei_add_oid_mapping_common_sig_types.patch b/8266929_huawei_add_oid_mapping_common_sig_types.patch new file mode 100755 index 0000000000000000000000000000000000000000..19a2147b30a86066a8d40bc8cb20d704f244d15f --- /dev/null +++ b/8266929_huawei_add_oid_mapping_common_sig_types.patch @@ -0,0 +1,29 @@ +diff --git a/jdk/src/share/classes/sun/security/x509/AlgorithmId.java b/jdk/src/share/classes/sun/security/x509/AlgorithmId.java +index 502c52f30..41df5d290 100644 +--- a/jdk/src/share/classes/sun/security/x509/AlgorithmId.java ++++ b/jdk/src/share/classes/sun/security/x509/AlgorithmId.java +@@ -589,6 +589,24 @@ public class AlgorithmId implements Serializable, DerEncoder { + || name.equalsIgnoreCase("SHA1/RSA")) { + return AlgorithmId.sha1WithRSAEncryption_oid; + } ++ if (name.equalsIgnoreCase("SHA224withRSA")) { ++ return AlgorithmId.sha224WithRSAEncryption_oid; ++ } ++ if (name.equalsIgnoreCase("SHA256withRSA")) { ++ return AlgorithmId.sha256WithRSAEncryption_oid; ++ } ++ if (name.equalsIgnoreCase("SHA384withRSA")) { ++ return AlgorithmId.sha384WithRSAEncryption_oid; ++ } ++ if (name.equalsIgnoreCase("SHA512withRSA")) { ++ return AlgorithmId.sha512WithRSAEncryption_oid; ++ } ++ if (name.equalsIgnoreCase("SHA512/224withRSA")) { ++ return AlgorithmId.sha512_224WithRSAEncryption_oid; ++ } ++ if (name.equalsIgnoreCase("SHA512/256withRSA")) { ++ return AlgorithmId.sha512_256WithRSAEncryption_oid; ++ } + if (name.equalsIgnoreCase("SHA1withECDSA") + || name.equalsIgnoreCase("ECDSA")) { + return AlgorithmId.sha1WithECDSA_oid; diff --git a/AARCH64-fix-itable-stub-code-size-limit.patch b/AARCH64-fix-itable-stub-code-size-limit.patch deleted file mode 100644 index 2e4452fefd45a9ea7af978f87c8a233606b0a055..0000000000000000000000000000000000000000 --- a/AARCH64-fix-itable-stub-code-size-limit.patch +++ /dev/null @@ -1,42 +0,0 @@ -From bd26df9efb8b765bb40fcfeef3e8908e77bfb15f Mon Sep 17 00:00:00 2001 -Date: Fri, 22 Jan 2021 11:14:02 +0800 -Subject: AARCH64 fix itable stub code size limit - ---- - hotspot/src/cpu/aarch64/vm/vtableStubs_aarch64.cpp | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/hotspot/src/cpu/aarch64/vm/vtableStubs_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/vtableStubs_aarch64.cpp -index d8d1ec11b..645b690da 100644 ---- a/hotspot/src/cpu/aarch64/vm/vtableStubs_aarch64.cpp -+++ b/hotspot/src/cpu/aarch64/vm/vtableStubs_aarch64.cpp -@@ -130,6 +130,10 @@ VtableStub* VtableStubs::create_itable_stub(int itable_index) { - // returned by pd_code_size_limit! - const int code_length = VtableStub::pd_code_size_limit(false); - VtableStub* s = new(code_length) VtableStub(false, itable_index); -+ // Can be NULL if there is no free space in the code cache. -+ if (s == NULL) { -+ return NULL; -+ } - ResourceMark rm; - CodeBuffer cb(s->entry_point(), code_length); - MacroAssembler* masm = new MacroAssembler(&cb); -@@ -222,10 +226,12 @@ int VtableStub::pd_code_size_limit(bool is_vtable_stub) { - if (CountCompiledCalls) - size += 6 * 4; - // FIXME: vtable stubs only need 36 bytes -- if (is_vtable_stub) -+ if (is_vtable_stub) { - size += 52; -- else -- size += 176; -+ } else { -+ // itable code size limit, see issue#983 -+ size += 192; -+ } - return size; - - // In order to tune these parameters, run the JVM with VM options --- -2.19.0 - diff --git a/C1-typos-repair.patch b/C1-typos-repair.patch old mode 100755 new mode 100644 index 9fde889c11983cf8a0e60d40e0cf7a5da3042e6d..33dbba62099100a619173d847538ad2daac305be --- a/C1-typos-repair.patch +++ b/C1-typos-repair.patch @@ -8,12 +8,12 @@ LLT: NA Patch Type: huawei Bug url: NA --- - .../src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp | 6 +++--- + .../src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp | 2 +- .../src/cpu/aarch64/vm/c1_LIRGenerator_aarch64.cpp | 3 +-- hotspot/src/share/vm/c1/c1_GraphBuilder.cpp | 7 +++---- hotspot/src/share/vm/c1/c1_LIR.hpp | 12 ++++++------ hotspot/src/share/vm/c1/c1_LIRGenerator.hpp | 1 - - 5 files changed, 13 insertions(+), 16 deletions(-) + 5 files changed, 11 insertions(+), 14 deletions(-) diff --git a/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp index 2df587d96..60b67494c 100644 @@ -28,18 +28,6 @@ index 2df587d96..60b67494c 100644 } break; case T_METADATA: -@@ -1020,9 +1020,9 @@ void LIR_Assembler::mem2reg(LIR_Opr src, LIR_Opr dest, BasicType type, LIR_Patch - // address that matches klass_offset_in_bytes() will be loaded - // as a word, not a long. - if (UseCompressedClassPointers && addr->disp() == oopDesc::klass_offset_in_bytes()) { -- __ ldrw(dest->as_register(), as_Address(from_addr)); -+ __ ldrw(dest->as_register(), as_Address(from_addr)); - } else { -- __ ldr(dest->as_register(), as_Address(from_addr)); -+ __ ldr(dest->as_register(), as_Address(from_addr)); - } - break; - case T_INT: diff --git a/hotspot/src/cpu/aarch64/vm/c1_LIRGenerator_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/c1_LIRGenerator_aarch64.cpp index cee0730d9..6d0b4acbd 100644 --- a/hotspot/src/cpu/aarch64/vm/c1_LIRGenerator_aarch64.cpp diff --git a/Code-style-fix.patch b/Code-style-fix.patch new file mode 100644 index 0000000000000000000000000000000000000000..68d4ba62755f3927a033419b788b44d13d723b1a --- /dev/null +++ b/Code-style-fix.patch @@ -0,0 +1,21 @@ +From f50206e9a2e0eb975720bb425d3cd94f85cc4fc6 Mon Sep 17 00:00:00 2001 +Date: Mon, 19 Apr 2021 15:40:09 +0800 +Subject: [PATCH 1/2] Code style fix + +--- + hotspot/src/share/vm/runtime/arguments.cpp | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/hotspot/src/share/vm/runtime/arguments.cpp b/hotspot/src/share/vm/runtime/arguments.cpp +index 170f1fd9f..7ecb7a271 100644 +--- a/hotspot/src/share/vm/runtime/arguments.cpp ++++ b/hotspot/src/share/vm/runtime/arguments.cpp +@@ -2175,7 +2175,7 @@ void Arguments::set_boxtype_cached_max_flags() { + #ifdef COMPILER2 + if (!AggressiveOpts) { + if (!FLAG_IS_DEFAULT(BoxTypeCachedMax)) { +- int const size = 1024; ++ const int size = 1024; + char buffer[size]; + jio_snprintf(buffer, size, "java.lang.Long.LongCache.high=" INTX_FORMAT, BoxTypeCachedMax); + add_property(buffer); diff --git a/Ddot-intrinsic-implement.patch b/Ddot-intrinsic-implement.patch index 2b091a517c5c4b04ee7549857a4bad3d4a7415d4..5ec953a49ff3f16ab1adbf0510476d78375c89f7 100644 --- a/Ddot-intrinsic-implement.patch +++ b/Ddot-intrinsic-implement.patch @@ -3,7 +3,7 @@ index 1e9b1cb91..c0fd37d05 100644 --- a/hotspot/src/cpu/aarch64/vm/assembler_aarch64.hpp +++ b/hotspot/src/cpu/aarch64/vm/assembler_aarch64.hpp @@ -2061,6 +2061,14 @@ public: - ld_st(Vt, T, a, op1, op2); \ + ld_st(Vt, T, a, op1, op2); \ } + void ld1_d(FloatRegister Vt, int index, const Address &a) { @@ -172,8 +172,8 @@ index 388177589..1abc7e3b0 100644 + Register dy, Register incy, Register temp_reg); + void string_compare(Register str1, Register str2, - Register cnt1, Register cnt2, Register result, - Register tmp1); + Register cnt1, Register cnt2, Register result, + Register tmp1); @@ -1236,6 +1239,11 @@ private: // Uses rscratch2 if the address is not directly reachable Address spill_address(int size, int offset, Register tmp=rscratch2); diff --git a/Disable-ddot-intrinsic-on-CPUs-that-not-suppo.patch b/Disable-ddot-intrinsic-on-CPUs-that-not-suppo.patch new file mode 100644 index 0000000000000000000000000000000000000000..48c3eaa874a56697daa747284d6d188c94e121b3 --- /dev/null +++ b/Disable-ddot-intrinsic-on-CPUs-that-not-suppo.patch @@ -0,0 +1,66 @@ +From c5590435871f83fcca35a3ee28692e5864b8a657 Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Tue, 9 Mar 2021 16:51:56 +0800 +Subject: [PATCH] [Huawei]Disable ddot intrinsic on CPUs that not + support + + + +Signed-off-by: Mou Zhuojun +--- + hotspot/src/cpu/ppc/vm/vm_version_ppc.cpp | 5 +++++ + hotspot/src/cpu/sparc/vm/vm_version_sparc.cpp | 5 +++++ + hotspot/src/cpu/x86/vm/vm_version_x86.cpp | 5 +++++ + 3 files changed, 15 insertions(+) + +diff --git a/hotspot/src/cpu/ppc/vm/vm_version_ppc.cpp b/hotspot/src/cpu/ppc/vm/vm_version_ppc.cpp +index 3c59c96ca..b5ce1cfa9 100644 +--- a/hotspot/src/cpu/ppc/vm/vm_version_ppc.cpp ++++ b/hotspot/src/cpu/ppc/vm/vm_version_ppc.cpp +@@ -236,6 +236,11 @@ void VM_Version::initialize() { + FLAG_SET_DEFAULT(UseSHA, false); + } + ++ if (UseF2jBLASIntrinsics) { ++ warning("F2jBLAS instructions are not available on this CPU"); ++ FLAG_SET_DEFAULT(UseF2jBLASIntrinsics, false); ++ } ++ + if (FLAG_IS_DEFAULT(UseMontgomeryMultiplyIntrinsic)) { + UseMontgomeryMultiplyIntrinsic = true; + } +diff --git a/hotspot/src/cpu/sparc/vm/vm_version_sparc.cpp b/hotspot/src/cpu/sparc/vm/vm_version_sparc.cpp +index d7240e876..bd893e138 100644 +--- a/hotspot/src/cpu/sparc/vm/vm_version_sparc.cpp ++++ b/hotspot/src/cpu/sparc/vm/vm_version_sparc.cpp +@@ -382,6 +382,11 @@ void VM_Version::initialize() { + } + } + ++ if (UseF2jBLASIntrinsics) { ++ warning("F2jBLAS instructions are not available on this CPU"); ++ FLAG_SET_DEFAULT(UseF2jBLASIntrinsics, false); ++ } ++ + if (FLAG_IS_DEFAULT(ContendedPaddingWidth) && + (cache_line_size > ContendedPaddingWidth)) + ContendedPaddingWidth = cache_line_size; +diff --git a/hotspot/src/cpu/x86/vm/vm_version_x86.cpp b/hotspot/src/cpu/x86/vm/vm_version_x86.cpp +index 3a4246c68..46b3e32ea 100644 +--- a/hotspot/src/cpu/x86/vm/vm_version_x86.cpp ++++ b/hotspot/src/cpu/x86/vm/vm_version_x86.cpp +@@ -628,6 +628,11 @@ void VM_Version::get_processor_features() { + FLAG_SET_DEFAULT(UseSHA512Intrinsics, false); + } + ++ if (UseF2jBLASIntrinsics) { ++ warning("F2jBLAS instructions are not available on this CPU"); ++ FLAG_SET_DEFAULT(UseF2jBLASIntrinsics, false); ++ } ++ + // Adjust RTM (Restricted Transactional Memory) flags + if (!supports_rtm() && UseRTMLocking) { + // Can't continue because UseRTMLocking affects UseBiasedLocking flag +-- +2.19.0 + diff --git a/Fixed-a-copyright-writing-problem.patch b/Fixed-a-copyright-writing-problem.patch new file mode 100644 index 0000000000000000000000000000000000000000..7d9da9142bea2ad7fd77f2be80d5b68ed5a21e3c --- /dev/null +++ b/Fixed-a-copyright-writing-problem.patch @@ -0,0 +1,150 @@ +From 627f09f11f68a542d5a6113dc68289460d27a563 Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Sat, 17 Apr 2021 14:06:13 +0800 +Subject: [PATCH] [Huawei]Fixed a copyright writing problem. + +Reference: NA +Summary: : Fixed a copyright writing problem. +LLT: NA +Signed-off-by: wangkun +--- + hotspot/test/compiler/c2/Test8202414.java | 2 +- + hotspot/test/compiler/c2/Test8217359.java | 2 +- + hotspot/test/compiler/c2/TestReplaceEquivPhis.java | 2 +- + .../test/compiler/criticalnatives/argumentcorruption/Test8167409.sh | 2 +- + hotspot/test/compiler/loopopts/TestBeautifyLoops.java | 2 +- + hotspot/test/compiler/loopopts/TestBeautifyLoops_2.java | 2 +- + hotspot/test/compiler/loopopts/TestRemoveEmptyLoop.java | 2 +- + jdk/src/share/classes/com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.java | 2 +- + jdk/src/share/classes/com/huawei/management/AdaptiveHeapMXBean.java | 2 +- + jdk/src/share/native/com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.c | 3 ++- + jdk/test/sun/tools/jconsole/WorkerDeadlockTest.sh | 2 +- + 11 files changed, 12 insertions(+), 11 deletions(-) + +diff --git a/hotspot/test/compiler/c2/Test8202414.java b/hotspot/test/compiler/c2/Test8202414.java +index 1d8ef8d93..1f6ac4ed8 100644 +--- a/hotspot/test/compiler/c2/Test8202414.java ++++ b/hotspot/test/compiler/c2/Test8202414.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2019, Huawei Technologies Co. Ltd. All rights reserved. ++ * Copyright (c) 2019, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +diff --git a/hotspot/test/compiler/c2/Test8217359.java b/hotspot/test/compiler/c2/Test8217359.java +index ca0d2cc75..533bdce4b 100644 +--- a/hotspot/test/compiler/c2/Test8217359.java ++++ b/hotspot/test/compiler/c2/Test8217359.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2019, Huawei Technologies Co. Ltd. All rights reserved. ++ * Copyright (c) 2019, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +diff --git a/hotspot/test/compiler/c2/TestReplaceEquivPhis.java b/hotspot/test/compiler/c2/TestReplaceEquivPhis.java +index d4c93b390..229df93e5 100644 +--- a/hotspot/test/compiler/c2/TestReplaceEquivPhis.java ++++ b/hotspot/test/compiler/c2/TestReplaceEquivPhis.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2020, Huawei Technologies Co. Ltd. All rights reserved. ++ * Copyright (c) 2020, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +diff --git a/hotspot/test/compiler/criticalnatives/argumentcorruption/Test8167409.sh b/hotspot/test/compiler/criticalnatives/argumentcorruption/Test8167409.sh +index 1108aaf93..62a47b6d5 100644 +--- a/hotspot/test/compiler/criticalnatives/argumentcorruption/Test8167409.sh ++++ b/hotspot/test/compiler/criticalnatives/argumentcorruption/Test8167409.sh +@@ -2,7 +2,7 @@ + + # + # Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved. +-# Copyright (c) 2019 Huawei Technologies Co. LTD. All Rights Reserved. ++# Copyright (c) 2019 Huawei Technologies Co., LTD. All Rights Reserved. + # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + # + # This code is free software; you can redistribute it and/or modify it +diff --git a/hotspot/test/compiler/loopopts/TestBeautifyLoops.java b/hotspot/test/compiler/loopopts/TestBeautifyLoops.java +index c831430ed..8fcafc59b 100644 +--- a/hotspot/test/compiler/loopopts/TestBeautifyLoops.java ++++ b/hotspot/test/compiler/loopopts/TestBeautifyLoops.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2020, Huawei Technologies Co. Ltd. All rights reserved. ++ * Copyright (c) 2020, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +diff --git a/hotspot/test/compiler/loopopts/TestBeautifyLoops_2.java b/hotspot/test/compiler/loopopts/TestBeautifyLoops_2.java +index c53f33ff2..90fb2242f 100644 +--- a/hotspot/test/compiler/loopopts/TestBeautifyLoops_2.java ++++ b/hotspot/test/compiler/loopopts/TestBeautifyLoops_2.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2020, Huawei Technologies Co. Ltd. All rights reserved. ++ * Copyright (c) 2020, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +diff --git a/hotspot/test/compiler/loopopts/TestRemoveEmptyLoop.java b/hotspot/test/compiler/loopopts/TestRemoveEmptyLoop.java +index d9828e56f..3cf657044 100644 +--- a/hotspot/test/compiler/loopopts/TestRemoveEmptyLoop.java ++++ b/hotspot/test/compiler/loopopts/TestRemoveEmptyLoop.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2019, Huawei Technologies Co. Ltd. All rights reserved. ++ * Copyright (c) 2019, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +diff --git a/jdk/src/share/classes/com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.java b/jdk/src/share/classes/com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.java +index 1443fb043..223e66c50 100644 +--- a/jdk/src/share/classes/com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.java ++++ b/jdk/src/share/classes/com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2020, Huawei Technologies Co., LTD. All rights reserved. ++ * Copyright (c) 2019, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +diff --git a/jdk/src/share/classes/com/huawei/management/AdaptiveHeapMXBean.java b/jdk/src/share/classes/com/huawei/management/AdaptiveHeapMXBean.java +index 70563b58d..69ee78d0a 100644 +--- a/jdk/src/share/classes/com/huawei/management/AdaptiveHeapMXBean.java ++++ b/jdk/src/share/classes/com/huawei/management/AdaptiveHeapMXBean.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2020, Huawei Technologies Co., LTD. All rights reserved. ++ * Copyright (c) 2019, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +diff --git a/jdk/src/share/native/com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.c b/jdk/src/share/native/com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.c +index 1f75e7cb1..99bfff885 100644 +--- a/jdk/src/share/native/com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.c ++++ b/jdk/src/share/native/com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.c +@@ -1,5 +1,6 @@ + /* +- * Copyright (c) 2020, Huawei Technologies Co., LTD. All rights reserved. ++ * Copyright (c) 2019 Alibaba Group Holding Limited. All Rights Reserved. ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +diff --git a/jdk/test/sun/tools/jconsole/WorkerDeadlockTest.sh b/jdk/test/sun/tools/jconsole/WorkerDeadlockTest.sh +index de8d9b4f0..d928f8c3c 100644 +--- a/jdk/test/sun/tools/jconsole/WorkerDeadlockTest.sh ++++ b/jdk/test/sun/tools/jconsole/WorkerDeadlockTest.sh +@@ -1,5 +1,5 @@ + # +-# Copyright (c) 2020, Huawei Technologies Co. Ltd. All rights reserved. ++# Copyright (c) 2020, Huawei Technologies Co., Ltd. All rights reserved. + # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + # + # This code is free software; you can redistribute it and/or modify it +-- +2.12.3 + diff --git a/FromCardCache-default-card-index-can-cause.patch b/FromCardCache-default-card-index-can-cause.patch deleted file mode 100644 index aa23d291e2b5f01f060c522e557d42b65f57d8b1..0000000000000000000000000000000000000000 --- a/FromCardCache-default-card-index-can-cause.patch +++ /dev/null @@ -1,277 +0,0 @@ -From 3cdfc055dbaae92f295ac0c3ae52d33e1650e8c1 Mon Sep 17 00:00:00 2001 -Date: Wed, 19 Jun 2019 09:30:39 +0000 -Subject: [PATCH] 8196485: FromCardCache default card index can cause crashes - -Summary: FromCardCache default card index can cause crashes -LLT: hotspot/test/gc/g1/TestFromCardCacheIndex.java -Bug url: https://bugs.openjdk.java.net/browse/JDK-8196485 ---- - .../gc_implementation/g1/heapRegionRemSet.cpp | 36 +++--- - .../gc_implementation/g1/heapRegionRemSet.hpp | 17 +-- - .../test/gc/g1/TestFromCardCacheIndex.java | 120 ++++++++++++++++++ - 3 files changed, 146 insertions(+), 27 deletions(-) - create mode 100644 hotspot/test/gc/g1/TestFromCardCacheIndex.java - -diff --git a/hotspot/src/share/vm/gc_implementation/g1/heapRegionRemSet.cpp b/hotspot/src/share/vm/gc_implementation/g1/heapRegionRemSet.cpp -index 437636281b..ad8a3562e8 100644 ---- a/hotspot/src/share/vm/gc_implementation/g1/heapRegionRemSet.cpp -+++ b/hotspot/src/share/vm/gc_implementation/g1/heapRegionRemSet.cpp -@@ -102,17 +102,8 @@ protected: - // If the test below fails, then this table was reused concurrently - // with this operation. This is OK, since the old table was coarsened, - // and adding a bit to the new table is never incorrect. -- // If the table used to belong to a continues humongous region and is -- // now reused for the corresponding start humongous region, we need to -- // make sure that we detect this. Thus, we call is_in_reserved_raw() -- // instead of just is_in_reserved() here. - if (loc_hr->is_in_reserved_raw(from)) { -- size_t hw_offset = pointer_delta((HeapWord*)from, loc_hr->bottom()); -- CardIdx_t from_card = (CardIdx_t) -- hw_offset >> (CardTableModRefBS::card_shift - LogHeapWordSize); -- -- assert(0 <= from_card && (size_t)from_card < HeapRegion::CardsPerRegion, -- "Must be in range."); -+ CardIdx_t from_card = OtherRegionsTable::card_within_region(from, loc_hr); - add_card_work(from_card, par); - } - } -@@ -331,6 +322,12 @@ void OtherRegionsTable::link_to_all(PerRegionTable* prt) { - "just checking"); - } - -+CardIdx_t OtherRegionsTable::card_within_region(OopOrNarrowOopStar within_region, HeapRegion* hr) { -+ assert(hr->is_in_reserved(within_region),"should be"); -+ CardIdx_t result = (CardIdx_t)(pointer_delta((HeapWord*)within_region, hr->bottom()) >> (CardTableModRefBS::card_shift - LogHeapWordSize)); -+ return result; -+} -+ - void OtherRegionsTable::unlink_from_all(PerRegionTable* prt) { - if (prt->prev() != NULL) { - assert(_first_all_fine_prts != prt, "just checking"); -@@ -364,18 +361,17 @@ void OtherRegionsTable::unlink_from_all(PerRegionTable* prt) { - "just checking"); - } - --int** FromCardCache::_cache = NULL; --uint FromCardCache::_max_regions = 0; --size_t FromCardCache::_static_mem_size = 0; -+uintptr_t** FromCardCache::_cache = NULL; -+uint FromCardCache::_max_regions = 0; -+size_t FromCardCache::_static_mem_size = 0; - - void FromCardCache::initialize(uint n_par_rs, uint max_num_regions) { - guarantee(_cache == NULL, "Should not call this multiple times"); - - _max_regions = max_num_regions; -- _cache = Padded2DArray::create_unfreeable(n_par_rs, -- _max_regions, -- &_static_mem_size); -- -+ _cache = Padded2DArray::create_unfreeable(n_par_rs, -+ _max_regions, -+ &_static_mem_size); - invalidate(0, _max_regions); - } - -@@ -396,7 +392,8 @@ void FromCardCache::invalidate(uint start_idx, size_t new_num_regions) { - void FromCardCache::print(outputStream* out) { - for (uint i = 0; i < HeapRegionRemSet::num_par_rem_sets(); i++) { - for (uint j = 0; j < _max_regions; j++) { -- out->print_cr("_from_card_cache[" UINT32_FORMAT "][" UINT32_FORMAT "] = " INT32_FORMAT ".", -+ out->print_cr("_from_card_cache[%u][%u] = " SIZE_FORMAT ".", -+ - i, j, at(i, j)); - } - } -@@ -433,7 +430,8 @@ void OtherRegionsTable::add_reference(OopOrNarrowOopStar from, int tid) { - : (void *)oopDesc::load_decode_heap_oop((oop*)from)); - } - -- int from_card = (int)(uintptr_t(from) >> CardTableModRefBS::card_shift); -+ uintptr_t from_card = uintptr_t(from) >> CardTableModRefBS::card_shift; -+ - - if (G1TraceHeapRegionRememberedSet) { - gclog_or_tty->print_cr("Table for [" PTR_FORMAT "...): card %d (cache = " INT32_FORMAT ")", -diff --git a/hotspot/src/share/vm/gc_implementation/g1/heapRegionRemSet.hpp b/hotspot/src/share/vm/gc_implementation/g1/heapRegionRemSet.hpp -index 1646e8cb98..77751b4a98 100644 ---- a/hotspot/src/share/vm/gc_implementation/g1/heapRegionRemSet.hpp -+++ b/hotspot/src/share/vm/gc_implementation/g1/heapRegionRemSet.hpp -@@ -51,21 +51,19 @@ class FromCardCache : public AllStatic { - private: - // Array of card indices. Indexed by thread X and heap region to minimize - // thread contention. -- static int** _cache; -+ static uintptr_t** _cache; - static uint _max_regions; - static size_t _static_mem_size; - - public: -- enum { -- InvalidCard = -1 // Card value of an invalid card, i.e. a card index not otherwise used. -- }; -+ static const uintptr_t InvalidCard = UINTPTR_MAX; - - static void clear(uint region_idx); - - // Returns true if the given card is in the cache at the given location, or - // replaces the card at that location and returns false. -- static bool contains_or_replace(uint worker_id, uint region_idx, int card) { -- int card_in_cache = at(worker_id, region_idx); -+ static bool contains_or_replace(uint worker_id, uint region_idx, uintptr_t card) { -+ uintptr_t card_in_cache = at(worker_id, region_idx); - if (card_in_cache == card) { - return true; - } else { -@@ -74,11 +72,11 @@ class FromCardCache : public AllStatic { - } - } - -- static int at(uint worker_id, uint region_idx) { -+ static uintptr_t at(uint worker_id, uint region_idx) { - return _cache[worker_id][region_idx]; - } - -- static void set(uint worker_id, uint region_idx, int val) { -+ static void set(uint worker_id, uint region_idx, uintptr_t val) { - _cache[worker_id][region_idx] = val; - } - -@@ -177,6 +175,9 @@ public: - - HeapRegion* hr() const { return _hr; } - -+ // Returns the card index of the given within_region pointer relative to the bottom ————————————————————heapRegionRemSet.hpp:312 OtherRegionsTable -+ // of the given heap region. -+ static CardIdx_t card_within_region(OopOrNarrowOopStar within_region, HeapRegion* hr); - // For now. Could "expand" some tables in the future, so that this made - // sense. - void add_reference(OopOrNarrowOopStar from, int tid); -diff --git a/hotspot/test/gc/g1/TestFromCardCacheIndex.java b/hotspot/test/gc/g1/TestFromCardCacheIndex.java -new file mode 100644 -index 0000000000..f2332306da ---- /dev/null -+++ b/hotspot/test/gc/g1/TestFromCardCacheIndex.java -@@ -0,0 +1,119 @@ -+/* -+ * @test TestFromCardCacheIndex.java -+ * @bug 8196485 -+ * @summary Ensure that G1 does not miss a remembered set entry due to from card cache default value indices. -+ * @key gc -+ * @requires vm.gc.G1 -+ * @requires vm.debug -+ * @requires vm.bits != "32" -+ * @library /test/lib -+ * @modules java.base/jdk.internal.misc -+ * java.management -+ * @build sun.hotspot.WhiteBox -+ * @run driver ClassFileInstaller sun.hotspot.WhiteBox -+ * @run main/othervm -XX:+UnlockDiagnosticVMOptions -XX:+WhiteBoxAPI -Xbootclasspath/a:. -Xms20M -Xmx20M -XX:+UseCompressedOops -XX:G1HeapRegionSize=1M -XX:HeapBaseMinAddress=2199011721216 -XX:+UseG1GC -verbose:gc TestFromCardCacheIndex -+ */ -+ -+import sun.hotspot.WhiteBox; -+ -+/** -+ * Repeatedly tries to generate references from objects that contained a card with the same index -+ * of the from card cache default value. -+ */ -+public class TestFromCardCacheIndex { -+ private static WhiteBox WB; -+ -+ // Shift value to calculate card indices from addresses. -+ private static final int CardSizeShift = 9; -+ -+ /** -+ * Returns the last address on the heap within the object. -+ * -+ * @param The Object array to get the last address from. -+ */ -+ private static long getObjectLastAddress(Object[] o) { -+ return WB.getObjectAddress(o) + WB.getObjectSize(o) - 1; -+ } -+ -+ /** -+ * Returns the (truncated) 32 bit card index for the given address. -+ * -+ * @param The address to get the 32 bit card index from. -+ */ -+ private static int getCardIndex32bit(long address) { -+ return (int)(address >> CardSizeShift); -+ } -+ -+ // The source arrays that are placed on the heap in old gen. -+ private static int numArrays = 7000; -+ private static int arraySize = 508; -+ // Size of a humongous byte array, a bit less than a 1M region. This makes sure -+ // that we always create a cross-region reference when referencing it. -+ private static int byteArraySize = 1024*1023; -+ -+ public static void main(String[] args) { -+ WB = sun.hotspot.WhiteBox.getWhiteBox(); -+ for (int i = 0; i < 5; i++) { -+ runTest(); -+ WB.fullGC(); -+ } -+ } -+ -+ public static void runTest() { -+ System.out.println("Starting test"); -+ -+ // Spray the heap with random object arrays in the hope that we get one -+ // at the proper place. -+ Object[][] arrays = new Object[numArrays][]; -+ for (int i = 0; i < numArrays; i++) { -+ arrays[i] = new Object[arraySize]; -+ } -+ -+ // Make sure that everything is in old gen. -+ WB.fullGC(); -+ -+ // Find if we got an allocation at the right spot. -+ Object[] arrayWithCardMinus1 = findArray(arrays); -+ -+ if (arrayWithCardMinus1 == null) { -+ System.out.println("Array with card -1 not found. Trying again."); -+ return; -+ } else { -+ System.out.println("Array with card -1 found."); -+ } -+ -+ System.out.println("Modifying the last card in the array with a new object in a different region..."); -+ // Create a target object that is guaranteed to be in a different region. -+ byte[] target = new byte[byteArraySize]; -+ -+ // Modify the last entry of the object we found. -+ arrayWithCardMinus1[arraySize - 1] = target; -+ -+ target = null; -+ // Make sure that the dirty cards are flushed by doing a GC. -+ System.out.println("Doing a GC."); -+ WB.youngGC(); -+ -+ System.out.println("The crash didn't reproduce. Trying again."); -+ } -+ -+ /** -+ * Finds an returns an array that contains a (32 bit truncated) card with value -1. -+ */ -+ private static Object[] findArray(Object[][] arrays) { -+ for (int i = 0; i < arrays.length; i++) { -+ Object[] target = arrays[i]; -+ if (target == null) { -+ continue; -+ } -+ final long startAddress = WB.getObjectAddress(target); -+ final long lastAddress = getObjectLastAddress(target); -+ final int card = getCardIndex32bit(lastAddress); -+ if (card == -1) { -+ Object[] foundArray = target; -+ return foundArray; -+ } -+ } -+ return null; -+ } -+} --- -2.19.0 - diff --git a/Test8167409.sh-fails-to-run-with-32bit-jdk-on-64bit-.patch b/Test8167409.sh-fails-to-run-with-32bit-jdk-on-64bit-.patch index b5fd0c47cc91cc18eed6b91311fe8d5801461124..ec84fc1843006ccc32570c53ff8ddd3b426fd5b3 100644 --- a/Test8167409.sh-fails-to-run-with-32bit-jdk-on-64bit-.patch +++ b/Test8167409.sh-fails-to-run-with-32bit-jdk-on-64bit-.patch @@ -13,15 +13,22 @@ diff --git a/hotspot/test/compiler/criticalnatives/argumentcorruption/Test816740 index 81695e758..1108aaf93 100644 --- a/hotspot/test/compiler/criticalnatives/argumentcorruption/Test8167409.sh +++ b/hotspot/test/compiler/criticalnatives/argumentcorruption/Test8167409.sh -@@ -61,13 +61,17 @@ case "$OS" in +@@ -61,19 +61,24 @@ case "$OS" in exit 0; ;; esac ++ +${TESTJAVA}${FS}bin${FS}java -XshowSettings 2>&1 | grep sun.arch.data.model | grep 32 +if [ 0 -eq $? ] ; then + M32="-m32" +fi + # CriticalJNINatives is not supported for aarch64 + if [ $VM_CPU == "aarch64" ]; then + echo "Test Passed" + exit 0; + fi + THIS_DIR=. cp ${TESTSRC}${FS}*.java ${THIS_DIR} diff --git a/The-runok-method-retrying-another-port-does-not-take.patch b/The-runok-method-retrying-another-port-does-not-take.patch deleted file mode 100644 index bb602ac2fdc4fd1094df8dde0ec9bdc360544c35..0000000000000000000000000000000000000000 --- a/The-runok-method-retrying-another-port-does-not-take.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 952b5418911a0cbe864d83998b1c99904830d463 Mon Sep 17 00:00:00 2001 -Date: Fri, 28 Aug 2020 09:21:14 +0800 -Subject: [PATCH] The runok method retrying another port does not take effect - -Summary: : The runok method retrying another port does not take effect -LLT: jdk8u/jdk/test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.sh -Bug url: ---- - jdk/test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/jdk/test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java b/jdk/test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java -index d9c20c678..60219e68a 100644 ---- a/jdk/test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java -+++ b/jdk/test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java -@@ -824,7 +824,7 @@ public class RmiBootstrapTest { - - String errStr = null; - for (int i=0;i +Date: Wed, 10 Mar 2021 11:15:17 +0800 +Subject: [PATCH] [Huawei]add appcds jtreg test case + UnusedCPDuringDump.java & WrongClasspath.java + + + +Signed-off-by: Hu Bodao +--- + .../test/runtime/appcds/DirClasspathTest.java | 4 +- + .../runtime/appcds/MismatchedUseAppCDS.java | 8 +-- + hotspot/test/runtime/appcds/TestCommon.java | 2 + + .../runtime/appcds/UnusedCPDuringDump.java | 65 +++++++++++++++++++ + .../test/runtime/appcds/WrongClasspath.java | 57 ++++++++++++++++ + 5 files changed, 129 insertions(+), 7 deletions(-) + create mode 100644 hotspot/test/runtime/appcds/UnusedCPDuringDump.java + create mode 100644 hotspot/test/runtime/appcds/WrongClasspath.java + +diff --git a/hotspot/test/runtime/appcds/DirClasspathTest.java b/hotspot/test/runtime/appcds/DirClasspathTest.java +index e2c4e698c..70ea728a5 100644 +--- a/hotspot/test/runtime/appcds/DirClasspathTest.java ++++ b/hotspot/test/runtime/appcds/DirClasspathTest.java +@@ -103,14 +103,14 @@ public class DirClasspathTest { + // Non-empty dir in -cp: should report error if a class is loaded from it + output = TestCommon.dump(classDir.toString(), appClassList2); + output.shouldNotHaveExitValue(1); +- output.shouldContain("Cannot find com/sun/tools/javac/Main"); ++ output.shouldContain("Preload failed: com/sun/tools/javac/Main"); + // Long path to non-empty dir in -cp: should report error if a class is loaded from it + File srcClass = new File(classDir.toFile(), "Hello.class"); + File destClass = new File(longDir, "Hello.class"); + Files.copy(srcClass.toPath(), destClass.toPath()); + output = TestCommon.dump(longDir.getPath(), appClassList2); + output.shouldNotHaveExitValue(1); +- output.shouldContain("Cannot find Hello"); ++ output.shouldContain("Rewriting and linking classes: done"); + } + } + +diff --git a/hotspot/test/runtime/appcds/MismatchedUseAppCDS.java b/hotspot/test/runtime/appcds/MismatchedUseAppCDS.java +index 7173d6c96..599fdc5e4 100644 +--- a/hotspot/test/runtime/appcds/MismatchedUseAppCDS.java ++++ b/hotspot/test/runtime/appcds/MismatchedUseAppCDS.java +@@ -46,12 +46,12 @@ public class MismatchedUseAppCDS { + // (1): dump with -XX:+UseAppCDS, but run with -XX:-UseAppCDS + TestCommon.testDump(appJar, TestCommon.list("CheckIfShared"), + // command-line arguments ... +- "-XX:+UseAppCDS", + use_whitebox_jar); + + output = TestCommon.exec(appJar, + // command-line arguments ... + use_whitebox_jar, ++ "-XX:-UseAppCDS", + "-XX:+UnlockDiagnosticVMOptions", + "-XX:+WhiteBoxAPI", + "CheckIfShared", "false"); +@@ -60,17 +60,15 @@ public class MismatchedUseAppCDS { + // (2): dump with -XX:-UseAppCDS, but run with -XX:+UseAppCDS + TestCommon.testDump(appJar, TestCommon.list("CheckIfShared"), + // command-line arguments ... +- "-XX:+UseAppCDS", ++ "-XX:-UseAppCDS", + use_whitebox_jar); + + output = TestCommon.exec(appJar, + // command-line arguments ... + use_whitebox_jar, +- "-XX:+UseAppCDS", + "-XX:+UnlockDiagnosticVMOptions", + "-XX:+WhiteBoxAPI", +- "CheckIfShared", "true"); ++ "CheckIfShared", "false"); + TestCommon.checkExec(output); + } + } +- +diff --git a/hotspot/test/runtime/appcds/TestCommon.java b/hotspot/test/runtime/appcds/TestCommon.java +index 4ed416feb..22eef4ed4 100644 +--- a/hotspot/test/runtime/appcds/TestCommon.java ++++ b/hotspot/test/runtime/appcds/TestCommon.java +@@ -131,6 +131,7 @@ public class TestCommon extends CDSTestUtils { + } + + cmd.add("-Xshare:dump"); ++ cmd.add("-XX:+UseAppCDS"); + // cmd.add("-Xlog:cds,cds+hashtables"); comment out because it will be run by jdk1.8 + cmd.add("-XX:ExtraSharedClassListFile=" + classList.getPath()); + +@@ -156,6 +157,7 @@ public class TestCommon extends CDSTestUtils { + for (String p : opts.prefix) cmd.add(p); + + cmd.add("-Xshare:" + opts.xShareMode); ++ cmd.add("-XX:+UseAppCDS"); + cmd.add("-showversion"); + cmd.add("-XX:SharedArchiveFile=" + getCurrentArchiveName()); + cmd.add("-Dtest.timeout.factor=" + timeoutFactor); +diff --git a/hotspot/test/runtime/appcds/UnusedCPDuringDump.java b/hotspot/test/runtime/appcds/UnusedCPDuringDump.java +new file mode 100644 +index 000000000..7ad923924 +--- /dev/null ++++ b/hotspot/test/runtime/appcds/UnusedCPDuringDump.java +@@ -0,0 +1,65 @@ ++/* ++ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ * ++ */ ++ ++/* ++ * @test ++ * @bug 8209385 ++ * @summary non-empty dir in -cp should be fine during dump time if only classes ++ * from the system modules are being loaded even though some are ++ * defined to the PlatformClassLoader and AppClassLoader. ++ * @library /testlibrary ++ * @compile test-classes/Hello.java ++ * @run main/othervm -Dtest.cds.copy.child.stdout=false UnusedCPDuringDump ++ */ ++ ++import java.io.File; ++import com.oracle.java.testlibrary.OutputAnalyzer; ++ ++/** ++ * Test ddot UnusedCPDuringDump ++ * ++ * @since 2020 ++ */ ++public class UnusedCPDuringDump { ++ /* ++ * This method is the test entry ++ * ++ * @param args used. ++ * @return Nothing. ++ * @throws RuntimeException On test failed. ++ */ ++ public static void main(String[] args) throws Exception { ++ File dir = new File(System.getProperty("user.dir")); ++ File emptydir = new File(dir, "emptydir"); ++ emptydir.mkdir(); ++ String appJar = JarBuilder.getOrCreateHelloJar(); ++ OutputAnalyzer output = TestCommon.dump(dir.getPath(), ++ TestCommon.list("sun/util/resources/cldr/provider/CLDRLocaleDataMetaInfo", ++ "com/sun/tools/sjavac/client/ClientMain")); ++ TestCommon.checkDump(output); ++ String jsaOpt = "-XX:SharedArchiveFile=" + TestCommon.getCurrentArchiveName(); ++ TestCommon.run("-cp", appJar, jsaOpt, "Hello") ++ .assertNormalExit("Hello World"); ++ } ++} +diff --git a/hotspot/test/runtime/appcds/WrongClasspath.java b/hotspot/test/runtime/appcds/WrongClasspath.java +new file mode 100644 +index 000000000..87e35adbb +--- /dev/null ++++ b/hotspot/test/runtime/appcds/WrongClasspath.java +@@ -0,0 +1,57 @@ ++/* ++ * Copyright (c) 2014, 2018, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ * ++ */ ++ ++/* ++ * @test ++ * @summary classpath mismatch between dump time and execution time ++ * @library /testlibrary ++ * @compile test-classes/Hello.java ++ * @run main WrongClasspath ++ */ ++ ++import com.oracle.java.testlibrary.OutputAnalyzer; ++ ++/** ++ * Test WrongClasspath ++ * ++ * @since 2020 ++ */ ++public class WrongClasspath { ++ /* ++ * This method is the test entry ++ * ++ * @param args used. ++ * @return Nothing. ++ * @throws RuntimeException On test failed. ++ */ ++ public static void main(String[] args) throws Exception { ++ String appJar = JarBuilder.getOrCreateHelloJar(); ++ // Dump an archive with a specified JAR file in -classpath ++ TestCommon.testDump(appJar, TestCommon.list("Hello")); ++ // Then try to execute the archive without -classpath -- it should fail ++ TestCommon.run( ++ /* "-cp", appJar, */ // <- uncomment this and the execution should succeed ++ "Hello"); ++ } ++} +-- +2.19.0 + diff --git a/add-debuginfo-for-libsaproc-on-aarch64.patch b/add-debuginfo-for-libsaproc-on-aarch64.patch deleted file mode 100644 index 899e3194ca21ddc83a0971cbbb441993113ad584..0000000000000000000000000000000000000000 --- a/add-debuginfo-for-libsaproc-on-aarch64.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 5e4c07bdb41eb63e9407aedbf00bb35bacadcdc1 Mon Sep 17 00:00:00 2001 -Date: Fri, 22 Jan 2021 11:15:52 +0800 -Subject: add debuginfo for libsaproc on aarch64 - ---- - hotspot/make/linux/makefiles/defs.make | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/hotspot/make/linux/makefiles/defs.make b/hotspot/make/linux/makefiles/defs.make -index 9aebd998d..bb382bbd7 100644 ---- a/hotspot/make/linux/makefiles/defs.make -+++ b/hotspot/make/linux/makefiles/defs.make -@@ -316,9 +316,11 @@ ifeq ($(ENABLE_FULL_DEBUG_SYMBOLS),1) - ifeq ($(ZIP_DEBUGINFO_FILES),1) - ADD_SA_BINARIES/x86 += $(EXPORT_JRE_LIB_ARCH_DIR)/libsaproc.diz - ADD_SA_BINARIES/sparc += $(EXPORT_JRE_LIB_ARCH_DIR)/libsaproc.diz -+ ADD_SA_BINARIES/aarch64 += $(EXPORT_JRE_LIB_ARCH_DIR)/libsaproc.diz - else - ADD_SA_BINARIES/x86 += $(EXPORT_JRE_LIB_ARCH_DIR)/libsaproc.debuginfo - ADD_SA_BINARIES/sparc += $(EXPORT_JRE_LIB_ARCH_DIR)/libsaproc.debuginfo -+ ADD_SA_BINARIES/aarch64 += $(EXPORT_JRE_LIB_ARCH_DIR)/libsaproc.debuginfo - endif - endif - endif --- -2.19.0 - diff --git a/add-kaeEngine-to-rsa.patch b/add-kaeEngine-to-rsa.patch new file mode 100644 index 0000000000000000000000000000000000000000..a24acb2ab094bef6246565b6fdaa77ee0374a9f8 --- /dev/null +++ b/add-kaeEngine-to-rsa.patch @@ -0,0 +1,106 @@ +commit ab97dd8f89c5a3ce17b9d90bc8ae2e407c450012 +Author: Noah +Date: Wed May 19 09:38:34 2021 +0800 + + I3RWVC: Add kaeEngine to rsa + +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c +index 3fbacf77..cbab7bdb 100644 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c +@@ -28,6 +28,8 @@ + #include "kae_exception.h" + #include "org_openeuler_security_openssl_KAERSACipher.h" + ++static ENGINE* kaeEngine = NULL; ++ + typedef int RSACryptOperation(int, const unsigned char*, unsigned char*, RSA*, int); + + typedef int EvpPkeyCryptOperation(EVP_PKEY_CTX*, unsigned char*, size_t*, const unsigned char*, size_t); +@@ -171,12 +173,13 @@ static int RSACryptOAEPPadding(JNIEnv* env, jlong keyAddress, jint inLen, jbyteA + // outLen type should be size_t + // EVP_PKEY_encrypt takes the outLen address as a parameter, and the parameter type is size_t* + size_t outLen = 0; ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; + + EVP_PKEY* pkey = (EVP_PKEY*) keyAddress; + + // new ctx + // rsa encrypt/decrypt init +- if ((pkeyCtx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL || cryptInitOperation(pkeyCtx) <= 0) { ++ if ((pkeyCtx = EVP_PKEY_CTX_new(pkey, kaeEngine)) == NULL || cryptInitOperation(pkeyCtx) <= 0) { + KAE_ThrowFromOpenssl(env, pkeyCtx == NULL ? "EVP_PKEY_CTX_new" : cryptInitName, KAE_ThrowInvalidKeyException); + goto cleanup; + } +@@ -192,8 +195,7 @@ static int RSACryptOAEPPadding(JNIEnv* env, jlong keyAddress, jint inLen, jbyteA + * set rsa mgf1 md + * set rsa oaep md + */ +- if(!SetRSAPadding(env, pkeyCtx, paddingType) || +- !SetRSAMgf1Md(env, pkeyCtx, mgf1MdAlgoUTF) || ++ if(!SetRSAPadding(env, pkeyCtx, paddingType) || !SetRSAMgf1Md(env, pkeyCtx, mgf1MdAlgoUTF) || + !SetRSAOaepMd(env, pkeyCtx, oaepMdAlgoUTF)) { + goto cleanup; + } +@@ -267,6 +269,7 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC + BIGNUM* bnIQMP = NULL; + RSA* rsa = NULL; + EVP_PKEY* pkey = NULL; ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; + + // convert to big num + if ((bnN = KAE_GetBigNumFromByteArray(env, n)) == NULL || +@@ -288,9 +291,9 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC + } + + // new rsa +- rsa = RSA_new(); ++ rsa = RSA_new_method(kaeEngine); + if (rsa == NULL) { +- KAE_ThrowFromOpenssl(env, "RSA_new", KAE_ThrowRuntimeException); ++ KAE_ThrowFromOpenssl(env, "RSA_new_method", KAE_ThrowRuntimeException); + goto cleanup; + } + +@@ -328,6 +331,7 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC + BIGNUM* bnE = NULL; + RSA* rsa = NULL; + EVP_PKEY* pkey = NULL; ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; + + // get public key param n + bnN = KAE_GetBigNumFromByteArray(env, n); +@@ -341,10 +345,10 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC + goto cleanup; + } + +- // new RSA +- rsa = RSA_new(); ++ // new rsa ++ rsa = RSA_new_method(kaeEngine); + if (rsa == NULL) { +- KAE_ThrowFromOpenssl(env, "RSA_new", KAE_ThrowRuntimeException); ++ KAE_ThrowFromOpenssl(env, "RSA_new_method", KAE_ThrowRuntimeException); + goto cleanup; + } + +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c +index ddbc2958..de724593 100644 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c +@@ -65,10 +65,12 @@ static const BIGNUM* (* GetRSAParamFunctionList[])(const RSA*) = { + * step 3.Generate rsa key, and all key information is stored in RSA + */ + static RSA* NewRSA(JNIEnv* env, jint keySize, jbyteArray publicExponent) { +- // RSA_new +- RSA* rsa = RSA_new(); ++ static ENGINE* kaeEngine = NULL; ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; ++ // new rsa ++ RSA* rsa = RSA_new_method(kaeEngine); + if (rsa == NULL) { +- KAE_ThrowFromOpenssl(env, "RSA_new", KAE_ThrowRuntimeException); ++ KAE_ThrowFromOpenssl(env, "RSA_new_method", KAE_ThrowRuntimeException); + return NULL; + } + diff --git a/add-missing-test-case.patch b/add-missing-test-case.patch new file mode 100644 index 0000000000000000000000000000000000000000..e432247c8161497406d216d9d8cf56f375419caf --- /dev/null +++ b/add-missing-test-case.patch @@ -0,0 +1,131 @@ +From 696532135fb7dc62f4356531b6047d0620149447 Mon Sep 17 00:00:00 2001 +Date: Fri, 16 Apr 2021 11:26:40 +0800 +Subject: [PATCH 1/3] add missing test case + +--- + .../java/testlibrary/OutputAnalyzer.java | 2 +- + .../lookup/TestDefenderMethodLookup.java | 2 + + .../templates/SSLSocketSSLEngineTemplate.java | 17 +++++++- + .../com/huawei/openjdk/TestAdaptiveHeap.java | 42 +++++++++++++++++++ + version.txt | 1 + + 9 files changed, 61 insertions(+), 3 deletions(-) + create mode 100644 test/jdk/com/huawei/openjdk/TestAdaptiveHeap.java + create mode 100644 version.txt + +diff --git a/hotspot/test/testlibrary/com/oracle/java/testlibrary/OutputAnalyzer.java b/hotspot/test/testlibrary/com/oracle/java/testlibrary/OutputAnalyzer.java +index 2132325f..2221ea4a 100644 +--- a/hotspot/test/testlibrary/com/oracle/java/testlibrary/OutputAnalyzer.java ++++ b/hotspot/test/testlibrary/com/oracle/java/testlibrary/OutputAnalyzer.java +@@ -163,7 +163,7 @@ public final class OutputAnalyzer { + } + return this; + } +- ++ + /** + * Verify the exit value of the process + * backport from jdk11u +diff --git a/jdk/test/java/lang/invoke/lookup/TestDefenderMethodLookup.java b/jdk/test/java/lang/invoke/lookup/TestDefenderMethodLookup.java +index 2ee40289..8ab268b5 100644 +--- a/jdk/test/java/lang/invoke/lookup/TestDefenderMethodLookup.java ++++ b/jdk/test/java/lang/invoke/lookup/TestDefenderMethodLookup.java +@@ -1,6 +1,8 @@ + /* + * @test ++ * @author zhangli + * @bug 8203699 ++ * @summary see https://code.huawei.com/HuaweiJDK/JVM-team/JVM/issues/1368 + * @run testng/othervm test.java.lang.invoke.lookup.TestDefenderMethodLookup + */ + +diff --git a/jdk/test/javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java b/jdk/test/javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java +index 54b4e3c6..16af82f0 100644 +--- a/jdk/test/javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java ++++ b/jdk/test/javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java +@@ -157,8 +157,11 @@ public class SSLSocketSSLEngineTemplate { + new SSLSocketSSLEngineTemplate(protocol); + log("-------------------------------------"); + log("Testing " + protocol + " for direct buffers ..."); +- test.runTest(true); +- ++ ++ test.runTest(true); ++ // invalid session ++ ++ test.invalidSession(); + log("---------------------------------------"); + log("Testing " + protocol + " for indirect buffers ..."); + test.runTest(false); +@@ -529,4 +532,14 @@ public class SSLSocketSSLEngineTemplate { + } + } + } ++ ++ /* ++ * invalid session ++ */ ++ private void invalidSession() { ++ if (sslSocket != null && sslSocket.getSession() != null) { ++ sslSocket.getSession().invalidate(); ++ } ++ } + } ++ +diff --git a/test/jdk/com/huawei/openjdk/TestAdaptiveHeap.java b/test/jdk/com/huawei/openjdk/TestAdaptiveHeap.java +new file mode 100644 +index 00000000..bd22ba83 +--- /dev/null ++++ b/test/jdk/com/huawei/openjdk/TestAdaptiveHeap.java +@@ -0,0 +1,42 @@ ++package com.huawei.openjdk.adaptiveheap; ++ /** ++ * @test TestAdaptiveHeap.java ++ * @key gc ++ * @library /testlibrary ++ * @build com.huawei.openjdk.adaptiveheap.TestAdaptiveHeap ++ * @run main/othervm com.huawei.openjdk.adaptiveheap.TestAdaptiveHeap -Xms16G -Xmx16G -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1PeriodicGCLoadThreshold=20 -XX:G1PeriodicGCInterval=15000 -XX:+G1Uncommit ++ * @summary test adaptheap ++ * @author wangruishun ++ */ ++ ++import com.oracle.java.testlibrary.OutputAnalyzer; ++import com.oracle.java.testlibrary.ProcessTools; ++ ++public class TestAdaptiveHeap { ++ ++ public static void main(String[] args)throws Exception { ++ final String[] arguments = { ++ "-Xbootclasspath/a:.", ++ "-Xmx16G", ++ ExeTest.class.getName(), ++ args[0], ++ args[1], ++ args[2], ++ args[3], ++ args[4], ++ args[5], ++ args[6] ++ }; ++ ++ ProcessBuilder pb = ProcessTools.createJavaProcessBuilder(arguments); ++ OutputAnalyzer output = new OutputAnalyzer(pb.start()); ++ output.shouldHaveExitValue(0); ++ System.out.println(); ++ } ++ ++ private static class ExeTest { ++ public static void main(String[] str){ ++ System.out.println(); ++ } ++ } ++} +diff --git a/version.txt b/version.txt +new file mode 100644 +index 00000000..9b614024 +--- /dev/null ++++ b/version.txt +@@ -0,0 +1 @@ ++8.292.8.0.13 +-- +2.23.0 + diff --git a/add-safe-compilation-flags.patch b/add-safe-compilation-flags.patch new file mode 100644 index 0000000000000000000000000000000000000000..ccd57a663bffc015999a8ec329536871ffc64114 --- /dev/null +++ b/add-safe-compilation-flags.patch @@ -0,0 +1,87 @@ +From 77723879ed55a3d2475f0d9f831ea7c31e59a22e Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Thu, 4 Mar 2021 09:22:24 +0800 +Subject: [PATCH] [Huawei]add safe compilation flags + + + +Signed-off-by: Sun Jianye +--- + common/autoconf/flags.m4 | 2 +- + common/autoconf/generated-configure.sh | 2 +- + hotspot/make/windows/makefiles/compile.make | 2 +- + hotspot/make/windows/makefiles/sa.make | 2 +- + hotspot/make/windows/makefiles/vm.make | 4 ++-- + 5 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/common/autoconf/flags.m4 b/common/autoconf/flags.m4 +index 838a76734..a8a938072 100644 +--- a/common/autoconf/flags.m4 ++++ b/common/autoconf/flags.m4 +@@ -706,7 +706,7 @@ AC_DEFUN_ONCE([FLAGS_SETUP_COMPILER_FLAGS_FOR_JDK], + # And since we now know that the linker is gnu, then add: + # -z defs, to forbid undefined symbols in object files + # -z noexecstack, to mark stack regions as non-executable +- LDFLAGS_JDK="${LDFLAGS_JDK} -Xlinker -z -Xlinker defs -Xlinker -z -Xlinker noexecstack" ++ LDFLAGS_JDK="${LDFLAGS_JDK} -Xlinker -z -Xlinker defs -Xlinker -z -Xlinker noexecstack -Xlinker -z -Xlinker relro -Xlinker -z -Xlinker now" + if test "x$DEBUG_LEVEL" = "xrelease"; then + # When building release libraries, tell the linker optimize them. + # Should this be supplied to the OSS linker as well? +diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh +index 03872a3c9..b8ae42603 100644 +--- a/common/autoconf/generated-configure.sh ++++ b/common/autoconf/generated-configure.sh +@@ -42174,7 +42174,7 @@ $as_echo "$supports" >&6; } + # And since we now know that the linker is gnu, then add: + # -z defs, to forbid undefined symbols in object files + # -z noexecstack, to mark stack regions as non-executable +- LDFLAGS_JDK="${LDFLAGS_JDK} -Xlinker -z -Xlinker defs -Xlinker -z -Xlinker noexecstack" ++ LDFLAGS_JDK="${LDFLAGS_JDK} -Xlinker -z -Xlinker defs -Xlinker -z -Xlinker noexecstack -Xlinker -z -Xlinker relro -Xlinker -z -Xlinker now" + if test "x$DEBUG_LEVEL" = "xrelease"; then + # When building release libraries, tell the linker optimize them. + # Should this be supplied to the OSS linker as well? +diff --git a/hotspot/make/windows/makefiles/compile.make b/hotspot/make/windows/makefiles/compile.make +index f3581c163..a405eb336 100644 +--- a/hotspot/make/windows/makefiles/compile.make ++++ b/hotspot/make/windows/makefiles/compile.make +@@ -53,7 +53,7 @@ CXX=cl.exe + # improving the quality of crash log stack traces involving jvm.dll. + + # These are always used in all compiles +-CXX_FLAGS=$(EXTRA_CFLAGS) /nologo /W3 /WX ++CXX_FLAGS=$(EXTRA_CFLAGS) /nologo /W3 /WX /GS + + # Let's add debug information when Full Debug Symbols is enabled + !if "$(ENABLE_FULL_DEBUG_SYMBOLS)" == "1" +diff --git a/hotspot/make/windows/makefiles/sa.make b/hotspot/make/windows/makefiles/sa.make +index 776e58e51..520d190d8 100644 +--- a/hotspot/make/windows/makefiles/sa.make ++++ b/hotspot/make/windows/makefiles/sa.make +@@ -143,7 +143,7 @@ SA_LFLAGS = $(SA_LFLAGS) -map -debug + SA_LFLAGS = /SAFESEH $(SA_LFLAGS) + !endif + +-SA_CFLAGS = $(SA_CFLAGS) $(MP_FLAG) ++SA_CFLAGS = $(SA_CFLAGS) $(MP_FLAG) /GS + + # Note that we do not keep sawindbj.obj around as it would then + # get included in the dumpbin command in build_vm_def.sh +diff --git a/hotspot/make/windows/makefiles/vm.make b/hotspot/make/windows/makefiles/vm.make +index f26cad6e7..082232719 100644 +--- a/hotspot/make/windows/makefiles/vm.make ++++ b/hotspot/make/windows/makefiles/vm.make +@@ -32,9 +32,9 @@ COMMONSRC=$(WorkSpace)\src + ALTSRC=$(WorkSpace)\src\closed + + !ifdef RELEASE +-CXX_FLAGS=$(CXX_FLAGS) /D "PRODUCT" ++CXX_FLAGS=$(CXX_FLAGS) /D "PRODUCT" /GS + !else +-CXX_FLAGS=$(CXX_FLAGS) /D "ASSERT" ++CXX_FLAGS=$(CXX_FLAGS) /D "ASSERT" /GS + !endif + + !if "$(Variant)" == "compiler1" +-- +2.19.0 + diff --git a/add_kae_implementation_add_default_conf_file.patch b/add_kae_implementation_add_default_conf_file.patch new file mode 100755 index 0000000000000000000000000000000000000000..29ab942103174e44c034a9b0a91c96035fe29713 --- /dev/null +++ b/add_kae_implementation_add_default_conf_file.patch @@ -0,0 +1,64 @@ +diff --git a/jdk/make/CopyFiles.gmk b/jdk/make/CopyFiles.gmk +index 1f68aaf4c..43e278f7a 100644 +--- a/jdk/make/CopyFiles.gmk ++++ b/jdk/make/CopyFiles.gmk +@@ -631,4 +631,16 @@ endif + + ########################################################################################## + ++ifeq ($(OPENJDK_TARGET_CPU_ARCH), aarch64) ++ ++ KAE_CONF_PATH= $(JDK_OUTPUTDIR)/lib/ext ++ $(KAE_CONF_PATH)/kaeprovider.conf: $(JDK_TOPDIR)/src/share/lib/security/kaeprovider.conf ++ $(call install-file) ++ ++ COPY_FILES += $(KAE_CONF_PATH)/kaeprovider.conf ++ ++endif ++ ++########################################################################################## ++ + -include $(CUSTOM_MAKE_DIR)/CopyFiles.gmk +diff --git a/jdk/src/share/lib/security/kaeprovider.conf b/jdk/src/share/lib/security/kaeprovider.conf +new file mode 100644 +index 000000000..a48969669 +--- /dev/null ++++ b/jdk/src/share/lib/security/kaeprovider.conf +@@ -0,0 +1,19 @@ ++# ++# This is the config file for KAEProvider ++# ++# Algorithms are enabled by default if KAEProvider is used. ++# Delete # if you want to disable certain algorithm. ++ ++# kae.md5=false ++# kae.sha256=false ++# kae.sha384=false ++# kae.sm3=false ++# kae.aes=false ++# kae.sm4=false ++# kae.hmac=false ++# kae.rsa=false ++# kae.dh=false ++# kae.ec=false ++ ++# enable KAEProvider log setting ++# kae.log=true +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEProvider.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEProvider.java +index 419a8744b..83ed8649c 100644 +--- a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEProvider.java ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEProvider.java +@@ -100,11 +100,11 @@ public class KAEProvider extends Provider { + + public KAEProvider() { + super("KAEProvider", 1.8d, "KAE provider"); +- if (needLog) { ++ Properties props = getProp(); ++ if (needLog && "true".equalsIgnoreCase(props.getProperty("kae.log"))) { + logStart(excp); + needLog = false; // Log only once + } +- Properties props = getProp(); + if (!"false".equalsIgnoreCase(props.getProperty("kae.md5"))) { + putMD5(); + } diff --git a/dismiss-company_name-info-of-java-version.patch b/dismiss-company_name-info-of-java-version.patch deleted file mode 100644 index 6373b05c1238051c6d3c3de9c3666979dac4129a..0000000000000000000000000000000000000000 --- a/dismiss-company_name-info-of-java-version.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 9734b82288a429d3cb04d0c3e1f55b25447b5d51 Mon Sep 17 00:00:00 2001 -Date: Fri, 22 Jan 2021 16:34:29 +0800 -Subject: dismiss company_name info of java -version - -Summary: : -LLT: NA -Bug url: NA ---- - jdk/src/share/classes/sun/misc/Version.java.template | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/jdk/src/share/classes/sun/misc/Version.java.template b/jdk/src/share/classes/sun/misc/Version.java.template -index 022c14281..ffdaf9fbc 100644 ---- a/jdk/src/share/classes/sun/misc/Version.java.template -+++ b/jdk/src/share/classes/sun/misc/Version.java.template -@@ -45,7 +45,7 @@ public class Version { - "@@java_runtime_version@@"; - - private static final String company_name = -- "@@company_name@@"; -+ ""; - - static { - init(); --- -2.19.0 - diff --git a/downgrade-symver-of-memcpy-GLIBC.patch b/downgrade-symver-of-memcpy-GLIBC.patch new file mode 100644 index 0000000000000000000000000000000000000000..8bbf31b6b022345773632528f10ebbcc0aabdf59 --- /dev/null +++ b/downgrade-symver-of-memcpy-GLIBC.patch @@ -0,0 +1,307 @@ +From b6287af7cfd2951fea495861c97f947cf1eb1e80 Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Thu, 4 Mar 2021 11:09:20 +0800 +Subject: [PATCH] [Huawei]downgrade symver of memcpy@GLIBC + + + +Signed-off-by: Feng Shijie +--- + hotspot/src/os_cpu/linux_x86/vm/memcpy.cpp | 21 +++++++++++++++++++++ + jdk/make/CompileDemos.gmk | 1 + + jdk/make/CompileLaunchers.gmk | 1 + + jdk/make/lib/Awt2dLibraries.gmk | 7 +++++++ + jdk/make/lib/CoreLibraries.gmk | 6 ++++++ + jdk/make/lib/NetworkingLibraries.gmk | 1 + + jdk/make/lib/NioLibraries.gmk | 1 + + jdk/make/lib/SecurityLibraries.gmk | 2 ++ + jdk/make/lib/ServiceabilityLibraries.gmk | 5 +++++ + jdk/make/lib/SoundLibraries.gmk | 1 + + make/common/NativeCompilation.gmk | 7 +++++++ + 11 files changed, 53 insertions(+) + create mode 100644 hotspot/src/os_cpu/linux_x86/vm/memcpy.cpp + +diff --git a/hotspot/src/os_cpu/linux_x86/vm/memcpy.cpp b/hotspot/src/os_cpu/linux_x86/vm/memcpy.cpp +new file mode 100644 +index 000000000..0c4edeaae +--- /dev/null ++++ b/hotspot/src/os_cpu/linux_x86/vm/memcpy.cpp +@@ -0,0 +1,21 @@ ++/* ++ * Copyright (c) Huawei Technologies Co., Ltd. 2018-2020. All rights reserved. ++ */ ++ ++#if defined( __GNUC__ ) && \ ++(__GNUC__ >= 5 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 7)) ++#include ++ ++#if (defined AMD64) || (defined amd64) ++/* some systems do not have newest memcpy@@GLIBC_2.14 - stay with old good one */ ++asm (".symver memcpy, memcpy@GLIBC_2.2.5"); ++ ++extern "C"{ ++ void *__wrap_memcpy(void *dest, const void *src, size_t n) ++ { ++ return memcpy(dest, src, n); ++ } ++} ++#endif ++#endif ++ +diff --git a/jdk/make/CompileDemos.gmk b/jdk/make/CompileDemos.gmk +index 6c5eb4327..763c968e0 100644 +--- a/jdk/make/CompileDemos.gmk ++++ b/jdk/make/CompileDemos.gmk +@@ -250,6 +250,7 @@ define SetupJVMTIDemo + SRC := $(JDK_TOPDIR)/src/share/demo/jvmti/$1 $$(BUILD_DEMO_JVMTI_$1_EXTRA_SRC), \ + LANG := $$(BUILD_DEMO_JVMTI_$1_LANG), \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CXXFLAGS := $$($1_CXXFLAGS), \ + LDFLAGS := $(filter-out -incremental:no -opt:ref, $$(LDFLAGS_JDKLIB)), \ + LDFLAGS_macosx := $$(call SET_EXECUTABLE_ORIGIN), \ +diff --git a/jdk/make/CompileLaunchers.gmk b/jdk/make/CompileLaunchers.gmk +index baaea8a99..3e5ae94ef 100644 +--- a/jdk/make/CompileLaunchers.gmk ++++ b/jdk/make/CompileLaunchers.gmk +@@ -512,6 +512,7 @@ $(eval $(call SetupNativeCompilation,BUILD_UNPACKEXE, \ + EXCLUDE_FILES := jni.cpp, \ + LANG := $(UNPACKEXE_LANG), \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(UNPACKEXE_CFLAGS) $(CXXFLAGS_JDKEXE) \ + -DFULL, \ + CFLAGS_release := -DPRODUCT, \ +diff --git a/jdk/make/lib/Awt2dLibraries.gmk b/jdk/make/lib/Awt2dLibraries.gmk +index 9368a9d50..71d87c378 100644 +--- a/jdk/make/lib/Awt2dLibraries.gmk ++++ b/jdk/make/lib/Awt2dLibraries.gmk +@@ -52,6 +52,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBMLIB_IMAGE, \ + EXCLUDE_FILES := awt_ImagingLib.c mlib_c_ImageBlendTable.c, \ + LANG := C, \ + OPTIMIZATION := HIGHEST, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) \ + $(BUILD_LIBMLIB_CFLAGS), \ + MAPFILE := $(BUILD_LIBMLIB_IMAGE_MAPFILE), \ +@@ -470,6 +471,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBAWT, \ + INCLUDE_FILES := $(LIBAWT_FILES), \ + LANG := $(LIBAWT_LANG), \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) $(LIBAWT_CFLAGS), \ + ASFLAGS := $(LIBAWT_ASFLAGS), \ + MAPFILE := $(LIBAWT_MAPFILE), \ +@@ -631,6 +633,7 @@ ifeq ($(findstring $(OPENJDK_TARGET_OS),windows macosx),) + INCLUDE_FILES := $(LIBAWT_XAWT_FILES), \ + LANG := C, \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) $(LIBAWT_XAWT_CFLAGS) \ + $(X_CFLAGS), \ + MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libawt_xawt/mapfile-vers, \ +@@ -672,6 +675,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBLCMS, \ + SRC := $(JDK_TOPDIR)/src/share/native/sun/java2d/cmm/lcms, \ + LANG := C, \ + OPTIMIZATION := HIGHEST, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(filter-out -xc99=%none, $(CFLAGS_JDKLIB)) \ + -DCMS_DONT_USE_FAST_FLOOR \ + $(SHARED_LIBRARY_FLAGS) \ +@@ -739,6 +743,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBJPEG, \ + $(JDK_TOPDIR)/src/share/native/sun/awt/image/jpeg, \ + LANG := C, \ + OPTIMIZATION := HIGHEST, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) \ + $(BUILD_LIBJPEG_CLOSED_INCLUDES) \ + -I$(JDK_TOPDIR)/src/share/native/sun/awt/image/jpeg, \ +@@ -914,6 +919,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBFONTMANAGER, \ + EXCLUDE_FILES := $(LIBFONTMANAGER_EXCLUDE_FILES) \ + AccelGlyphCache.c, \ + LANG := C++, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) $(BUILD_LIBFONTMANAGER_CFLAGS_COMMON), \ + CXXFLAGS := $(CXXFLAGS_JDKLIB) $(BUILD_LIBFONTMANAGER_CFLAGS_COMMON), \ + OPTIMIZATION := $(LIBFONTMANAGER_OPTIMIZATION), \ +@@ -1205,6 +1211,7 @@ ifndef BUILD_HEADLESS_ONLY + EXCLUDE_FILES := imageioJPEG.c jpegdecoder.c pngtest.c, \ + LANG := C, \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(LIBSPLASHSCREEN_CFLAGS) $(CFLAGS_JDKLIB) $(GIFLIB_CFLAGS), \ + MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsplashscreen/mapfile-vers, \ + LDFLAGS := $(LDFLAGS_JDKLIB) \ +diff --git a/jdk/make/lib/CoreLibraries.gmk b/jdk/make/lib/CoreLibraries.gmk +index afcebcb35..0b400b345 100644 +--- a/jdk/make/lib/CoreLibraries.gmk ++++ b/jdk/make/lib/CoreLibraries.gmk +@@ -113,6 +113,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBVERIFY, \ + INCLUDE_FILES := $(BUILD_LIBVERIFY_SRC), \ + LANG := C, \ + OPTIMIZATION := $(LIBVERIFY_OPTIMIZATION), \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB), \ + MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libverify/mapfile-vers, \ + LDFLAGS := $(LDFLAGS_JDKLIB) \ +@@ -223,6 +224,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBJAVA, \ + EXCLUDE_FILES := $(LIBJAVA_EXCLUDE_FILES), \ + LANG := C, \ + OPTIMIZATION := HIGH, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) \ + $(LIBJAVA_CFLAGS), \ + MAPFILE := $(LIBJAVA_MAPFILE), \ +@@ -284,6 +286,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBZIP, \ + OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \ + LANG := C, \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + SRC := $(JDK_TOPDIR)/src/share/native/java/util/zip, \ + EXCLUDES := $(LIBZIP_EXCLUDES), \ + CFLAGS := $(CFLAGS_JDKLIB) \ +@@ -325,6 +328,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBUNPACK, \ + EXCLUDE_FILES := main.cpp, \ + LANG := C++, \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CXXFLAGS_JDKLIB) \ + -DNO_ZLIB -DUNPACK_JNI -DFULL, \ + CFLAGS_release := -DPRODUCT, \ +@@ -436,6 +440,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBJLI, \ + INCLUDE_FILES := $(BUILD_LIBJLI_FILES), \ + LANG := C, \ + OPTIMIZATION := HIGH, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(LIBJLI_CFLAGS), \ + MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjli/mapfile-vers, \ + LDFLAGS := $(LDFLAGS_JDKLIB) \ +@@ -537,6 +542,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBNPT, \ + SRC := $(JDK_TOPDIR)/src/share/npt $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/npt, \ + LANG := C, \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) \ + -I$(JDK_TOPDIR)/src/share/npt \ + -I$(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/npt, \ +diff --git a/jdk/make/lib/NetworkingLibraries.gmk b/jdk/make/lib/NetworkingLibraries.gmk +index 347c32376..f826c66d0 100644 +--- a/jdk/make/lib/NetworkingLibraries.gmk ++++ b/jdk/make/lib/NetworkingLibraries.gmk +@@ -65,6 +65,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBNET, \ + EXCLUDE_FILES := $(LIBNET_EXCLUDE_FILES), \ + LANG := C, \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) \ + $(LIBNET_CFLAGS), \ + MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libnet/mapfile-vers, \ +diff --git a/jdk/make/lib/NioLibraries.gmk b/jdk/make/lib/NioLibraries.gmk +index 6c9c46a3f..54c9c29e0 100644 +--- a/jdk/make/lib/NioLibraries.gmk ++++ b/jdk/make/lib/NioLibraries.gmk +@@ -181,6 +181,7 @@ ifeq ($(OPENJDK_TARGET_OS_API), posix) + SRC := $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/sun/nio/ch/sctp, \ + LANG := C, \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) \ + -I$(JDK_TOPDIR)/src/share/native/sun/nio/ch \ + -I$(JDK_TOPDIR)/src/share/native/sun/nio/ch/sctp \ +diff --git a/jdk/make/lib/SecurityLibraries.gmk b/jdk/make/lib/SecurityLibraries.gmk +index a8eeceb3c..6096a00a0 100644 +--- a/jdk/make/lib/SecurityLibraries.gmk ++++ b/jdk/make/lib/SecurityLibraries.gmk +@@ -194,6 +194,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBJ2PKCS11, \ + $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/sun/security/pkcs11/wrapper, \ + LANG := C, \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) \ + -I$(JDK_TOPDIR)/src/share/native/sun/security/pkcs11 \ + -I$(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/sun/security/pkcs11 \ +@@ -239,6 +240,7 @@ ifeq ($(ENABLE_INTREE_EC), yes) + $(JDK_TOPDIR)/src/share/native/sun/security/ec/impl, \ + LANG := C++, \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(filter-out $(ECC_JNI_SOLSPARC_FILTER), $(CFLAGS_JDKLIB)) \ + $(BUILD_LIBSUNEC_FLAGS) \ + -DMP_API_COMPATIBLE -DNSS_ECC_MORE_THAN_SUITE_B, \ +diff --git a/jdk/make/lib/ServiceabilityLibraries.gmk b/jdk/make/lib/ServiceabilityLibraries.gmk +index 09434f14d..02fded0dc 100644 +--- a/jdk/make/lib/ServiceabilityLibraries.gmk ++++ b/jdk/make/lib/ServiceabilityLibraries.gmk +@@ -83,6 +83,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBDT_SOCKET, \ + $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/transport/socket, \ + LANG := C, \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) -DUSE_MMAP \ + -I$(INCLUDEDIR) -I$(JDK_OUTPUTDIR)/include/$(OPENJDK_TARGET_OS) \ + -I$(JDK_TOPDIR)/src/share/transport/socket \ +@@ -148,6 +149,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBJDWP, \ + SRC := $(JDK_TOPDIR)/src/share/back $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/back, \ + LANG := C, \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) -DJDWP_LOGGING \ + -I$(JDK_TOPDIR)/src/share/transport/export \ + -I$(JDK_TOPDIR)/src/share/back/export \ +@@ -252,6 +254,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBINSTRUMENT, \ + INCLUDE_FILES := $(LIBINSTRUMENT_FILES), \ + LANG := C, \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(LIBINSTRUMENT_CFLAGS), \ + CFLAGS_debug := -DJPLIS_LOGGING, \ + CFLAGS_release := -DNO_JPLIS_LOGGING, \ +@@ -375,6 +378,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBHPROF, \ + SRC := $(BUILD_LIBHPROF_SRC), \ + LANG := C, \ + OPTIMIZATION := $(LIBHPROF_OPTIMIZATION), \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) \ + $(BUILD_LIBHPROF_CFLAGS), \ + CFLAGS_debug := -DHPROF_LOGGING, \ +@@ -403,6 +407,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBJAVA_CRW_DEMO, \ + SRC := $(JDK_TOPDIR)/src/share/demo/jvmti/java_crw_demo, \ + LANG := C, \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) \ + -I$(JDK_TOPDIR)/src/share/demo/jvmti/java_crw_demo, \ + MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjava_crw_demo/mapfile-vers, \ +diff --git a/jdk/make/lib/SoundLibraries.gmk b/jdk/make/lib/SoundLibraries.gmk +index b59a9462e..0ea9ba843 100644 +--- a/jdk/make/lib/SoundLibraries.gmk ++++ b/jdk/make/lib/SoundLibraries.gmk +@@ -201,6 +201,7 @@ ifneq ($(filter jsoundalsa, $(EXTRA_SOUND_JNI_LIBS)), ) + PLATFORM_API_LinuxOS_ALSA_Ports.c, \ + LANG := C, \ + OPTIMIZATION := LOW, \ ++ EXTRA_FILES := $(HOTSPOT_TOPDIR)/src/os_cpu/linux_x86/vm/memcpy.cpp, \ + CFLAGS := $(CFLAGS_JDKLIB) $(ALSA_CFLAGS) \ + $(LIBJSOUND_CFLAGS) \ + -DUSE_DAUDIO=TRUE \ +diff --git a/make/common/NativeCompilation.gmk b/make/common/NativeCompilation.gmk +index 4fa9f14cf..c1747608d 100644 +--- a/make/common/NativeCompilation.gmk ++++ b/make/common/NativeCompilation.gmk +@@ -281,6 +281,13 @@ define SetupNativeCompilation + ifneq (,$$(strip $$($1_INCLUDE_FILES))) + $1_SRCS := $$(filter $$($1_INCLUDE_FILES),$$($1_SRCS)) + endif ++ ifeq ($(OPENJDK_TARGET_OS), linux) # only on linux ++ ifneq ($(OPENJDK_TARGET_CPU_ARCH), aarch64) # not need on the arm arch ++ ifneq (,$$(strip $$($1_EXTRA_FILES))) ++ $1_SRCS += $$($1_EXTRA_FILES) ++ endif ++ endif ++ endif + ifeq (,$$($1_SRCS)) + $$(error No sources found for $1 when looking inside the dirs $$($1_SRC)) + endif +-- +2.19.0 + diff --git a/fast-serializer-jdk8.patch b/fast-serializer-jdk8.patch index 4e2bf8aa3489b1a320714cbc00edb862082cdae6..381fb49389e1ea13bc7d6d21cc90f0848df8c75f 100644 --- a/fast-serializer-jdk8.patch +++ b/fast-serializer-jdk8.patch @@ -133,7 +133,7 @@ index 5d30f2a01..b67f01719 100644 /** * Context during upcalls to class-defined readObject methods; holds * object currently being deserialized and descriptor for current class. -@@ -325,6 +345,33 @@ public class ObjectInputStream +@@ -325,6 +345,38 @@ public class ObjectInputStream */ private ObjectInputFilter serialFilter; @@ -163,6 +163,11 @@ index 5d30f2a01..b67f01719 100644 + private static final boolean printFastSerializer = java.security.AccessController.doPrivileged( + new sun.security.action.GetBooleanAction( + "printFastSerializer")).booleanValue(); ++ ++ /** ++ * Magic number that is written to the stream header when using fastserilizer. ++ */ ++ private static final short STREAM_MAGIC_FAST = (short)0xdeca; + /** * Creates an ObjectInputStream that reads from the specified InputStream. @@ -433,10 +438,15 @@ index 6d29e3a1f..3890efc3e 100644 /** filter stream for handling block data conversion */ private final BlockDataOutputStream bout; /** obj -> wire handle map */ -@@ -214,6 +234,22 @@ public class ObjectOutputStream +@@ -214,6 +234,27 @@ public class ObjectOutputStream new sun.security.action.GetBooleanAction( "sun.io.serialization.extendedDebugInfo")).booleanValue(); ++ /** ++ * Magic number that is written to the stream header when using fastserilizer. ++ */ ++ private static final short STREAM_MAGIC_FAST = (short)0xdeca; ++ + private static final Unsafe UNSAFE = Unsafe.getUnsafe(); + + /** @@ -557,7 +567,7 @@ index 64453b25a..fce3c3475 100644 + * + * @return the flags for this class described by this descriptor + */ -+ public byte getFlags(Object serialStream) { ++ byte getFlags(Object serialStream) { + byte flags = 0; + if (externalizable) { + flags |= ObjectStreamConstants.SC_EXTERNALIZABLE; @@ -645,22 +655,6 @@ index 64453b25a..fce3c3475 100644 /** * Reads non-proxy class descriptor information from given input stream. * The resulting class descriptor is not fully functional; it can only be -diff --git a/jdk/src/share/classes/java/io/ObjectStreamConstants.java b/jdk/src/share/classes/java/io/ObjectStreamConstants.java -index 23f72b436..59179a6ec 100644 ---- a/jdk/src/share/classes/java/io/ObjectStreamConstants.java -+++ b/jdk/src/share/classes/java/io/ObjectStreamConstants.java -@@ -38,6 +38,11 @@ public interface ObjectStreamConstants { - */ - final static short STREAM_MAGIC = (short)0xaced; - -+ /** -+ * Magic number that is written to the stream header when using fastserilizer. -+ */ -+ static final short STREAM_MAGIC_FAST = (short)0xdeca; -+ - /** - * Version number that is written to the stream header. - */ diff --git a/jdk/src/share/classes/sun/misc/Unsafe.java b/jdk/src/share/classes/sun/misc/Unsafe.java index 99e465802..92fb01669 100644 --- a/jdk/src/share/classes/sun/misc/Unsafe.java diff --git a/fix-BoxTypeCachedMax-build-failure-when-jvm-variants.patch b/fix-BoxTypeCachedMax-build-failure-when-jvm-variants.patch new file mode 100644 index 0000000000000000000000000000000000000000..745f972e2401d0e2114b5f424f285fb9dcba4013 --- /dev/null +++ b/fix-BoxTypeCachedMax-build-failure-when-jvm-variants.patch @@ -0,0 +1,42 @@ +From c971a0bc455a3d70ed0dfca17d3fd89a8a645bc2 Mon Sep 17 00:00:00 2001 +Date: Fri, 16 Apr 2021 14:10:07 +0800 +Subject: [PATCH 2/3] fix BoxTypeCachedMax build failure when jvm variants is + client + +--- + hotspot/src/share/vm/runtime/arguments.cpp | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/hotspot/src/share/vm/runtime/arguments.cpp b/hotspot/src/share/vm/runtime/arguments.cpp +index 5dad53a7..9cfa0451 100644 +--- a/hotspot/src/share/vm/runtime/arguments.cpp ++++ b/hotspot/src/share/vm/runtime/arguments.cpp +@@ -2172,6 +2172,7 @@ void Arguments::set_bytecode_flags() { + + // set Integer and Long box type cached MAX num flag : -XX:BoxTypeCachedMax= + void Arguments::set_boxtype_cached_max_flags() { ++#ifdef COMPILER2 + if (!AggressiveOpts) { + if (!FLAG_IS_DEFAULT(BoxTypeCachedMax)) { + int const size = 1024; +@@ -2182,6 +2183,7 @@ void Arguments::set_boxtype_cached_max_flags() { + add_property(buffer); + } + } ++#endif + } + + // Aggressive optimization flags -XX:+AggressiveOpts +@@ -2827,7 +2829,9 @@ bool Arguments::check_vm_args_consistency() { + // Check the minimum number of compiler threads + status &=verify_min_value(CICompilerCount, min_number_of_compiler_threads, "CICompilerCount"); + ++#ifdef COMPILER2 + status &= verify_min_value(BoxTypeCachedMax, 1, "BoxTypeCachedMax"); ++#endif + + return status; + } +-- +2.23.0 + diff --git a/fix-arguments.cpp-error-C2131-on-windows.patch b/fix-arguments.cpp-error-C2131-on-windows.patch new file mode 100644 index 0000000000000000000000000000000000000000..c93acb56a701d614dd3e135f8961de92502a4290 --- /dev/null +++ b/fix-arguments.cpp-error-C2131-on-windows.patch @@ -0,0 +1,28 @@ +From ef2c0c0a0832a07dff7f93655d64798cfd44d1ba Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Wed, 17 Mar 2021 14:31:38 +0800 +Subject: [PATCH] [Huawei]fix arguments.cpp error C2131 on windows + + + +Signed-off-by: Lin Haibing +--- + hotspot/src/share/vm/runtime/arguments.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hotspot/src/share/vm/runtime/arguments.cpp b/hotspot/src/share/vm/runtime/arguments.cpp +index ebb5e114c..5dad53a71 100644 +--- a/hotspot/src/share/vm/runtime/arguments.cpp ++++ b/hotspot/src/share/vm/runtime/arguments.cpp +@@ -2174,7 +2174,7 @@ void Arguments::set_bytecode_flags() { + void Arguments::set_boxtype_cached_max_flags() { + if (!AggressiveOpts) { + if (!FLAG_IS_DEFAULT(BoxTypeCachedMax)) { +- int size = 1024; ++ int const size = 1024; + char buffer[size]; + jio_snprintf(buffer, size, "java.lang.Long.LongCache.high=" INTX_FORMAT, BoxTypeCachedMax); + add_property(buffer); +-- +2.19.0 + diff --git a/fix-incorrect-offset-for-oop-field-with-weak-memory-.patch b/fix-incorrect-offset-for-oop-field-with-weak-memory-.patch deleted file mode 100644 index 31c4001badc9caa75a577ac436b592309a42f284..0000000000000000000000000000000000000000 --- a/fix-incorrect-offset-for-oop-field-with-weak-memory-.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 7c73365615f00951272310db44dec2939b91b48e Mon Sep 17 00:00:00 2001 -Date: Wed, 19 Feb 2020 19:09:39 +0000 -Subject: [PATCH] fix incorrect offset for oop field with weak memory model - -Summary: : add loadload membar in fast_storefield and fast_accessfield to avoid loading a incorrect offset -LLT: N/A -Bug url: N/A ---- - hotspot/src/cpu/aarch64/vm/templateTable_aarch64.cpp | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/hotspot/src/cpu/aarch64/vm/templateTable_aarch64.cpp b/hotspot/src/cpu/aarch64/vm/templateTable_aarch64.cpp -index 5a619566..aa9545ee 100644 ---- a/hotspot/src/cpu/aarch64/vm/templateTable_aarch64.cpp -+++ b/hotspot/src/cpu/aarch64/vm/templateTable_aarch64.cpp -@@ -2922,6 +2922,8 @@ void TemplateTable::fast_storefield(TosState state) - // access constant pool cache - __ get_cache_and_index_at_bcp(r2, r1, 1); - -+ __ membar(MacroAssembler::LoadLoad); -+ - // test for volatile with r3 - __ ldrw(r3, Address(r2, in_bytes(base + - ConstantPoolCacheEntry::flags_offset()))); -@@ -3013,6 +3015,9 @@ void TemplateTable::fast_accessfield(TosState state) - - // access constant pool cache - __ get_cache_and_index_at_bcp(r2, r1, 1); -+ -+ __ membar(MacroAssembler::LoadLoad); -+ - __ ldr(r1, Address(r2, in_bytes(ConstantPoolCache::base_offset() + - ConstantPoolCacheEntry::f2_offset()))); - __ ldrw(r3, Address(r2, in_bytes(ConstantPoolCache::base_offset() + --- -2.19.0 - diff --git a/fix-log-bug-enhance-aes-hmac-performance.patch b/fix-log-bug-enhance-aes-hmac-performance.patch new file mode 100644 index 0000000000000000000000000000000000000000..48da9a117e036e931e20ab491019986206550437 --- /dev/null +++ b/fix-log-bug-enhance-aes-hmac-performance.patch @@ -0,0 +1,283 @@ +From f08447dcb86c2637fc306de73572c5d8de14520f Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Tue, 16 Mar 2021 10:11:31 +0800 +Subject: [PATCH] [Huawei]fix log bug && enhance aes/hmac performance + + + +Signed-off-by: He Dongbo +--- + common/autoconf/generated-configure.sh | 44 ++++++----- + common/autoconf/toolchain_windows.m4 | 20 +++-- + hotspot/make/windows/makefiles/compile.make | 24 ++++++ + hotspot/make/windows/makefiles/vm.make | 2 +- + hotspot/src/share/vm/runtime/os.cpp | 3 + + hotspot/src/share/vm/runtime/vm_version.cpp | 4 + + 6 files changed, 74 insertions(+), 23 deletions(-) + create mode 100644 jdk/test/micro/org/openeuler/bench/security/openssl/HMacBenchmark.java + +diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh +index 60298422f..bdfdd207b 100644 +--- a/common/autoconf/generated-configure.sh ++++ b/common/autoconf/generated-configure.sh +@@ -4288,7 +4288,7 @@ TOOLCHAIN_DESCRIPTION_xlc="IBM XL C/C++" + + ################################################################################ + # The order of these defines the priority by which we try to find them. +-VALID_VS_VERSIONS="2010 2012 2013 2015 2017" ++VALID_VS_VERSIONS="2010 2012 2013 2015 2017 2019" + + VS_DESCRIPTION_2010="Microsoft Visual Studio 2010" + VS_VERSION_INTERNAL_2010=100 +@@ -4346,6 +4346,18 @@ VS_SDK_INSTALLDIR_2017= + VS_VS_PLATFORM_NAME_2017="v141" + VS_SDK_PLATFORM_NAME_2017= + ++VS_DESCRIPTION_2019="Microsoft Visual Studio 2019 - CURRENTLY NOT WORKING" ++VS_VERSION_INTERNAL_2019=141 ++VS_MSVCR_2019=vcruntime140.dll ++VS_MSVCP_2019=msvcp140.dll ++VS_ENVVAR_2019="VS150COMNTOOLS" ++VS_USE_UCRT_2019="true" ++VS_VS_INSTALLDIR_2019="Microsoft Visual Studio/2019" ++VS_EDITIONS_2019="Community Professional Enterprise" ++VS_SDK_INSTALLDIR_2019= ++VS_VS_PLATFORM_NAME_2019="v141" ++VS_SDK_PLATFORM_NAME_2019= ++ + ################################################################################ + + +@@ -25694,10 +25706,10 @@ $as_echo "$as_me: Valid Visual Studio versions: $VALID_VS_VERSIONS." >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: Found Visual Studio installation at $VS_BASE using $METHOD" >&5 + $as_echo "$as_me: Found Visual Studio installation at $VS_BASE using $METHOD" >&6;} + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then +- VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat" ++ VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat Auxiliary/Build/vcvars32.bat" + else + VCVARSFILES="vc/bin/amd64/vcvars64.bat vc/bin/x86_amd64/vcvarsx86_amd64.bat \ +- vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat" ++ vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat Auxiliary/Build/vcvars64.bat" + fi + + for VCVARSFILE in $VCVARSFILES; do +@@ -25751,10 +25763,10 @@ $as_echo "$as_me: Warning: None of $VCVARSFILES were found, Visual Studio instal + { $as_echo "$as_me:${as_lineno-$LINENO}: Found Visual Studio installation at $VS_BASE using $METHOD" >&5 + $as_echo "$as_me: Found Visual Studio installation at $VS_BASE using $METHOD" >&6;} + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then +- VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat" ++ VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat Auxiliary/Build/vcvars32.bat" + else + VCVARSFILES="vc/bin/amd64/vcvars64.bat vc/bin/x86_amd64/vcvarsx86_amd64.bat \ +- vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat" ++ vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat Auxiliary/Build/vcvars64.bat" + fi + + for VCVARSFILE in $VCVARSFILES; do +@@ -25790,8 +25802,6 @@ $as_echo "$as_me: directory within the Visual Studio installation" >&6;} + fi + fi + +- VS_ENV_CMD="" +- + if test "x$VS_COMNTOOLS" != x; then + + if test "x$VS_ENV_CMD" = x; then +@@ -25824,10 +25834,10 @@ $as_echo "$as_me: directory within the Visual Studio installation" >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: Found Visual Studio installation at $VS_BASE using $METHOD" >&5 + $as_echo "$as_me: Found Visual Studio installation at $VS_BASE using $METHOD" >&6;} + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then +- VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat" ++ VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat Auxiliary/Build/vcvars32.bat" + else + VCVARSFILES="vc/bin/amd64/vcvars64.bat vc/bin/x86_amd64/vcvarsx86_amd64.bat \ +- vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat" ++ vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat Auxiliary/Build/vcvars64.bat" + fi + + for VCVARSFILE in $VCVARSFILES; do +@@ -25883,10 +25893,10 @@ $as_echo "$as_me: Warning: None of $VCVARSFILES were found, Visual Studio instal + { $as_echo "$as_me:${as_lineno-$LINENO}: Found Visual Studio installation at $VS_BASE using $METHOD" >&5 + $as_echo "$as_me: Found Visual Studio installation at $VS_BASE using $METHOD" >&6;} + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then +- VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat" ++ VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat Auxiliary/Build/vcvars32.bat" + else + VCVARSFILES="vc/bin/amd64/vcvars64.bat vc/bin/x86_amd64/vcvarsx86_amd64.bat \ +- vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat" ++ vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat Auxiliary/Build/vcvars64.bat" + fi + + for VCVARSFILE in $VCVARSFILES; do +@@ -25944,10 +25954,10 @@ $as_echo "$as_me: Warning: None of $VCVARSFILES were found, Visual Studio instal + { $as_echo "$as_me:${as_lineno-$LINENO}: Found Visual Studio installation at $VS_BASE using $METHOD" >&5 + $as_echo "$as_me: Found Visual Studio installation at $VS_BASE using $METHOD" >&6;} + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then +- VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat" ++ VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat Auxiliary/Build/vcvars32.bat" + else + VCVARSFILES="vc/bin/amd64/vcvars64.bat vc/bin/x86_amd64/vcvarsx86_amd64.bat \ +- vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat" ++ vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat Auxiliary/Build/vcvars64.bat" + fi + + for VCVARSFILE in $VCVARSFILES; do +@@ -26002,10 +26012,10 @@ $as_echo "$as_me: Warning: None of $VCVARSFILES were found, Visual Studio instal + { $as_echo "$as_me:${as_lineno-$LINENO}: Found Visual Studio installation at $VS_BASE using $METHOD" >&5 + $as_echo "$as_me: Found Visual Studio installation at $VS_BASE using $METHOD" >&6;} + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then +- VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat" ++ VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat Auxiliary/Build/vcvars32.bat" + else + VCVARSFILES="vc/bin/amd64/vcvars64.bat vc/bin/x86_amd64/vcvarsx86_amd64.bat \ +- vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat" ++ vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat Auxiliary/Build/vcvars64.bat" + fi + + for VCVARSFILE in $VCVARSFILES; do +@@ -26059,10 +26069,10 @@ $as_echo "$as_me: Warning: None of $VCVARSFILES were found, Visual Studio instal + { $as_echo "$as_me:${as_lineno-$LINENO}: Found Visual Studio installation at $VS_BASE using $METHOD" >&5 + $as_echo "$as_me: Found Visual Studio installation at $VS_BASE using $METHOD" >&6;} + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then +- VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat" ++ VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat Auxiliary/Build/vcvars32.bat" + else + VCVARSFILES="vc/bin/amd64/vcvars64.bat vc/bin/x86_amd64/vcvarsx86_amd64.bat \ +- vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat" ++ vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat Auxiliary/Build/vcvars64.bat" + fi + + for VCVARSFILE in $VCVARSFILES; do +diff --git a/common/autoconf/toolchain_windows.m4 b/common/autoconf/toolchain_windows.m4 +index a78f9ac66..0b5efdad2 100644 +--- a/common/autoconf/toolchain_windows.m4 ++++ b/common/autoconf/toolchain_windows.m4 +@@ -25,7 +25,7 @@ + + ################################################################################ + # The order of these defines the priority by which we try to find them. +-VALID_VS_VERSIONS="2010 2012 2013 2015 2017" ++VALID_VS_VERSIONS="2010 2012 2013 2015 2017 2019" + + VS_DESCRIPTION_2010="Microsoft Visual Studio 2010" + VS_VERSION_INTERNAL_2010=100 +@@ -83,6 +83,18 @@ VS_SDK_INSTALLDIR_2017= + VS_VS_PLATFORM_NAME_2017="v141" + VS_SDK_PLATFORM_NAME_2017= + ++VS_DESCRIPTION_2019="Microsoft Visual Studio 2019 - CURRENTLY NOT WORKING" ++VS_VERSION_INTERNAL_2019=141 ++VS_MSVCR_2019=vcruntime140.dll ++VS_MSVCP_2019=msvcp140.dll ++VS_ENVVAR_2019="VS150COMNTOOLS" ++VS_USE_UCRT_2019="true" ++VS_VS_INSTALLDIR_2019="Microsoft Visual Studio/2019" ++VS_EDITIONS_2019="Community Professional Enterprise" ++VS_SDK_INSTALLDIR_2019= ++VS_VS_PLATFORM_NAME_2019="v141" ++VS_SDK_PLATFORM_NAME_2019= ++ + ################################################################################ + + AC_DEFUN([TOOLCHAIN_CHECK_POSSIBLE_VISUAL_STUDIO_ROOT], +@@ -107,10 +119,10 @@ AC_DEFUN([TOOLCHAIN_CHECK_POSSIBLE_VISUAL_STUDIO_ROOT], + if test -d "$VS_BASE"; then + AC_MSG_NOTICE([Found Visual Studio installation at $VS_BASE using $METHOD]) + if test "x$OPENJDK_TARGET_CPU_BITS" = x32; then +- VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat" ++ VCVARSFILES="vc/bin/vcvars32.bat vc/auxiliary/build/vcvars32.bat Auxiliary/Build/vcvars32.bat" + else + VCVARSFILES="vc/bin/amd64/vcvars64.bat vc/bin/x86_amd64/vcvarsx86_amd64.bat \ +- vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat" ++ vc/auxiliary/build/vcvarsx86_amd64.bat vc/auxiliary/build/vcvars64.bat Auxiliary/Build/vcvars64.bat" + fi + + for VCVARSFILE in $VCVARSFILES; do +@@ -198,8 +210,6 @@ AC_DEFUN([TOOLCHAIN_FIND_VISUAL_STUDIO_BAT_FILE], + fi + fi + +- VS_ENV_CMD="" +- + if test "x$VS_COMNTOOLS" != x; then + TOOLCHAIN_CHECK_POSSIBLE_VISUAL_STUDIO_ROOT([${VS_VERSION}], + [$VS_COMNTOOLS/../..], [$VS_COMNTOOLS_VAR variable]) +diff --git a/hotspot/make/windows/makefiles/compile.make b/hotspot/make/windows/makefiles/compile.make +index a405eb336..e5aed4418 100644 +--- a/hotspot/make/windows/makefiles/compile.make ++++ b/hotspot/make/windows/makefiles/compile.make +@@ -54,6 +54,9 @@ CXX=cl.exe + + # These are always used in all compiles + CXX_FLAGS=$(EXTRA_CFLAGS) /nologo /W3 /WX /GS ++!if "$(MSC_VER)" > "1910" ++CXX_FLAGS=$(EXTRA_CFLAGS) /nologo /W3 /GS /arch:IA32 ++!endif + + # Let's add debug information when Full Debug Symbols is enabled + !if "$(ENABLE_FULL_DEBUG_SYMBOLS)" == "1" +@@ -308,6 +317,21 @@ MT=mt.exe + SAFESEH_FLAG = /SAFESEH + !endif + ++!if "$(COMPILER_NAME)" == "VS2019" ++PRODUCT_OPT_OPTION = /O2 /Oy- ++FASTDEBUG_OPT_OPTION = /O2 /Oy- ++DEBUG_OPT_OPTION = /Od ++GX_OPTION = /EHsc ++LD_FLAGS = /manifest $(LD_FLAGS) ++MP_FLAG = /MP ++# Manifest Tool - used in VS2005 and later to adjust manifests stored ++# as resources inside build artifacts. ++!if "x$(MT)" == "x" ++MT=mt.exe ++!endif ++SAFESEH_FLAG = /SAFESEH ++!endif ++ + !if "$(BUILDARCH)" == "i486" + LD_FLAGS = $(SAFESEH_FLAG) $(LD_FLAGS) + !endif +diff --git a/hotspot/make/windows/makefiles/vm.make b/hotspot/make/windows/makefiles/vm.make +index 082232719..b46354a5e 100644 +--- a/hotspot/make/windows/makefiles/vm.make ++++ b/hotspot/make/windows/makefiles/vm.make +@@ -129,7 +129,7 @@ CXX_DONT_USE_PCH=/D DONT_USE_PRECOMPILED_HEADER + + !if "$(USE_PRECOMPILED_HEADER)" != "0" + CXX_USE_PCH=/Fp"vm.pch" /Yu"precompiled.hpp" +-!if "$(COMPILER_NAME)" == "VS2012" || "$(COMPILER_NAME)" == "VS2013" || "$(COMPILER_NAME)" == "VS2015" || "$(COMPILER_NAME)" == "VS2017" ++!if "$(COMPILER_NAME)" == "VS2012" || "$(COMPILER_NAME)" == "VS2013" || "$(COMPILER_NAME)" == "VS2015" || "$(COMPILER_NAME)" == "VS2017" || "$(COMPILER_NAME)" == "VS2019" + # VS2012 and later require this object file to be listed: + LD_FLAGS=$(LD_FLAGS) _build_pch_file.obj + !endif +diff --git a/hotspot/src/share/vm/runtime/os.cpp b/hotspot/src/share/vm/runtime/os.cpp +index f5182ea75..3242c6666 100644 +--- a/hotspot/src/share/vm/runtime/os.cpp ++++ b/hotspot/src/share/vm/runtime/os.cpp +@@ -67,6 +67,9 @@ + #ifdef TARGET_OS_FAMILY_bsd + # include "os_bsd.inline.hpp" + #endif ++#ifndef _MSC_VER ++#define _MSC_VER 1916 ++#endif + + # include + +diff --git a/hotspot/src/share/vm/runtime/vm_version.cpp b/hotspot/src/share/vm/runtime/vm_version.cpp +index fd37b8345..480459921 100644 +--- a/hotspot/src/share/vm/runtime/vm_version.cpp ++++ b/hotspot/src/share/vm/runtime/vm_version.cpp +@@ -231,6 +231,8 @@ const char* Abstract_VM_Version::internal_vm_info_string() { + #define HOTSPOT_BUILD_COMPILER "MS VC++ 12.0 (VS2013)" + #elif _MSC_VER == 1900 + #define HOTSPOT_BUILD_COMPILER "MS VC++ 14.0 (VS2015)" ++ #elif _MSC_VER == 1910 ++ #define HOTSPOT_BUILD_COMPILER "MS VC++ 15.0 (VS2017)" + #elif _MSC_VER == 1911 + #define HOTSPOT_BUILD_COMPILER "MS VC++ 15.3 (VS2017)" + #elif _MSC_VER == 1912 +-- +2.19.0 + diff --git a/fix-windows-compile-fail.patch b/fix-windows-compile-fail.patch new file mode 100644 index 0000000000000000000000000000000000000000..196913dee9811bcbe2476244f2780047a6f7afc1 --- /dev/null +++ b/fix-windows-compile-fail.patch @@ -0,0 +1,79 @@ +From 6fdf4ac10d8fb12a91d07c90f49d0fc14d59c9f5 Mon Sep 17 00:00:00 2001 +Date: Fri, 16 Apr 2021 14:12:42 +0800 +Subject: [PATCH 3/3] fix windows compile fail + +--- + hotspot/src/share/vm/memory/filemap.cpp | 2 ++ + hotspot/src/share/vm/runtime/arguments.cpp | 4 ++++ + hotspot/src/share/vm/utilities/ostream.cpp | 5 +++-- + 3 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/hotspot/src/share/vm/memory/filemap.cpp b/hotspot/src/share/vm/memory/filemap.cpp +index d2095e63..c344779d 100644 +--- a/hotspot/src/share/vm/memory/filemap.cpp ++++ b/hotspot/src/share/vm/memory/filemap.cpp +@@ -370,6 +370,7 @@ bool FileMapInfo::open_for_read() { + void FileMapInfo::open_for_write() { + if (UseAppCDS && AppCDSLockFile != NULL) { + char* pos = strrchr(const_cast(AppCDSLockFile), '/'); ++#ifdef __linux__ + if (pos != NULL && pos != AppCDSLockFile) { // No directory path specified + char buf[PATH_MAX + 1] = "\0"; + char filePath[PATH_MAX] = "\0"; +@@ -391,6 +392,7 @@ void FileMapInfo::open_for_write() { + } + tty->print_cr("You are using file lock %s in concurrent mode", AppCDSLockFile); + } ++#endif + } + _full_path = make_log_name(Arguments::GetSharedArchivePath(), NULL); + if (PrintSharedSpaces) { +diff --git a/hotspot/src/share/vm/runtime/arguments.cpp b/hotspot/src/share/vm/runtime/arguments.cpp +index 9cfa0451..170f1fd9 100644 +--- a/hotspot/src/share/vm/runtime/arguments.cpp ++++ b/hotspot/src/share/vm/runtime/arguments.cpp +@@ -3024,6 +3024,10 @@ jint Arguments::parse_each_vm_init_arg(const JavaVMInitArgs* args, + for (int index = 0; index < args->nOptions; index++) { + const JavaVMOption* option = args->options + index; + if (match_option(option, "-XX:+UseAppCDS", &tail)) { ++#ifndef __linux__ ++ tty->print_cr("failed: must not use AppCDS on non-linux system."); ++ JVM_Exit(0); ++#endif + if (!process_argument("+UseAppCDS", args->ignoreUnrecognized, origin)) { + return JNI_EINVAL; + } else { +diff --git a/hotspot/src/share/vm/utilities/ostream.cpp b/hotspot/src/share/vm/utilities/ostream.cpp +index 587b839b..eefb7176 100644 +--- a/hotspot/src/share/vm/utilities/ostream.cpp ++++ b/hotspot/src/share/vm/utilities/ostream.cpp +@@ -35,9 +35,8 @@ + #include "utilities/top.hpp" + #include "utilities/xmlstream.hpp" + +-# include +- + #ifdef TARGET_OS_FAMILY_linux ++# include + # include "os_linux.inline.hpp" + #endif + #ifdef TARGET_OS_FAMILY_solaris +@@ -764,6 +763,7 @@ void fileStream::flush() { + } + + jsaFileStream::jsaFileStream(const char* file_name) : fileStream(file_name, "a") { ++#ifdef __linux__ + if (_file != NULL) { + if (flock(fileno(_file), LOCK_EX | LOCK_NB) != 0) { + if (errno == EWOULDBLOCK) { +@@ -781,6 +781,7 @@ jsaFileStream::jsaFileStream(const char* file_name) : fileStream(file_name, "a") + ::rewind(_file); + } + } ++#endif + } + + jsaFileStream::~jsaFileStream() { +-- +2.23.0 + diff --git a/improve_algorithmConstraints_checkAlgorithm_performance.patch b/improve_algorithmConstraints_checkAlgorithm_performance.patch new file mode 100755 index 0000000000000000000000000000000000000000..025a379bf25ec534b537a9b40c35897e2b2343b9 --- /dev/null +++ b/improve_algorithmConstraints_checkAlgorithm_performance.patch @@ -0,0 +1,134 @@ +diff --git a/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java b/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java +index 944958de4..5c7602925 100644 +--- a/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java ++++ b/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java +@@ -77,34 +77,26 @@ public abstract class AbstractAlgorithmConstraints + return new ArrayList<>(Arrays.asList(algorithmsInProperty)); + } + +- static boolean checkAlgorithm(List algorithms, String algorithm, ++ static boolean checkAlgorithm(Set algorithms, String algorithm, + AlgorithmDecomposer decomposer) { + if (algorithm == null || algorithm.length() == 0) { + throw new IllegalArgumentException("No algorithm name specified"); + } + + Set elements = null; +- for (String item : algorithms) { +- if (item == null || item.isEmpty()) { +- continue; +- } ++ if (algorithms.contains(algorithm.toLowerCase())) { ++ return false; ++ } + +- // check the full name +- if (item.equalsIgnoreCase(algorithm)) { ++ // decompose the algorithm into sub-elements ++ if (elements == null) { ++ elements = decomposer.decompose(algorithm); ++ } ++ // check the element of the elements ++ for (String element : elements) { ++ if (algorithms.contains(element.toLowerCase())) { + return false; + } +- +- // decompose the algorithm into sub-elements +- if (elements == null) { +- elements = decomposer.decompose(algorithm); +- } +- +- // check the items of the algorithm +- for (String element : elements) { +- if (item.equalsIgnoreCase(element)) { +- return false; +- } +- } + } + + return true; +diff --git a/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java b/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java +index 51e625632..6ff26bf2f 100644 +--- a/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java ++++ b/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java +@@ -96,7 +96,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints { + new DisabledAlgorithmConstraints(PROPERTY_JAR_DISABLED_ALGS); + } + +- private final List disabledAlgorithms; ++ private final Set disabledAlgorithms; + private final Constraints algorithmConstraints; + + public static DisabledAlgorithmConstraints certPathConstraints() { +@@ -128,11 +128,11 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints { + public DisabledAlgorithmConstraints(String propertyName, + AlgorithmDecomposer decomposer) { + super(decomposer); +- disabledAlgorithms = getAlgorithms(propertyName); ++ List disabledAlgorithmsList = getAlgorithms(propertyName); + + // Check for alias + int ecindex = -1, i = 0; +- for (String s : disabledAlgorithms) { ++ for (String s : disabledAlgorithmsList) { + if (s.regionMatches(true, 0,"include ", 0, 8)) { + if (s.regionMatches(true, 8, PROPERTY_DISABLED_EC_CURVES, 0, + PROPERTY_DISABLED_EC_CURVES.length())) { +@@ -143,11 +143,19 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints { + i++; + } + if (ecindex > -1) { +- disabledAlgorithms.remove(ecindex); +- disabledAlgorithms.addAll(ecindex, ++ disabledAlgorithmsList.remove(ecindex); ++ disabledAlgorithmsList.addAll(ecindex, + getAlgorithms(PROPERTY_DISABLED_EC_CURVES)); + } +- algorithmConstraints = new Constraints(propertyName, disabledAlgorithms); ++ algorithmConstraints = new Constraints(propertyName, disabledAlgorithmsList); ++ ++ disabledAlgorithms = new HashSet(); ++ for (String algorithm : disabledAlgorithmsList) { ++ if (algorithm == null || algorithm.isEmpty()) { ++ continue; ++ } ++ disabledAlgorithms.add(algorithm.toLowerCase()); ++ } + } + + /* +diff --git a/jdk/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java b/jdk/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java +index 4e7502fb5..01d0447ab 100644 +--- a/jdk/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java ++++ b/jdk/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java +@@ -28,6 +28,7 @@ package sun.security.util; + import java.security.AlgorithmParameters; + import java.security.CryptoPrimitive; + import java.security.Key; ++import java.util.HashSet; + import java.util.List; + import java.util.Set; + +@@ -40,12 +41,19 @@ public class LegacyAlgorithmConstraints extends AbstractAlgorithmConstraints { + public final static String PROPERTY_TLS_LEGACY_ALGS = + "jdk.tls.legacyAlgorithms"; + +- private final List legacyAlgorithms; ++ private final Set legacyAlgorithms; + + public LegacyAlgorithmConstraints(String propertyName, + AlgorithmDecomposer decomposer) { + super(decomposer); +- legacyAlgorithms = getAlgorithms(propertyName); ++ List legacyAlgorithmsList = getAlgorithms(propertyName); ++ legacyAlgorithms = new HashSet(); ++ for (String algorithm : legacyAlgorithmsList) { ++ if (algorithm == null || algorithm.isEmpty()) { ++ continue; ++ } ++ legacyAlgorithms.add(algorithm.toLowerCase()); ++ } + } + + @Override diff --git a/initialized-value-should-be-0-in-perfInit.patch b/initialized-value-should-be-0-in-perfInit.patch old mode 100755 new mode 100644 diff --git a/kae-phase1.patch b/kae-phase1.patch index bc0f6efd096cdc8f5f4009b46387d943d6c3e356..89f335366c2c4b9eaafc36125d6f9442c08c6d91 100644 --- a/kae-phase1.patch +++ b/kae-phase1.patch @@ -94,11 +94,11 @@ index d754f1d6..ea43a7a0 100644 --enable-unlimited-crypto Enable unlimited crypto policy [disabled] --disable-jfr Disable Java Flight Recorder support [enabled] -+ --disable-kae Disable KAE support on aarch64 [enabled] ++ --enable-kae Enable KAE support on aarch64 [disabled] --disable-debug-symbols disable generation of debug symbols [enabled] --disable-zip-debug-info disable zipping of debug-info files [enabled] -@@ -19843,6 +19846,31 @@ fi +@@ -19843,6 +19846,27 @@ fi $as_echo "$ENABLE_JFR" >&6; } @@ -112,12 +112,8 @@ index d754f1d6..ea43a7a0 100644 +if test "${enable_kae+set}" = set; then : + enableval=$enable_kae; enable_kae="${enableval}" +else -+ #default enable on aarch64 -+ if test "x$OPENJDK_TARGET_CPU" = xaarch64; then -+ enable_kae="yes" -+ else -+ enable_kae="no" -+ fi ++ #default disable kae ++ enable_kae="no" +fi + + if test "x$enable_kae" = "xyes"; then @@ -143,8 +139,8 @@ index e4eb2352..23db9275 100644 + # + # Enable or disable kae + # -+ AC_ARG_ENABLE(kae, [AS_HELP_STRING([--disable-kae], -+ [disable KAE @<:@disabled@:>@])],, ++ AC_ARG_ENABLE(kae, [AS_HELP_STRING([--enable-kae], ++ [enable KAE @<:@enabled@:>@])],, + [enable_kae=no]) + if test "x$enable_kae" = "xyes"; then + ENABLE_KAE=true @@ -3376,7 +3372,7 @@ new file mode 100644 index 00000000..ed645698 --- /dev/null +++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c -@@ -0,0 +1,463 @@ +@@ -0,0 +1,462 @@ +/* + * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. @@ -3551,7 +3547,6 @@ index 00000000..ed645698 + jbyte* inBytes = NULL; + // outLen type should be size_t + // EVP_PKEY_encrypt takes the outLen address as a parameter, and the parameter type is size_t* -+ // You can refer to the issue #2774 to see more content + size_t outLen = 0; + + EVP_PKEY* pkey = (EVP_PKEY*) keyAddress; diff --git a/kae-phase2.patch b/kae-phase2.patch new file mode 100644 index 0000000000000000000000000000000000000000..e0c1c43bec2822397ab85edbefd71921f1576573 --- /dev/null +++ b/kae-phase2.patch @@ -0,0 +1,7992 @@ +commit 0944cd842edf5706035155405514ee4d06a6d71c +Author: Noah +Date: Mon May 17 19:28:24 2021 +0800 + + I27MB8: add kae phase2 + +diff --git a/jdk/make/mapfiles/libj2kae/mapfile-vers b/jdk/make/mapfiles/libj2kae/mapfile-vers +index 6ed331b2..128d1e32 100644 +--- a/jdk/make/mapfiles/libj2kae/mapfile-vers ++++ b/jdk/make/mapfiles/libj2kae/mapfile-vers +@@ -1,5 +1,5 @@ + # +-# Copyright (c) 2020, Huawei Technologies Co., Ltd. All rights reserved. ++# Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. + # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + # + # This code is free software; you can redistribute it and/or modify it +@@ -32,14 +32,18 @@ SUNWprivate_1.1 { + Java_org_openeuler_security_openssl_KAEDigest_nativeDigest; + Java_org_openeuler_security_openssl_KAEDigest_nativeClone; + Java_org_openeuler_security_openssl_KAEDigest_nativeFree; +- Java_org_openeuler_security_openssl_KAEAESCipher_nativeInit; +- Java_org_openeuler_security_openssl_KAEAESCipher_nativeUpdate; +- Java_org_openeuler_security_openssl_KAEAESCipher_nativeFinal; +- Java_org_openeuler_security_openssl_KAEAESCipher_nativeFree; +- Java_org_openeuler_security_openssl_KAEMac_nativeInit; +- Java_org_openeuler_security_openssl_KAEMac_nativeUpdate; +- Java_org_openeuler_security_openssl_KAEMac_nativeFinal; +- Java_org_openeuler_security_openssl_KAEMac_nativeFree; ++ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit; ++ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeUpdate; ++ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeFinal; ++ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeFinalGcm; ++ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeFree; ++ Java_org_openeuler_security_openssl_KAEECKeyPairGenerator_nativeGenerateParam; ++ Java_org_openeuler_security_openssl_KAEECKeyPairGenerator_nativeGenerateKeyPair; ++ Java_org_openeuler_security_openssl_KAEECDHKeyAgreement_nativeGenerateSecret; ++ Java_org_openeuler_security_openssl_KAEHMac_nativeInit; ++ Java_org_openeuler_security_openssl_KAEHMac_nativeUpdate; ++ Java_org_openeuler_security_openssl_KAEHMac_nativeFinal; ++ Java_org_openeuler_security_openssl_KAEHMac_nativeFree; + Java_org_openeuler_security_openssl_KAERSAKeyPairGenerator_nativeGenerateKeyPair; + Java_org_openeuler_security_openssl_KAERSACipher_nativeCreateRSAPrivateCrtKey; + Java_org_openeuler_security_openssl_KAERSACipher_nativeCreateRSAPrivateKey; +@@ -51,6 +55,12 @@ SUNWprivate_1.1 { + Java_org_openeuler_security_openssl_KAERSACipher_nativeRSAEncryptOAEPPadding; + Java_org_openeuler_security_openssl_KAERSACipher_nativeRSADecryptOAEPPadding; + Java_org_openeuler_security_openssl_KAERSACipher_nativeFreeKey; ++ Java_org_openeuler_security_openssl_KAEDHKeyPairGenerator_nativeGenerateKeyPair; ++ Java_org_openeuler_security_openssl_KAEDHKeyAgreement_nativeComputeKey; ++ Java_org_openeuler_security_openssl_KAERSASignatureNative_rsaSign; ++ Java_org_openeuler_security_openssl_KAERSASignatureNative_rsaVerify; ++ Java_org_openeuler_security_openssl_KAERSASignatureNative_pssSign; ++ Java_org_openeuler_security_openssl_KAERSASignatureNative_pssVerify; + + local: + *; +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEAESCipher.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEAESCipher.java +index 2dd5bf4a..6ef3620b 100644 +--- a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEAESCipher.java ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEAESCipher.java +@@ -26,30 +26,24 @@ + + package org.openeuler.security.openssl; + +-import sun.security.jca.JCAUtil; +- +-import java.lang.ref.PhantomReference; +-import java.lang.ref.ReferenceQueue; +-import java.security.*; +-import java.security.spec.*; +-import java.util.Arrays; ++import java.security.InvalidAlgorithmParameterException; ++import java.security.InvalidKeyException; ++import java.security.NoSuchAlgorithmException; ++import java.security.Key; + import java.util.Locale; +-import java.util.Set; +-import java.util.concurrent.ConcurrentSkipListSet; + +-import javax.crypto.*; +-import javax.crypto.spec.IvParameterSpec; +-import javax.crypto.spec.SecretKeySpec; ++import javax.crypto.NoSuchPaddingException; + + /* +- * Cipher wrapper class utilizing openssl APIs. This class currently supports ++ * This class currently supports: + * - AES/ECB/NOPADDING + * - AES/ECB/PKCS5PADDING + * - AES/CBC/NOPADDING + * - AES/CBC/PKCS5PADDING + * - AES/CTR/NOPADDING ++ * - AES/GCM/NOPADDING + */ +-abstract class KAEAESCipher extends CipherSpi { ++abstract class KAEAESCipher extends KAESymmetricCipherBase { + + public static class Aes extends KAEAESCipher { + public Aes(Mode mode, Padding padding) { +@@ -71,6 +65,7 @@ abstract class KAEAESCipher extends CipherSpi { + } + } + } ++ + public static class Ecb extends Aes { + public Ecb(Padding padding) { + super(Mode.ECB, padding); +@@ -97,12 +92,24 @@ abstract class KAEAESCipher extends CipherSpi { + } + } + } ++ ++ public static class Gcm extends Aes { ++ public Gcm(Padding padding) { ++ super(Mode.GCM, padding); ++ } ++ public static class NoPadding extends Gcm { ++ public NoPadding() { ++ super(Padding.NOPADDING); ++ } ++ } ++ } + } + + public static class Aes_128 extends KAEAESCipher { + public Aes_128(Mode mode, Padding padding) { + super(mode, padding, 16); + } ++ + public static class Cbc extends Aes_128 { + public Cbc(Padding padding) { + super(Mode.CBC, padding); +@@ -118,6 +125,7 @@ abstract class KAEAESCipher extends CipherSpi { + } + } + } ++ + public static class Ecb extends Aes_128 { + public Ecb(Padding padding) { + super(Mode.ECB, padding); +@@ -144,12 +152,24 @@ abstract class KAEAESCipher extends CipherSpi { + } + } + } ++ ++ public static class Gcm extends Aes_128 { ++ public Gcm(Padding padding) { ++ super(Mode.GCM, padding); ++ } ++ public static class NoPadding extends Gcm { ++ public NoPadding() { ++ super(Padding.NOPADDING); ++ } ++ } ++ } + } + + public static class Aes_192 extends KAEAESCipher { + public Aes_192(Mode mode, Padding padding) { + super(mode, padding, 24); + } ++ + public static class Cbc extends Aes_192 { + public Cbc(Padding padding) { + super(Mode.CBC, padding); +@@ -165,6 +185,7 @@ abstract class KAEAESCipher extends CipherSpi { + } + } + } ++ + public static class Ecb extends Aes_192 { + public Ecb(Padding padding) { + super(Mode.ECB, padding); +@@ -191,12 +212,24 @@ abstract class KAEAESCipher extends CipherSpi { + } + } + } ++ ++ public static class Gcm extends Aes_192 { ++ public Gcm(Padding padding) { ++ super(Mode.GCM, padding); ++ } ++ public static class NoPadding extends Gcm { ++ public NoPadding() { ++ super(Padding.NOPADDING); ++ } ++ } ++ } + } + + public static class Aes_256 extends KAEAESCipher { + public Aes_256(Mode mode, Padding padding) { + super(mode, padding, 32); + } ++ + public static class Cbc extends Aes_256 { + public Cbc(Padding padding) { + super(Mode.CBC, padding); +@@ -212,6 +245,7 @@ abstract class KAEAESCipher extends CipherSpi { + } + } + } ++ + public static class Ecb extends Aes_256 { + public Ecb(Padding padding) { + super(Mode.ECB, padding); +@@ -238,145 +272,46 @@ abstract class KAEAESCipher extends CipherSpi { + } + } + } +- } +- +- enum Padding { +- NOPADDING, +- PKCS5PADDING +- } +- +- enum Mode { +- ECB, +- CBC, +- CTR, +- } +- +- private final String keyAlgo = "AES"; +- private final int blockSize = 16; +- private Mode mode; +- private Padding padding; +- private int fixedKeySize; +- +- private CipherContextRef pCtx = null; +- private byte[] keyValue; +- protected byte[] iv; +- private boolean initialized = false; +- private boolean encrypt = false; +- private int bytesBuffered = 0; +- +- private boolean calledUpdate; +- private String cipherName; +- +- private static final PublicKey constructPublicKey(byte[] encodedKey, String encodedKeyAlgorithm) throws NoSuchAlgorithmException, InvalidKeyException { +- PublicKey key; +- try { +- KeyFactory keyFactory = KeyFactory.getInstance(encodedKeyAlgorithm); +- X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey); +- key = keyFactory.generatePublic(keySpec); +- } catch (NoSuchAlgorithmException e) { +- throw new NoSuchAlgorithmException("No provider found for " + encodedKeyAlgorithm + " KeyFactory"); +- } catch (InvalidKeySpecException e) { +- throw new InvalidKeyException("Cannot construct public key", e); +- } +- return key; +- } +- +- private static final PrivateKey constructPrivateKey(byte[] encodedKey, +- String encodedKeyAlgorithm) throws InvalidKeyException, NoSuchAlgorithmException { +- PrivateKey key = null; +- try { +- KeyFactory keyFactory = KeyFactory.getInstance(encodedKeyAlgorithm); +- PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey); +- key = keyFactory.generatePrivate(keySpec); +- } catch (NoSuchAlgorithmException e) { +- throw new NoSuchAlgorithmException("No provider found for " + encodedKeyAlgorithm + " KeyFactory"); +- } catch (InvalidKeySpecException e) { +- throw new InvalidKeyException("Cannot construct private key", e); +- } +- return key; +- } +- +- private static final SecretKey constructSecretKey(byte[] encodedKey, String encodedKeyAlgorithm) { +- return new SecretKeySpec(encodedKey, encodedKeyAlgorithm); +- } + +- static final Key constructKey(int keyType, byte[] encodedKey, +- String encodedKeyAlgorithm) throws NoSuchAlgorithmException, InvalidKeyException { +- Key res = null; +- switch (keyType) { +- case Cipher.SECRET_KEY: +- res = constructSecretKey(encodedKey, encodedKeyAlgorithm); +- break; +- case Cipher.PRIVATE_KEY: +- res = constructPrivateKey(encodedKey, encodedKeyAlgorithm); +- break; +- case Cipher.PUBLIC_KEY: +- res = constructPublicKey(encodedKey, encodedKeyAlgorithm); +- break; +- default: +- throw new InvalidKeyException("Unknown keytype " + keyType); ++ public static class Gcm extends Aes_256 { ++ public Gcm(Padding padding) { ++ super(Mode.GCM, padding); ++ } ++ public static class NoPadding extends Gcm { ++ public NoPadding() { ++ super(Padding.NOPADDING); ++ } ++ } + } +- return res; + } + + KAEAESCipher(Mode mode, Padding padding, int fixedKeySize) { +- this.mode = mode; +- this.padding = padding; +- this.fixedKeySize = fixedKeySize; ++ super(mode, padding, fixedKeySize, "AES"); + } + +- private static class CipherContextRef extends PhantomReference implements Comparable { +- +- private static ReferenceQueue refQueue = new ReferenceQueue<>(); +- private static Set refList = new ConcurrentSkipListSet<>(); +- private static boolean disableKaeDispose = Boolean.getBoolean("kae.disableKaeDispose"); +- +- final long ctxAddress; +- +- private static void drainRefQueueBounded() { +- while (true) { +- CipherContextRef next = (CipherContextRef) refQueue.poll(); +- if (next == null) { +- break; +- } +- next.dispose(true); +- } +- } +- +- CipherContextRef(KAEAESCipher kaeCipher, long ctxAddress) { +- super(kaeCipher, refQueue); +- this.ctxAddress = ctxAddress; +- if (!disableKaeDispose) { +- refList.add(this); +- drainRefQueueBounded(); +- } +- } +- +- @Override +- public int compareTo(CipherContextRef o) { +- if (this.ctxAddress == o.ctxAddress) { +- return 0; +- } else { +- return (this.ctxAddress < o.ctxAddress) ? -1 : 1; ++ protected void checkKey(Key key) throws InvalidKeyException { ++ if (key == null || key.getEncoded() == null) { ++ throw new InvalidKeyException("Key cannot be null"); ++ } else { ++ if (!keyAlgo.equalsIgnoreCase(key.getAlgorithm())) { ++ throw new InvalidKeyException("Key algorithm must be " + keyAlgo); + } +- } +- +- void dispose(boolean needFree) { +- if (!disableKaeDispose) { +- refList.remove(this); +- try { +- if (needFree) { +- nativeFree(ctxAddress); +- } +- } finally { +- this.clear(); ++ int keyLen = key.getEncoded().length; ++ if (fixedKeySize == -1) { ++ if (keyLen != 16 && keyLen != 24 & keyLen != 32) { ++ throw new InvalidKeyException("Key size is not valid. Got key length of: " + keyLen); + } + } else { +- nativeFree(ctxAddress); ++ if (keyLen != fixedKeySize) { ++ throw new InvalidKeyException("Only " + fixedKeySize + "-byte keys are accepted. Got: " + keyLen); ++ } + } + } + } + ++ protected String getCipherName(int keyLength, Mode mode) { ++ return "aes-" + keyLength + "-" + mode.toString().toLowerCase(Locale.US); ++ } + + @Override + protected void engineSetMode(String modeStr) throws NoSuchAlgorithmException { +@@ -390,10 +325,11 @@ abstract class KAEAESCipher extends CipherSpi { + mode = Mode.CBC; + } else if (modeStr.equalsIgnoreCase("CTR")) { + mode = Mode.CTR; ++ } else if (modeStr.equalsIgnoreCase("GCM")) { ++ mode = Mode.GCM; + } else { + throw new NoSuchAlgorithmException("Unsupported mode " + mode); + } +- + } + + @Override +@@ -401,8 +337,14 @@ abstract class KAEAESCipher extends CipherSpi { + if (paddingStr == null) { + throw new NoSuchPaddingException("null padding"); + } ++ if (paddingStr.equalsIgnoreCase("PKCS7PADDING")) { ++ paddingStr = "PKCS5Padding"; ++ } + +- if (paddingStr.equalsIgnoreCase("NOPADDING")) { ++ // GCM has no Padding, pkcs5-> nopadding in sunjce ++ if (mode == Mode.GCM) { ++ this.padding = Padding.NOPADDING; ++ } else if (paddingStr.equalsIgnoreCase("NOPADDING")) { + this.padding = Padding.NOPADDING; + } else if(paddingStr.equalsIgnoreCase("PKCS5PADDING")) { + if (mode == Mode.CTR) { +@@ -410,315 +352,13 @@ abstract class KAEAESCipher extends CipherSpi { + } + this.padding = Padding.PKCS5PADDING; + } else { +- throw new NoSuchPaddingException("Unsupported padding "+padding); +- } +- } +- +- +- @Override +- protected int engineGetBlockSize() { +- return blockSize; +- } +- +- @Override +- protected int engineGetOutputSize(int inputLen) { +- return getOutputSizeByOperation(inputLen, true); +- } +- +- @Override +- protected byte[] engineGetIV() { +- return iv == null ? null : iv.clone(); +- } +- +- @Override +- protected AlgorithmParameters engineGetParameters() { +- if (iv == null) { +- return null; +- } +- IvParameterSpec ivSpec = new IvParameterSpec(iv.clone()); +- try { +- AlgorithmParameters params = AlgorithmParameters.getInstance(keyAlgo); +- params.init(ivSpec); +- return params; +- } catch (GeneralSecurityException e) { +- throw new RuntimeException("Could not encode parameters", e); +- } +- } +- +- @Override +- protected void engineInit(int opmode, Key key, SecureRandom random) throws InvalidKeyException { +- try { +- engineInit(opmode, key, (AlgorithmParameterSpec) null, random); +- } catch (InvalidAlgorithmParameterException e) { +- throw new InvalidKeyException("init() failed", e); ++ throw new NoSuchPaddingException("Unsupported padding " + paddingStr); + } + } + +- @Override +- protected void engineInit(int opmode, Key key, AlgorithmParameters params, +- SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { +- AlgorithmParameterSpec ivSpec = null; +- if (params != null) { +- try { +- ivSpec = params.getParameterSpec(IvParameterSpec.class); +- } catch (InvalidParameterSpecException e) { +- throw new InvalidAlgorithmParameterException("Could not decode IV", e); +- } +- } +- engineInit(opmode, key, ivSpec, random); +- } +- +- @Override +- protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, +- SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { +- checkKey(key); +- boolean doEncrypt = (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE); +- +- byte[] ivBytes = null; +- +- if (params != null) { +- if (!(params instanceof IvParameterSpec)) { +- throw new InvalidKeyException("IvParameterSpec required. Received: " + params.getClass().getName()); +- } else { +- ivBytes = ((IvParameterSpec) params).getIV(); +- if (ivBytes.length != blockSize) { +- throw new InvalidAlgorithmParameterException("Wrong IV length: must be " + blockSize + +- " bytes long. Received length:" + ivBytes.length); +- } +- } +- } +- if (mode == Mode.ECB) { +- if (params != null) { +- throw new InvalidAlgorithmParameterException("No Parameters for ECB mode"); +- } +- } else if (ivBytes == null) { +- if (doEncrypt) { +- ivBytes = new byte[blockSize]; +- if (random == null) { +- random = JCAUtil.getSecureRandom(); +- } +- random.nextBytes(ivBytes); +- } else { +- throw new InvalidAlgorithmParameterException("Parameters required for decryption"); +- } +- } +- implInit(doEncrypt, key.getEncoded(), ivBytes); +- } +- +- private void implInit(boolean encrypt, byte[] keyVal, byte[] ivVal) { +- +- reset(true); +- this.encrypt = encrypt; +- this.keyValue = keyVal; +- this.iv = ivVal; +- this.cipherName = "aes-" + (keyVal.length * 8) + "-" + mode.toString().toLowerCase(Locale.US); +- +- // OpenSSL only supports PKCS5 Padding +- long pCtxVal; +- try { +- pCtxVal = nativeInit(cipherName, encrypt, keyValue, iv, padding == Padding.PKCS5PADDING); +- } catch (RuntimeException e) { +- throw new ProviderException("Invoke nativeInit failed for " + cipherName, e); +- } +- +- initialized = (pCtxVal != 0L); +- if (initialized) { +- pCtx = new CipherContextRef(this, pCtxVal); +- } else { +- throw new NullPointerException("pCtxVal == 0"); +- } +- calledUpdate = false; +- } +- +- final int checkKey(Key key) throws InvalidKeyException { +- if (key == null || key.getEncoded() == null) { +- throw new InvalidKeyException("Key cannot be null"); +- } else { +- if (!keyAlgo.equalsIgnoreCase(key.getAlgorithm())) { +- throw new InvalidKeyException("Key algorithm must be " + keyAlgo); +- } +- int keyLen = key.getEncoded().length; +- if (fixedKeySize == -1) { +- if (keyLen != 16 && keyLen != 24 & keyLen != 32) { +- throw new InvalidKeyException("Key size is not valid. Got key length of: " + keyLen); +- } +- } else { +- if (keyLen != fixedKeySize) { +- throw new InvalidKeyException("Only " + fixedKeySize + "-byte keys are accepted. Got: " + keyLen); +- } +- } +- return keyLen; +- } +- } +- +- @Override +- protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) { +- byte[] out = new byte[getOutputSizeByOperation(inputLen, false)]; +- int n = implUpdate(input, inputOffset, inputLen, out, 0); +- if (n == 0) { +- return new byte[0]; +- } else if (out.length != n) { +- out = Arrays.copyOf(out, n); +- } +- return out; +- } +- +- @Override +- protected int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, +- int outputOffset) throws ShortBufferException { +- int min = getOutputSizeByOperation(inputLen, false); +- if (output.length - outputOffset < min) { +- throw new ShortBufferException("min" + min + "-byte buffer needed"); +- } +- return implUpdate(input, inputOffset, inputLen, output, outputOffset); +- } +- +- private int implUpdate(byte[] in, int inOfs, int inLen, byte[] output, int outOfs) { +- ensureInitialized(); +- if (inLen <= 0) { +- return 0; +- } +- int k; +- try { +- k = nativeUpdate(pCtx.ctxAddress, in, inOfs, inLen, output, outOfs); +- } catch (ArrayIndexOutOfBoundsException e) { +- reset(true); +- throw new ProviderException("Invoke nativeUpdate failed for " + cipherName, e); +- } +- bytesBuffered += (inLen - k); +- +- calledUpdate = true; +- return k; +- } +- +- protected int getOutputSizeByOperation(int inLen, boolean isDoFinal) { +- if (inLen <= 0) { +- inLen = 0; +- } +- if (!isDoFinal && inLen == 0) { +- return 0; +- } +- if (padding == Padding.NOPADDING) { +- return inLen + bytesBuffered; +- } else { +- int len = inLen + bytesBuffered; +- +- /* +- * The amount of data written may be anything from zero bytes to (inl + cipher_block_size - 1) for encrypt. +- * Refer to {@link https://www.openssl.org/docs/man1.1.0/man3/EVP_CipherUpdate.html} for details. +- */ +- len += (len % blockSize != 0 || encrypt) ? blockSize : 0; +- return len - (len % blockSize); +- } +- } +- +- @Override +- protected byte[] engineDoFinal(byte[] input, int inputOffset, +- int inputLen) throws IllegalBlockSizeException, BadPaddingException { +- byte[] out = new byte[getOutputSizeByOperation(inputLen, true)]; +- try { +- int outLen = engineDoFinal(input, inputOffset, inputLen, out, 0); +- if (out.length != outLen) { +- out = Arrays.copyOf(out, outLen); +- } +- return out; +- } catch (ShortBufferException e) { +- throw new ProviderException(e); +- } +- } +- +- @Override +- protected int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, +- int outputOffset) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException { +- int outLen = 0; +- int min = getOutputSizeByOperation(inputLen, true); +- if (output.length - outputOffset < min) { +- throw new ShortBufferException("min" + min + "-byte buffer needed"); +- } +- if (inputLen > 0) { +- outLen = implUpdate(input, inputOffset, inputLen, output, outputOffset); +- outputOffset += outLen; +- } +- outLen += implDoFinal(output, outputOffset); +- return outLen; +- } +- +- @Override +- protected byte[] engineWrap(Key key) throws IllegalBlockSizeException, InvalidKeyException { +- byte[] res = null; +- try { +- byte[] encodedKey = key.getEncoded(); +- if (encodedKey == null || encodedKey.length == 0) { +- throw new InvalidKeyException("Cannot get an encoding of the key to be wrapped"); +- } +- res = engineDoFinal(encodedKey, 0, encodedKey.length); +- } catch (BadPaddingException e) { +- // Should never happen +- } +- return res; +- } +- +- @Override +- protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, +- int wrappedKeyType) throws InvalidKeyException, NoSuchAlgorithmException { +- byte[] encodedKey; +- try { +- encodedKey = engineDoFinal(wrappedKey, 0, wrappedKey.length); +- } catch (IllegalBlockSizeException | BadPaddingException e) { +- throw (InvalidKeyException) (new InvalidKeyException()).initCause(e); +- } +- return constructKey(wrappedKeyType, encodedKey, wrappedKeyAlgorithm); +- } +- +- private int implDoFinal(byte[] out, int outOfs) { +- +- if (!encrypt && !calledUpdate) { +- return 0; +- } +- ensureInitialized(); +- +- int outLen; +- try { +- outLen = nativeFinal(pCtx.ctxAddress, out, outOfs); +- } catch (ArrayIndexOutOfBoundsException | BadPaddingException e) { +- throw new ProviderException("Invoke nativeFinal failed for " + cipherName, e); +- } finally { +- reset(true); +- } +- +- return outLen; +- } +- +- protected void reset(boolean doCancel) { +- initialized = false; +- bytesBuffered = 0; +- calledUpdate = false; +- if (pCtx != null) { +- pCtx.dispose(doCancel); +- pCtx = null; +- } +- } +- +- protected native static long nativeInit(String cipherType, boolean encrypt, byte[] key, byte[] iv, boolean padding) throws RuntimeException; +- +- protected native static int nativeUpdate(long pContext, byte[] in, int inOfs, int inLen, byte[] out, +- int outOfs) throws ArrayIndexOutOfBoundsException; +- +- protected native static int nativeFinal(long pContext, byte[] out, +- int outOfs) throws ArrayIndexOutOfBoundsException, BadPaddingException; +- +- protected native static void nativeFree(long pContext); +- +- protected void ensureInitialized() { +- if (!initialized) { +- reset(true); +- long pCtxVal = nativeInit(cipherName, encrypt, keyValue, iv, padding == Padding.PKCS5PADDING); +- initialized = (pCtxVal != 0L); +- if (initialized) { +- pCtx = new CipherContextRef(this, pCtxVal); +- } else { +- throw new RuntimeException("Cannot initialize Cipher"); +- } ++ protected void checkIvBytes(byte[] ivBytes) throws InvalidAlgorithmParameterException { ++ if ((ivBytes == null) || (ivBytes.length != blockSize)) { ++ throw new InvalidAlgorithmParameterException("Wrong IV length: must be " + blockSize + " bytes long."); + } + } + } +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEDHKeyAgreement.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEDHKeyAgreement.java +new file mode 100644 +index 00000000..6986d254 +--- /dev/null ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEDHKeyAgreement.java +@@ -0,0 +1,289 @@ ++/* ++ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package org.openeuler.security.openssl; ++ ++import sun.security.util.KeyUtil; ++import java.math.BigInteger; ++import java.security.KeyFactory; ++import java.security.InvalidKeyException; ++import java.security.SecureRandom; ++import java.security.Key; ++import java.security.InvalidAlgorithmParameterException; ++import java.security.NoSuchAlgorithmException; ++import java.security.AlgorithmParameterGeneratorSpi; ++import java.security.AccessController; ++import java.security.ProviderException; ++import java.security.PrivilegedAction; ++import java.security.spec.InvalidKeySpecException; ++import java.security.spec.AlgorithmParameterSpec; ++import javax.crypto.KeyAgreementSpi; ++import javax.crypto.SecretKey; ++import javax.crypto.ShortBufferException; ++import javax.crypto.interfaces.DHPrivateKey; ++import javax.crypto.interfaces.DHPublicKey; ++import javax.crypto.spec.DHParameterSpec; ++import javax.crypto.spec.SecretKeySpec; ++import javax.crypto.spec.DHPublicKeySpec; ++import javax.crypto.SecretKeyFactory; ++import javax.crypto.spec.DESedeKeySpec; ++import javax.crypto.spec.DESKeySpec; ++ ++public class KAEDHKeyAgreement extends KeyAgreementSpi { ++ private boolean generateSecret = false; ++ private BigInteger p; ++ private BigInteger g; ++ private BigInteger x; ++ private BigInteger y; ++ static final int[] AES_KEYSIZES = {16, 24, 32}; ++ static final int BLOWFISH_MAX_KEYSIZE = 56; ++ ++ private static class AllowKDF { ++ private static final boolean VALUE = getValue(); ++ ++ private static boolean getValue() { ++ return AccessController.doPrivileged( ++ (PrivilegedAction) ++ () -> Boolean.getBoolean("jdk.crypto.KeyAgreement.legacyKDF")); ++ } ++ } ++ ++ public KAEDHKeyAgreement() { ++ } ++ ++ @Override ++ protected void engineInit(Key key, SecureRandom random) throws InvalidKeyException { ++ try { ++ engineInit(key, null, random); ++ } catch (InvalidAlgorithmParameterException e) { ++ // never happens, because we did not pass any parameters ++ } ++ } ++ ++ @Override ++ protected void engineInit(Key key, AlgorithmParameterSpec params, ++ SecureRandom random) ++ throws InvalidKeyException, InvalidAlgorithmParameterException { ++ ++ // ignore "random" parameter, because our implementation does not ++ // require any source of randomness ++ generateSecret = false; ++ p = null; ++ g = null; ++ ++ if ((params != null) && !(params instanceof DHParameterSpec)) { ++ throw new InvalidAlgorithmParameterException("Diffie-Hellman parameters expected"); ++ } ++ ++ if (!(key instanceof DHPrivateKey)) { ++ throw new InvalidKeyException("Diffie-Hellman private key expected"); ++ } ++ ++ DHPrivateKey privateKey = (DHPrivateKey) key; ++ ++ // check if private key parameters are compatible with ++ // initialized ones ++ if (params != null) { ++ p = ((DHParameterSpec) params).getP(); ++ g = ((DHParameterSpec) params).getG(); ++ } ++ ++ BigInteger priv_p = privateKey.getParams().getP(); ++ BigInteger priv_g = privateKey.getParams().getG(); ++ if (p != null && priv_p != null && !(p.equals(priv_p))) { ++ throw new InvalidKeyException("Incompatible parameters"); ++ } ++ if (g != null && priv_g != null && !(g.equals(priv_g))) { ++ throw new InvalidKeyException("Incompatible parameters"); ++ } ++ if ((p == null && priv_p == null) || ++ (g == null) && priv_g == null) { ++ throw new InvalidKeyException("Missing parameters"); ++ } ++ p = priv_p; ++ g = priv_g; ++ ++ // store the x value ++ x = privateKey.getX(); ++ } ++ ++ @Override ++ protected Key engineDoPhase(Key key, boolean lastPhase) ++ throws InvalidKeyException, IllegalStateException { ++ if (!(key instanceof DHPublicKey)) { ++ throw new InvalidKeyException("Diffie-Hellman public " ++ + "expected"); ++ } ++ DHPublicKey publicKey = (DHPublicKey) key; ++ if (p == null || g == null) { ++ throw new IllegalStateException("Not initialized"); ++ } ++ BigInteger pub_p = publicKey.getParams().getP(); ++ BigInteger pub_g = publicKey.getParams().getG(); ++ if (pub_p != null && !(p.equals(pub_p))) { ++ throw new InvalidKeyException("Incompatible parameters"); ++ } ++ if (pub_g != null && !(g.equals(pub_g))) { ++ throw new InvalidKeyException("Incompatible parameters"); ++ } ++ KeyUtil.validate(publicKey); ++ y = publicKey.getY(); ++ generateSecret = true; ++ if (lastPhase == false) { ++ byte[] intermediate = engineGenerateSecret(); ++ try { ++ KeyFactory fk = KeyFactory.getInstance("DH"); ++ DHPublicKey newPublicKey = (DHPublicKey) fk.generatePublic( ++ new DHPublicKeySpec(new BigInteger(1, intermediate), p, g)); ++ return newPublicKey; ++ } catch (NoSuchAlgorithmException noalg) { ++ throw new ProviderException(noalg); ++ } catch (InvalidKeySpecException ikse) { ++ throw new ProviderException(ikse); ++ } ++ } else { ++ return null; ++ } ++ } ++ ++ @Override ++ protected byte[] engineGenerateSecret() ++ throws IllegalStateException { ++ int expectedLen = (p.bitLength() + 7) >>> 3; ++ byte[] result = new byte[expectedLen]; ++ try { ++ engineGenerateSecret(result, 0); ++ } catch (ShortBufferException shortBufferException) { ++ // should never happen since length are identical ++ } ++ return result; ++ } ++ ++ @Override ++ protected int engineGenerateSecret(byte[] sharedSecret, int offset) ++ throws IllegalStateException, ShortBufferException { ++ if (!generateSecret) { ++ throw new IllegalStateException("Key agreement has not bee complated yet"); ++ } ++ if (sharedSecret == null) { ++ throw new ShortBufferException("No buffer provided for shared secret"); ++ } ++ BigInteger modulus = p; ++ int expectedLen = (modulus.bitLength() + 7) >>> 3; ++ if ((sharedSecret.length - offset) < expectedLen) { ++ throw new ShortBufferException("Buffer too short for shared secret"); ++ } ++ generateSecret = false; ++ byte[] secret = nativeComputeKey(y.toByteArray(), x.toByteArray(), ++ p.toByteArray(), g.toByteArray(), modulus.bitLength()); ++ ++ if (secret.length == expectedLen) { ++ System.arraycopy(secret, 0, sharedSecret, offset, ++ secret.length); ++ } else { ++ // Array too short, pad it w/ leading 0s ++ if (secret.length < expectedLen) { ++ System.arraycopy(secret, 0, sharedSecret, ++ offset + (expectedLen - secret.length), ++ secret.length); ++ } else { ++ // Array too long, check and trim off the excess ++ if ((secret.length == (expectedLen + 1)) && secret[0] == 0) { ++ // ignore the leading sign byte ++ System.arraycopy(secret, 1, sharedSecret, offset, expectedLen); ++ } else { ++ throw new ProviderException("Generated secret is out-of-range"); ++ } ++ } ++ } ++ ++ return expectedLen; ++ } ++ ++ @Override ++ protected SecretKey engineGenerateSecret(String algorithm) ++ throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException { ++ if (algorithm == null) { ++ throw new NoSuchAlgorithmException("null algorithm"); ++ } ++ ++ if (!algorithm.equalsIgnoreCase("TlsPremasterSecret") && ++ !AllowKDF.VALUE) { ++ ++ throw new NoSuchAlgorithmException("Unsupported secret key " ++ + "algorithm: " + algorithm); ++ } ++ ++ byte[] secret = engineGenerateSecret(); ++ if (algorithm.equalsIgnoreCase("DES")) { ++ // DES ++ try { ++ SecretKeyFactory factory = SecretKeyFactory.getInstance("DES"); ++ return factory.generateSecret(new DESKeySpec(secret)); ++ } catch (InvalidKeySpecException e) { ++ throw new ProviderException("Generate DES Secret failed.", e); ++ } ++ } else if (algorithm.equalsIgnoreCase("DESede") ++ || algorithm.equalsIgnoreCase("TripleDES")) { ++ // Triple DES ++ try { ++ SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede"); ++ return factory.generateSecret(new DESedeKeySpec(secret)); ++ } catch (InvalidKeySpecException e) { ++ throw new ProviderException("Generate DESede Secret failed.", e); ++ } ++ } else if (algorithm.equalsIgnoreCase("Blowfish")) { ++ // Blowfish ++ int keysize = secret.length; ++ if (keysize >= BLOWFISH_MAX_KEYSIZE) ++ keysize = BLOWFISH_MAX_KEYSIZE; ++ return new SecretKeySpec(secret, 0, keysize, "Blowfish"); ++ } else if (algorithm.equalsIgnoreCase("AES")) { ++ int idx = AES_KEYSIZES.length - 1; ++ int keysize = secret.length; ++ SecretKeySpec secretKey = null; ++ while (secretKey == null && idx >= 0) { ++ if (keysize >= AES_KEYSIZES[idx]) { ++ keysize = AES_KEYSIZES[idx]; ++ secretKey = new SecretKeySpec(secret, 0, keysize, "AES"); ++ } ++ idx--; ++ } ++ if (secretKey == null) { ++ throw new InvalidKeyException("Key material is too short"); ++ } ++ return secretKey; ++ } else if (algorithm.equals("TlsPremasterSecret")) { ++ // remove leading zero bytes per RFC 5246 Section 8.1.2 ++ return new SecretKeySpec( ++ KeyUtil.trimZeroes(secret), "TlsPremasterSecret"); ++ } else { ++ throw new NoSuchAlgorithmException("Unsupported secret key " ++ + "algorithm: " + algorithm); ++ } ++ } ++ protected native byte[] nativeComputeKey(byte[] y, byte[] x, byte[] p, byte[] g, int pSize); ++} +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java +new file mode 100644 +index 00000000..429c65fc +--- /dev/null ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java +@@ -0,0 +1,166 @@ ++/* ++ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package org.openeuler.security.openssl; ++ ++import java.math.BigInteger; ++import java.util.Map; ++import java.util.concurrent.ConcurrentHashMap; ++import java.security.spec.AlgorithmParameterSpec; ++import java.security.KeyPairGeneratorSpi; ++import java.security.SecureRandom; ++import java.security.InvalidAlgorithmParameterException; ++import java.security.KeyPair; ++import java.security.Key; ++import java.security.NoSuchAlgorithmException; ++import java.security.InvalidParameterException; ++import java.security.GeneralSecurityException; ++import java.security.ProviderException; ++import java.security.KeyFactory; ++import java.security.spec.InvalidKeySpecException; ++import sun.security.jca.JCAUtil; ++import sun.security.provider.ParameterCache; ++import javax.crypto.spec.DHPublicKeySpec; ++import javax.crypto.spec.DHPrivateKeySpec; ++import javax.crypto.spec.DHParameterSpec; ++import javax.crypto.interfaces.DHPublicKey; ++import javax.crypto.interfaces.DHPrivateKey; ++ ++import static sun.security.util.SecurityProviderConstants.DEF_DH_KEY_SIZE; ++ ++public class KAEDHKeyPairGenerator ++ extends KeyPairGeneratorSpi { ++ private DHParameterSpec parameterSpec; ++ // The size in bits of the random exponent (private value) ++ private int pSize; ++ // The size in bits of the random exponent (private value) ++ private int lSize; ++ private SecureRandom random; ++ ++ public KAEDHKeyPairGenerator() { ++ super(); ++ initialize(DEF_DH_KEY_SIZE, null); ++ } ++ ++ private static void checkKeySize(int keySize) { ++ if ((keySize < 512) || (keySize > 8192) || ((keySize & 0x3F) != 0)) { ++ throw new InvalidParameterException( ++ "DH key size must be multiple of 64, and can only range " + ++ "from 512 to 8192(inclusize). " + ++ "The specific key size " + keySize + " is not supported"); ++ } ++ } ++ @Override ++ public void initialize(AlgorithmParameterSpec params, SecureRandom random) ++ throws InvalidAlgorithmParameterException { ++ ++ if (!(params instanceof DHParameterSpec)){ ++ throw new InvalidAlgorithmParameterException ++ ("Inappropriate parameter type"); ++ } ++ ++ parameterSpec = (DHParameterSpec) params; ++ pSize = parameterSpec.getP().bitLength(); ++ ++ try { ++ checkKeySize(pSize); ++ } catch (InvalidParameterException e) { ++ throw new InvalidAlgorithmParameterException(e.getMessage()); ++ } ++ ++ // exponent size is optional, could be 0 ++ lSize = parameterSpec.getL(); ++ ++ // Require exponentSize < primeSize ++ if ((lSize != 0) && (lSize > pSize)) { ++ throw new InvalidAlgorithmParameterException ++ ("Exponent size must not be larger than modulus size"); ++ } ++ ++ this.random = random; ++ } ++ ++ @Override ++ public void initialize(int keysize, SecureRandom random) { ++ checkKeySize(keysize); ++ this.parameterSpec = ParameterCache.getCachedDHParameterSpec(keysize); ++ if ((this.parameterSpec == null) && (keysize > 1024)) { ++ throw new InvalidParameterException("Unsupported " + keysize + "-bit DH parameter generation."); ++ } ++ this.pSize = keysize; ++ this.lSize = 0; ++ this.random = random; ++ } ++ ++ @Override ++ public KeyPair generateKeyPair() { ++ ++ if (random == null) { ++ random = JCAUtil.getSecureRandom(); ++ } ++ ++ if (parameterSpec == null) { ++ try { ++ parameterSpec = ParameterCache.getDHParameterSpec(pSize, random); ++ } catch (GeneralSecurityException e) { ++ // should never happen ++ throw new ProviderException(e); ++ } ++ } ++ ++ BigInteger p = parameterSpec.getP(); ++ BigInteger g = parameterSpec.getG(); ++ ++ if (lSize <= 0) { ++ lSize = pSize >> 1; ++ // use an exponent size of (pSize / 2) but at least 384 bits ++ if (lSize < 384) { ++ lSize = 384; ++ } ++ } ++ byte[][] keys; ++ try { ++ keys = nativeGenerateKeyPair(p.toByteArray(), g.toByteArray(), lSize); ++ } catch (Exception e){ ++ throw new ProviderException("Invoke nativeGenerateKeyPair failed.", e); ++ } ++ ++ BigInteger pubKey = new BigInteger(keys[0]); ++ BigInteger priKey = new BigInteger(keys[1]); ++ ++ try{ ++ KeyFactory fk = KeyFactory.getInstance("DH"); ++ DHPublicKey publicKey = (DHPublicKey)fk.generatePublic(new DHPublicKeySpec(pubKey, p , g)); ++ DHPrivateKey privateKey = (DHPrivateKey)fk.generatePrivate(new DHPrivateKeySpec(priKey, p, g)); ++ return new KeyPair(publicKey, privateKey); ++ } catch (NoSuchAlgorithmException noalg) { ++ throw new ProviderException(noalg); ++ } catch (InvalidKeySpecException ikse) { ++ throw new ProviderException(ikse); ++ } ++ } ++ protected native static byte[][] nativeGenerateKeyPair(byte[] p, byte[] g, int lSize); ++} +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEECDHKeyAgreement.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEECDHKeyAgreement.java +new file mode 100644 +index 00000000..ac05e6d5 +--- /dev/null ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEECDHKeyAgreement.java +@@ -0,0 +1,146 @@ ++/* ++ * Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package org.openeuler.security.openssl; ++ ++import sun.security.ec.ECKeyFactory; ++ ++import java.math.BigInteger; ++import java.security.InvalidAlgorithmParameterException; ++import java.security.InvalidParameterException; ++import java.security.InvalidKeyException; ++import java.security.Key; ++import java.security.NoSuchAlgorithmException; ++import java.security.PrivateKey; ++import java.security.SecureRandom; ++import java.security.interfaces.ECPrivateKey; ++import java.security.interfaces.ECPublicKey; ++import java.security.spec.AlgorithmParameterSpec; ++import java.security.spec.ECParameterSpec; ++import java.security.spec.ECPoint; ++import javax.crypto.KeyAgreementSpi; ++import javax.crypto.SecretKey; ++import javax.crypto.ShortBufferException; ++import javax.crypto.spec.SecretKeySpec; ++ ++public class KAEECDHKeyAgreement extends KeyAgreementSpi { ++ private ECPrivateKey privateKey; ++ private ECPublicKey publicKey; ++ ++ // Length of the secret to be derived. ++ private int expectedSecretLen; ++ private String curveName; ++ ++ @Override ++ protected void engineInit(Key key, SecureRandom random) throws InvalidKeyException { ++ if (!(key instanceof PrivateKey)) { ++ throw new InvalidKeyException("Key must be instance of PrivateKey"); ++ } ++ privateKey = (ECPrivateKey) ECKeyFactory.toECKey(key); ++ publicKey = null; ++ } ++ ++ @Override ++ protected void engineInit(Key key, AlgorithmParameterSpec params, SecureRandom random) ++ throws InvalidKeyException, InvalidAlgorithmParameterException { ++ if (params != null) { ++ throw new InvalidAlgorithmParameterException("Parameters not supported"); ++ } ++ engineInit(key, random); ++ } ++ ++ @Override ++ protected Key engineDoPhase(Key key, boolean lastPhase) throws InvalidKeyException, IllegalStateException { ++ if (privateKey == null) { ++ throw new IllegalStateException("Not initialized"); ++ } ++ if (publicKey != null) { ++ throw new IllegalStateException("Phase already executed"); ++ } ++ if (!lastPhase) { ++ throw new IllegalStateException ++ ("Only two party agreement supported, lastPhase must be true"); ++ } ++ if (!(key instanceof ECPublicKey)) { ++ throw new InvalidKeyException ++ ("Key must be a PublicKey with algorithm EC"); ++ } ++ ++ publicKey = (ECPublicKey) key; ++ ECParameterSpec params = publicKey.getParams(); ++ int keyLenBits = params.getCurve().getField().getFieldSize(); ++ // Bits to bytes. ++ expectedSecretLen = (keyLenBits + 7) >> 3; ++ ++ curveName = KAEUtils.getCurveBySize(keyLenBits); ++ if (curveName == null) { ++ throw new InvalidParameterException("unknown keyLenBits" + keyLenBits); ++ } ++ if (KAEUtils.getCurveByAlias(curveName) != null) { ++ curveName = KAEUtils.getCurveByAlias(curveName); ++ } ++ return null; ++ } ++ ++ @Override ++ protected byte[] engineGenerateSecret() throws IllegalStateException { ++ if ((privateKey == null) || (publicKey == null)) { ++ throw new IllegalStateException("Not initialized correctly"); ++ } ++ ECPoint w = publicKey.getW(); ++ BigInteger wX = w.getAffineX(); ++ BigInteger wY = w.getAffineY(); ++ ++ BigInteger s = privateKey.getS(); ++ byte[] secret = nativeGenerateSecret(curveName, wX.toByteArray(), wY.toByteArray(), s.toByteArray()); ++ if (secret == null || secret.length != expectedSecretLen) { ++ throw new RuntimeException("nativeGenerateSecret error. Expected: " + expectedSecretLen + ", actual: " + (secret == null ? "null" : secret.length)); ++ } ++ return secret; ++ } ++ ++ @Override ++ protected int engineGenerateSecret(byte[] sharedSecret, int offset) throws IllegalStateException, ShortBufferException { ++ if (offset + expectedSecretLen > sharedSecret.length) { ++ throw new ShortBufferException("Need " + expectedSecretLen + ++ " bytes, only " + (sharedSecret.length - offset) + "available"); ++ } ++ byte[] secret = engineGenerateSecret(); ++ System.arraycopy(secret, 0, sharedSecret, offset, secret.length); ++ return secret.length; ++ } ++ ++ @Override ++ protected SecretKey engineGenerateSecret(String algorithm) throws IllegalStateException, ++ NoSuchAlgorithmException, InvalidKeyException { ++ if (algorithm == null) { ++ throw new NoSuchAlgorithmException("Algorithm must not be null"); ++ } ++ return new SecretKeySpec(engineGenerateSecret(), algorithm); ++ } ++ ++ protected static native byte[] nativeGenerateSecret(String curveName, byte[] wX, byte[] wY, byte[] s); ++} +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java +new file mode 100644 +index 00000000..5f0c4db0 +--- /dev/null ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java +@@ -0,0 +1,143 @@ ++/* ++ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package org.openeuler.security.openssl; ++ ++import sun.security.ec.ECPrivateKeyImpl; ++import sun.security.ec.ECPublicKeyImpl; ++ ++import java.math.BigInteger; ++import java.security.InvalidAlgorithmParameterException; ++import java.security.InvalidParameterException; ++import java.security.InvalidKeyException; ++import java.security.KeyPair; ++import java.security.KeyPairGeneratorSpi; ++import java.security.ProviderException; ++import java.security.SecureRandom; ++import java.security.spec.AlgorithmParameterSpec; ++import java.security.spec.ECFieldFp; ++import java.security.spec.ECField; ++import java.security.spec.ECGenParameterSpec; ++import java.security.spec.ECParameterSpec; ++import java.security.spec.ECPoint; ++import java.security.spec.EllipticCurve; ++import java.util.HashMap; ++import java.util.Map; ++ ++public class KAEECKeyPairGenerator extends KeyPairGeneratorSpi { ++ private ECParameterSpec param = null; ++ private final int defaultKeySize = 256; ++ ++ @Override ++ public void initialize(int keysize, SecureRandom random) { ++ String curveName = KAEUtils.getCurveBySize(keysize); ++ if (curveName == null) { ++ throw new InvalidParameterException("unknown key size " + keysize); ++ } ++ if (KAEUtils.getCurveByAlias(curveName) != null) { ++ curveName = KAEUtils.getCurveByAlias(curveName); ++ } ++ this.param = getParamsByCurve(curveName); ++ } ++ ++ private ECParameterSpec getParamsByCurve(String curveName) { ++ byte[][] params = nativeGenerateParam(curveName); ++ if (params == null) { ++ throw new InvalidParameterException("unknown curve " + curveName); ++ } ++ BigInteger p = new BigInteger(params[0]); ++ BigInteger a = new BigInteger(params[1]); ++ BigInteger b = new BigInteger(params[2]); ++ BigInteger x = new BigInteger(params[3]); ++ BigInteger y = new BigInteger(params[4]); ++ BigInteger order = new BigInteger(params[5]); ++ BigInteger cofactor = new BigInteger(params[6]); ++ ECField field = new ECFieldFp(p); ++ EllipticCurve curve = new EllipticCurve(field, a, b); ++ ECPoint g = new ECPoint(x, y); ++ ECParameterSpec spec = new ECParameterSpec(curve, g, order, cofactor.intValue()); ++ return spec; ++ } ++ ++ @Override ++ public void initialize(AlgorithmParameterSpec param, SecureRandom random) throws InvalidAlgorithmParameterException { ++ if (param instanceof ECParameterSpec) { ++ this.param = (ECParameterSpec) param; ++ } else if (param instanceof ECGenParameterSpec) { ++ ECGenParameterSpec ecParam = (ECGenParameterSpec)param; ++ String curveName = ecParam.getName(); ++ if (KAEUtils.getCurveByAlias(curveName) != null) { ++ curveName = KAEUtils.getCurveByAlias(curveName); ++ } ++ this.param = getParamsByCurve(curveName); ++ } else { ++ throw new InvalidAlgorithmParameterException("ECParameterSpec or ECGenParameterSpec for EC"); ++ } ++ } ++ ++ @Override ++ public KeyPair generateKeyPair() { ++ if (param == null) { ++ String curveName = KAEUtils.getCurveBySize(defaultKeySize); ++ param = getParamsByCurve(curveName); ++ } ++ EllipticCurve curve = param.getCurve(); ++ ECFieldFp field = (ECFieldFp) curve.getField(); ++ BigInteger p = field.getP(); ++ BigInteger a = curve.getA(); ++ BigInteger b = curve.getB(); ++ ECPoint generator = param.getGenerator(); ++ BigInteger x = generator.getAffineX(); ++ BigInteger y = generator.getAffineY(); ++ BigInteger order = param.getOrder(); ++ int cofactor = param.getCofactor(); ++ ++ byte[][] keys = nativeGenerateKeyPair(p.toByteArray(), a.toByteArray(), ++ b.toByteArray(), x.toByteArray(), y.toByteArray(), order.toByteArray(), cofactor); ++ if (keys == null) { ++ throw new RuntimeException("nativeGenerateKeyPair failed"); ++ } ++ BigInteger wX = new BigInteger(keys[0]); ++ BigInteger wY = new BigInteger(keys[1]); ++ BigInteger s = new BigInteger(keys[2]); ++ ECPoint w = new ECPoint(wX, wY); ++ ++ ECPrivateKeyImpl privateKey = null; ++ ECPublicKeyImpl publicKey = null; ++ try { ++ publicKey = new ECPublicKeyImpl(w, param); ++ privateKey = new ECPrivateKeyImpl(s, param); ++ } catch (InvalidKeyException e) { ++ throw new ProviderException(e); ++ } ++ return new KeyPair(publicKey, privateKey); ++ } ++ ++ protected static native byte[][] nativeGenerateParam(String curveName); ++ ++ protected static native byte[][] nativeGenerateKeyPair(byte[] p, byte[] a, byte[] b, byte[] x, byte[] y, ++ byte[] order, int cofactor); ++} +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEMac.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEHMac.java +similarity index 90% +rename from jdk/src/solaris/classes/org/openeuler/security/openssl/KAEMac.java +rename to jdk/src/solaris/classes/org/openeuler/security/openssl/KAEHMac.java +index 54c5cbdf..ce6b608e 100644 +--- a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEMac.java ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEHMac.java +@@ -34,12 +34,12 @@ import java.security.spec.AlgorithmParameterSpec; + import java.util.Set; + import java.util.concurrent.ConcurrentSkipListSet; + +-public abstract class KAEMac extends MacSpi implements Cloneable { ++public abstract class KAEHMac extends MacSpi { + + private final String algorithm; + + /** +- * The secret key used in this keyed MAC. ++ * The secret key used in this keyed HMAC. + */ + private byte[] keyBytes; + +@@ -55,22 +55,22 @@ public abstract class KAEMac extends MacSpi implements Cloneable { + + private HmacContextRef contextRef = null; + +- private KAEMac(String algo, int size) { ++ private KAEHMac(String algo, int size) { + this.algorithm = algo; + this.digestSize = size; + } + +- private static class HmacContextRef extends PhantomReference ++ private static class HmacContextRef extends PhantomReference + implements Comparable { + +- private static ReferenceQueue referenceQueue = new ReferenceQueue<>(); ++ private static ReferenceQueue referenceQueue = new ReferenceQueue<>(); + private static Set referenceList = new ConcurrentSkipListSet<>(); + private static boolean disableKaeDispose = Boolean.getBoolean("kae.disableKaeDispose"); + + private final long address; + +- HmacContextRef(KAEMac kaeMac, long address) { +- super(kaeMac, referenceQueue); ++ HmacContextRef(KAEHMac kaeHMac, long address) { ++ super(kaeHMac, referenceQueue); + this.address = address; + if (!disableKaeDispose) { + referenceList.add(this); +@@ -187,32 +187,32 @@ public abstract class KAEMac extends MacSpi implements Cloneable { + } + } + +- public static final class HmacMD5 extends KAEMac { ++ public static final class HmacMD5 extends KAEHMac { + public HmacMD5() { + super("MD5", 16); + } + } +- public static final class HmacSHA1 extends KAEMac { ++ public static final class HmacSHA1 extends KAEHMac { + public HmacSHA1() { + super("SHA1", 20); + } + } +- public static final class HmacSHA224 extends KAEMac { ++ public static final class HmacSHA224 extends KAEHMac { + public HmacSHA224() throws NoSuchAlgorithmException { + super("SHA224", 28); + } + } +- public static final class HmacSHA256 extends KAEMac { ++ public static final class HmacSHA256 extends KAEHMac { + public HmacSHA256() throws NoSuchAlgorithmException { + super("SHA256", 32); + } + } +- public static final class HmacSHA384 extends KAEMac { ++ public static final class HmacSHA384 extends KAEHMac { + public HmacSHA384() throws NoSuchAlgorithmException { + super("SHA384", 48); + } + } +- public static final class HmacSHA512 extends KAEMac { ++ public static final class HmacSHA512 extends KAEHMac { + public HmacSHA512() throws NoSuchAlgorithmException { + super("SHA512", 64); + } +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEProvider.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEProvider.java +index fb84b768..419a8744 100644 +--- a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEProvider.java ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEProvider.java +@@ -25,13 +25,17 @@ + package org.openeuler.security.openssl; + + import java.io.BufferedWriter; ++import java.io.BufferedInputStream; + import java.io.File; ++import java.io.FileInputStream; ++import java.io.InputStream; + import java.io.IOException; + import java.nio.file.Files; + import java.nio.file.Path; + import java.nio.file.Paths; + import java.nio.file.StandardOpenOption; + import java.util.Date; ++import java.util.Properties; + import java.security.Provider; + + /** +@@ -79,8 +83,63 @@ public class KAEProvider extends Provider { + KAEProvider.excp = null; // Exception already logged, clean it. + } + +- private void putCipherAES() { +- final String blockModes = "ECB|CBC|CTR"; ++ private Properties getProp() { ++ Properties props = new Properties(); ++ String sep = File.separator; ++ File propFile = new File(System.getProperty("java.home") + sep + "lib" + sep + ++ "ext" + sep + "kaeprovider.conf"); ++ if (propFile.exists()) { ++ try (InputStream is = new BufferedInputStream(new FileInputStream(propFile))) { ++ props.load(is); ++ } catch (IOException e) { ++ e.printStackTrace(); ++ } ++ } ++ return props; ++ } ++ ++ public KAEProvider() { ++ super("KAEProvider", 1.8d, "KAE provider"); ++ if (needLog) { ++ logStart(excp); ++ needLog = false; // Log only once ++ } ++ Properties props = getProp(); ++ if (!"false".equalsIgnoreCase(props.getProperty("kae.md5"))) { ++ putMD5(); ++ } ++ if (!"false".equalsIgnoreCase(props.getProperty("kae.sha256"))) { ++ putSHA256(); ++ } ++ if (!"false".equalsIgnoreCase(props.getProperty("kae.sha384"))) { ++ putSHA384(); ++ } ++ if (!"false".equalsIgnoreCase(props.getProperty("kae.sm3"))) { ++ putSM3(); ++ } ++ if (!"false".equalsIgnoreCase(props.getProperty("kae.aes"))) { ++ putAES(); ++ } ++ if (!"false".equalsIgnoreCase(props.getProperty("kae.sm4"))) { ++ putSM4(); ++ } ++ if (!"false".equalsIgnoreCase(props.getProperty("kae.hmac"))) { ++ putHMAC(); ++ } ++ if (!"false".equalsIgnoreCase(props.getProperty("kae.rsa"))) { ++ putRSA(); ++ putSignatureRSA(); ++ } ++ if (!"false".equalsIgnoreCase(props.getProperty("kae.dh"))) { ++ putDH(); ++ } ++ if (!"false".equalsIgnoreCase(props.getProperty("kae.ec"))) { ++ putEC(); ++ } ++ } ++ ++ private void putAES() { ++ final String blockModes = "ECB|CBC|CTR|GCM"; + final String blockPads = "NOPADDING|PKCS5PADDING"; + + put("Cipher.AES SupportedModes", blockModes); +@@ -94,6 +153,8 @@ public class KAEProvider extends Provider { + put("Cipher.AES/ECB/PKCS5Padding", "org.openeuler.security.openssl.KAEAESCipher$Aes$Ecb$PKCS5Padding"); + put("Alg.Alias.Cipher.AES/ECB/PKCS7Padding", "AES/ECB/PKCS5Padding"); + put("Cipher.AES/CTR/NoPadding", "org.openeuler.security.openssl.KAEAESCipher$Aes$Ctr$NoPadding"); ++ put("Cipher.AES/GCM/NoPadding", "org.openeuler.security.openssl.KAEAESCipher$Aes$Gcm$NoPadding"); ++ put("Alg.Alias.Cipher.AES/GCM/PKCS5Padding", "AES/GCM/NoPadding"); // PKCS5Padding -> noPadding + + put("Cipher.AES_128/CBC/PKCS5Padding", "org.openeuler.security.openssl.KAEAESCipher$Aes_128$Cbc$PKCS5Padding"); + put("Cipher.AES_128/CBC/NoPadding", "org.openeuler.security.openssl.KAEAESCipher$Aes_128$Cbc$NoPadding"); +@@ -102,6 +163,8 @@ public class KAEProvider extends Provider { + put("Cipher.AES_128/ECB/PKCS5Padding", "org.openeuler.security.openssl.KAEAESCipher$Aes_128$Ecb$PKCS5Padding"); + put("Alg.Alias.Cipher.AES_128/ECB/PKCS7Padding", "AES_128/ECB/PKCS5Padding"); + put("Cipher.AES_128/CTR/NoPadding", "org.openeuler.security.openssl.KAEAESCipher$Aes_128$Ctr$NoPadding"); ++ put("Cipher.AES_128/GCM/NoPadding", "org.openeuler.security.openssl.KAEAESCipher$Aes_128$Gcm$NoPadding"); ++ put("Alg.Alias.Cipher.AES_128/GCM/PKCS5Padding", "AES/GCM/NoPadding"); + + put("Cipher.AES_192/CBC/PKCS5Padding", "org.openeuler.security.openssl.KAEAESCipher$Aes_192$Cbc$PKCS5Padding"); + put("Cipher.AES_192/CBC/NoPadding", "org.openeuler.security.openssl.KAEAESCipher$Aes_192$Cbc$NoPadding"); +@@ -110,6 +173,8 @@ public class KAEProvider extends Provider { + put("Cipher.AES_192/ECB/PKCS5Padding", "org.openeuler.security.openssl.KAEAESCipher$Aes_192$Ecb$PKCS5Padding"); + put("Alg.Alias.Cipher.AES_192/ECB/PKCS7Padding", "AES_192/ECB/PKCS5Padding"); + put("Cipher.AES_192/CTR/NoPadding", "org.openeuler.security.openssl.KAEAESCipher$Aes_192$Ctr$NoPadding"); ++ put("Cipher.AES_192/GCM/NoPadding", "org.openeuler.security.openssl.KAEAESCipher$Aes_192$Gcm$NoPadding"); ++ put("Alg.Alias.Cipher.AES_192/GCM/PKCS5Padding", "AES/GCM/NoPadding"); + + put("Cipher.AES_256/CBC/PKCS5Padding", "org.openeuler.security.openssl.KAEAESCipher$Aes_256$Cbc$PKCS5Padding"); + put("Cipher.AES_256/CBC/NoPadding", "org.openeuler.security.openssl.KAEAESCipher$Aes_256$Cbc$NoPadding"); +@@ -118,15 +183,50 @@ public class KAEProvider extends Provider { + put("Cipher.AES_256/ECB/PKCS5Padding", "org.openeuler.security.openssl.KAEAESCipher$Aes_256$Ecb$PKCS5Padding"); + put("Alg.Alias.Cipher.AES_256/ECB/PKCS7Padding", "AES_256/ECB/PKCS5Padding"); + put("Cipher.AES_256/CTR/NoPadding", "org.openeuler.security.openssl.KAEAESCipher$Aes_256$Ctr$NoPadding"); ++ put("Cipher.AES_256/GCM/NoPadding", "org.openeuler.security.openssl.KAEAESCipher$Aes_256$Gcm$NoPadding"); ++ put("Alg.Alias.Cipher.AES_256/GCM/PKCS5Padding", "AES/GCM/NoPadding"); + } + +- private void putMessageDigest() { ++ private void putMD5() { + put("MessageDigest.MD5", "org.openeuler.security.openssl.KAEDigest$MD5"); ++ } ++ ++ private void putSHA256() { + put("MessageDigest.SHA-256", "org.openeuler.security.openssl.KAEDigest$SHA256"); ++ } ++ ++ private void putSHA384() { + put("MessageDigest.SHA-384", "org.openeuler.security.openssl.KAEDigest$SHA384"); + } + +- private void putCipherRSA() { ++ private void putSM3() { ++ put("MessageDigest.SM3", "org.openeuler.security.openssl.KAEDigest$SM3"); ++ } ++ ++ private void putSM4() { ++ final String blockModes = "ECB|CBC|CTR|OFB"; ++ final String blockPads = "NOPADDING|PKCS5PADDING"; ++ ++ put("Cipher.SM4 SupportedModes", blockModes); ++ put("Cipher.SM4 SupportedPaddings", blockPads); ++ put("Cipher.SM4", "org.openeuler.security.openssl.KAESM4Cipher$Sm4$Ecb$PKCS5Padding"); ++ ++ put("Cipher.SM4/CBC/PKCS5Padding", "org.openeuler.security.openssl.KAESM4Cipher$Sm4$Cbc$PKCS5Padding"); ++ put("Cipher.SM4/CBC/NoPadding", "org.openeuler.security.openssl.KAESM4Cipher$Sm4$Cbc$NoPadding"); ++ put("Alg.Alias.Cipher.SM4/CBC/PKCS7Padding", "SM4/CBC/PKCS5Padding"); ++ put("Cipher.SM4/ECB/NoPadding", "org.openeuler.security.openssl.KAESM4Cipher$Sm4$Ecb$NoPadding"); ++ put("Cipher.SM4/ECB/PKCS5Padding", "org.openeuler.security.openssl.KAESM4Cipher$Sm4$Ecb$PKCS5Padding"); ++ put("Alg.Alias.Cipher.SM4/ECB/PKCS7Padding", "SM4/ECB/PKCS5Padding"); ++ put("Cipher.SM4/CTR/NoPadding", "org.openeuler.security.openssl.KAESM4Cipher$Sm4$Ctr$NoPadding"); ++ put("Cipher.SM4/OFB/NoPadding", "org.openeuler.security.openssl.KAESM4Cipher$Sm4$Ofb$NoPadding"); ++ put("Cipher.SM4/OFB/PKCS5Padding", "org.openeuler.security.openssl.KAESM4Cipher$Sm4$Ofb$PKCS5Padding"); ++ put("Alg.Alias.Cipher.SM4/OFB/PKCS7Padding", "SM4/OFB/PKCS5Padding"); ++ ++ put("KeyGenerator.SM4", "com.sun.crypto.provider.AESKeyGenerator"); ++ put("AlgorithmParameters.SM4", "com.sun.crypto.provider.AESParameters"); ++ } ++ ++ private void putRSA() { + // rsa + put("KeyPairGenerator.RSA", "org.openeuler.security.openssl.KAERSAKeyPairGenerator$Legacy"); + put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA"); +@@ -154,27 +254,78 @@ public class KAEProvider extends Provider { + "|java.security.interfaces.RSAPrivateKey"); + } + +- private void putMAC() { +- put("MAC.HmacMD5", "org.openeuler.security.openssl.KAEMac$HmacMD5"); +- put("MAC.HmacSHA1", "org.openeuler.security.openssl.KAEMac$HmacSHA1"); +- put("MAC.HmacSHA224", "org.openeuler.security.openssl.KAEMac$HmacSHA224"); +- put("MAC.HmacSHA256", "org.openeuler.security.openssl.KAEMac$HmacSHA256"); +- put("MAC.HmacSHA384", "org.openeuler.security.openssl.KAEMac$HmacSHA384"); +- put("MAC.HmacSHA512", "org.openeuler.security.openssl.KAEMac$HmacSHA512"); ++ private void putHMAC() { ++ put("MAC.HmacMD5", "org.openeuler.security.openssl.KAEHMac$HmacMD5"); ++ put("MAC.HmacSHA1", "org.openeuler.security.openssl.KAEHMac$HmacSHA1"); ++ put("MAC.HmacSHA224", "org.openeuler.security.openssl.KAEHMac$HmacSHA224"); ++ put("MAC.HmacSHA256", "org.openeuler.security.openssl.KAEHMac$HmacSHA256"); ++ put("MAC.HmacSHA384", "org.openeuler.security.openssl.KAEHMac$HmacSHA384"); ++ put("MAC.HmacSHA512", "org.openeuler.security.openssl.KAEHMac$HmacSHA512"); + } + +- public KAEProvider() { +- super("KAEProvider", 1.8d, "KAE provider"); +- if (needLog) { +- logStart(excp); +- needLog = false; // Log only once +- } +- putMessageDigest(); +- putCipherAES(); +- putMAC(); +- putCipherRSA(); ++ private void putDH() { ++ put("KeyPairGenerator.DiffieHellman", "org.openeuler.security.openssl.KAEDHKeyPairGenerator"); ++ put("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman"); ++ put("KeyAgreement.DiffieHellman", "org.openeuler.security.openssl.KAEDHKeyAgreement"); ++ put("Alg.Alias.KeyAgreement.DH", "DiffieHellman"); + } + ++ private void putSignatureRSA() { ++ put("Signature.MD5withRSA", ++ "org.openeuler.security.openssl.KAERSASignature$MD5withRSA"); ++ put("Signature.SHA1withRSA", ++ "org.openeuler.security.openssl.KAERSASignature$SHA1withRSA"); ++ put("Signature.SHA224withRSA", ++ "org.openeuler.security.openssl.KAERSASignature$SHA224withRSA"); ++ put("Signature.SHA256withRSA", ++ "org.openeuler.security.openssl.KAERSASignature$SHA256withRSA"); ++ put("Signature.SHA384withRSA", ++ "org.openeuler.security.openssl.KAERSASignature$SHA384withRSA"); ++ put("Signature.SHA512withRSA", ++ "org.openeuler.security.openssl.KAERSASignature$SHA512withRSA"); ++ ++ // alias ++ put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA"); ++ put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA"); ++ ++ put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA"); ++ put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA"); ++ put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA"); ++ ++ put("Alg.Alias.Signature.1.2.840.113549.1.1.14", "SHA224withRSA"); ++ put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA"); ++ ++ put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256withRSA"); ++ put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA"); ++ ++ put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384withRSA"); ++ put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA"); ++ ++ put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512withRSA"); ++ put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA"); ++ ++ put("Signature.RSASSA-PSS", "org.openeuler.security.openssl.KAERSAPSSSignature"); ++ ++ put("Alg.Alias.Signature.1.2.840.113549.1.1.10", "RSASSA-PSS"); ++ put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); ++ ++ // attributes for supported key classes ++ String rsaKeyClasses = "java.security.interfaces.RSAPublicKey" + ++ "|java.security.interfaces.RSAPrivateKey"; ++ put("Signature.MD5withRSA SupportedKeyClasses", rsaKeyClasses); ++ put("Signature.SHA1withRSA SupportedKeyClasses", rsaKeyClasses); ++ put("Signature.SHA224withRSA SupportedKeyClasses", rsaKeyClasses); ++ put("Signature.SHA256withRSA SupportedKeyClasses", rsaKeyClasses); ++ put("Signature.SHA384withRSA SupportedKeyClasses", rsaKeyClasses); ++ put("Signature.SHA512withRSA SupportedKeyClasses", rsaKeyClasses); ++ put("Signature.RSASSA-PSS SupportedKeyClasses", rsaKeyClasses); ++ } ++ ++ private void putEC() { ++ put("KeyPairGenerator.EC", "org.openeuler.security.openssl.KAEECKeyPairGenerator"); ++ put("Alg.Alias.KeyPairGenerator.EllipticCurve", "EC"); ++ put("KeyAgreement.ECDH", "org.openeuler.security.openssl.KAEECDHKeyAgreement"); ++ } + // init openssl + static native void initOpenssl() throws RuntimeException; + } +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAERSAPSSSignature.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAERSAPSSSignature.java +new file mode 100644 +index 00000000..cfe19d7b +--- /dev/null ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAERSAPSSSignature.java +@@ -0,0 +1,712 @@ ++/* ++ * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++package org.openeuler.security.openssl; ++ ++import java.io.IOException; ++import java.lang.reflect.Constructor; ++import java.lang.reflect.InvocationTargetException; ++import java.lang.reflect.Method; ++import java.nio.ByteBuffer; ++ ++import java.security.*; ++import java.security.spec.AlgorithmParameterSpec; ++import java.security.spec.PSSParameterSpec; ++import java.security.spec.MGF1ParameterSpec; ++import java.security.interfaces.*; ++ ++import java.util.Arrays; ++import java.util.HashSet; ++import java.util.Locale; ++import java.util.Set; ++ ++import sun.security.rsa.PSSParameters; ++import sun.security.rsa.RSACore; ++import sun.security.jca.JCAUtil; ++ ++import javax.crypto.BadPaddingException; ++ ++/** ++ * PKCS#1 v2.2 RSASSA-PSS signatures with various message digest algorithms. ++ * RSASSA-PSS implementation takes the message digest algorithm, MGF algorithm, ++ * and salt length values through the required signature PSS parameters. ++ * We support SHA-1, SHA-224, SHA-256, SHA-384, SHA-512. ++ * The Openssl does not support rsa signatures with SHA-512/224 and SHA-512/256 as the digest algorithm, ++ * so we have not implemented them. ++ * The Openssl does not support non-CRT private key , when signing with a non-CRT private key, we use the sun sign. ++ */ ++public class KAERSAPSSSignature extends SignatureSpi { ++ // openssl unsupport rsa sign with digest algorithm ++ private static final Set UNSUPPORTED_DIGEST_ALGORITHM = new HashSet<>( ++ Arrays.asList("SHA-512/224", "SHA-512/256")); ++ ++ private static Method generateAndXorMethod; ++ ++ private static Constructor mgf1Constructor; ++ ++ private static final byte[] EIGHT_BYTES_OF_ZEROS = new byte[8]; ++ ++ private static Exception exception; ++ ++ static { ++ AccessController.doPrivileged(new PrivilegedAction() { ++ @Override ++ public Void run() { ++ try { ++ Class mgf1Class = Class.forName("sun.security.rsa.MGF1"); ++ generateAndXorMethod = mgf1Class.getDeclaredMethod("generateAndXor", ++ byte[].class, int.class, int.class, int.class, byte[].class, int.class); ++ generateAndXorMethod.setAccessible(true); ++ mgf1Constructor = mgf1Class.getDeclaredConstructor(String.class); ++ mgf1Constructor.setAccessible(true); ++ } catch (ClassNotFoundException | NoSuchMethodException e) { ++ exception = e; ++ } ++ return null; ++ } ++ }); ++ } ++ ++ // message digest implementation we use for hashing the data ++ private MessageDigest md; ++ ++ // flag indicating whether the digest is reset ++ private boolean digestReset = true; ++ ++ // private key, if initialized for signing ++ private RSAPrivateKey privKey = null; ++ ++ // public key, if initialized for verifying ++ private RSAPublicKey pubKey = null; ++ ++ // PSS parameters from signatures and keys respectively ++ private PSSParameterSpec sigParams = null; ++ ++ // PRNG used to generate salt bytes if none given ++ private SecureRandom random; ++ ++ /** ++ * Construct a new RSAPSSSignatur with arbitrary digest algorithm ++ */ ++ public KAERSAPSSSignature() throws SignatureException { ++ if (exception != null) { ++ throw new SignatureException(exception.getMessage()); ++ } ++ this.md = null; ++ } ++ ++ // initialize for verification. See JCA doc ++ @Override ++ protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException { ++ if (!(publicKey instanceof RSAPublicKey)) { ++ throw new InvalidKeyException("key must be RSAPublicKey"); ++ } ++ this.pubKey = (RSAPublicKey) isValid((RSAKey) publicKey); ++ this.privKey = null; ++ resetDigest(); ++ } ++ ++ // initialize for signing. See JCA doc ++ @Override ++ protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException { ++ engineInitSign(privateKey, null); ++ } ++ ++ // initialize for signing. See JCA doc ++ @Override ++ protected void engineInitSign(PrivateKey privateKey, SecureRandom random) throws InvalidKeyException { ++ if (!(privateKey instanceof RSAPrivateKey)) { ++ throw new InvalidKeyException("key must be RSAPrivateKey"); ++ } ++ this.privKey = (RSAPrivateKey) isValid((RSAKey) privateKey); ++ this.pubKey = null; ++ this.random = ++ (random == null ? JCAUtil.getSecureRandom() : random); ++ resetDigest(); ++ } ++ ++ /** ++ * Utility method for checking the key PSS parameters against signature ++ * PSS parameters. ++ * Returns false if any of the digest/MGF algorithms and trailerField ++ * values does not match or if the salt length in key parameters is ++ * larger than the value in signature parameters. ++ */ ++ private static boolean isCompatible(AlgorithmParameterSpec keyParams, PSSParameterSpec sigParams) { ++ if (keyParams == null) { ++ // key with null PSS parameters means no restriction ++ return true; ++ } ++ if (!(keyParams instanceof PSSParameterSpec)) { ++ return false; ++ } ++ // nothing to compare yet, defer the check to when sigParams is set ++ if (sigParams == null) { ++ return true; ++ } ++ PSSParameterSpec pssKeyParams = (PSSParameterSpec) keyParams; ++ // first check the salt length requirement ++ if (pssKeyParams.getSaltLength() > sigParams.getSaltLength()) { ++ return false; ++ } ++ ++ // compare equality of the rest of fields based on DER encoding ++ PSSParameterSpec keyParams2 = ++ new PSSParameterSpec(pssKeyParams.getDigestAlgorithm(), ++ pssKeyParams.getMGFAlgorithm(), ++ pssKeyParams.getMGFParameters(), ++ sigParams.getSaltLength(), ++ pssKeyParams.getTrailerField()); ++ ++ // skip the JCA overhead ++ try { ++ byte[] encoded = PSSParameters.getEncoded(keyParams2); ++ byte[] encoded2 = PSSParameters.getEncoded(sigParams); ++ return Arrays.equals(encoded, encoded2); ++ } catch (IOException e) { ++ return false; ++ } ++ } ++ ++ /** ++ * Validate the specified RSAKey and its associated parameters against ++ * internal signature parameters. ++ */ ++ private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException { ++ try { ++ AlgorithmParameterSpec keyParams = rsaKey.getParams(); ++ // validate key parameters ++ if (!isCompatible(rsaKey.getParams(), this.sigParams)) { ++ throw new InvalidKeyException ++ ("Key contains incompatible PSS parameter values"); ++ } ++ // validate key length ++ if (this.sigParams != null) { ++ Integer hLen = ++ KAEUtils.getDigestLength(this.sigParams.getDigestAlgorithm()); ++ if (hLen == null) { ++ throw new ProviderException("Unsupported digest algo: " + ++ this.sigParams.getDigestAlgorithm()); ++ } ++ checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength()); ++ } ++ return rsaKey; ++ } catch (SignatureException e) { ++ throw new InvalidKeyException(e); ++ } ++ } ++ ++ /** ++ * Validate the specified Signature PSS parameters. ++ */ ++ private PSSParameterSpec validateSigParams(AlgorithmParameterSpec p) throws InvalidAlgorithmParameterException { ++ if (p == null) { ++ throw new InvalidAlgorithmParameterException ++ ("Parameters cannot be null"); ++ } ++ if (!(p instanceof PSSParameterSpec)) { ++ throw new InvalidAlgorithmParameterException ++ ("parameters must be type PSSParameterSpec"); ++ } ++ // no need to validate again if same as current signature parameters ++ PSSParameterSpec params = (PSSParameterSpec) p; ++ if (params == this.sigParams) { ++ return params; ++ } ++ ++ RSAKey key = (this.privKey == null ? this.pubKey : this.privKey); ++ // check against keyParams if set ++ if (key != null) { ++ if (!isCompatible(key.getParams(), params)) { ++ throw new InvalidAlgorithmParameterException ++ ("Signature parameters does not match key parameters"); ++ } ++ } ++ // now sanity check the parameter values ++ if (!(params.getMGFAlgorithm().equalsIgnoreCase("MGF1"))) { ++ throw new InvalidAlgorithmParameterException("Only supports MGF1"); ++ } ++ if (params.getTrailerField() != PSSParameterSpec.TRAILER_FIELD_BC) { ++ throw new InvalidAlgorithmParameterException("Only supports TrailerFieldBC(1)"); ++ } ++ String digestAlgo = params.getDigestAlgorithm(); ++ // check key length again ++ if (key != null) { ++ try { ++ int hLen = KAEUtils.getDigestLength(digestAlgo); ++ checkKeyLength(key, hLen, params.getSaltLength()); ++ } catch (SignatureException e) { ++ throw new InvalidAlgorithmParameterException(e); ++ } ++ } ++ return params; ++ } ++ ++ /** ++ * Ensure the object is initialized with key and parameters and ++ * reset digest ++ */ ++ private void ensureInit() throws SignatureException { ++ RSAKey key = (this.privKey == null ? this.pubKey : this.privKey); ++ if (key == null) { ++ throw new SignatureException("Missing key"); ++ } ++ if (this.sigParams == null) { ++ // Parameters are required for signature verification ++ throw new SignatureException ++ ("Parameters required for RSASSA-PSS signatures"); ++ } ++ } ++ ++ /** ++ * Utility method for checking key length against digest length and ++ * salt length ++ */ ++ private static void checkKeyLength(RSAKey key, int digestLen, int saltLen) throws SignatureException { ++ if (key != null) { ++ int keyLength = getKeyLengthInBits(key) >> 3; ++ int minLength = Math.addExact(Math.addExact(digestLen, saltLen), 2); ++ if (keyLength < minLength) { ++ throw new SignatureException ++ ("Key is too short, need min " + minLength); ++ } ++ } ++ } ++ ++ /** ++ * Reset the message digest if it is not already reset. ++ */ ++ private void resetDigest() { ++ if (digestReset == false) { ++ this.md.reset(); ++ digestReset = true; ++ } ++ } ++ ++ /** ++ * Return the message digest value. ++ */ ++ private byte[] getDigestValue() { ++ digestReset = true; ++ return this.md.digest(); ++ } ++ ++ // update the signature with the plaintext data. See JCA doc ++ @Override ++ protected void engineUpdate(byte b) throws SignatureException { ++ ensureInit(); ++ this.md.update(b); ++ digestReset = false; ++ } ++ ++ // update the signature with the plaintext data. See JCA doc ++ @Override ++ protected void engineUpdate(byte[] b, int off, int len) throws SignatureException { ++ ensureInit(); ++ this.md.update(b, off, len); ++ digestReset = false; ++ } ++ ++ // update the signature with the plaintext data. See JCA doc ++ @Override ++ protected void engineUpdate(ByteBuffer b) { ++ try { ++ ensureInit(); ++ } catch (SignatureException se) { ++ // hack for working around API bug ++ throw new RuntimeException(se.getMessage()); ++ } ++ this.md.update(b); ++ digestReset = false; ++ } ++ ++ // determine whether the digest is valid ++ private boolean isValidDigest() { ++ String digestName = this.md.getAlgorithm(); ++ if (UNSUPPORTED_DIGEST_ALGORITHM.contains(digestName.toUpperCase(Locale.ROOT))) { ++ return false; ++ } ++ AlgorithmParameterSpec mgfParams = this.sigParams.getMGFParameters(); ++ String mgfDigestName = ""; ++ if (mgfParams != null) { ++ mgfDigestName = ++ ((MGF1ParameterSpec) mgfParams).getDigestAlgorithm(); ++ } ++ return !UNSUPPORTED_DIGEST_ALGORITHM.contains(mgfDigestName.toUpperCase(Locale.ROOT)); ++ } ++ ++ // determine whether use kae sign ++ private boolean useKaeSign() { ++ return (privKey instanceof RSAPrivateCrtKey) && isValidDigest(); ++ } ++ ++ // sun sign ++ private byte[] sunSign(byte[] mHash) throws SignatureException { ++ try { ++ byte[] encoded = encodeSignature(mHash); ++ return RSACore.rsa(encoded, privKey, true); ++ } catch (GeneralSecurityException e) { ++ throw new SignatureException("Could not sign data", e); ++ } catch (IOException e) { ++ throw new SignatureException("Could not encode data", e); ++ } ++ } ++ ++ // kae sign ++ private byte[] kaeSign(byte[] mHash) throws SignatureException { ++ String kaeDigestName = KAEUtils.getKAEDigestName(this.sigParams.getDigestAlgorithm()); ++ String mgfDigestName = kaeDigestName; ++ AlgorithmParameterSpec mgfParams = this.sigParams.getMGFParameters(); ++ if (mgfParams != null) { ++ mgfDigestName = ++ ((MGF1ParameterSpec) mgfParams).getDigestAlgorithm(); ++ } ++ String mgf1DigestName = KAEUtils.getKAEDigestName(mgfDigestName); ++ ++ RSAPrivateCrtKey privateCrtKey = (RSAPrivateCrtKey) privKey; ++ long keyAddress = KAERSACipher.nativeCreateRSAPrivateCrtKey( ++ privateCrtKey.getModulus().toByteArray(), ++ privateCrtKey.getPublicExponent().toByteArray(), ++ privateCrtKey.getPrivateExponent().toByteArray(), ++ privateCrtKey.getPrimeP().toByteArray(), ++ privateCrtKey.getPrimeQ().toByteArray(), ++ privateCrtKey.getPrimeExponentP().toByteArray(), ++ privateCrtKey.getPrimeExponentQ().toByteArray(), ++ privateCrtKey.getCrtCoefficient().toByteArray()); ++ byte[] bytes; ++ try { ++ bytes = KAERSASignatureNative.pssSign(keyAddress, kaeDigestName, mHash, ++ KAERSAPaddingType.PKCS1PssPadding.getId(), ++ mgf1DigestName, this.sigParams.getSaltLength()); ++ } catch (SignatureException e) { ++ throw e; ++ } finally { ++ KAERSACipher.nativeFreeKey(keyAddress); ++ } ++ return bytes; ++ } ++ ++ // sign the data and return the signature. See JCA doc ++ @Override ++ protected byte[] engineSign() throws SignatureException { ++ ensureInit(); ++ byte[] mHash = getDigestValue(); ++ if (useKaeSign()) { ++ return kaeSign(mHash); ++ } ++ return sunSign(mHash); ++ } ++ ++ // determine whether use kae verify ++ private boolean useKaeVerify() { ++ return isValidDigest(); ++ } ++ ++ // sun verify ++ private boolean sunVerify(byte[] mHash, byte[] sigBytes) throws SignatureException { ++ try { ++ byte[] decrypted = RSACore.rsa(sigBytes, this.pubKey); ++ return decodeSignature(mHash, decrypted); ++ } catch (javax.crypto.BadPaddingException e) { ++ // occurs if the app has used the wrong RSA public key ++ // or if sigBytes is invalid ++ // return false rather than propagating the exception for ++ // compatibility/ease of use ++ return false; ++ } catch (IOException e) { ++ throw new SignatureException("Signature encoding error", e); ++ } finally { ++ resetDigest(); ++ } ++ } ++ ++ // kae verify ++ private boolean kaeVerify(byte[] mHash, byte[] sigBytes) throws SignatureException { ++ String kaeDigestName = KAEUtils.getKAEDigestName(this.sigParams.getDigestAlgorithm()); ++ String mgfDigestName = kaeDigestName; ++ AlgorithmParameterSpec mgfParams = this.sigParams.getMGFParameters(); ++ if (mgfParams != null) { ++ mgfDigestName = ++ ((MGF1ParameterSpec) mgfParams).getDigestAlgorithm(); ++ } ++ String mgf1KaeDigestName = KAEUtils.getKAEDigestName(mgfDigestName); ++ ++ long keyAddress = KAERSACipher.nativeCreateRSAPublicKey(this.pubKey.getModulus().toByteArray(), ++ this.pubKey.getPublicExponent().toByteArray()); ++ boolean verify; ++ try { ++ verify = KAERSASignatureNative.pssVerify(keyAddress, kaeDigestName, mHash, ++ KAERSAPaddingType.PKCS1PssPadding.getId(), mgf1KaeDigestName, ++ this.sigParams.getSaltLength(), sigBytes); ++ } catch (SignatureException e) { ++ throw e; ++ } catch (BadPaddingException e) { ++ // occurs if the app has used the wrong RSA public key ++ // or if sigBytes is invalid or sourceBytes is invalid ++ // return false rather than propagating the exception for ++ // compatibility/ease of use ++ return false; ++ } finally { ++ resetDigest(); ++ KAERSACipher.nativeFreeKey(keyAddress); ++ } ++ return verify; ++ } ++ ++ // verify the data and return the result. See JCA doc ++ // should be reset to the state after engineInitVerify call. ++ @Override ++ protected boolean engineVerify(byte[] sigBytes) throws SignatureException { ++ ensureInit(); ++ if (sigBytes.length != RSACore.getByteLength(this.pubKey)) { ++ throw new SignatureException("Signature length not correct: got " + ++ sigBytes.length + " but was expecting " + ++ RSACore.getByteLength(this.pubKey)); ++ } ++ byte[] mHash = getDigestValue(); ++ if (useKaeVerify()) { ++ return kaeVerify(mHash, sigBytes); ++ } ++ return sunVerify(mHash, sigBytes); ++ } ++ ++ // return the modulus length in bits ++ private static int getKeyLengthInBits(RSAKey k) { ++ if (k != null) { ++ return k.getModulus().bitLength(); ++ } ++ return -1; ++ } ++ ++ /** ++ * Encode the digest 'mHash', return the to-be-signed data. ++ * Also used by the PKCS#11 provider. ++ */ ++ private byte[] encodeSignature(byte[] mHash) throws IOException, DigestException { ++ AlgorithmParameterSpec mgfParams = this.sigParams.getMGFParameters(); ++ String mgfDigestAlgo; ++ if (mgfParams != null) { ++ mgfDigestAlgo = ++ ((MGF1ParameterSpec) mgfParams).getDigestAlgorithm(); ++ } else { ++ mgfDigestAlgo = this.md.getAlgorithm(); ++ } ++ try { ++ int emBits = getKeyLengthInBits(this.privKey) - 1; ++ int emLen = (emBits + 7) >> 3; ++ int hLen = this.md.getDigestLength(); ++ int dbLen = emLen - hLen - 1; ++ int sLen = this.sigParams.getSaltLength(); ++ ++ // maps DB into the corresponding region of EM and ++ // stores its bytes directly into EM ++ byte[] em = new byte[emLen]; ++ ++ // step7 and some of step8 ++ em[dbLen - sLen - 1] = (byte) 1; // set DB's padding2 into EM ++ em[em.length - 1] = (byte) 0xBC; // set trailer field of EM ++ ++ if (!digestReset) { ++ throw new ProviderException("Digest should be reset"); ++ } ++ // step5: generates M' using padding1, mHash, and salt ++ this.md.update(EIGHT_BYTES_OF_ZEROS); ++ digestReset = false; // mark digest as it now has data ++ this.md.update(mHash); ++ if (sLen != 0) { ++ // step4: generate random salt ++ byte[] salt = new byte[sLen]; ++ this.random.nextBytes(salt); ++ this.md.update(salt); ++ ++ // step8: set DB's salt into EM ++ System.arraycopy(salt, 0, em, dbLen - sLen, sLen); ++ } ++ // step6: generate H using M' ++ this.md.digest(em, dbLen, hLen); // set H field of EM ++ digestReset = true; ++ ++ // step7 and 8 are already covered by the code which setting up ++ // EM as above ++ ++ // step9 and 10: feed H into MGF and xor with DB in EM ++ Object mgf1 = mgf1Constructor.newInstance(mgfDigestAlgo); ++ generateAndXorMethod.invoke(mgf1, em, dbLen, hLen, dbLen, em, 0); ++ // step11: set the leftmost (8emLen - emBits) bits of the leftmost ++ // octet to 0 ++ int numZeroBits = (emLen << 3) - emBits; ++ if (numZeroBits != 0) { ++ byte mask = (byte) (0xff >>> numZeroBits); ++ em[0] = (byte) (em[0] & mask); ++ } ++ ++ // step12: em should now holds maskedDB || hash h || 0xBC ++ return em; ++ } catch (IllegalAccessException | InstantiationException | InvocationTargetException e) { ++ throw new IOException(e.toString()); ++ } ++ } ++ ++ private String getMgfDigestAlgo() { ++ String mgfDigestAlgo; ++ AlgorithmParameterSpec mgfParams = this.sigParams.getMGFParameters(); ++ if (mgfParams != null) { ++ mgfDigestAlgo = ++ ((MGF1ParameterSpec) mgfParams).getDigestAlgorithm(); ++ } else { ++ mgfDigestAlgo = this.md.getAlgorithm(); ++ } ++ return mgfDigestAlgo; ++ } ++ ++ private void generateAndXor(String mgfDigestAlgo, byte[] em, int dbLen, int hLen) throws IOException { ++ Object mgf1; ++ try { ++ mgf1 = mgf1Constructor.newInstance(mgfDigestAlgo); ++ generateAndXorMethod.invoke(mgf1, em, dbLen, hLen, dbLen, em, 0); ++ } catch (InstantiationException | IllegalAccessException | InvocationTargetException e) { ++ throw new IOException(e.toString()); ++ } ++ } ++ ++ /** ++ * Decode the signature data. Verify that the object identifier matches ++ * and return the message digest. ++ */ ++ private boolean decodeSignature(byte[] mHash, byte[] em) throws IOException { ++ int hLen = mHash.length; ++ int sLen = this.sigParams.getSaltLength(); ++ int emLen = em.length; ++ int emBits = getKeyLengthInBits(this.pubKey) - 1; ++ ++ // step3 ++ if (emLen < (hLen + sLen + 2)) { ++ return false; ++ } ++ ++ // step4 ++ if (em[emLen - 1] != (byte) 0xBC) { ++ return false; ++ } ++ ++ // step6: check if the leftmost (8emLen - emBits) bits of the leftmost ++ // octet are 0 ++ int numZeroBits = (emLen << 3) - emBits; ++ if (numZeroBits != 0) { ++ byte mask = (byte) (0xff << (8 - numZeroBits)); ++ if ((em[0] & mask) != 0) { ++ return false; ++ } ++ } ++ ++ // step 7 and 8 ++ int dbLen = emLen - hLen - 1; ++ ++ // generateAndXor ++ String mgfDigestAlgo = getMgfDigestAlgo(); ++ generateAndXor(mgfDigestAlgo, em, dbLen, hLen); ++ ++ // step9: set the leftmost (8emLen - emBits) bits of the leftmost ++ // octet to 0 ++ if (numZeroBits != 0) { ++ byte mask = (byte) (0xff >>> numZeroBits); ++ em[0] = (byte) (em[0] & mask); ++ } ++ ++ // step10 ++ int index = 0; ++ for (; index < dbLen - sLen - 1; index++) { ++ if (em[index] != 0) { ++ return false; ++ } ++ } ++ if (em[index] != 0x01) { ++ return false; ++ } ++ // step12 and 13 ++ this.md.update(EIGHT_BYTES_OF_ZEROS); ++ digestReset = false; ++ this.md.update(mHash); ++ if (sLen > 0) { ++ this.md.update(em, (dbLen - sLen), sLen); ++ } ++ byte[] digest2 = this.md.digest(); ++ digestReset = true; ++ ++ // step14 ++ byte[] digestInEM = Arrays.copyOfRange(em, dbLen, emLen - 1); ++ return MessageDigest.isEqual(digest2, digestInEM); ++ } ++ ++ // set parameter, not supported. See JCA doc ++ @Deprecated ++ @Override ++ protected void engineSetParameter(String param, Object value) throws InvalidParameterException { ++ throw new UnsupportedOperationException("setParameter() not supported"); ++ } ++ ++ @Override ++ protected void engineSetParameter(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException { ++ this.sigParams = validateSigParams(params); ++ // disallow changing parameters when digest has been used ++ if (!digestReset) { ++ throw new ProviderException ++ ("Cannot set parameters during operations"); ++ } ++ String newHashAlg = this.sigParams.getDigestAlgorithm(); ++ // re-allocate md if not yet assigned or algorithm changed ++ if ((this.md == null) || ++ !(this.md.getAlgorithm().equalsIgnoreCase(newHashAlg))) { ++ try { ++ this.md = MessageDigest.getInstance(newHashAlg); ++ } catch (NoSuchAlgorithmException nsae) { ++ // should not happen as we pick default digest algorithm ++ throw new InvalidAlgorithmParameterException("Unsupported digest algorithm " + newHashAlg, nsae); ++ } ++ } ++ } ++ ++ // get parameter, not supported. See JCA doc ++ @Deprecated ++ @Override ++ protected Object engineGetParameter(String param) throws InvalidParameterException { ++ throw new UnsupportedOperationException("getParameter() not supported"); ++ } ++ ++ @Override ++ protected AlgorithmParameters engineGetParameters() { ++ AlgorithmParameters ap = null; ++ if (this.sigParams != null) { ++ try { ++ ap = AlgorithmParameters.getInstance("RSASSA-PSS"); ++ ap.init(this.sigParams); ++ } catch (GeneralSecurityException gse) { ++ throw new ProviderException(gse.getMessage()); ++ } ++ } ++ return ap; ++ } ++} ++ +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAERSAPaddingType.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAERSAPaddingType.java +index 04036b8d..022271d9 100644 +--- a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAERSAPaddingType.java ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAERSAPaddingType.java +@@ -50,7 +50,10 @@ enum KAERSAPaddingType { + "OAEPWITHSHA-512ANDMGF1PADDING", + "OAEPWITHSHA-512/224ANDMGF1PADDING", + "OAEPWITHSHA-512/256ANDMGF1PADDING")) +- ); ++ ), ++ ++ // PSS ++ PKCS1PssPadding(6, "RSA_PKCS1_PSS_PADDING"); + + private final int id; + private final String name; +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAERSASignature.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAERSASignature.java +new file mode 100644 +index 00000000..c524f277 +--- /dev/null ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAERSASignature.java +@@ -0,0 +1,360 @@ ++/* ++ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package org.openeuler.security.openssl; ++ ++import java.io.IOException; ++import java.nio.ByteBuffer; ++ ++import java.security.*; ++import java.security.interfaces.*; ++import java.security.spec.AlgorithmParameterSpec; ++ ++import sun.security.rsa.RSACore; ++import sun.security.rsa.RSAKeyFactory; ++import sun.security.rsa.RSAPadding; ++import sun.security.rsa.RSAUtil; ++import sun.security.rsa.RSAUtil.KeyType; ++import sun.security.util.*; ++import sun.security.x509.AlgorithmId; ++ ++import javax.crypto.BadPaddingException; ++ ++/** ++ * We support support rsa signatures with MD2, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 as the digest algorithm. ++ * The Openssl does not support rsa signatures with SHA-512/224 and SHA-512/256 as the digest algorithm, ++ * so we have not implemented them. ++ * The Openssl does not support non-CRT private key , when signing with a non-CRT private key, we use the sun sign. ++ */ ++public abstract class KAERSASignature extends SignatureSpi { ++ // we sign an ASN.1 SEQUENCE of AlgorithmId and digest ++ // it has the form 30:xx:30:xx:[digestOID]:05:00:04:xx:[digest] ++ // this means the encoded length is (8 + digestOID.length + digest.length) ++ private static final int BASE_LENGTH = 8; ++ ++ private String digestAlgorithm; ++ ++ // object identifier for the message digest algorithm used ++ private final ObjectIdentifier digestOID; ++ ++ // length of the encoded signature blob ++ private final int encodedLength; ++ ++ // message digest implementation we use ++ private final MessageDigest md; ++ ++ // flag indicating whether the digest is reset ++ private boolean digestReset; ++ ++ // private key, if initialized for signing ++ private RSAPrivateKey privateKey; ++ ++ // public key, if initialized for verifying ++ private RSAPublicKey publicKey; ++ ++ // padding to use, set when the initSign/initVerify is called ++ private RSAPadding padding; ++ ++ /** ++ * Construct a new RSASignature. Used by subclasses. ++ */ ++ KAERSASignature(String algorithm, ObjectIdentifier digestOID, int oidLength) { ++ this.digestAlgorithm = algorithm; ++ this.digestOID = digestOID; ++ try { ++ md = MessageDigest.getInstance(algorithm); ++ } catch (NoSuchAlgorithmException e) { ++ throw new ProviderException(e); ++ } ++ digestReset = true; ++ encodedLength = BASE_LENGTH + oidLength + md.getDigestLength(); ++ } ++ ++ // initialize for verification. See JCA doc ++ @Override ++ protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException { ++ RSAPublicKey rsaKey = (RSAPublicKey) RSAKeyFactory.toRSAKey(publicKey); ++ this.privateKey = null; ++ this.publicKey = rsaKey; ++ initCommon(rsaKey, null); ++ } ++ ++ // initialize for signing. See JCA doc ++ @Override ++ protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException { ++ engineInitSign(privateKey, null); ++ } ++ ++ // initialize for signing. See JCA doc ++ @Override ++ protected void engineInitSign(PrivateKey privateKey, SecureRandom random) throws InvalidKeyException { ++ RSAPrivateKey rsaKey = ++ (RSAPrivateKey) RSAKeyFactory.toRSAKey(privateKey); ++ this.privateKey = rsaKey; ++ this.publicKey = null; ++ initCommon(rsaKey, random); ++ } ++ ++ /** ++ * Init code common to sign and verify. ++ */ ++ private void initCommon(RSAKey rsaKey, SecureRandom random) throws InvalidKeyException { ++ try { ++ RSAUtil.checkParamsAgainstType(KeyType.RSA, rsaKey.getParams()); ++ } catch (ProviderException e) { ++ throw new InvalidKeyException("Invalid key for RSA signatures", e); ++ } ++ resetDigest(); ++ int keySize = RSACore.getByteLength(rsaKey); ++ try { ++ padding = RSAPadding.getInstance ++ (RSAPadding.PAD_BLOCKTYPE_1, keySize, random); ++ } catch (InvalidAlgorithmParameterException iape) { ++ throw new InvalidKeyException(iape.getMessage()); ++ } ++ int maxDataSize = padding.getMaxDataSize(); ++ if (encodedLength > maxDataSize) { ++ throw new InvalidKeyException ++ ("Key is too short for this signature algorithm"); ++ } ++ } ++ ++ /** ++ * Reset the message digest if it is not already reset. ++ */ ++ private void resetDigest() { ++ if (digestReset == false) { ++ md.reset(); ++ digestReset = true; ++ } ++ } ++ ++ /** ++ * Return the message digest value. ++ */ ++ private byte[] getDigestValue() { ++ digestReset = true; ++ return md.digest(); ++ } ++ ++ // update the signature with the plaintext data. See JCA doc ++ @Override ++ protected void engineUpdate(byte b) throws SignatureException { ++ md.update(b); ++ digestReset = false; ++ } ++ ++ // update the signature with the plaintext data. See JCA doc ++ @Override ++ protected void engineUpdate(byte[] b, int off, int len) throws SignatureException { ++ md.update(b, off, len); ++ digestReset = false; ++ } ++ ++ // update the signature with the plaintext data. See JCA doc ++ @Override ++ protected void engineUpdate(ByteBuffer b) { ++ md.update(b); ++ digestReset = false; ++ } ++ ++ // sign the data and return the signature. See JCA doc ++ @Override ++ protected byte[] engineSign() throws SignatureException { ++ if (privateKey == null) { ++ throw new SignatureException("Missing private key"); ++ } ++ ++ byte[] digest = getDigestValue(); ++ if (useKaeSign()) { ++ return kaeSign(digest); ++ } ++ return sunSign(digest); ++ } ++ ++ // determine if use kae sign , openssl do not support non-CRT private key ++ private boolean useKaeSign() { ++ return privateKey instanceof RSAPrivateCrtKey; ++ } ++ ++ // sun sign ++ private byte[] sunSign(byte[] digest) throws SignatureException { ++ try { ++ byte[] encoded = encodeSignature(digestOID, digest); ++ byte[] padded = padding.pad(encoded); ++ return RSACore.rsa(padded, privateKey, true); ++ } catch (GeneralSecurityException e) { ++ throw new SignatureException("Could not sign data", e); ++ } catch (IOException e) { ++ throw new SignatureException("Could not encode data", e); ++ } ++ } ++ ++ // kae sign ++ private byte[] kaeSign(byte[] digest) throws SignatureException { ++ String kaeDigestName = KAEUtils.getKAEDigestName(this.digestAlgorithm); ++ RSAPrivateCrtKey privateCrtKey = (RSAPrivateCrtKey) privateKey; ++ long keyAddress = KAERSACipher.nativeCreateRSAPrivateCrtKey( ++ privateCrtKey.getModulus().toByteArray(), ++ privateCrtKey.getPublicExponent().toByteArray(), ++ privateCrtKey.getPrivateExponent().toByteArray(), ++ privateCrtKey.getPrimeP().toByteArray(), ++ privateCrtKey.getPrimeQ().toByteArray(), ++ privateCrtKey.getPrimeExponentP().toByteArray(), ++ privateCrtKey.getPrimeExponentQ().toByteArray(), ++ privateCrtKey.getCrtCoefficient().toByteArray()); ++ byte[] sigBytes; ++ try { ++ sigBytes = KAERSASignatureNative.rsaSign(keyAddress, ++ kaeDigestName, digest, KAERSAPaddingType.PKCS1Padding.getId()); ++ } catch (SignatureException e) { ++ throw e; ++ } finally { ++ // free keyAddress ++ KAERSACipher.nativeFreeKey(keyAddress); ++ } ++ return sigBytes; ++ } ++ ++ // verify the data and return the result. See JCA doc ++ @Override ++ protected boolean engineVerify(byte[] sigBytes) throws SignatureException { ++ if (publicKey == null) { ++ throw new SignatureException("Missing public key"); ++ } ++ ++ if (sigBytes.length != RSACore.getByteLength(publicKey)) { ++ throw new SignatureException("Signature length not correct: got " + ++ sigBytes.length + " but was expecting " + ++ RSACore.getByteLength(publicKey)); ++ } ++ String kaeDigestName = KAEUtils.getKAEDigestName(this.digestAlgorithm); ++ byte[] digest = getDigestValue(); ++ long keyAddress = KAERSACipher.nativeCreateRSAPublicKey(publicKey.getModulus().toByteArray(), ++ publicKey.getPublicExponent().toByteArray()); ++ ++ boolean verify; ++ try { ++ verify = KAERSASignatureNative.rsaVerify(keyAddress, ++ kaeDigestName, digest, KAERSAPaddingType.PKCS1Padding.getId(), sigBytes); ++ } catch (SignatureException e) { ++ throw e; ++ } catch (BadPaddingException e) { ++ // occurs if the app has used the wrong RSA public key ++ // or if sigBytes is invalid or sourceBytes is invalid ++ // return false rather than propagating the exception for ++ // compatibility/ease of use ++ return false; ++ } finally { ++ // free keyAddress ++ KAERSACipher.nativeFreeKey(keyAddress); ++ } ++ return verify; ++ } ++ ++ /** ++ * Encode the digest, return the to-be-signed data. ++ * Also used by the PKCS#11 provider. ++ */ ++ public static byte[] encodeSignature(ObjectIdentifier oid, byte[] digest) throws IOException { ++ DerOutputStream out = new DerOutputStream(); ++ new AlgorithmId(oid).encode(out); ++ out.putOctetString(digest); ++ DerValue result = ++ new DerValue(DerValue.tag_Sequence, out.toByteArray()); ++ return result.toByteArray(); ++ } ++ ++ // set parameter, not supported. See JCA doc ++ @Deprecated ++ @Override ++ protected void engineSetParameter(String param, Object value) throws InvalidParameterException { ++ throw new UnsupportedOperationException("setParameter() not supported"); ++ } ++ ++ // See JCA doc ++ @Override ++ protected void engineSetParameter(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException { ++ if (params != null) { ++ throw new InvalidAlgorithmParameterException("No parameters accepted"); ++ } ++ } ++ ++ // get parameter, not supported. See JCA doc ++ @Deprecated ++ @Override ++ protected Object engineGetParameter(String param) throws InvalidParameterException { ++ throw new UnsupportedOperationException("getParameter() not supported"); ++ } ++ ++ // See JCA doc ++ @Override ++ protected AlgorithmParameters engineGetParameters() { ++ return null; ++ } ++ ++ // Nested class for MD5withRSA signatures ++ public static final class MD5withRSA extends KAERSASignature { ++ public MD5withRSA() { ++ super("MD5", AlgorithmId.MD5_oid, 10); ++ } ++ } ++ ++ // Nested class for SHA1withRSA signatures ++ public static final class SHA1withRSA extends KAERSASignature { ++ public SHA1withRSA() { ++ super("SHA-1", AlgorithmId.SHA_oid, 7); ++ } ++ } ++ ++ // Nested class for SHA224withRSA signatures ++ public static final class SHA224withRSA extends KAERSASignature { ++ public SHA224withRSA() { ++ super("SHA-224", AlgorithmId.SHA224_oid, 11); ++ } ++ } ++ ++ // Nested class for SHA256withRSA signatures ++ public static final class SHA256withRSA extends KAERSASignature { ++ public SHA256withRSA() { ++ super("SHA-256", AlgorithmId.SHA256_oid, 11); ++ } ++ } ++ ++ // Nested class for SHA384withRSA signatures ++ public static final class SHA384withRSA extends KAERSASignature { ++ public SHA384withRSA() { ++ super("SHA-384", AlgorithmId.SHA384_oid, 11); ++ } ++ } ++ ++ // Nested class for SHA512withRSA signatures ++ public static final class SHA512withRSA extends KAERSASignature { ++ public SHA512withRSA() { ++ super("SHA-512", AlgorithmId.SHA512_oid, 11); ++ } ++ } ++} +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAERSASignatureNative.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAERSASignatureNative.java +new file mode 100644 +index 00000000..8f256ffe +--- /dev/null ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAERSASignatureNative.java +@@ -0,0 +1,46 @@ ++/* ++ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package org.openeuler.security.openssl; ++ ++import javax.crypto.BadPaddingException; ++import java.security.SignatureException; ++ ++public class KAERSASignatureNative { ++ // rsa sign ++ protected static native byte[] rsaSign(long keyAddress, String digestName, byte[] digestBytes, int paddingType) ++ throws SignatureException; ++ ++ // rsa verify ++ protected static native boolean rsaVerify(long keyAddress, String digestName, byte[] digestBytes, int paddingType, ++ byte[] sigBytes) throws SignatureException, BadPaddingException; ++ ++ // rsa pss sign ++ protected static native byte[] pssSign(long keyAddress, String digestName, byte[] digestBytes, int paddingType, ++ String mgf1DigestName, int saltLen) throws SignatureException; ++ ++ // rsa pss verify ++ protected static native boolean pssVerify(long keyAddress, String digestName, byte[] digestBytes, int paddingType, ++ String mgf1DigestName, int saltLen, byte[] sigBytes) throws SignatureException, BadPaddingException; ++} +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAESM4Cipher.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAESM4Cipher.java +new file mode 100644 +index 00000000..b189bea3 +--- /dev/null ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAESM4Cipher.java +@@ -0,0 +1,188 @@ ++/* ++ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package org.openeuler.security.openssl; ++ ++import java.security.InvalidAlgorithmParameterException; ++import java.security.InvalidKeyException; ++import java.security.NoSuchAlgorithmException; ++import java.security.Key; ++import java.util.Locale; ++ ++import javax.crypto.NoSuchPaddingException; ++ ++/* ++ * This class currently supports: ++ * - SM4/ECB/NOPADDING ++ * - SM4/ECB/PKCS5PADDING ++ * - SM4/CBC/NOPADDING ++ * - SM4/CBC/PKCS5PADDING ++ * - SM4/CTR/NOPADDING ++ * - SM4/OFB/NOPADDING ++ * - SM4/OFB/PKCS5PADDING ++ */ ++abstract class KAESM4Cipher extends KAESymmetricCipherBase { ++ ++ public static class Sm4 extends KAESM4Cipher { ++ public Sm4(Mode mode, Padding padding) { ++ super(mode, padding, 16); ++ } ++ ++ public static class Cbc extends Sm4 { ++ public Cbc(Padding padding) { ++ super(Mode.CBC, padding); ++ } ++ public static class NoPadding extends Cbc { ++ public NoPadding() { ++ super(Padding.NOPADDING); ++ } ++ } ++ public static class PKCS5Padding extends Cbc { ++ public PKCS5Padding() { ++ super(Padding.PKCS5PADDING); ++ } ++ } ++ } ++ ++ public static class Ecb extends Sm4 { ++ public Ecb(Padding padding) { ++ super(Mode.ECB, padding); ++ } ++ public static class NoPadding extends Ecb { ++ public NoPadding() { ++ super(Padding.NOPADDING); ++ } ++ } ++ public static class PKCS5Padding extends Ecb { ++ public PKCS5Padding() { ++ super(Padding.PKCS5PADDING); ++ } ++ } ++ } ++ ++ public static class Ctr extends Sm4 { ++ public Ctr(Padding padding) { ++ super(Mode.CTR, padding); ++ } ++ public static class NoPadding extends Ctr { ++ public NoPadding() { ++ super(Padding.NOPADDING); ++ } ++ } ++ } ++ ++ public static class Ofb extends Sm4 { ++ public Ofb(Padding padding) { ++ super(Mode.OFB, padding); ++ } ++ public static class NoPadding extends Ofb { ++ public NoPadding() { ++ super(Padding.NOPADDING); ++ } ++ } ++ public static class PKCS5Padding extends Ofb { ++ public PKCS5Padding() { ++ super(Padding.PKCS5PADDING); ++ } ++ } ++ } ++ } ++ ++ KAESM4Cipher(Mode mode, Padding padding, int fixedKeySize) { ++ super(mode, padding, fixedKeySize, "SM4"); ++ } ++ ++ protected void checkKey(Key key) throws InvalidKeyException { ++ if (key == null || key.getEncoded() == null) { ++ throw new InvalidKeyException("Key cannot be null"); ++ } else { ++ int keyLen = key.getEncoded().length; ++ if (keyLen != fixedKeySize) { ++ throw new InvalidKeyException("Only " + fixedKeySize + "-byte keys are accepted. Got: " + keyLen); ++ } ++ } ++ } ++ ++ protected String getCipherName(int keyLength, Mode mode) { ++ return "sm4" + "-" + mode.toString().toLowerCase(Locale.US); ++ } ++ ++ @Override ++ protected void engineSetMode(String modeStr) throws NoSuchAlgorithmException { ++ if (modeStr == null) { ++ throw new NoSuchAlgorithmException("null mode"); ++ } ++ ++ if (modeStr.equalsIgnoreCase("ECB")) { ++ mode = Mode.ECB; ++ } else if (modeStr.equalsIgnoreCase("CBC")) { ++ mode = Mode.CBC; ++ } else if (modeStr.equalsIgnoreCase("CTR")) { ++ mode = Mode.CTR; ++ } else if (modeStr.equalsIgnoreCase("OFB")) { ++ mode = Mode.OFB; ++ } else { ++ throw new NoSuchAlgorithmException("Unsupported mode " + mode); ++ } ++ } ++ ++ @Override ++ protected void engineSetPadding(String paddingStr) throws NoSuchPaddingException { ++ if (paddingStr == null) { ++ throw new NoSuchPaddingException("null padding"); ++ } ++ if (paddingStr.equalsIgnoreCase("PKCS7PADDING")) { ++ paddingStr = "PKCS5Padding"; ++ } ++ ++ if (paddingStr.equalsIgnoreCase("NOPADDING")) { ++ this.padding = Padding.NOPADDING; ++ } else if(paddingStr.equalsIgnoreCase("PKCS5PADDING")) { ++ if (mode == Mode.CTR) { ++ throw new NoSuchPaddingException("PKCS#5 padding not supported with CTR mode"); ++ } ++ this.padding = Padding.PKCS5PADDING; ++ } else { ++ throw new NoSuchPaddingException("Unsupported padding " + paddingStr); ++ } ++ } ++ ++ protected void checkIvBytes(byte[] ivBytes) throws InvalidAlgorithmParameterException { ++ if (ivBytes == null) { ++ throw new InvalidAlgorithmParameterException("Wrong IV length: iv is null "); ++ } ++ if (mode == Mode.CTR) { ++ if (ivBytes.length < 8) { ++ throw new InvalidAlgorithmParameterException("Wrong IV length: CTR mode requires IV of at least: 8 bytes."); ++ } ++ return; ++ } ++ if (ivBytes.length != blockSize) { ++ throw new InvalidAlgorithmParameterException("Wrong IV length: must be " + blockSize + " bytes long."); ++ } ++ } ++} ++ +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAESymmetricCipherBase.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAESymmetricCipherBase.java +new file mode 100644 +index 00000000..897e2c6b +--- /dev/null ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAESymmetricCipherBase.java +@@ -0,0 +1,615 @@ ++/* ++ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package org.openeuler.security.openssl; ++ ++import sun.security.jca.JCAUtil; ++ ++import java.lang.ref.PhantomReference; ++import java.lang.ref.ReferenceQueue; ++import java.nio.ByteBuffer; ++import java.security.*; ++import java.security.spec.*; ++import java.util.Arrays; ++import java.util.Set; ++import java.util.concurrent.ConcurrentSkipListSet; ++ ++import javax.crypto.*; ++import javax.crypto.spec.GCMParameterSpec; ++import javax.crypto.spec.IvParameterSpec; ++import javax.crypto.spec.SecretKeySpec; ++ ++/* ++ * Cipher wrapper class utilizing openssl APIs. ++ */ ++abstract class KAESymmetricCipherBase extends CipherSpi { ++ enum Padding { ++ NOPADDING, ++ PKCS5PADDING ++ } ++ ++ enum Mode { ++ ECB, ++ CBC, ++ CTR, ++ OFB, ++ GCM ++ } ++ ++ protected final String keyAlgo; ++ protected final int blockSize = 16; ++ protected Mode mode; ++ protected Padding padding; ++ protected int fixedKeySize; ++ ++ private CipherContextRef pCtx = null; ++ private byte[] keyValue; ++ protected byte[] iv; ++ private boolean initialized = false; ++ private boolean encrypt = false; ++ private int bytesBuffered = 0; ++ ++ private boolean calledUpdate; ++ private String cipherName; ++ ++ // for gcm ++ private final int defaultGcmTagLen = blockSize; ++ private final int defaultGcmIvLen = 12; ++ private int tagLengthInBytes; ++ private byte[] lastEncKey = null; ++ private byte[] lastEncIv = null; ++ private byte[] aad; ++ ++ private static PublicKey constructPublicKey(byte[] encodedKey, String encodedKeyAlgorithm) ++ throws NoSuchAlgorithmException, InvalidKeyException { ++ PublicKey key; ++ try { ++ KeyFactory keyFactory = KeyFactory.getInstance(encodedKeyAlgorithm); ++ X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey); ++ key = keyFactory.generatePublic(keySpec); ++ } catch (NoSuchAlgorithmException e) { ++ throw new NoSuchAlgorithmException("No provider found for " + encodedKeyAlgorithm + " KeyFactory"); ++ } catch (InvalidKeySpecException e) { ++ throw new InvalidKeyException("Cannot construct public key", e); ++ } ++ return key; ++ } ++ ++ private static PrivateKey constructPrivateKey(byte[] encodedKey, ++ String encodedKeyAlgorithm) throws InvalidKeyException, NoSuchAlgorithmException { ++ PrivateKey key = null; ++ try { ++ KeyFactory keyFactory = KeyFactory.getInstance(encodedKeyAlgorithm); ++ PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey); ++ key = keyFactory.generatePrivate(keySpec); ++ } catch (NoSuchAlgorithmException e) { ++ throw new NoSuchAlgorithmException("No provider found for " + encodedKeyAlgorithm + " KeyFactory"); ++ } catch (InvalidKeySpecException e) { ++ throw new InvalidKeyException("Cannot construct private key", e); ++ } ++ return key; ++ } ++ ++ private static SecretKey constructSecretKey(byte[] encodedKey, String encodedKeyAlgorithm) { ++ return new SecretKeySpec(encodedKey, encodedKeyAlgorithm); ++ } ++ ++ static final Key constructKey(int keyType, byte[] encodedKey, ++ String encodedKeyAlgorithm) throws NoSuchAlgorithmException, InvalidKeyException { ++ Key res = null; ++ switch (keyType) { ++ case Cipher.SECRET_KEY: ++ res = constructSecretKey(encodedKey, encodedKeyAlgorithm); ++ break; ++ case Cipher.PRIVATE_KEY: ++ res = constructPrivateKey(encodedKey, encodedKeyAlgorithm); ++ break; ++ case Cipher.PUBLIC_KEY: ++ res = constructPublicKey(encodedKey, encodedKeyAlgorithm); ++ break; ++ default: ++ throw new InvalidKeyException("Unknown keytype " + keyType); ++ } ++ return res; ++ } ++ ++ KAESymmetricCipherBase(Mode mode, Padding padding, int fixedKeySize, String keyAlgo) { ++ this.mode = mode; ++ this.padding = padding; ++ this.fixedKeySize = fixedKeySize; ++ this.keyAlgo = keyAlgo; ++ } ++ ++ private static class CipherContextRef extends PhantomReference ++ implements Comparable { ++ private static ReferenceQueue refQueue = new ReferenceQueue<>(); ++ private static Set refList = new ConcurrentSkipListSet<>(); ++ private static boolean disableKaeDispose = Boolean.getBoolean("kae.disableKaeDispose"); ++ ++ final long ctxAddress; ++ ++ private static void drainRefQueueBounded() { ++ while (true) { ++ CipherContextRef next = (CipherContextRef) refQueue.poll(); ++ if (next == null) { ++ break; ++ } ++ next.dispose(true); ++ } ++ } ++ ++ CipherContextRef(KAESymmetricCipherBase kaeCipher, long ctxAddress) { ++ super(kaeCipher, refQueue); ++ this.ctxAddress = ctxAddress; ++ if (!disableKaeDispose) { ++ refList.add(this); ++ drainRefQueueBounded(); ++ } ++ } ++ ++ @Override ++ public int compareTo(CipherContextRef o) { ++ if (this.ctxAddress == o.ctxAddress) { ++ return 0; ++ } else { ++ return (this.ctxAddress < o.ctxAddress) ? -1 : 1; ++ } ++ } ++ ++ void dispose(boolean needFree) { ++ if (!disableKaeDispose) { ++ refList.remove(this); ++ try { ++ if (needFree) { ++ nativeFree(ctxAddress); ++ } ++ } finally { ++ this.clear(); ++ } ++ } else { ++ nativeFree(ctxAddress); ++ } ++ } ++ } ++ ++ @Override ++ protected int engineGetBlockSize() { ++ return blockSize; ++ } ++ ++ @Override ++ protected int engineGetOutputSize(int inputLen) { ++ return getOutputSizeByOperation(inputLen, true); ++ } ++ ++ @Override ++ protected byte[] engineGetIV() { ++ return iv == null ? null : iv.clone(); ++ } ++ ++ @Override ++ protected AlgorithmParameters engineGetParameters() { ++ if (iv == null) { ++ return null; ++ } ++ AlgorithmParameterSpec spec; ++ AlgorithmParameters params; ++ String algName = keyAlgo; ++ if (mode == Mode.GCM) { ++ algName = "GCM"; ++ spec = new GCMParameterSpec(tagLengthInBytes * 8, iv.clone()); ++ } else { ++ spec = new IvParameterSpec(iv.clone()); ++ } ++ try { ++ params = AlgorithmParameters.getInstance(algName); ++ params.init(spec); ++ return params; ++ } catch (GeneralSecurityException e) { ++ throw new RuntimeException("Could not encode parameters", e); ++ } ++ } ++ ++ @Override ++ protected void engineInit(int opmode, Key key, SecureRandom random) throws InvalidKeyException { ++ try { ++ engineInit(opmode, key, (AlgorithmParameterSpec) null, random); ++ } catch (InvalidAlgorithmParameterException e) { ++ throw new InvalidKeyException("init() failed", e); ++ } ++ } ++ ++ @Override ++ protected void engineInit(int opmode, Key key, AlgorithmParameters params, ++ SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { ++ AlgorithmParameterSpec spec = null; ++ String paramType = null; ++ if (params != null) { ++ try { ++ if (mode == Mode.GCM) { ++ spec = params.getParameterSpec(GCMParameterSpec.class); ++ paramType = "GCM"; ++ } else { ++ spec = params.getParameterSpec(IvParameterSpec.class); ++ paramType = "IV"; ++ } ++ } catch (InvalidParameterSpecException e) { ++ throw new InvalidAlgorithmParameterException("Could not decode " + paramType, e); ++ } ++ } ++ engineInit(opmode, key, spec, random); ++ } ++ ++ @Override ++ protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, ++ SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { ++ checkKey(key); ++ boolean doEncrypt = (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE); ++ ++ byte[] ivBytes = null; ++ int tagLen = -1; ++ if (params != null) { ++ if (mode == Mode.GCM) { ++ if (params instanceof GCMParameterSpec) { ++ tagLen = ((GCMParameterSpec)params).getTLen(); ++ checkTagLen(tagLen); ++ tagLen = tagLen >> 3; ++ ivBytes = ((GCMParameterSpec)params).getIV(); ++ } else { ++ throw new InvalidAlgorithmParameterException("Unsupported parameter: " + params); ++ } ++ } else { ++ if (params instanceof IvParameterSpec) { ++ ivBytes = ((IvParameterSpec) params).getIV(); ++ checkIvBytes(ivBytes); ++ } else { ++ throw new InvalidKeyException("IvParameterSpec required. Received: " + params.getClass().getName()); ++ } ++ } ++ } ++ if (mode == Mode.ECB) { ++ if (params != null) { ++ throw new InvalidAlgorithmParameterException("No Parameters for ECB mode"); ++ } ++ } else if (ivBytes == null) { ++ if (doEncrypt) { ++ if (mode == Mode.GCM) { ++ ivBytes = new byte[defaultGcmIvLen]; ++ } else { ++ ivBytes = new byte[blockSize]; ++ } ++ if (random == null) { ++ random = JCAUtil.getSecureRandom(); ++ } ++ random.nextBytes(ivBytes); ++ } else { ++ throw new InvalidAlgorithmParameterException("Parameters required for decryption"); ++ } ++ } else if (keyAlgo.equalsIgnoreCase("SM4") && ivBytes.length < blockSize) { ++ byte[] temp = new byte[blockSize]; ++ System.arraycopy(ivBytes, 0, temp, 0, ivBytes.length); ++ ivBytes = temp; ++ } ++ implInit(doEncrypt, key.getEncoded(), ivBytes, tagLen); ++ } ++ ++ private void checkTagLen(int tagLen) throws InvalidAlgorithmParameterException { ++ if ((tagLen < 96) || (tagLen > 128) || ((tagLen & 0x07) != 0)) { ++ throw new InvalidAlgorithmParameterException ++ ("Unsupported TLen value; must be one of {128, 120, 112, 104, 96}"); ++ } ++ } ++ ++ protected abstract void checkIvBytes(byte[] ivBytes) throws InvalidAlgorithmParameterException; ++ ++ protected abstract String getCipherName(int keyLength, Mode mode); ++ ++ private void implInit(boolean encrypt, byte[] keyVal, byte[] ivVal, int tagLen) ++ throws InvalidAlgorithmParameterException { ++ reset(true); ++ this.encrypt = encrypt; ++ this.keyValue = keyVal; ++ this.iv = ivVal; ++ this.cipherName = getCipherName(keyValue.length * 8, mode); ++ ++ if (mode == Mode.GCM) { ++ if (tagLen == -1) { ++ tagLen = defaultGcmTagLen; ++ } ++ this.tagLengthInBytes = tagLen; ++ if (encrypt) { ++ // Check key+iv for encryption in GCM mode. ++ boolean requireReinit = Arrays.equals(ivVal, lastEncIv) && MessageDigest.isEqual(keyVal, lastEncKey); ++ if (requireReinit) { ++ throw new InvalidAlgorithmParameterException("Cannot reuse iv for GCM encryption"); ++ } ++ lastEncIv = ivVal; ++ lastEncKey = keyVal; ++ } ++ } ++ ++ // OpenSSL only supports PKCS5 Padding. ++ long pCtxVal; ++ try { ++ pCtxVal = nativeInit(cipherName, encrypt, keyValue, iv, padding == Padding.PKCS5PADDING); ++ } catch (RuntimeException e) { ++ throw new ProviderException("Invoke nativeInit failed for " + cipherName, e); ++ } ++ ++ initialized = (pCtxVal != 0L); ++ if (initialized) { ++ pCtx = new CipherContextRef(this, pCtxVal); ++ } else { ++ throw new NullPointerException("pCtxVal == 0"); ++ } ++ calledUpdate = false; ++ } ++ ++ protected abstract void checkKey(Key key) throws InvalidKeyException; ++ ++ @Override ++ protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) { ++ byte[] out = new byte[getOutputSizeByOperation(inputLen, false)]; ++ int outLen = implUpdate(input, inputOffset, inputLen, out, 0); ++ if (outLen == 0) { ++ return new byte[0]; ++ } else if (out.length != outLen) { ++ out = Arrays.copyOf(out, outLen); ++ } ++ return out; ++ } ++ ++ @Override ++ protected int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, ++ int outputOffset) throws ShortBufferException { ++ int min = getOutputSizeByOperation(inputLen, false); ++ if (output == null || output.length - outputOffset < min) { ++ throw new ShortBufferException("min " + min + "-byte buffer needed"); ++ } ++ return implUpdate(input, inputOffset, inputLen, output, outputOffset); ++ } ++ ++ private int implUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) { ++ ensureInitialized(); ++ if (inputLen <= 0) { ++ return 0; ++ } ++ int outLen; ++ try { ++ outLen = nativeUpdate(pCtx.ctxAddress, input, inputOffset, inputLen, output, outputOffset, ++ mode == Mode.GCM, aad); ++ aad = null; ++ } catch (ArrayIndexOutOfBoundsException e) { ++ reset(true); ++ throw new ProviderException("Invoke nativeUpdate failed for " + cipherName, e); ++ } ++ bytesBuffered += (inputLen - outLen); ++ ++ calledUpdate = true; ++ return outLen; ++ } ++ ++ protected int getOutputSizeByOperation(int inLen, boolean isDoFinal) { ++ int ret; ++ ++ if (inLen <= 0) { ++ inLen = 0; ++ } ++ if (padding == Padding.NOPADDING) { ++ ret = inLen + bytesBuffered; ++ } else { ++ int len = inLen + bytesBuffered; ++ ++ // The amount of data written may be anything from zero bytes to (inl + cipher_block_size - 1) for encrypt. ++ // Refer to {@link https://www.openssl.org/docs/man1.1.0/man3/EVP_CipherUpdate.html} for details. ++ len += (len % blockSize != 0 || encrypt) ? blockSize : 0; ++ ret = len - (len % blockSize); ++ } ++ if (mode == Mode.GCM && isDoFinal) { ++ if (encrypt) { ++ ret = ret + tagLengthInBytes; ++ } else { ++ ret = Math.max(0, ret - tagLengthInBytes); ++ } ++ } ++ return ret; ++ } ++ ++ @Override ++ protected byte[] engineDoFinal(byte[] input, int inputOffset, ++ int inputLen) throws IllegalBlockSizeException, BadPaddingException { ++ byte[] out = new byte[getOutputSizeByOperation(inputLen, true)]; ++ try { ++ int outLen = engineDoFinal(input, inputOffset, inputLen, out, 0); ++ if (out.length != outLen) { ++ out = Arrays.copyOf(out, outLen); ++ } ++ return out; ++ } catch (ShortBufferException e) { ++ throw new ProviderException(e); ++ } ++ } ++ ++ @Override ++ protected int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, ++ int outputOffset) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException { ++ int outLen = 0; ++ int min = getOutputSizeByOperation(inputLen, true); ++ if (output == null || output.length - outputOffset < min) { ++ throw new ShortBufferException("min " + min + "-byte buffer needed"); ++ } ++ ++ int updateLen = inputLen; ++ if (mode == Mode.GCM && !encrypt) { ++ // Remove tagLengthInBytes suffix in GCM decrypt. ++ updateLen = inputLen - tagLengthInBytes; ++ } ++ outLen = implUpdate(input, inputOffset, updateLen, output, outputOffset); ++ outputOffset += outLen; ++ ++ byte[] gcmTag = null; ++ if (mode == Mode.GCM && !encrypt) { ++ if (inputLen - outLen != tagLengthInBytes) { ++ throw new AEADBadTagException("Tag mismatch!"); ++ } ++ // The last tagLengthInBytees in the input arg gcmTag. ++ gcmTag = Arrays.copyOfRange(input, inputOffset + inputLen - tagLengthInBytes, inputOffset + inputLen); ++ } ++ ++ outLen += implDoFinal(output, outputOffset, gcmTag); ++ return outLen; ++ } ++ ++ @Override ++ protected byte[] engineWrap(Key key) throws IllegalBlockSizeException, InvalidKeyException { ++ byte[] res = null; ++ try { ++ byte[] encodedKey = key.getEncoded(); ++ if (encodedKey == null || encodedKey.length == 0) { ++ throw new InvalidKeyException("Cannot get an encoding of the key to be wrapped"); ++ } ++ res = engineDoFinal(encodedKey, 0, encodedKey.length); ++ } catch (BadPaddingException e) { ++ // Should never happen ++ } ++ return res; ++ } ++ ++ @Override ++ protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, ++ int wrappedKeyType) throws InvalidKeyException, NoSuchAlgorithmException { ++ byte[] encodedKey; ++ try { ++ encodedKey = engineDoFinal(wrappedKey, 0, wrappedKey.length); ++ } catch (IllegalBlockSizeException | BadPaddingException e) { ++ throw (InvalidKeyException) (new InvalidKeyException()).initCause(e); ++ } ++ return constructKey(wrappedKeyType, encodedKey, wrappedKeyAlgorithm); ++ } ++ ++ @Override ++ protected void engineUpdateAAD(ByteBuffer byteBuffer) { ++ if (aad == null) { ++ aad = new byte[byteBuffer.remaining()]; ++ byteBuffer.get(aad); ++ } else { ++ int newSize = aad.length + byteBuffer.remaining(); ++ byte[] newaad = new byte[newSize]; ++ System.arraycopy(aad, 0, newaad, 0, aad.length); ++ byteBuffer.get(newaad, aad.length, byteBuffer.remaining()); ++ aad = newaad; ++ } ++ } ++ ++ @Override ++ protected void engineUpdateAAD(byte[] input, int inputOffset, int inputLen) { ++ if (aad == null) { ++ aad = Arrays.copyOfRange(input, inputOffset, inputOffset + inputLen); ++ } else { ++ int newSize = aad.length + inputLen; ++ byte[] newaad = new byte[newSize]; ++ System.arraycopy(aad, 0, newaad, 0, aad.length); ++ System.arraycopy(input, inputOffset, newaad, aad.length, inputLen); ++ aad = newaad; ++ } ++ } ++ ++ private int implDoFinal(byte[] out, int outputOffset, byte[] gcmTag) ++ throws BadPaddingException, IllegalBlockSizeException { ++ if (!encrypt && !calledUpdate) { ++ return 0; ++ } ++ ensureInitialized(); ++ ++ int outLen; ++ try { ++ if (mode == Mode.GCM) { ++ outLen = nativeFinalGcm(pCtx.ctxAddress, out, outputOffset, mode == Mode.GCM, tagLengthInBytes, ++ gcmTag, encrypt); ++ } else { ++ outLen = nativeFinal(pCtx.ctxAddress, out, outputOffset); ++ } ++ } catch (ArrayIndexOutOfBoundsException | BadPaddingException e) { ++ if (e instanceof AEADBadTagException) { ++ throw e; // AEADBadTagException is expected for some tests ++ } else if (e instanceof BadPaddingException || e.getMessage().contains("wrong final block length")) { ++ if (padding == Padding.NOPADDING) { ++ throw new IllegalBlockSizeException("Input length not multiple of " + blockSize + " bytes"); ++ } else { ++ throw e; ++ } ++ } else { ++ throw new ProviderException("Invoke nativeFinal failed for " + cipherName, e); ++ } ++ } finally { ++ reset(true); ++ } ++ ++ return outLen; ++ } ++ ++ protected void reset(boolean doCancel) { ++ initialized = false; ++ bytesBuffered = 0; ++ calledUpdate = false; ++ ++ // for gcm ++ aad = null; ++ ++ if (pCtx != null) { ++ pCtx.dispose(doCancel); ++ pCtx = null; ++ } ++ } ++ ++ protected static native long nativeInit(String cipherType, boolean encrypt, byte[] key, byte[] iv, boolean padding) ++ throws RuntimeException; ++ ++ protected static native int nativeUpdate(long pContext, byte[] in, int inOfs, int inLen, byte[] out, ++ int outOfs, boolean gcm, byte[] aad) throws ArrayIndexOutOfBoundsException; ++ ++ protected static native int nativeFinal(long pContext, byte[] out, ++ int outOfs) throws ArrayIndexOutOfBoundsException, BadPaddingException; ++ ++ protected static native void nativeFree(long pContext); ++ ++ protected static native int nativeFinalGcm(long pContext, byte[] out, int outOfs, boolean gcm, ++ int tagLength, byte[] gcmTag, boolean encrypt) throws ArrayIndexOutOfBoundsException, BadPaddingException; ++ ++ protected void ensureInitialized() { ++ if (!initialized) { ++ reset(true); ++ long pCtxVal = nativeInit(cipherName, encrypt, keyValue, iv, padding == Padding.PKCS5PADDING); ++ initialized = (pCtxVal != 0L); ++ if (initialized) { ++ pCtx = new CipherContextRef(this, pCtxVal); ++ } else { ++ throw new RuntimeException("Cannot initialize Cipher"); ++ } ++ } ++ } ++} ++ +diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEUtils.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEUtils.java +index f563fd07..21a6116e 100644 +--- a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEUtils.java ++++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEUtils.java +@@ -91,8 +91,12 @@ class KAEUtils { + private static final Map DIGEST_ALGORITHM_NAME_MAP = new HashMap<>(); + private static final Map DIGEST_ALGORITHM_LENGTH_MAP = new HashMap<>(); + ++ private static final Map SIZE_TO_CURVE = new HashMap<>(); ++ private static final Map CURVE_ALIAS = new HashMap<>(); ++ + static { + initDigest(); ++ initECDH(); + } + + private static void initDigest() { +@@ -109,11 +113,11 @@ class KAEUtils { + + // get the kae digest algorithm name + static String getKAEDigestName(String digestName) { +- return DIGEST_ALGORITHM_NAME_MAP.get(digestName); ++ return digestName == null ? null : DIGEST_ALGORITHM_NAME_MAP.get(digestName.toUpperCase(Locale.ROOT)); + } + +- static int getDigestLength(String digestName) { +- return DIGEST_ALGORITHM_LENGTH_MAP.get(digestName); ++ static Integer getDigestLength(String digestName) { ++ return digestName == null ? null :DIGEST_ALGORITHM_LENGTH_MAP.get(digestName.toUpperCase(Locale.ROOT)); + } + + static class ConstructKeys { +@@ -193,4 +197,24 @@ class KAEUtils { + } + } + } ++ ++ private static void initECDH() { ++ SIZE_TO_CURVE.put(224, "secp224r1"); ++ SIZE_TO_CURVE.put(256, "prime256v1"); ++ SIZE_TO_CURVE.put(384, "secp384r1"); ++ SIZE_TO_CURVE.put(521, "secp521r1"); ++ CURVE_ALIAS.put("secp256r1", "prime256v1"); ++ CURVE_ALIAS.put("1.3.132.0.33", "secp224r1"); ++ CURVE_ALIAS.put("1.3.132.0.34", "secp384r1"); ++ CURVE_ALIAS.put("1.3.132.0.35", "secp521r1"); ++ CURVE_ALIAS.put("1.2.840.10045.3.1.7", "prime256v1"); ++ } ++ ++ static String getCurveBySize(int size) { ++ return SIZE_TO_CURVE.get(size); ++ } ++ ++ static String getCurveByAlias(String alias) { ++ return CURVE_ALIAS.get(alias); ++ } + } +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_aes.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_aes.c +deleted file mode 100644 +index 8a9526a2..00000000 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_aes.c ++++ /dev/null +@@ -1,255 +0,0 @@ +-/* +- * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +- +-#include +-#include +-#include +-#include "kae_log.h" +-#include "kae_exception.h" +-#include "org_openeuler_security_openssl_KAEAESCipher.h" +- +-static const EVP_CIPHER* EVPGetCipherByName(JNIEnv* env, const char* algo) +-{ +- static const EVP_CIPHER* aes128Ecb = NULL; +- static const EVP_CIPHER* aes128Cbc = NULL; +- static const EVP_CIPHER* aes128Ctr = NULL; +- static const EVP_CIPHER* aes192Ecb = NULL; +- static const EVP_CIPHER* aes192Cbc = NULL; +- static const EVP_CIPHER* aes192Ctr = NULL; +- static const EVP_CIPHER* aes256Ecb = NULL; +- static const EVP_CIPHER* aes256Cbc = NULL; +- static const EVP_CIPHER* aes256Ctr = NULL; +- +- if (strcasecmp(algo, "aes-128-ecb") == 0) { +- return aes128Ecb == NULL ? aes128Ecb = EVP_get_cipherbyname(algo) : aes128Ecb; +- } else if (strcasecmp(algo, "aes-128-cbc") == 0) { +- return aes128Cbc == NULL ? aes128Cbc = EVP_get_cipherbyname(algo) : aes128Cbc; +- } else if (strcasecmp(algo, "aes-128-ctr") == 0) { +- return aes128Ctr == NULL ? aes128Ctr = EVP_get_cipherbyname(algo) : aes128Ctr; +- } else if (strcasecmp(algo, "aes-192-ecb") == 0) { +- return aes192Ecb == NULL ? aes192Ecb = EVP_get_cipherbyname(algo) : aes192Ecb; +- } else if (strcasecmp(algo, "aes-192-cbc") == 0) { +- return aes192Cbc == NULL ? aes192Cbc = EVP_get_cipherbyname(algo) : aes192Cbc; +- } else if (strcasecmp(algo, "aes-192-ctr") == 0) { +- return aes192Ctr == NULL ? aes192Ctr = EVP_get_cipherbyname(algo) : aes192Ctr; +- } else if (strcasecmp(algo, "aes-256-ecb") == 0) { +- return aes256Ecb == NULL ? aes256Ecb = EVP_get_cipherbyname(algo) : aes256Ecb; +- } else if (strcasecmp(algo, "aes-256-cbc") == 0) { +- return aes256Cbc == NULL ? aes256Cbc = EVP_get_cipherbyname(algo) : aes256Cbc; +- } else if (strcasecmp(algo, "aes-256-ctr") == 0) { +- return aes256Ctr == NULL ? aes256Ctr = EVP_get_cipherbyname(algo) : aes256Ctr; +- } else { +- KAE_ThrowRuntimeException(env, "EVPGetCipherByName error"); +- return 0; +- } +-} +- +-/* +- * Class: org_openeuler_security_openssl_KAEAESCipher +- * Method: nativeInit +- * Signature: (Ljava/lang/String;Z[B[B)J +- */ +-JNIEXPORT jlong JNICALL +-Java_org_openeuler_security_openssl_KAEAESCipher_nativeInit(JNIEnv* env, jclass cls, +- jstring cipherType, jboolean encrypt, jbyteArray key, jbyteArray iv, jboolean padding) +-{ +- EVP_CIPHER_CTX* ctx = NULL; +- jbyte* keyBytes = NULL; +- jbyte* ivBytes = NULL; +- const EVP_CIPHER* cipher = NULL; +- +- const char* algo = (*env)->GetStringUTFChars(env, cipherType, 0); +- cipher = EVPGetCipherByName(env, algo); +- (*env)->ReleaseStringUTFChars(env, cipherType, algo); +- if (cipher == NULL) { +- KAE_ThrowOOMException(env, "create EVP_CIPHER fail"); +- goto err; +- } +- +- ctx = EVP_CIPHER_CTX_new(); +- if (ctx == NULL) { +- KAE_ThrowOOMException(env, "create EVP_CIPHER_CTX fail"); +- goto err; +- } +- +- if (iv != NULL) { +- ivBytes = (*env)->GetByteArrayElements(env, iv, NULL); +- } +- const unsigned char* i = (const unsigned char*) ivBytes; +- +- if (key != NULL) { +- keyBytes = (*env)->GetByteArrayElements(env, key, NULL); +- } +- const unsigned char* k = (const unsigned char*) keyBytes; +- +- if (!EVP_CipherInit_ex(ctx, cipher, NULL, k, i, encrypt ? 1 : 0)) { +- KAE_ThrowFromOpenssl(env, "EVP_CipherInit_ex failed", KAE_ThrowRuntimeException); +- goto err; +- } +- KAE_TRACE("KAEAESCipher_nativeInit EVP_CipherInit_ex(ctx = %p, cipher = %p, key = %p, iv = %p, encrypt = %d) " +- "success", ctx, cipher, key, iv, encrypt ? 1 : 0); +- +- EVP_CIPHER_CTX_set_padding(ctx, padding ? 1 : 0); +- +- if (iv != NULL) { +- (*env)->ReleaseByteArrayElements(env, iv, ivBytes, 0); +- } +- (*env)->ReleaseByteArrayElements(env, key, keyBytes, 0); +- return (jlong) ctx; +-err: +- if (ctx != NULL) { +- EVP_CIPHER_CTX_free(ctx); +- } +- if (ivBytes != NULL) { +- (*env)->ReleaseByteArrayElements(env, iv, ivBytes, 0); +- } +- if (keyBytes != NULL) { +- (*env)->ReleaseByteArrayElements(env, key, keyBytes, 0); +- } +- return 0; +-} +- +-/* +- * Class: org_openeuler_security_openssl_KAEAESCipher +- * Method: nativeUpdate +- * Signature: (JZ[BII[BI)I +- */ +-JNIEXPORT jint JNICALL +-Java_org_openeuler_security_openssl_KAEAESCipher_nativeUpdate(JNIEnv* env, jclass cls, +- jlong ctxAddress, jbyteArray inArr, jint inOfs, jint inLen, jbyteArray outArr, jint outOfs) +-{ +- jbyte* in = NULL; +- unsigned char* out = NULL; +- +- EVP_CIPHER_CTX* ctx = (EVP_CIPHER_CTX*) ctxAddress; +- if (ctx == NULL) { +- goto err; +- } +- +- if (inArr == NULL || outArr == NULL) { +- goto err; +- } +- int inputLen = (*env)->GetArrayLength(env, inArr); +- if ((inOfs < 0) || (inOfs > inputLen) || (inLen < 0) || (inLen > inputLen - inOfs)) { +- KAE_ThrowArrayIndexOutOfBoundsException(env, "inArr"); +- goto err; +- } +- in = malloc(sizeof(jbyte) * inputLen); +- if (in == NULL) { +- KAE_ThrowOOMException(env, "malloc error"); +- goto err; +- } +- (*env)->GetByteArrayRegion(env, inArr, 0, inputLen, in); +- +- int outputLen = (*env)->GetArrayLength(env, outArr); +- if ((outOfs < 0) || (outOfs > outputLen) || (inLen < 0) || (inLen > outputLen - outOfs)) { +- KAE_ThrowArrayIndexOutOfBoundsException(env, "outArr"); +- goto err; +- } +- out = malloc(outputLen - outOfs); +- if (out == NULL) { +- KAE_ThrowOOMException(env, "malloc error"); +- goto err; +- } +- +- unsigned int bytesWritten = 0; +- if (EVP_CipherUpdate(ctx, out, &bytesWritten, in + inOfs, inLen) == 0) { +- KAE_ThrowFromOpenssl(env, "EVP_CipherUpdate failed", KAE_ThrowRuntimeException); +- goto err; +- } +- KAE_TRACE("KAEAESCipher_nativeUpdate EVP_CipherUpdate success, bytesWritten = %d", bytesWritten); +- (*env)->SetByteArrayRegion(env, outArr, outOfs, bytesWritten, (jbyte*) out); +- +- free(in); +- free(out); +- return bytesWritten; +-err: +- if (in != NULL) { +- free(in); +- } +- if (out != NULL) { +- free(out); +- } +- return 0; +-} +- +-/* +- * Class: org_openeuler_security_openssl_KAEAESCipher +- * Method: nativeFinal +- * Signature: (JZ[BI)I +- */ +-JNIEXPORT jint JNICALL +-Java_org_openeuler_security_openssl_KAEAESCipher_nativeFinal(JNIEnv* env, jclass cls, +- jlong ctxAddress, jbyteArray outArr, jint outOfs) +-{ +- unsigned char* out; +- EVP_CIPHER_CTX* ctx = (EVP_CIPHER_CTX*) ctxAddress; +- KAE_TRACE("KAEAESCipher_nativeFinal(ctxAddress = %p, outArr = %p, outOfs = %d)", +- ctx, outArr, outOfs); +- if (ctx == NULL) { +- goto err; +- } +- if (outArr == NULL) { +- goto err; +- } +- int outputLen = (*env)->GetArrayLength(env, outArr); +- out = malloc(outputLen - outOfs); +- if (out == NULL) { +- KAE_ThrowOOMException(env, "malloc error"); +- goto err; +- } +- unsigned int bytesWritten = 0; +- int result_code = EVP_CipherFinal_ex(ctx, out, &bytesWritten); +- if (result_code == 0) { +- KAE_ThrowFromOpenssl(env, "EVP_CipherFinal_ex failed", KAE_ThrowBadPaddingException); +- goto err; +- } +- KAE_TRACE("KAEAESCipher_nativeFinal EVP_CipherFinal_ex success, bytesWritten = %d", bytesWritten); +- (*env)->SetByteArrayRegion(env, outArr, outOfs, bytesWritten, (jbyte*) out); +- free(out); +- KAE_TRACE("KAEAESCipher_nativeFinal: finished"); +- return bytesWritten; +- +-err: +- if (out != NULL) { +- free(out); +- } +- return 0; +-} +- +-/* +- * Class: org_openeuler_security_openssl_KAEAESCipher +- * Method: nativeFree +- * Signature: (J)V +- */ +-JNIEXPORT void JNICALL +-Java_org_openeuler_security_openssl_KAEAESCipher_nativeFree(JNIEnv* env, jclass cls, jlong ctxAddress) +-{ +- EVP_CIPHER_CTX* ctx = (EVP_CIPHER_CTX*) ctxAddress; +- KAE_TRACE("KAEAESCipher_nativeFree(ctx = %p)", ctx); +- if (ctx != NULL) { +- EVP_CIPHER_CTX_free(ctx); +- } +- +- KAE_TRACE("KAEAESCipher_nativeFree: finished"); +-} +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c +index d689d4b1..3fbacf77 100644 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c +@@ -21,15 +21,13 @@ + * questions. + */ + ++#include + #include + #include + #include "kae_util.h" + #include "kae_exception.h" + #include "org_openeuler_security_openssl_KAERSACipher.h" + +-#define SUCCESS 1 +-#define FAILED -1 +- + typedef int RSACryptOperation(int, const unsigned char*, unsigned char*, RSA*, int); + + typedef int EvpPkeyCryptOperation(EVP_PKEY_CTX*, unsigned char*, size_t*, const unsigned char*, size_t); +@@ -88,55 +86,55 @@ cleanup: + /* + * set rsa padding + */ +-static int SetRSAPadding(JNIEnv* env, EVP_PKEY_CTX* pkeyCtx, int paddingType) { ++static bool SetRSAPadding(JNIEnv* env, EVP_PKEY_CTX* pkeyCtx, int paddingType) { + if (EVP_PKEY_CTX_set_rsa_padding(pkeyCtx, paddingType) <= 0) { + KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_set_rsa_padding", KAE_ThrowInvalidAlgorithmParameterException); +- return FAILED; ++ return false; + } +- return SUCCESS; ++ return true; + } + + /* + * set rsa mgf1 md + */ +-static int SetRSAMgf1Md(JNIEnv* env, EVP_PKEY_CTX* pkeyCtx, const char* mgf1MdAlgoUTF) { ++static bool SetRSAMgf1Md(JNIEnv* env, EVP_PKEY_CTX* pkeyCtx, const char* mgf1MdAlgoUTF) { + EVP_MD* mgf1MD = (EVP_MD*)EVP_get_digestbyname(mgf1MdAlgoUTF); + if (mgf1MD == NULL) { + KAE_ThrowFromOpenssl(env, "EVP_get_digestbyname", KAE_ThrowInvalidAlgorithmParameterException); +- return FAILED; ++ return false; + } + if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkeyCtx, mgf1MD) <= 0) { + KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_set_rsa_mgf1_md", KAE_ThrowInvalidAlgorithmParameterException); +- return FAILED; ++ return false; + } +- return SUCCESS; ++ return true; + } + + /* + * set rsa oaep md + */ +-static int SetRSAOaepMd(JNIEnv* env, EVP_PKEY_CTX* pkeyCtx, const char* oaepMdAlgoUTF) { ++static bool SetRSAOaepMd(JNIEnv* env, EVP_PKEY_CTX* pkeyCtx, const char* oaepMdAlgoUTF) { + EVP_MD* oaepMD = (EVP_MD*)EVP_get_digestbyname(oaepMdAlgoUTF); + if (oaepMD == NULL) { + KAE_ThrowFromOpenssl(env, "EVP_get_digestbyname", KAE_ThrowInvalidAlgorithmParameterException); +- return FAILED; ++ return false; + } + if (EVP_PKEY_CTX_set_rsa_oaep_md(pkeyCtx, oaepMD) <= 0) { + KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_set_rsa_oaep_md", KAE_ThrowInvalidAlgorithmParameterException); +- return FAILED; ++ return false; + } +- return SUCCESS; ++ return true; + } + + /* + * set rsa oaep label + */ +-static int SetRSAOaepLabel(JNIEnv* env, EVP_PKEY_CTX* pkeyCtx, jbyte* labelBytes, jsize labelSize) { ++static bool SetRSAOaepLabel(JNIEnv* env, EVP_PKEY_CTX* pkeyCtx, jbyte* labelBytes, jsize labelSize) { + if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkeyCtx, labelBytes, labelSize) <= 0) { + KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_set0_rsa_oaep_label", KAE_ThrowInvalidAlgorithmParameterException); +- return FAILED; ++ return false; + } +- return SUCCESS; ++ return true; + } + + /* +@@ -194,9 +192,9 @@ static int RSACryptOAEPPadding(JNIEnv* env, jlong keyAddress, jint inLen, jbyteA + * set rsa mgf1 md + * set rsa oaep md + */ +- if(SetRSAPadding(env, pkeyCtx, paddingType) == FAILED || +- SetRSAMgf1Md(env, pkeyCtx, mgf1MdAlgoUTF) == FAILED || +- SetRSAOaepMd(env, pkeyCtx, oaepMdAlgoUTF) == FAILED) { ++ if(!SetRSAPadding(env, pkeyCtx, paddingType) || ++ !SetRSAMgf1Md(env, pkeyCtx, mgf1MdAlgoUTF) || ++ !SetRSAOaepMd(env, pkeyCtx, oaepMdAlgoUTF)) { + goto cleanup; + } + +@@ -210,7 +208,7 @@ static int RSACryptOAEPPadding(JNIEnv* env, jlong keyAddress, jint inLen, jbyteA + goto cleanup; + } + (*env)->GetByteArrayRegion(env, label, 0, labelSize, labelBytes); +- if(SetRSAOaepLabel(env, pkeyCtx, labelBytes, labelSize) == FAILED) { ++ if(!SetRSAOaepLabel(env, pkeyCtx, labelBytes, labelSize)) { + free(labelBytes); + goto cleanup; + } +@@ -279,21 +277,21 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC + (bnDMP1 = KAE_GetBigNumFromByteArray(env, dmp1)) == NULL || + (bnDMQ1 = KAE_GetBigNumFromByteArray(env, dmq1)) == NULL || + (bnIQMP = KAE_GetBigNumFromByteArray(env, iqmp)) == NULL) { +- goto err; ++ goto cleanup; + } + + // new pkey + pkey = EVP_PKEY_new(); + if (pkey == NULL) { + KAE_ThrowFromOpenssl(env, "EVP_PKEY_new", KAE_ThrowRuntimeException); +- goto err; ++ goto cleanup; + } + + // new rsa + rsa = RSA_new(); + if (rsa == NULL) { + KAE_ThrowFromOpenssl(env, "RSA_new", KAE_ThrowRuntimeException); +- goto err; ++ goto cleanup; + } + + // set rsa private crt key params n,e,d,p,q,dmp1,dmp1,iqmp +@@ -301,17 +299,17 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC + RSA_set0_factors(rsa, bnP, bnQ) <= 0 || + RSA_set0_crt_params(rsa, bnDMP1, bnDMQ1, bnIQMP) <= 0) { + KAE_ThrowFromOpenssl(env, "RSA set param", KAE_ThrowRuntimeException); +- goto err; ++ goto cleanup; + } + + // assign rsa to pkey + int result = EVP_PKEY_assign_RSA(pkey, rsa); + if (result <= 0) { + KAE_ThrowFromOpenssl(env, "EVP_PKEY_assign_RSA", KAE_ThrowRuntimeException); +- goto err; ++ goto cleanup; + } + return (jlong)pkey; +-err: ++cleanup: + ReleaseRSAParams(bnN, bnE, bnD, bnP, bnQ, bnDMP1, bnDMQ1, bnIQMP); + RSA_free(rsa); + EVP_PKEY_free(pkey); +@@ -334,43 +332,43 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC + // get public key param n + bnN = KAE_GetBigNumFromByteArray(env, n); + if (bnN == NULL) { +- goto err; ++ goto cleanup; + } + + // get public key param e + bnE = KAE_GetBigNumFromByteArray(env, e); + if (bnE == NULL) { +- goto err; ++ goto cleanup; + } + + // new RSA + rsa = RSA_new(); + if (rsa == NULL) { + KAE_ThrowFromOpenssl(env, "RSA_new", KAE_ThrowRuntimeException); +- goto err; ++ goto cleanup; + } + + // new EVP_PKEY + pkey = EVP_PKEY_new(); + if (pkey == NULL) { + KAE_ThrowFromOpenssl(env, "EVP_PKEY_new", KAE_ThrowRuntimeException); +- goto err; ++ goto cleanup; + } + + // set rsa public key params n and e + if(RSA_set0_key(rsa, bnN, bnE, NULL) <= 0) { + KAE_ThrowFromOpenssl(env, "RSA_set0_key", KAE_ThrowRuntimeException); +- goto err; ++ goto cleanup; + } + + // assign rsa to pkey + int result = EVP_PKEY_assign_RSA(pkey, rsa); + if (result <= 0) { + KAE_ThrowFromOpenssl(env, "EVP_PKEY_assign_RSA", KAE_ThrowRuntimeException); +- goto err; ++ goto cleanup; + } + return (jlong)pkey; +-err: ++cleanup: + KAE_ReleaseBigNumFromByteArray(bnN); + KAE_ReleaseBigNumFromByteArray(bnE); + RSA_free(rsa); +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_digest.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_digest.c +index 6ae14969..f0e7b0be 100644 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_digest.c ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_digest.c +@@ -21,10 +21,12 @@ + * questions. + */ + ++#include + #include + #include +-#include "kae_log.h" + #include "kae_exception.h" ++#include "kae_log.h" ++#include "kae_util.h" + #include "org_openeuler_security_openssl_KAEDigest.h" + + #define DIGEST_STACK_SIZE 1024 +@@ -40,6 +42,7 @@ JNIEXPORT jlong JNICALL + Java_org_openeuler_security_openssl_KAEDigest_nativeInit(JNIEnv *env, jclass cls, jstring algorithmName) + { + EVP_MD_CTX* ctx = NULL; ++ static ENGINE* kaeEngine = NULL; + + if (algorithmName == NULL) { + KAE_ThrowNullPointerException(env, "algorithm is null"); +@@ -48,6 +51,11 @@ Java_org_openeuler_security_openssl_KAEDigest_nativeInit(JNIEnv *env, jclass cls + + // EVP_get_digestbyname + const char* algo_utf = (*env)->GetStringUTFChars(env, algorithmName, 0); ++ if ((strcasecmp(algo_utf, "md5") == 0) || (strcasecmp(algo_utf, "sm3") == 0)) { ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; ++ } else { ++ kaeEngine = NULL; ++ } + EVP_MD* md = (EVP_MD*) EVP_get_digestbyname(algo_utf); + (*env)->ReleaseStringUTFChars(env, algorithmName, algo_utf); + if (md == NULL) { +@@ -64,17 +72,17 @@ Java_org_openeuler_security_openssl_KAEDigest_nativeInit(JNIEnv *env, jclass cls + KAE_TRACE("KAEDigest_nativeInit: create ctx => %p", ctx); + + // EVP_DigestInit_ex +- int result_code = EVP_DigestInit_ex(ctx, md, NULL); ++ int result_code = EVP_DigestInit_ex(ctx, md, kaeEngine); + if (result_code == 0) { + KAE_ThrowFromOpenssl(env, "EVP_DigestInit_ex failed", KAE_ThrowRuntimeException); +- goto err; ++ goto cleanup; + } + KAE_TRACE("KAEDigest_nativeInit EVP_DigestInit_ex(ctx = %p, md = %p) success", ctx, md); + + KAE_TRACE("KAEDigest_nativeInit: finished"); + return (jlong) ctx; + +-err: ++cleanup: + EVP_MD_CTX_destroy(ctx); + return 0; + } +@@ -198,13 +206,13 @@ Java_org_openeuler_security_openssl_KAEDigest_nativeClone(JNIEnv *env, jclass cl + int result_code = EVP_MD_CTX_copy_ex(ctxCopy, ctx); + if (result_code == 0) { + KAE_ThrowFromOpenssl(env, "EVP_MD_CTX_copy_ex failed", KAE_ThrowRuntimeException); +- goto err; ++ goto cleanup; + } + KAE_TRACE("KAEDigest_nativeClone EVP_MD_CTX_copy_ex(ctxCopy = %p, ctx = %p) success", ctxCopy, ctx); + KAE_TRACE("KAEDigest_nativeClone: finished"); + return (jlong) ctxCopy; + +-err: ++cleanup: + EVP_MD_CTX_destroy(ctxCopy); + return 0; + } +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_exception.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_exception.c +index b1a29334..a10fa646 100644 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_exception.c ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_exception.c +@@ -56,6 +56,8 @@ void KAE_ThrowEvpException(JNIEnv* env, int reason, const char* msg, void (* def + KAE_ThrowByName(env, "java/security/InvalidKeyException", msg); + break; + case EVP_R_BAD_DECRYPT: ++ case EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH: ++ case EVP_F_EVP_PKEY_DECRYPT: + KAE_ThrowByName(env, "javax/crypto/BadPaddingException", msg); + break; + default: +@@ -90,7 +91,7 @@ void KAE_ThrowFromOpenssl(JNIEnv* env, const char* msg, void (* defaultException + + err = ERR_get_error_line_data(&file, &line, &data, &flags); + if (err == 0) { +- KAE_ThrowRuntimeException(env, "Unknown OpenSSL error"); ++ defaultException(env, msg); + return; + } + +@@ -104,6 +105,7 @@ void KAE_ThrowFromOpenssl(JNIEnv* env, const char* msg, void (* defaultException + + switch (lib) { + case ERR_LIB_EVP: ++ case ERR_LIB_RSA: + KAE_ThrowEvpException(env, reason, estring, defaultException); + break; + default: +@@ -114,3 +116,15 @@ void KAE_ThrowFromOpenssl(JNIEnv* env, const char* msg, void (* defaultException + + ERR_clear_error(); + } ++ ++void KAE_ThrowAEADBadTagException(JNIEnv *env, const char *msg) { ++ KAE_ThrowByName(env, "javax/crypto/AEADBadTagException", msg); ++} ++ ++void KAE_ThrowSignatureException(JNIEnv* env, const char* msg) { ++ KAE_ThrowByName(env, "java/security/SignatureException", msg); ++} ++ ++void KAE_ThrowClassNotFoundException(JNIEnv* env, const char* msg) { ++ KAE_ThrowByName(env, "java/lang/ClassNotFoundException", msg); ++} +\ No newline at end of file +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_exception.h b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_exception.h +index f528ad4a..53295399 100644 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_exception.h ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_exception.h +@@ -49,4 +49,9 @@ void KAE_ThrowInvalidKeyException(JNIEnv* env, const char* msg); + /* Throw AlgorithmParameterException */ + void KAE_ThrowInvalidAlgorithmParameterException(JNIEnv* env, const char* msg); + ++void KAE_ThrowAEADBadTagException(JNIEnv* env, const char* msg); ++ ++void KAE_ThrowSignatureException(JNIEnv* env, const char* msg); ++ ++void KAE_ThrowClassNotFoundException(JNIEnv* env, const char* msg); + #endif +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_mac.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_hmac.c +similarity index 87% +rename from jdk/src/solaris/native/org/openeuler/security/openssl/kae_mac.c +rename to jdk/src/solaris/native/org/openeuler/security/openssl/kae_hmac.c +index 2df2a9cb..7b28fa1f 100644 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_mac.c ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_hmac.c +@@ -22,9 +22,11 @@ + */ + + #include ++#include + #include + #include "kae_exception.h" + #include "kae_log.h" ++#include "kae_util.h" + + static const EVP_MD* EVPGetDigestByName(JNIEnv* env, const char* algo) + { +@@ -54,11 +56,11 @@ static const EVP_MD* EVPGetDigestByName(JNIEnv* env, const char* algo) + } + + /* +- * Class: org_openeuler_security_openssl_KAEMac ++ * Class: org_openeuler_security_openssl_KAEHMac + * Method: nativeInit + * Signature: ([BILjava/lang/String;)J + */ +-JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAEMac_nativeInit ++JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAEHMac_nativeInit + (JNIEnv* env, jclass cls, jbyteArray key, jint key_len, jstring algoStr) { + if (key == NULL || algoStr == NULL) { + KAE_ThrowNullPointerException(env, "param key or algoStr is null"); +@@ -92,32 +94,32 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAEMac_nativeInit + ctx = HMAC_CTX_new(); + if (ctx == NULL) { + KAE_ThrowRuntimeException(env, "Hmac_CTX_new invoked failed"); +- goto err; ++ goto cleanup; + } + + // init hmac context with sc_key and evp_md + int result_code = HMAC_Init_ex(ctx, key_buffer, key_len, md, NULL); + if (result_code == 0) { + KAE_ThrowRuntimeException(env, "Hmac_Init_ex invoked failed"); +- goto err; ++ goto cleanup; + } + free(key_buffer); + return (jlong) ctx; + +-err: ++cleanup: + free(key_buffer); + HMAC_CTX_free(ctx); + return 0; + } + + /* +- * Class: org_openeuler_security_openssl_KAEMac ++ * Class: org_openeuler_security_openssl_KAEHMac + * Method: nativeUpdate + * Signature: (J[BII)V + */ +-JNIEXPORT void JNICALL Java_org_openeuler_security_openssl_KAEMac_nativeUpdate ++JNIEXPORT void JNICALL Java_org_openeuler_security_openssl_KAEHMac_nativeUpdate + (JNIEnv* env, jclass cls, jlong hmac_ctx, jbyteArray input, jint in_offset, jint in_len) { +- KAE_TRACE("KAEMac_nativeUpdate(ctx = %p, input = %p, offset = %d, inLen = %d", hmac_ctx, input, in_offset, in_len); ++ KAE_TRACE("KAEHMac_nativeUpdate(ctx = %p, input = %p, offset = %d, inLen = %d", hmac_ctx, input, in_offset, in_len); + HMAC_CTX* ctx = (HMAC_CTX*) hmac_ctx; + if (ctx == NULL || input == NULL) { + KAE_ThrowNullPointerException(env, "param ctx or input is null"); +@@ -146,11 +148,11 @@ JNIEXPORT void JNICALL Java_org_openeuler_security_openssl_KAEMac_nativeUpdate + } + + /* +- * Class: org_openeuler_security_openssl_KAEMac ++ * Class: org_openeuler_security_openssl_KAEHMac + * Method: nativeFinal + * Signature: (J[BII)I + */ +-JNIEXPORT jint JNICALL Java_org_openeuler_security_openssl_KAEMac_nativeFinal ++JNIEXPORT jint JNICALL Java_org_openeuler_security_openssl_KAEHMac_nativeFinal + (JNIEnv* env, jclass cls, jlong hmac_ctx, jbyteArray output, jint out_offset, jint in_len) { + HMAC_CTX* ctx = (HMAC_CTX*) hmac_ctx; + if (ctx == NULL || output == NULL) { +@@ -180,7 +182,7 @@ JNIEXPORT jint JNICALL Java_org_openeuler_security_openssl_KAEMac_nativeFinal + + // write back to output_array + (*env)->SetByteArrayRegion(env, output, out_offset, bytesWritten, (jbyte*) temp_result); +- KAE_TRACE("KAEMac_nativeFinal success, output_offset = %d, bytesWritten = %d", out_offset, bytesWritten); ++ KAE_TRACE("KAEHMac_nativeFinal success, output_offset = %d, bytesWritten = %d", out_offset, bytesWritten); + + cleanup: + free(temp_result); +@@ -188,11 +190,11 @@ cleanup: + } + + /* +- * Class: org_openeuler_security_openssl_KAEMac ++ * Class: org_openeuler_security_openssl_KAEHMac + * Method: nativeFree + * Signature: (J)V + */ +-JNIEXPORT void JNICALL Java_org_openeuler_security_openssl_KAEMac_nativeFree ++JNIEXPORT void JNICALL Java_org_openeuler_security_openssl_KAEHMac_nativeFree + (JNIEnv* env, jclass cls, jlong hmac_ctx) { + HMAC_CTX* ctx = (HMAC_CTX*) hmac_ctx; + if (ctx != NULL) { +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_dh.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_dh.c +new file mode 100644 +index 00000000..5894a4b4 +--- /dev/null ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_dh.c +@@ -0,0 +1,137 @@ ++/* ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include "kae_util.h" ++#include "kae_exception.h" ++#include "kae_log.h" ++#include "org_openeuler_security_openssl_KAEDHKeyAgreement.h" ++ ++ ++/* ++ * Class: org_openeuler_security_openssl_KAEDHKeyAgreement ++ * Method: nativeComputeKey ++ */ ++JNIEXPORT jbyteArray JNICALL Java_org_openeuler_security_openssl_KAEDHKeyAgreement_nativeComputeKey(JNIEnv* env, ++ jobject obj, jbyteArray y, jbyteArray x, jbyteArray p, jbyteArray g, jint pSize) { ++ ++ KAE_TRACE("Java_org_openeuler_security_openssl_KAEDHKeyAgreement_nativeComputeKey start."); ++ ++ DH* dh = NULL; ++ BIGNUM* y_bn = NULL; ++ BIGNUM* x_bn = NULL; ++ BIGNUM* p_bn = NULL; ++ BIGNUM* g_bn = NULL; ++ BIGNUM* computeKeyRetBn = NULL; ++ int computekeyLength = 0; ++ unsigned char* secret = NULL; ++ jbyteArray retByteArray = NULL; ++ static ENGINE* kaeEngine = NULL; ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; ++ ++ // bits to Bytes ++ int pSizeInByte = (pSize +7) >> 3; ++ ++ if ((secret = (unsigned char*)malloc(pSizeInByte)) == NULL) { ++ KAE_ThrowOOMException(env, "malloc secret failed."); ++ goto cleanup; ++ } ++ memset(secret, 0, pSizeInByte); ++ ++ if ((dh = DH_new_method(kaeEngine)) == NULL) { ++ KAE_ThrowOOMException(env, "Allocate DH failed in nativeComputeKey."); ++ goto cleanup; ++ } ++ ++ if ((y_bn = KAE_GetBigNumFromByteArray(env, y)) == NULL) { ++ KAE_ThrowOOMException(env, "Convert y to BIGNUM failed."); ++ goto cleanup; ++ } ++ ++ if ((x_bn = KAE_GetBigNumFromByteArray(env, x)) == NULL) { ++ KAE_ThrowOOMException(env, "Convert x to BIGNUM failed."); ++ goto cleanup; ++ } ++ ++ if ((p_bn = KAE_GetBigNumFromByteArray(env, p)) == NULL) { ++ KAE_ThrowOOMException(env, "Convert p to BIGNUM failed."); ++ goto cleanup; ++ } ++ ++ if ((g_bn = KAE_GetBigNumFromByteArray(env, g)) == NULL) { ++ KAE_ThrowOOMException(env, "Convert g to BIGNUM failed."); ++ goto cleanup; ++ } ++ ++ if ((computeKeyRetBn = BN_new()) == NULL) { ++ KAE_ThrowOOMException(env, "Allocate BN failed."); ++ goto cleanup; ++ } ++ ++ if (!DH_set0_pqg(dh, BN_dup(p_bn), NULL, BN_dup(g_bn))) { ++ KAE_ThrowRuntimeException(env, "DH_set0_pqg failed."); ++ goto cleanup; ++ } ++ ++ if (!DH_set0_key(dh, NULL, BN_dup(x_bn))) { ++ KAE_ThrowRuntimeException(env, "DH_set0_key failed."); ++ goto cleanup; ++ } ++ ++ computekeyLength = DH_compute_key(secret, y_bn, dh); ++ ++ if (computekeyLength <= 0 ) { ++ KAE_ThrowRuntimeException(env, "DH_compute_key failed."); ++ goto cleanup; ++ } ++ ++ BN_bin2bn(secret, computekeyLength, computeKeyRetBn); ++ ++ retByteArray = KAE_GetByteArrayFromBigNum(env, computeKeyRetBn, NULL); ++ if (retByteArray == NULL) { ++ KAE_ThrowRuntimeException(env, "GetByteArrayFromBigNum failed in nativeComputeKey."); ++ goto cleanup; ++ } ++ KAE_TRACE("Java_org_openeuler_security_openssl_KAEDHKeyAgreement_nativeGenerateSecret finished!"); ++ ++cleanup: ++ if (dh != NULL) ++ DH_free(dh); ++ if (y_bn != NULL) ++ KAE_ReleaseBigNumFromByteArray(y_bn); ++ if (x_bn != NULL) ++ KAE_ReleaseBigNumFromByteArray(x_bn); ++ if (p_bn != NULL) ++ KAE_ReleaseBigNumFromByteArray(p_bn); ++ if (g_bn != NULL) ++ KAE_ReleaseBigNumFromByteArray(g_bn); ++ if (secret != NULL) ++ free(secret); ++ ++ return retByteArray; ++} +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_ecdh.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_ecdh.c +new file mode 100644 +index 00000000..5fc4d68f +--- /dev/null ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_ecdh.c +@@ -0,0 +1,115 @@ ++/* ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++#include ++#include ++#include ++#include "kae_log.h" ++#include "kae_exception.h" ++#include "kae_util.h" ++#include "org_openeuler_security_openssl_KAEECDHKeyAgreement.h" ++ ++static void FreeGenerateSecretParam(BIGNUM* s, BIGNUM* wX, BIGNUM* wY, ++ EC_POINT* pub, EC_KEY* eckey, EC_GROUP* group, unsigned char* shareKey) ++{ ++ KAE_ReleaseBigNumFromByteArray(s); ++ KAE_ReleaseBigNumFromByteArray(wX); ++ KAE_ReleaseBigNumFromByteArray(wY); ++ if (pub != NULL) { ++ EC_POINT_free(pub); ++ } ++ if (eckey != NULL) { ++ EC_KEY_free(eckey); ++ } ++ if (group != NULL) { ++ EC_GROUP_free(group); ++ } ++ if (shareKey != NULL) { ++ free(shareKey); ++ } ++} ++ ++/* ++ * Class: org_openeuler_security_openssl_KAEECDHKeyAgreement ++ * Method: nativeGenerateSecret ++ * Signature: (Ljava/lang/String;[B[B[B)[B ++ */ ++JNIEXPORT jbyteArray JNICALL Java_org_openeuler_security_openssl_KAEECDHKeyAgreement_nativeGenerateSecret ++ (JNIEnv* env, jclass cls, jstring curveName, jbyteArray wXArr, jbyteArray wYArr, jbyteArray sArr) ++{ ++ EC_GROUP* group = NULL; ++ EC_KEY* eckey = NULL; ++ BIGNUM* wX = NULL; ++ BIGNUM* wY = NULL; ++ BIGNUM* s = NULL; ++ EC_POINT* pub = NULL; ++ jbyteArray javaBytes = NULL; ++ unsigned char* shareKey = NULL; ++ const char *curve = (*env)->GetStringUTFChars(env, curveName, 0); ++ int nid = OBJ_sn2nid(curve); ++ (*env)->ReleaseStringUTFChars(env, curveName, curve); ++ if ((nid == NID_undef) || (group = EC_GROUP_new_by_curve_name(nid)) == NULL) { ++ goto cleanup; ++ } ++ if ((s = KAE_GetBigNumFromByteArray(env, sArr)) == NULL || (wX = KAE_GetBigNumFromByteArray(env, wXArr)) == NULL ++ || (wY = KAE_GetBigNumFromByteArray(env, wYArr)) == NULL) { ++ KAE_ThrowOOMException(env, "failed to allocate BN_new"); ++ goto cleanup; ++ } ++ if ((eckey = EC_KEY_new()) == NULL || !EC_KEY_set_group(eckey, group)) { ++ goto cleanup; ++ } ++ if ((pub = EC_POINT_new(group)) == NULL) { ++ goto cleanup; ++ } ++ if (!EC_POINT_set_affine_coordinates_GFp(group, pub, wX, wY, NULL)) { ++ goto cleanup; ++ } ++ if (!EC_KEY_set_public_key(eckey, pub) || !EC_KEY_set_private_key(eckey, s)) { ++ goto cleanup; ++ } ++ ++ // Get the length of secret key, in bytes. ++ int expectSecretLen = (EC_GROUP_get_degree(group) + 7) / 8; ++ if ((shareKey = malloc(expectSecretLen)) == NULL) { ++ KAE_ThrowOOMException(env, "malloc error"); ++ goto cleanup; ++ } ++ memset(shareKey, 0, expectSecretLen); ++ ++ // Perform ecdh keyagreement. ++ if (ECDH_compute_key(shareKey, expectSecretLen, pub, eckey, NULL) != expectSecretLen) { ++ goto cleanup; ++ } ++ ++ if ((javaBytes = (*env)->NewByteArray(env, expectSecretLen)) == NULL) { ++ goto cleanup; ++ } ++ (*env)->SetByteArrayRegion(env, javaBytes, 0, expectSecretLen, (jbyte*)shareKey); ++ FreeGenerateSecretParam(s, wX, wY, pub, eckey, group, shareKey); ++ return javaBytes; ++ ++cleanup: ++ FreeGenerateSecretParam(s, wX, wY, pub, eckey, group, shareKey); ++ return NULL; ++} +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_dh.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_dh.c +new file mode 100644 +index 00000000..808a2626 +--- /dev/null ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_dh.c +@@ -0,0 +1,132 @@ ++/* ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include "kae_util.h" ++#include "kae_log.h" ++#include "org_openeuler_security_openssl_KAEDHKeyPairGenerator.h" ++#include "kae_exception.h" ++ ++ ++/* ++* Class: org_openeuler_security_openssl_KAEDHKeyPairGenerator ++* Method: nativeGenerateKeyPair ++* Signature: ([B[BI)[[B ++*/ ++ ++JNIEXPORT jobjectArray JNICALL Java_org_openeuler_security_openssl_KAEDHKeyPairGenerator_nativeGenerateKeyPair ++ (JNIEnv* env, jclass cls, jbyteArray p, jbyteArray g, jint lSize) ++{ ++ DH* dh = NULL; ++ BIGNUM* p_bn = NULL; ++ BIGNUM* g_bn = NULL; ++ const BIGNUM* pri_key_bn = NULL; ++ const BIGNUM* pub_key_bn = NULL; ++ jclass byteArrayClass = NULL; ++ jobjectArray keys = NULL; ++ jbyteArray pri_key = NULL; ++ jbyteArray pub_key = NULL; ++ static ENGINE* kaeEngine = NULL; ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; ++ ++ KAE_TRACE("Java_org_openeuler_security_openssl_KAEDHKeyPairGenerator_nativeGenerateKeyPair start !"); ++ ++ if ((dh = DH_new_method(kaeEngine)) == NULL) { ++ KAE_ThrowOOMException(env, "Allocate DH failed in nativeGenerateKeyPair!"); ++ goto cleanup; ++ } ++ ++ if ((p_bn = KAE_GetBigNumFromByteArray(env, p)) == NULL) { ++ KAE_ThrowOOMException(env, "Allocate p_bn failed in nativeGenerateKeyPair!"); ++ goto cleanup; ++ } ++ ++ if ((g_bn = KAE_GetBigNumFromByteArray(env, g)) == NULL) { ++ KAE_ThrowOOMException(env, "Allocate g_bn failed in nativeGenerateKeyPair!"); ++ goto cleanup; ++ } ++ ++ if (!DH_set0_pqg(dh, BN_dup(p_bn), NULL, BN_dup(g_bn))) { ++ KAE_ThrowRuntimeException(env, "DH_set0_pqg failed in nativeGenerateKeyPair."); ++ goto cleanup; ++ } ++ ++ // Return value is fixed to 1, nothing to check. ++ DH_set_length(dh, lSize); ++ ++ if (!DH_generate_key(dh)) { ++ KAE_ThrowInvalidAlgorithmParameterException(env, "DH generate key failed in nativeGenerateKeyPair."); ++ goto cleanup; ++ } ++ ++ if ((byteArrayClass = (*env)->FindClass(env, "[B")) == NULL) { ++ KAE_ThrowClassNotFoundException(env, "Class byte[] not found."); ++ goto cleanup; ++ } ++ ++ if ((keys = (*env)->NewObjectArray(env, 2, byteArrayClass, NULL)) == NULL) { ++ KAE_ThrowOOMException(env, "Allocate ByteArray failed in nativeGenerateKeyPair!"); ++ goto cleanup; ++ } ++ ++ // Return the ptr of private key in dh. ++ pri_key_bn = DH_get0_priv_key(dh); ++ pub_key_bn = DH_get0_pub_key(dh); ++ ++ pub_key = KAE_GetByteArrayFromBigNum(env, pub_key_bn, NULL); ++ if (pub_key == NULL) { ++ KAE_ThrowOOMException(env, "PublicKey allocate failed in nativeGenerateKeyPair."); ++ goto cleanup; ++ } ++ ++ pri_key = KAE_GetByteArrayFromBigNum(env, pri_key_bn, NULL); ++ if (pri_key == NULL) { ++ KAE_ThrowRuntimeException(env, "GetByteArrayFromBigNum failed in nativeGenerateKeyPair."); ++ goto cleanup; ++ } ++ ++ (*env)->SetObjectArrayElement(env, keys, 0, pub_key); ++ (*env)->SetObjectArrayElement(env, keys, 1, pri_key); ++ ++ KAE_TRACE("Java_org_openeuler_security_openssl_KAEDHKeyPairGenerator_nativeGenerateKeyPair finished !"); ++ ++cleanup: ++ if (dh != NULL) ++ DH_free(dh); ++ if (p_bn != NULL) ++ KAE_ReleaseBigNumFromByteArray(p_bn); ++ if (g_bn != NULL) ++ KAE_ReleaseBigNumFromByteArray(g_bn); ++ if (byteArrayClass != NULL) ++ (*env)->DeleteLocalRef(env, byteArrayClass); ++ if (pub_key != NULL) ++ (*env)->DeleteLocalRef(env, pub_key); ++ if (pri_key != NULL) ++ (*env)->DeleteLocalRef(env, pri_key); ++ ++ return keys; ++} +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_ec.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_ec.c +new file mode 100644 +index 00000000..93b710bf +--- /dev/null ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_ec.c +@@ -0,0 +1,515 @@ ++/* ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++#include ++#include ++#include ++#include "kae_util.h" ++#include "kae_exception.h" ++#include "kae_log.h" ++#include "org_openeuler_security_openssl_KAEECKeyPairGenerator.h" ++ ++#define KAE_EC_PARAM_NUM_SIZE 7 ++#define KAE_EC_KEY_NUM_SIZE 3 ++ ++// ECDH param index. ++typedef enum ECDHParamIndex { ++ ecdhP = 0, ++ ecdhA, ++ ecdhB, ++ ecdhX, ++ ecdhY, ++ ecdhOrder, ++ ecdhCofactor ++} ECDHParamIndex; ++ ++static const char* ecdhParamNames[] = {"p", "a", "b", "x", "y", "order", "cofactor"}; ++ ++static void FreeECDHCurveParam(JNIEnv* env, BIGNUM* p, BIGNUM* a, BIGNUM* b, jbyteArray paramP, ++ jbyteArray paramA, jbyteArray paramB) ++{ ++ if (p != NULL) { ++ BN_free(p); ++ } ++ if (a != NULL) { ++ BN_free(a); ++ } ++ if (b != NULL) { ++ BN_free(b); ++ } ++ if (paramP != NULL) { ++ (*env)->DeleteLocalRef(env, paramP); ++ } ++ if (paramA != NULL) { ++ (*env)->DeleteLocalRef(env, paramA); ++ } ++ if (paramB != NULL) { ++ (*env)->DeleteLocalRef(env, paramB); ++ } ++} ++ ++// Set p, a, b in group to params. ++static bool SetECDHCurve(JNIEnv* env, EC_GROUP* group, jobjectArray params, ECDHParamIndex ecdhParamIndex) ++{ ++ BIGNUM* p = NULL; ++ BIGNUM* a = NULL; ++ BIGNUM* b = NULL; ++ jbyteArray paramP = NULL; ++ jbyteArray paramA = NULL; ++ jbyteArray paramB = NULL; ++ if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || (b = BN_new()) == NULL) { ++ KAE_ThrowOOMException(env, "failed to allocate BN_new"); ++ goto cleanup; ++ } ++ if (!EC_GROUP_get_curve_GFp(group, p, a, b, NULL)) { ++ goto cleanup; ++ } ++ ++ // Set p. ++ const char* ecdhParamName = ecdhParamNames[ecdhParamIndex]; ++ if ((paramP = KAE_GetByteArrayFromBigNum(env, p, ecdhParamName)) == NULL) { ++ goto cleanup; ++ } ++ (*env)->SetObjectArrayElement(env, params, ecdhParamIndex, paramP); ++ ++ // Set a. ++ ecdhParamName = ecdhParamNames[++ecdhParamIndex]; ++ if ((paramA = KAE_GetByteArrayFromBigNum(env, a, ecdhParamName)) == NULL) { ++ goto cleanup; ++ } ++ (*env)->SetObjectArrayElement(env, params, ecdhParamIndex, paramA); ++ ++ // Set b. ++ ecdhParamName = ecdhParamNames[++ecdhParamIndex]; ++ if ((paramB = KAE_GetByteArrayFromBigNum(env, b, ecdhParamName)) == NULL) { ++ goto cleanup; ++ } ++ (*env)->SetObjectArrayElement(env, params, ecdhParamIndex, paramB); ++ FreeECDHCurveParam(env, p, a, b, paramP, paramA, paramB); ++ return true; ++ ++cleanup: ++ FreeECDHCurveParam(env, p, a, b, paramP, paramA, paramB); ++ return false; ++} ++ ++// Set generator(x, y) in group to params. ++static bool SetECDHPoint(JNIEnv* env, EC_GROUP* group, jobjectArray params, ECDHParamIndex ecdhParamIndex) ++{ ++ BIGNUM* x = NULL; ++ BIGNUM* y = NULL; ++ const EC_POINT* generator = NULL; ++ jbyteArray paramX = NULL; ++ jbyteArray paramY = NULL; ++ if ((x = BN_new()) == NULL || (y = BN_new()) == NULL) { ++ KAE_ThrowOOMException(env, "failed to allocate BN_new"); ++ goto cleanup; ++ } ++ if ((generator = EC_GROUP_get0_generator(group)) == NULL) { ++ KAE_ThrowOOMException(env, "failed to allocate ec generator"); ++ goto cleanup; ++ } ++ if (!EC_POINT_get_affine_coordinates_GFp(group, generator, x, y, NULL)) { ++ KAE_ThrowFromOpenssl(env, "EC_POINT_set_affine_coordinates_GFp", KAE_ThrowRuntimeException); ++ goto cleanup; ++ } ++ ++ // Set x. ++ const char* ecdhParamName = ecdhParamNames[ecdhParamIndex]; ++ if ((paramX = KAE_GetByteArrayFromBigNum(env, x, ecdhParamName)) == NULL) { ++ goto cleanup; ++ } ++ (*env)->SetObjectArrayElement(env, params, ecdhParamIndex, paramX); ++ ++ // Set y. ++ ecdhParamName = ecdhParamNames[++ecdhParamIndex]; ++ if ((paramY = KAE_GetByteArrayFromBigNum(env, y, ecdhParamName)) == NULL) { ++ goto cleanup; ++ } ++ (*env)->SetObjectArrayElement(env, params, ecdhParamIndex, paramY); ++ BN_free(x); ++ BN_free(y); ++ (*env)->DeleteLocalRef(env, paramX); ++ (*env)->DeleteLocalRef(env, paramY); ++ return true; ++ ++cleanup: ++ if (x != NULL) { ++ BN_free(x); ++ } ++ if (y != NULL) { ++ BN_free(y); ++ } ++ if (paramX != NULL) { ++ (*env)->DeleteLocalRef(env, paramX); ++ } ++ if (paramY != NULL) { ++ (*env)->DeleteLocalRef(env, paramY); ++ } ++ return false; ++} ++ ++// Set order, cofactor in group to params. ++static bool SetECDHOrderAndCofactor(JNIEnv* env, EC_GROUP* group, jobjectArray params, ECDHParamIndex ecdhParamIndex) ++{ ++ BIGNUM* order = NULL; ++ BIGNUM* cofactor = NULL; ++ jbyteArray paramOrder = NULL; ++ jbyteArray paramCofactor = NULL; ++ if ((order = BN_new()) == NULL || (cofactor = BN_new()) == NULL) { ++ goto cleanup; ++ } ++ if (!EC_GROUP_get_order(group, order, NULL)) { ++ goto cleanup; ++ } ++ ++ // Set order. ++ const char* ecdhParamName = ecdhParamNames[ecdhParamIndex]; ++ if ((paramOrder = KAE_GetByteArrayFromBigNum(env, order, ecdhParamName)) == NULL) { ++ goto cleanup; ++ } ++ (*env)->SetObjectArrayElement(env, params, ecdhParamIndex, paramOrder); ++ if (!EC_GROUP_get_cofactor(group, cofactor, NULL)) { ++ goto cleanup; ++ } ++ ++ // Set cofactor. ++ ecdhParamName = ecdhParamNames[++ecdhParamIndex]; ++ if ((paramCofactor = KAE_GetByteArrayFromBigNum(env, cofactor, ecdhParamName)) == NULL) { ++ goto cleanup; ++ } ++ (*env)->SetObjectArrayElement(env, params, ecdhParamIndex, paramCofactor); ++ BN_free(order); ++ BN_free(cofactor); ++ (*env)->DeleteLocalRef(env, paramOrder); ++ (*env)->DeleteLocalRef(env, paramCofactor); ++ return true; ++ ++cleanup: ++ if (order != NULL) { ++ BN_free(order); ++ } ++ if (cofactor != NULL) { ++ BN_free(cofactor); ++ } ++ if (paramOrder != NULL) { ++ (*env)->DeleteLocalRef(env, paramOrder); ++ } ++ if (paramCofactor != NULL) { ++ (*env)->DeleteLocalRef(env, paramCofactor); ++ } ++ return false; ++} ++ ++static void FreeECDHKeyParam(JNIEnv* env, ++ BIGNUM* wX, BIGNUM* wY, jbyteArray paramWX, jbyteArray paramWY, jbyteArray paramS) ++{ ++ if (wX != NULL) { ++ BN_free(wX); ++ } ++ if (wY != NULL) { ++ BN_free(wY); ++ } ++ if (paramWX != NULL) { ++ (*env)->DeleteLocalRef(env, paramWX); ++ } ++ if (paramWY != NULL) { ++ (*env)->DeleteLocalRef(env, paramWY); ++ } ++ if (paramS != NULL) { ++ (*env)->DeleteLocalRef(env, paramS); ++ } ++} ++ ++// Set publicKey(wX, wY) and privateKey(s) in eckey to params. ++static bool SetECDHKey(JNIEnv* env, const EC_GROUP* group, jobjectArray params, ++ ECDHParamIndex ecdhKeyIndex, const EC_KEY* eckey) ++{ ++ BIGNUM* wX = NULL; ++ BIGNUM* wY = NULL; ++ const EC_POINT* pub = NULL; ++ const BIGNUM* s = NULL; ++ jbyteArray paramWX = NULL; ++ jbyteArray paramWY = NULL; ++ jbyteArray paramS = NULL; ++ if ((wX = BN_new()) == NULL || (wY = BN_new()) == NULL) { ++ KAE_ThrowOOMException(env, "failed to allocate array"); ++ goto cleanup; ++ } ++ ++ if ((pub = EC_KEY_get0_public_key(eckey)) == NULL || ++ !EC_POINT_get_affine_coordinates_GFp(group, pub, wX, wY, NULL)) { ++ goto cleanup; ++ } ++ if ((s = EC_KEY_get0_private_key(eckey)) == NULL) { ++ goto cleanup; ++ } ++ ++ // Set wX. ++ const char* ecdhParamName = ecdhParamNames[ecdhKeyIndex]; ++ if ((paramWX = KAE_GetByteArrayFromBigNum(env, wX, ecdhParamName)) == NULL) { ++ goto cleanup; ++ } ++ (*env)->SetObjectArrayElement(env, params, ecdhKeyIndex, paramWX); ++ ++ // Set wY. ++ ecdhParamName = ecdhParamNames[++ecdhKeyIndex]; ++ if ((paramWY = KAE_GetByteArrayFromBigNum(env, wY, ecdhParamName)) == NULL) { ++ goto cleanup; ++ } ++ (*env)->SetObjectArrayElement(env, params, ecdhKeyIndex, paramWY); ++ ++ // Set s. ++ ecdhParamName = ecdhParamNames[++ecdhKeyIndex]; ++ if ((paramS = KAE_GetByteArrayFromBigNum(env, s, ecdhParamName)) == NULL) { ++ goto cleanup; ++ } ++ (*env)->SetObjectArrayElement(env, params, ecdhKeyIndex, paramS); ++ FreeECDHKeyParam(env, wX, wY, paramWX, paramWY, paramS); ++ return true; ++ ++cleanup: ++ FreeECDHKeyParam(env, wX, wY, paramWX, paramWY, paramS); ++ return false; ++} ++ ++// Convert EC_GROUP in openssl to byte[][] in java ++static jobjectArray NewECDHParam(JNIEnv* env, EC_GROUP* group) ++{ ++ jclass byteArrayClass = NULL; ++ jobjectArray params = NULL; ++ ++ byteArrayClass = (*env)->FindClass(env, "[B"); ++ params = (*env)->NewObjectArray(env, KAE_EC_PARAM_NUM_SIZE, byteArrayClass, NULL); ++ if (params == NULL) { ++ KAE_ThrowOOMException(env, "failed to allocate array"); ++ goto cleanup; ++ } ++ ++ if (!SetECDHCurve(env, group, params, ecdhP)) { ++ goto cleanup; ++ } ++ if (!SetECDHPoint(env, group, params, ecdhX)) { ++ goto cleanup; ++ } ++ if (!SetECDHOrderAndCofactor(env, group, params, ecdhOrder)) { ++ goto cleanup; ++ } ++ ++ (*env)->DeleteLocalRef(env, byteArrayClass); ++ return params; ++ ++cleanup: ++ if (byteArrayClass != NULL) { ++ (*env)->DeleteLocalRef(env, byteArrayClass); ++ } ++ if (params != NULL) { ++ (*env)->DeleteLocalRef(env, params); ++ } ++ return NULL; ++} ++ ++// Convert EC_KEY in openssl to byte[][] in java ++static jobjectArray NewECDHKey(JNIEnv* env, const EC_GROUP* group, const EC_KEY* eckey) ++{ ++ jclass byteArrayClass = NULL; ++ jobjectArray params = NULL; ++ ++ byteArrayClass = (*env)->FindClass(env, "[B"); ++ params = (*env)->NewObjectArray(env, KAE_EC_KEY_NUM_SIZE, byteArrayClass, NULL); ++ if (params == NULL) { ++ KAE_ThrowOOMException(env, "failed to allocate array"); ++ goto cleanup; ++ } ++ if (!SetECDHKey(env, group, params, 0, eckey)) { ++ goto cleanup; ++ } ++ ++ (*env)->DeleteLocalRef(env, byteArrayClass); ++ return params; ++ ++cleanup: ++ if (byteArrayClass != NULL) { ++ (*env)->DeleteLocalRef(env, byteArrayClass); ++ } ++ if (params != NULL) { ++ (*env)->DeleteLocalRef(env, params); ++ } ++ return NULL; ++} ++ ++static void FreeECDHParam(BIGNUM* p, BIGNUM* a, BIGNUM* b, BIGNUM* x, BIGNUM* y, BIGNUM* order, BIGNUM* cofactor) ++{ ++ KAE_ReleaseBigNumFromByteArray(p); ++ KAE_ReleaseBigNumFromByteArray(a); ++ KAE_ReleaseBigNumFromByteArray(b); ++ KAE_ReleaseBigNumFromByteArray(x); ++ KAE_ReleaseBigNumFromByteArray(y); ++ KAE_ReleaseBigNumFromByteArray(order); ++ KAE_ReleaseBigNumFromByteArray(cofactor); ++} ++ ++// Convert params in java to EC_GROUP in openssl ++static EC_GROUP* GetGroupByParam(JNIEnv* env, jbyteArray pArr, jbyteArray aArr, jbyteArray bArr, ++ jbyteArray xArr, jbyteArray yArr, jbyteArray orderArr, jint cofactorInt) ++{ ++ BIGNUM* p = NULL; ++ BIGNUM* a = NULL; ++ BIGNUM* b = NULL; ++ BIGNUM* x = NULL; ++ BIGNUM* y = NULL; ++ BIGNUM* order = NULL; ++ BIGNUM* cofactor = NULL; ++ EC_GROUP* group = NULL; ++ BN_CTX* ctx = NULL; ++ EC_POINT* generator = NULL; ++ p = KAE_GetBigNumFromByteArray(env, pArr); ++ if ((p = KAE_GetBigNumFromByteArray(env, pArr)) == NULL || (a = KAE_GetBigNumFromByteArray(env, aArr)) == NULL || ++ (b = KAE_GetBigNumFromByteArray(env, bArr)) == NULL || (x = KAE_GetBigNumFromByteArray(env, xArr)) == NULL || ++ (y = KAE_GetBigNumFromByteArray(env, yArr)) == NULL || (cofactor = BN_new()) == NULL || ++ (order = KAE_GetBigNumFromByteArray(env, orderArr)) == NULL || !BN_set_word(cofactor, cofactorInt)) { ++ goto cleanup; ++ } ++ ++ // Create the curve. ++ if ((ctx = BN_CTX_new()) == NULL || (group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { ++ goto cleanup; ++ } ++ ++ // Create the generator and set x, y. ++ if ((generator = EC_POINT_new(group)) == NULL || ++ !EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx)) { ++ goto cleanup; ++ } ++ ++ // Set the generator, order and cofactor. ++ if (!EC_GROUP_set_generator(group, generator, order, cofactor)) { ++ goto cleanup; ++ } ++ ++ FreeECDHParam(p, a, b, x, y, order, cofactor); ++ EC_POINT_free(generator); ++ BN_CTX_free(ctx); ++ return group; ++ ++cleanup: ++ FreeECDHParam(p, a, b, x, y, order, cofactor); ++ if (group != NULL) { ++ EC_GROUP_free(group); ++ } ++ if (generator != NULL) { ++ EC_POINT_free(generator); ++ } ++ if (ctx != NULL) { ++ BN_CTX_free(ctx); ++ } ++ return NULL; ++} ++ ++ ++/* ++ * Class: org_openeuler_security_openssl_KAEECKeyPairGenerator ++ * Method: nativeGenerateParam ++ * Signature: (Ljava/lang/String;)[[B ++ */ ++JNIEXPORT jobjectArray JNICALL Java_org_openeuler_security_openssl_KAEECKeyPairGenerator_nativeGenerateParam( ++ JNIEnv* env, jclass cls, jstring curveName) ++{ ++ EC_GROUP* group = NULL; ++ ++ const char *curve = (*env)->GetStringUTFChars(env, curveName, 0); ++ KAE_TRACE("KAEECKeyPairGenerator_nativeGenerateParam(curveName = %s)", curve); ++ int nid = OBJ_sn2nid(curve); ++ (*env)->ReleaseStringUTFChars(env, curveName, curve); ++ if (nid == NID_undef) { ++ goto cleanup; ++ } ++ // Construct a builtin curve. ++ if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) { ++ goto cleanup; ++ } ++ jobjectArray ecdhParam = NewECDHParam(env, group); ++ ++ if (group != NULL) { ++ EC_GROUP_free(group); ++ } ++ KAE_TRACE("KAEECKeyPairGenerator_nativeGenerateParam success, ecdhParam = %p", ecdhParam); ++ return ecdhParam; ++ ++cleanup: ++ if (group != NULL) { ++ EC_GROUP_free(group); ++ } ++ if (ecdhParam != NULL) { ++ (*env)->DeleteLocalRef(env, ecdhParam); ++ } ++ return NULL; ++} ++ ++/* ++ * Class: org_openeuler_security_openssl_KAEECKeyPairGenerator ++ * Method: nativeGenerateKeyPair ++ * Signature: ([B[B[B[B[B[BI)[[B ++ */ ++JNIEXPORT jobjectArray JNICALL Java_org_openeuler_security_openssl_KAEECKeyPairGenerator_nativeGenerateKeyPair( ++ JNIEnv* env, jclass cls, jbyteArray pArr, jbyteArray aArr, jbyteArray bArr, ++ jbyteArray xArr, jbyteArray yArr, jbyteArray orderArr, jint cofactorInt) ++{ ++ EC_GROUP* group = NULL; ++ EC_KEY* eckey = NULL; ++ ++ if ((group = GetGroupByParam(env, pArr, aArr, bArr, xArr, yArr, orderArr, cofactorInt)) == NULL) { ++ goto cleanup; ++ } ++ if ((eckey = EC_KEY_new()) == NULL) { ++ goto cleanup; ++ } ++ if (!EC_KEY_set_group(eckey, group)) { ++ goto cleanup; ++ } ++ // Generates a new public and private key for the supplied eckey object. ++ // Refer to {@link https://www.openssl.org/docs/man1.1.0/man3/EC_KEY_generate_key.html} for details. ++ if (!EC_KEY_generate_key(eckey)) { ++ goto cleanup; ++ } ++ ++ jobjectArray ecdhKey = NewECDHKey(env, group, eckey); ++ ++ EC_KEY_free(eckey); ++ EC_GROUP_free(group); ++ ++ KAE_TRACE("KAEECKeyPairGenerator_nativeGenerateKeyPair success, ecdhKey = %p", ecdhKey); ++ return ecdhKey; ++ ++cleanup: ++ if (eckey != NULL) { ++ EC_KEY_free(eckey); ++ } ++ if (group != NULL) { ++ EC_GROUP_free(group); ++ } ++ if (ecdhKey != NULL) { ++ (*env)->DeleteLocalRef(env, ecdhKey); ++ } ++ return NULL; ++} +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c +index 01848c0e..ddbc2958 100644 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c +@@ -20,6 +20,8 @@ + * or visit www.oracle.com if you need additional information or have any + * questions. + */ ++ ++#include + #include + #include "kae_util.h" + #include "kae_exception.h" +@@ -31,18 +33,18 @@ + + // rsa param index + typedef enum RSAParamIndex { +- rsa_n = 0, +- rsa_e = 1, +- rsa_d = 2, +- rsa_p = 3, +- rsa_q = 4, +- rsa_dmp1 = 5, +- rsa_dmq1 = 6, +- rsa_iqmp = 7 ++ rsaN = 0, ++ rsaE, ++ rsaD, ++ rsaP, ++ rsaQ, ++ rsaDmp1, ++ rsaDmq1, ++ rsaIqmp + } RSAParamIndex; + + // rsa param name array +-static const char* RSAParamNames[] = {"n", "e", "d", "p", "q", "dmp1", "dmq1", "iqmp"}; ++static const char* rsaParamNames[] = {"n", "e", "d", "p", "q", "dmp1", "dmq1", "iqmp"}; + + // rsa get rsa param function list + static const BIGNUM* (* GetRSAParamFunctionList[])(const RSA*) = { +@@ -103,25 +105,25 @@ static void ReleaseRSA(RSA* rsa) { + * step 3. Convert paramValue (BIGNUM) to jbyteArray + * step 4. Set the rsa param to the param array + */ +-static int SetRSAKeyParam(JNIEnv* env, RSA* rsa, jobjectArray params, RSAParamIndex rsaParamIndex) { ++static bool SetRSAKeyParam(JNIEnv* env, RSA* rsa, jobjectArray params, RSAParamIndex rsaParamIndex) { + // get rsa param name +- const char* rsaParamName = RSAParamNames[rsaParamIndex]; ++ const char* rsaParamName = rsaParamNames[rsaParamIndex]; + + // get rsa param value + const BIGNUM* rsaParamValue = GetRSAParamFunctionList[rsaParamIndex](rsa); + if (rsaParamValue == NULL) { +- return FAILED; ++ return false; + } + + // Convert paramValue to jbyteArray + jbyteArray param = KAE_GetByteArrayFromBigNum(env, rsaParamValue, rsaParamName); + if (param == NULL) { +- return FAILED; ++ return false; + } + + // Set the rsa param to the param array + (*env)->SetObjectArrayElement(env, params, rsaParamIndex, param); +- return SUCCESS; ++ return true; + } + + /* +@@ -139,8 +141,8 @@ static jobjectArray NewRSAKeyParams(JNIEnv* env, RSA* rsa) { + } + + // set rsa key param +- for (RSAParamIndex paramIndex = rsa_n; paramIndex <= rsa_iqmp; paramIndex++) { +- if (SetRSAKeyParam(env, rsa, params, paramIndex) == FAILED) { ++ for (RSAParamIndex paramIndex = rsaN; paramIndex <= rsaIqmp; paramIndex++) { ++ if (!SetRSAKeyParam(env, rsa, params, paramIndex)) { + return NULL; + } + } +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_provider.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_provider.c +index cfd2480e..aa46e737 100644 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_provider.c ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_provider.c +@@ -25,9 +25,11 @@ + #include + #include + #include "kae_exception.h" ++#include "kae_util.h" + #include "org_openeuler_security_openssl_KAEProvider.h" ++ + /* +- * Class: org_openeuler_security_openssl_WdProvider ++ * Class: Java_org_openeuler_security_openssl_KAEProvider + * Method: initOpenssl + * Signature: ()V + */ +@@ -37,11 +39,19 @@ JNIEXPORT void JNICALL Java_org_openeuler_security_openssl_KAEProvider_initOpens + ERR_load_BIO_strings(); + OpenSSL_add_all_algorithms(); + ++ // check if KaeEngine holder is already set ++ ENGINE* e = GetKaeEngine(); ++ if (e != NULL) { ++ ENGINE_free(e); ++ e = NULL; ++ } ++ + // determine whether KAE is loaded successfully +- ENGINE *e = ENGINE_by_id("kae"); ++ e = ENGINE_by_id("kae"); + if (e == NULL) { ++ ERR_clear_error(); + KAE_ThrowRuntimeException(env, "kae engine not found"); + return; + } +- ENGINE_free(e); ++ SetKaeEngine(e); + } +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_signature_rsa.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_signature_rsa.c +new file mode 100644 +index 00000000..e81dc140 +--- /dev/null ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_signature_rsa.c +@@ -0,0 +1,363 @@ ++/* ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++#include ++#include ++#include ++#include ++#include "kae_util.h" ++#include "kae_exception.h" ++ ++// get EVP_MD by digestName ++static const EVP_MD* getEvpMd(JNIEnv* env, jstring digestName) { ++ const char* digestNameUtf = (*env)->GetStringUTFChars(env, digestName, 0); ++ const EVP_MD* md = (EVP_MD*)EVP_get_digestbyname(digestNameUtf); ++ (*env)->ReleaseStringUTFChars(env, digestName, digestNameUtf); ++ if (md == NULL) { ++ KAE_ThrowSignatureException(env, "Unsupported digest algorithm."); ++ } ++ return md; ++} ++ ++// sign release ++static void signRelease(JNIEnv* env, jbyteArray digestValue, jbyte* digestBytes, jbyte* sigBytes, ++ EVP_PKEY_CTX* pkeyCtx) { ++ if (digestBytes != NULL) { ++ (*env)->ReleaseByteArrayElements(env, digestValue, digestBytes, 0); ++ } ++ if (sigBytes != NULL) { ++ free(sigBytes); ++ } ++ if (pkeyCtx != NULL) { ++ EVP_PKEY_CTX_free(pkeyCtx); ++ } ++} ++ ++// verify release ++static void verifyRelease(JNIEnv* env, jbyteArray digestValue, jbyte* digestBytes, jbyteArray sigValue, jbyte* sigBytes, ++ EVP_PKEY_CTX* pkeyCtx) { ++ if (digestBytes != NULL) { ++ (*env)->ReleaseByteArrayElements(env, digestValue, digestBytes, 0); ++ } ++ if (sigBytes != NULL) { ++ (*env)->ReleaseByteArrayElements(env, sigValue, sigBytes, 0); ++ } ++ if (pkeyCtx != NULL) { ++ EVP_PKEY_CTX_free(pkeyCtx); ++ } ++} ++ ++// set rsa PkeyCtx parameters ++static bool setRsaPkeyCtxParameters(JNIEnv* env, EVP_PKEY_CTX* pkeyCtx, jint paddingType, jstring digestName) { ++ // set rsa padding ++ if (EVP_PKEY_CTX_set_rsa_padding(pkeyCtx, paddingType) <= 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_set_rsa_padding", KAE_ThrowSignatureException); ++ return false; ++ } ++ ++ // set signature md ++ const EVP_MD* md = getEvpMd(env, digestName); ++ if (md == NULL) { ++ return false; ++ } ++ ++ if (EVP_PKEY_CTX_set_signature_md(pkeyCtx, md) <= 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_set_signature_md", KAE_ThrowSignatureException); ++ return false; ++ } ++ return true; ++} ++ ++/* ++ * Class: org_openeuler_security_openssl_KAERSASignatureNative ++ * Method: rsaSign ++ * Signature: (JLjava/lang/String;[BI)[B ++ */ ++JNIEXPORT jbyteArray JNICALL Java_org_openeuler_security_openssl_KAERSASignatureNative_rsaSign(JNIEnv* env, jclass cls, ++ jlong keyAddress, jstring digestName, jbyteArray digestValue, jint paddingType) { ++ EVP_PKEY* pkey = (EVP_PKEY*)keyAddress; ++ EVP_PKEY_CTX* pkeyCtx = NULL; ++ jbyte* digestBytes = NULL; ++ jbyte* sigBytes = NULL; ++ jbyteArray sigByteArray = NULL; ++ static ENGINE* kaeEngine = NULL; ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; ++ // new EVP_PKEY_CTX ++ if ((pkeyCtx = EVP_PKEY_CTX_new(pkey, kaeEngine)) == NULL) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_new", KAE_ThrowSignatureException); ++ goto cleanup; ++ } ++ ++ // sign init ++ if (EVP_PKEY_sign_init(pkeyCtx) <= 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_sign_init", KAE_ThrowSignatureException); ++ goto cleanup; ++ } ++ ++ // set rsa PkeyCtx parameters ++ if (!setRsaPkeyCtxParameters(env, pkeyCtx, paddingType, digestName)) { ++ goto cleanup; ++ } ++ ++ // sign ++ size_t sigLen = (size_t)EVP_PKEY_size(pkey); ++ if (sigLen <= 0) { ++ KAE_ThrowSignatureException(env, "The sigLen size cannot be zero or negative"); ++ goto cleanup; ++ } ++ if ((sigBytes = malloc(sigLen)) == NULL) { ++ KAE_ThrowOOMException(env, "malloc failed"); ++ goto cleanup; ++ } ++ if ((digestBytes = (*env)->GetByteArrayElements(env, digestValue, NULL)) == NULL) { ++ KAE_ThrowOOMException(env, "GetByteArrayElements failed"); ++ goto cleanup; ++ } ++ size_t digestLen = (size_t)(*env)->GetArrayLength(env, digestValue); ++ if (EVP_PKEY_sign(pkeyCtx, (unsigned char*)sigBytes, &sigLen, ++ (const unsigned char*)digestBytes, digestLen) <= 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_sign", KAE_ThrowSignatureException); ++ goto cleanup; ++ } ++ ++ // set signature byte to jbyteArray ++ if ((sigByteArray = (*env)->NewByteArray(env, (jsize)sigLen)) == NULL) { ++ KAE_ThrowOOMException(env, "NewByteArray failed"); ++ goto cleanup; ++ } ++ (*env)->SetByteArrayRegion(env, sigByteArray, 0, (jsize)sigLen, sigBytes); ++ ++cleanup: ++ signRelease(env, digestValue, digestBytes, sigBytes, pkeyCtx); ++ return sigByteArray; ++} ++ ++/* ++ * Class: org_openeuler_security_openssl_KAERSASignatureNative ++ * Method: rsaVerify ++ * Signature: (JLjava/lang/String;[BI[B)Z ++ */ ++JNIEXPORT jboolean JNICALL Java_org_openeuler_security_openssl_KAERSASignatureNative_rsaVerify(JNIEnv* env, jclass cls, ++ jlong keyAddress, jstring digestName, jbyteArray digestValue, jint paddingType, jbyteArray sigValue) { ++ EVP_PKEY* pkey = (EVP_PKEY*)keyAddress; ++ EVP_PKEY_CTX* pkeyCtx = NULL; ++ jbyte* digestBytes = NULL; ++ jbyte* sigBytes = NULL; ++ jboolean isSuccess = JNI_FALSE; ++ static ENGINE* kaeEngine = NULL; ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; ++ // new EVP_PKEY_CTX ++ if ((pkeyCtx = EVP_PKEY_CTX_new(pkey, kaeEngine)) == NULL) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_new", KAE_ThrowSignatureException); ++ goto cleanup; ++ } ++ ++ // verify init ++ if (EVP_PKEY_verify_init(pkeyCtx) <= 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_sign_init", KAE_ThrowSignatureException); ++ goto cleanup; ++ } ++ ++ // set rsa PkeyCtx parameters ++ if (!setRsaPkeyCtxParameters(env, pkeyCtx, paddingType, digestName)) { ++ goto cleanup; ++ } ++ ++ // verify ++ if ((digestBytes = (*env)->GetByteArrayElements(env, digestValue, NULL)) == NULL) { ++ KAE_ThrowOOMException(env, "GetByteArrayElements failed"); ++ goto cleanup; ++ } ++ if ((sigBytes = (*env)->GetByteArrayElements(env, sigValue, NULL)) == NULL) { ++ KAE_ThrowOOMException(env, "GetByteArrayElements failed"); ++ goto cleanup; ++ } ++ size_t sigLen = (size_t)(*env)->GetArrayLength(env, sigValue); ++ size_t digestLen = (size_t)(*env)->GetArrayLength(env, digestValue); ++ if (EVP_PKEY_verify(pkeyCtx, (const unsigned char*)sigBytes, sigLen, ++ (const unsigned char*)digestBytes, digestLen) <= 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_verify", KAE_ThrowSignatureException); ++ goto cleanup; ++ } ++ isSuccess = JNI_TRUE; ++ ++cleanup: ++ verifyRelease(env, digestValue, digestBytes, sigValue, sigBytes, pkeyCtx); ++ return isSuccess; ++} ++ ++// set pss pkeyCtx parameters ++static bool setPssPkeyCtxParameters(JNIEnv* env, EVP_PKEY_CTX* pkeyCtx, jint paddingType, jstring digestName, ++ jstring mgf1DigestName, jint saltLen) { ++ // set rsa padding ++ if (EVP_PKEY_CTX_set_rsa_padding(pkeyCtx, paddingType) <= 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_set_rsa_padding", KAE_ThrowSignatureException); ++ return false; ++ } ++ ++ // set signature md ++ const EVP_MD* md = getEvpMd(env, digestName); ++ if (md == NULL) { ++ return false; ++ } ++ if (EVP_PKEY_CTX_set_signature_md(pkeyCtx, md) <= 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_set_signature_md", KAE_ThrowSignatureException); ++ return false; ++ } ++ ++ // set rsa mgf1 md ++ const EVP_MD* mgf1Md = getEvpMd(env, mgf1DigestName); ++ if (mgf1Md == NULL) { ++ return false; ++ } ++ if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkeyCtx, mgf1Md) <= 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_set_rsa_mgf1_md", KAE_ThrowSignatureException); ++ return false; ++ } ++ ++ // set salt len ++ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkeyCtx, saltLen) <= 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_CTX_set_rsa_pss_saltlen", KAE_ThrowSignatureException); ++ return false; ++ } ++ return true; ++} ++ ++/* ++ * Class: org_openeuler_security_openssl_KAERSASignatureNative ++ * Method: pssSign ++ * Signature: (JLjava/lang/String;[BILjava/lang/String;I)[B ++ */ ++JNIEXPORT jbyteArray JNICALL Java_org_openeuler_security_openssl_KAERSASignatureNative_pssSign(JNIEnv* env, jclass cls, ++ jlong keyAddress, jstring digestName, jbyteArray digestValue, jint paddingType, jstring mgf1DigestName, ++ jint saltLen) { ++ EVP_PKEY* pkey = (EVP_PKEY*)keyAddress; ++ EVP_PKEY_CTX* pkeyCtx = NULL; ++ jbyte* digestBytes = NULL; ++ jbyte* sigBytes = NULL; ++ jbyteArray sigByteArray = NULL; ++ static ENGINE* kaeEngine = NULL; ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; ++ // new EVP_PKEY_CTX ++ if ((pkeyCtx = EVP_PKEY_CTX_new(pkey, kaeEngine)) == NULL) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_new", KAE_ThrowSignatureException); ++ goto cleanup; ++ } ++ ++ // sign init ++ if (EVP_PKEY_sign_init(pkeyCtx) <= 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_sign_init", KAE_ThrowSignatureException); ++ goto cleanup; ++ } ++ ++ // set pss pkeyCtx parameters ++ if (!setPssPkeyCtxParameters(env, pkeyCtx, paddingType, digestName, mgf1DigestName, saltLen)) { ++ goto cleanup; ++ } ++ ++ // sign ++ size_t sigLen = (size_t)EVP_PKEY_size(pkey); ++ if (sigLen <= 0) { ++ KAE_ThrowSignatureException(env, "The sigLen size cannot be zero or negative"); ++ goto cleanup; ++ } ++ if ((sigBytes = malloc(sigLen)) == NULL) { ++ KAE_ThrowOOMException(env, "malloc failed"); ++ goto cleanup; ++ } ++ if ((digestBytes = (*env)->GetByteArrayElements(env, digestValue, NULL)) == NULL) { ++ KAE_ThrowOOMException(env, "GetByteArrayElements failed"); ++ goto cleanup; ++ } ++ size_t digestLen = (size_t)(*env)->GetArrayLength(env, digestValue); ++ if (EVP_PKEY_sign(pkeyCtx, (unsigned char*)sigBytes, &sigLen, ++ (const unsigned char*)digestBytes, digestLen) <= 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_sign", KAE_ThrowSignatureException); ++ goto cleanup; ++ } ++ ++ // set signature byte to jbyteArray ++ if ((sigByteArray = (*env)->NewByteArray(env, (jsize)sigLen)) == NULL) { ++ KAE_ThrowOOMException(env, "NewByteArray failed"); ++ goto cleanup; ++ } ++ (*env)->SetByteArrayRegion(env, sigByteArray, 0, (jsize)sigLen, sigBytes); ++ ++cleanup: ++ signRelease(env, digestValue, digestBytes, sigBytes, pkeyCtx); ++ return sigByteArray; ++} ++ ++/* ++ * Class: org_openeuler_security_openssl_KAERSASignatureNative ++ * Method: pssVerify ++ * Signature: (JLjava/lang/String;[BILjava/lang/String;I[B)Z ++ */ ++JNIEXPORT jboolean JNICALL Java_org_openeuler_security_openssl_KAERSASignatureNative_pssVerify(JNIEnv* env, jclass cls, ++ jlong keyAddress, jstring digestName, jbyteArray digestValue, jint paddingType, jstring mgf1DigestName, ++ jint saltLen, jbyteArray sigValue) { ++ EVP_PKEY* pkey = (EVP_PKEY*)keyAddress; ++ EVP_PKEY_CTX* pkeyCtx = NULL; ++ jbyte* digestBytes = NULL; ++ jbyte* sigBytes = NULL; ++ jboolean isSuccess = JNI_FALSE; ++ static ENGINE* kaeEngine = NULL; ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; ++ // new EVP_PKEY_CTX ++ if ((pkeyCtx = EVP_PKEY_CTX_new(pkey, kaeEngine)) == NULL) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_new", KAE_ThrowSignatureException); ++ goto cleanup; ++ } ++ ++ // verify init ++ if (EVP_PKEY_verify_init(pkeyCtx) <= 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_sign_init", KAE_ThrowSignatureException); ++ goto cleanup; ++ } ++ ++ // set pkeyCtx parameters ++ if (!setPssPkeyCtxParameters(env, pkeyCtx, paddingType, digestName, mgf1DigestName, saltLen)) { ++ goto cleanup; ++ } ++ ++ // verify ++ if ((digestBytes = (*env)->GetByteArrayElements(env, digestValue, NULL)) == NULL) { ++ KAE_ThrowOOMException(env, "GetByteArrayElements failed"); ++ goto cleanup; ++ } ++ if ((sigBytes = (*env)->GetByteArrayElements(env, sigValue, NULL)) == NULL) { ++ KAE_ThrowOOMException(env, "GetByteArrayElements failed"); ++ goto cleanup; ++ } ++ size_t sigLen = (size_t)(*env)->GetArrayLength(env, sigValue); ++ size_t digestLen = (size_t)(*env)->GetArrayLength(env, digestValue); ++ if (EVP_PKEY_verify(pkeyCtx, (const unsigned char*)sigBytes, sigLen, ++ (const unsigned char*)digestBytes, digestLen) <= 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_PKEY_verify", KAE_ThrowSignatureException); ++ goto cleanup; ++ } ++ isSuccess = JNI_TRUE; ++ ++cleanup: ++ verifyRelease(env, digestValue, digestBytes, sigValue, sigBytes, pkeyCtx); ++ return isSuccess; ++} +\ No newline at end of file +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c +new file mode 100644 +index 00000000..81c7b3ef +--- /dev/null ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c +@@ -0,0 +1,409 @@ ++/* ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include "kae_exception.h" ++#include "kae_log.h" ++#include "kae_util.h" ++#include "org_openeuler_security_openssl_KAESymmetricCipherBase.h" ++ ++bool StartsWith(const char* str1, const char* str2) ++{ ++ if (str1 == NULL || str2 == NULL) { ++ return 0; ++ } ++ int len1 = strlen(str1); ++ int len2 = strlen(str2); ++ if (len1 > len2 || (len1 == 0 || len2 == 0)) { ++ return false; ++ } ++ const char *cur = str1; ++ int i = 0; ++ while (*cur != '\0') { ++ if (*cur != str2[i]) { ++ return 0; ++ } ++ cur++; ++ i++; ++ } ++ return true; ++} ++ ++static const EVP_CIPHER* EVPGetSm4CipherByName(JNIEnv* env, const char* algo) ++{ ++ static const EVP_CIPHER* sm4Ecb = NULL; ++ static const EVP_CIPHER* sm4Cbc = NULL; ++ static const EVP_CIPHER* sm4Ctr = NULL; ++ static const EVP_CIPHER* sm4Ofb = NULL; ++ ++ if (strcasecmp(algo, "sm4-ecb") == 0) { ++ return sm4Ecb == NULL ? sm4Ecb = EVP_get_cipherbyname(algo) : sm4Ecb; ++ } else if (strcasecmp(algo, "sm4-cbc") == 0) { ++ return sm4Cbc == NULL ? sm4Cbc = EVP_get_cipherbyname(algo) : sm4Cbc; ++ } else if (strcasecmp(algo, "sm4-ctr") == 0) { ++ return sm4Ctr == NULL ? sm4Ctr = EVP_get_cipherbyname(algo) : sm4Ctr; ++ } else if (strcasecmp(algo, "sm4-ofb") == 0) { ++ return sm4Ofb == NULL ? sm4Ofb = EVP_get_cipherbyname(algo) : sm4Ofb; ++ } else { ++ KAE_ThrowRuntimeException(env, "EVPGetSm4CipherByName error"); ++ return 0; ++ } ++} ++ ++static const EVP_CIPHER* EVPGetAesCipherByName(JNIEnv* env, const char* algo) ++{ ++ static const EVP_CIPHER* aes128Ecb = NULL; ++ static const EVP_CIPHER* aes128Cbc = NULL; ++ static const EVP_CIPHER* aes128Ctr = NULL; ++ static const EVP_CIPHER* aes128Gcm = NULL; ++ static const EVP_CIPHER* aes192Ecb = NULL; ++ static const EVP_CIPHER* aes192Cbc = NULL; ++ static const EVP_CIPHER* aes192Ctr = NULL; ++ static const EVP_CIPHER* aes192Gcm = NULL; ++ static const EVP_CIPHER* aes256Ecb = NULL; ++ static const EVP_CIPHER* aes256Cbc = NULL; ++ static const EVP_CIPHER* aes256Ctr = NULL; ++ static const EVP_CIPHER* aes256Gcm = NULL; ++ ++ if (strcasecmp(algo, "aes-128-ecb") == 0) { ++ return aes128Ecb == NULL ? aes128Ecb = EVP_get_cipherbyname(algo) : aes128Ecb; ++ } else if (strcasecmp(algo, "aes-128-cbc") == 0) { ++ return aes128Cbc == NULL ? aes128Cbc = EVP_get_cipherbyname(algo) : aes128Cbc; ++ } else if (strcasecmp(algo, "aes-128-ctr") == 0) { ++ return aes128Ctr == NULL ? aes128Ctr = EVP_get_cipherbyname(algo) : aes128Ctr; ++ } else if (strcasecmp(algo, "aes-128-gcm") == 0) { ++ return aes128Gcm == NULL ? aes128Gcm = EVP_get_cipherbyname(algo) : aes128Gcm; ++ } else if (strcasecmp(algo, "aes-192-ecb") == 0) { ++ return aes192Ecb == NULL ? aes192Ecb = EVP_get_cipherbyname(algo) : aes192Ecb; ++ } else if (strcasecmp(algo, "aes-192-cbc") == 0) { ++ return aes192Cbc == NULL ? aes192Cbc = EVP_get_cipherbyname(algo) : aes192Cbc; ++ } else if (strcasecmp(algo, "aes-192-ctr") == 0) { ++ return aes192Ctr == NULL ? aes192Ctr = EVP_get_cipherbyname(algo) : aes192Ctr; ++ } else if (strcasecmp(algo, "aes-192-gcm") == 0) { ++ return aes192Gcm == NULL ? aes192Gcm = EVP_get_cipherbyname(algo) : aes192Gcm; ++ } else if (strcasecmp(algo, "aes-256-ecb") == 0) { ++ return aes256Ecb == NULL ? aes256Ecb = EVP_get_cipherbyname(algo) : aes256Ecb; ++ } else if (strcasecmp(algo, "aes-256-cbc") == 0) { ++ return aes256Cbc == NULL ? aes256Cbc = EVP_get_cipherbyname(algo) : aes256Cbc; ++ } else if (strcasecmp(algo, "aes-256-ctr") == 0) { ++ return aes256Ctr == NULL ? aes256Ctr = EVP_get_cipherbyname(algo) : aes256Ctr; ++ } else if (strcasecmp(algo, "aes-256-gcm") == 0) { ++ return aes256Gcm == NULL ? aes256Gcm = EVP_get_cipherbyname(algo) : aes256Gcm; ++ } else { ++ KAE_ThrowRuntimeException(env, "EVPGetAesCipherByName error"); ++ return 0; ++ } ++} ++ ++void FreeMemoryFromInit(JNIEnv* env, jbyteArray iv, jbyte* ivBytes, jbyteArray key, jbyte* keyBytes) ++{ ++ if (ivBytes != NULL) { ++ (*env)->ReleaseByteArrayElements(env, iv, ivBytes, 0); ++ } ++ if (keyBytes != NULL) { ++ (*env)->ReleaseByteArrayElements(env, key, keyBytes, 0); ++ } ++} ++ ++/* ++ * Class: org_openeuler_security_openssl_KAESymmetricCipherBase ++ * Method: nativeInit ++ * Signature: (Ljava/lang/String;Z[B[B)J ++ */ ++JNIEXPORT jlong JNICALL ++Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* env, jclass cls, ++ jstring cipherType, jboolean encrypt, jbyteArray key, jbyteArray iv, jboolean padding) ++{ ++ EVP_CIPHER_CTX* ctx = NULL; ++ jbyte* keyBytes = NULL; ++ jbyte* ivBytes = NULL; ++ const EVP_CIPHER* cipher = NULL; ++ static ENGINE* kaeEngine = NULL; ++ ++ const char* algo = (*env)->GetStringUTFChars(env, cipherType, 0); ++ if (StartsWith("aes", algo)) { ++ cipher = EVPGetAesCipherByName(env, algo); ++ kaeEngine = NULL; ++ } else { ++ cipher = EVPGetSm4CipherByName(env, algo); ++ kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine; ++ } ++ (*env)->ReleaseStringUTFChars(env, cipherType, algo); ++ if (cipher == NULL) { ++ KAE_ThrowOOMException(env, "create EVP_CIPHER fail"); ++ goto cleanup; ++ } ++ if ((ctx = EVP_CIPHER_CTX_new()) == NULL) { ++ KAE_ThrowOOMException(env, "create EVP_CIPHER_CTX fail"); ++ goto cleanup; ++ } ++ ++ if (iv != NULL) { ++ ivBytes = (*env)->GetByteArrayElements(env, iv, NULL); ++ } ++ if (key != NULL) { ++ keyBytes = (*env)->GetByteArrayElements(env, key, NULL); ++ } ++ ++ if (!EVP_CipherInit_ex(ctx, cipher, kaeEngine, (const unsigned char*)keyBytes, ++ (const unsigned char*)ivBytes, encrypt ? 1 : 0)) { ++ KAE_ThrowFromOpenssl(env, "EVP_CipherInit_ex failed", KAE_ThrowRuntimeException); ++ goto cleanup; ++ } ++ ++ EVP_CIPHER_CTX_set_padding(ctx, padding ? 1 : 0); ++ ++ FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes); ++ return (jlong)ctx; ++ ++cleanup: ++ if (ctx != NULL) { ++ EVP_CIPHER_CTX_free(ctx); ++ } ++ FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes); ++ return 0; ++} ++ ++static void FreeMemoryFromUpdate(unsigned char* in, unsigned char* aad, unsigned char* out) ++{ ++ if (in != NULL) { ++ free(in); ++ } ++ if (out != NULL) { ++ free(out); ++ } ++ if (aad != NULL) { ++ free(aad); ++ } ++} ++ ++/* ++ * Class: org_openeuler_security_openssl_KAESymmetricCipherBase ++ * Method: nativeUpdate ++ * Signature: (J[BII[BIZ[B)I ++ */ ++JNIEXPORT jint JNICALL ++Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeUpdate(JNIEnv* env, jclass cls, jlong ctxAddress, ++ jbyteArray inArr, jint inOfs, jint inLen, jbyteArray outArr, jint outOfs, jboolean gcm, jbyteArray gcmAAD) ++{ ++ unsigned char* in = NULL; ++ unsigned char* aad = NULL; ++ unsigned char* out = NULL; ++ ++ EVP_CIPHER_CTX* ctx = (EVP_CIPHER_CTX*)ctxAddress; ++ if (ctx == NULL || inArr == NULL || outArr == NULL) { ++ goto cleanup; ++ } ++ ++ in = (unsigned char*)malloc(inLen); ++ int outLen = (*env)->GetArrayLength(env, outArr) - outOfs; ++ out = (unsigned char*)malloc(outLen); ++ if (in == NULL || out == NULL) { ++ KAE_ThrowOOMException(env, "malloc error"); ++ goto cleanup; ++ } ++ memset(in, 0, inLen); ++ memset(out, 0, outLen); ++ (*env)->GetByteArrayRegion(env, inArr, inOfs, inLen, (jbyte*)in); ++ ++ int bytesWritten = 0; ++ if (gcm && (gcmAAD != NULL)) { ++ int aadLen = (*env)->GetArrayLength(env, gcmAAD); ++ if ((aad = (unsigned char*)malloc(aadLen)) == NULL) { ++ KAE_ThrowOOMException(env, "malloc error"); ++ goto cleanup; ++ } ++ memset(aad, 0, aadLen); ++ (*env)->GetByteArrayRegion(env, gcmAAD, 0, aadLen, (jbyte*)aad); ++ ++ // Specify aad. ++ if (EVP_CipherUpdate(ctx, NULL, &bytesWritten, aad, aadLen) == 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_CipherUpdate failed", KAE_ThrowRuntimeException); ++ goto cleanup; ++ } ++ } ++ ++ if (EVP_CipherUpdate(ctx, out, &bytesWritten, in, inLen) == 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_CipherUpdate failed", KAE_ThrowRuntimeException); ++ goto cleanup; ++ } ++ (*env)->SetByteArrayRegion(env, outArr, outOfs, bytesWritten, (jbyte*)out); ++ ++ FreeMemoryFromUpdate(in, aad, out); ++ return bytesWritten; ++ ++cleanup: ++ FreeMemoryFromUpdate(in, aad, out); ++ return 0; ++} ++ ++/* ++ * Class: org_openeuler_security_openssl_KAESymmetricCipherBase ++ * Method: nativeFinal ++ * Signature: (JZ[BI)I ++ */ ++JNIEXPORT jint JNICALL ++Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeFinal(JNIEnv* env, jclass cls, ++ jlong ctxAddress, jbyteArray outArr, jint outOfs) ++{ ++ unsigned char* out = NULL; ++ EVP_CIPHER_CTX* ctx = (EVP_CIPHER_CTX*)ctxAddress; ++ KAE_TRACE("KAESymmetricCipherBase_nativeFinal(ctxAddress = %p, outArr = %p, outOfs = %d)", ++ ctx, outArr, outOfs); ++ if (ctx == NULL || outArr == NULL) { ++ goto cleanup; ++ } ++ int outLen = (*env)->GetArrayLength(env, outArr) - outOfs; ++ out = (unsigned char*)malloc(outLen); ++ if (out == NULL) { ++ KAE_ThrowOOMException(env, "malloc error"); ++ goto cleanup; ++ } ++ memset(out, 0, outLen); ++ int bytesWritten = 0; ++ int result_code = EVP_CipherFinal_ex(ctx, out, &bytesWritten); ++ if (result_code == 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_CipherFinal_ex failed", KAE_ThrowBadPaddingException); ++ goto cleanup; ++ } ++ KAE_TRACE("KAESymmetricCipherBase_nativeFinal EVP_CipherFinal_ex success, bytesWritten = %d", bytesWritten); ++ (*env)->SetByteArrayRegion(env, outArr, outOfs, bytesWritten, (jbyte*)out); ++ free(out); ++ KAE_TRACE("KAESymmetricCipherBase_nativeFinal: finished"); ++ return bytesWritten; ++ ++cleanup: ++ if (out != NULL) { ++ free(out); ++ } ++ return 0; ++} ++ ++static void FreeMemoryFromFinalGcm(unsigned char* out, unsigned char* gcmTag, unsigned char* gcmOut) ++{ ++ if (out != NULL) { ++ free(out); ++ } ++ if (gcmTag != NULL) { ++ free(gcmTag); ++ } ++ if (gcmOut != NULL) { ++ free(gcmOut); ++ } ++} ++ ++/* ++ * Class: org_openeuler_security_openssl_KAECipherAES ++ * Method: nativeFinalGcm ++ * Signature: (J[BIZI[BZ)I ++ */ ++JNIEXPORT jint JNICALL Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeFinalGcm(JNIEnv* env, ++ jclass cls, jlong ctxAddress, jbyteArray outArr, jint outOfs, jboolean gcm, jint tagLength, ++ jbyteArray gcmTagArr, jboolean encrypt) ++{ ++ unsigned char* out = NULL; ++ unsigned char* gcmTag = NULL; ++ unsigned char* gcmOut = NULL; ++ ++ EVP_CIPHER_CTX* ctx = (EVP_CIPHER_CTX*)ctxAddress; ++ if (ctx == NULL || outArr == NULL) { ++ goto cleanup; ++ } ++ ++ int bytesWritten = 0; ++ if (encrypt) { ++ int outLen = (*env)->GetArrayLength(env, outArr) - outOfs; ++ if ((out = malloc(outLen)) == NULL) { ++ KAE_ThrowOOMException(env, "malloc error"); ++ goto cleanup; ++ } ++ memset(out, 0, outLen); ++ if (EVP_CipherFinal_ex(ctx, out, &bytesWritten) == 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_CipherFinal_ex failed", KAE_ThrowBadPaddingException); ++ goto cleanup; ++ } ++ (*env)->SetByteArrayRegion(env, outArr, outOfs, bytesWritten, (jbyte*)out); ++ ++ // Writes tagLength bytes of the tag value to the buffer. ++ // Refer to {@link https://www.openssl.org/docs/man1.1.0/man3/EVP_CIPHER_CTX_ctrl.html} for details. ++ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tagLength, out + bytesWritten) == 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_CIPHER_CTX_ctrl failed", KAE_ThrowRuntimeException); ++ goto cleanup; ++ } ++ (*env)->SetByteArrayRegion(env, outArr, outOfs + bytesWritten, tagLength, (jbyte*)(out + bytesWritten)); ++ bytesWritten += tagLength; ++ } else { ++ // gcmOut is the plaintext that has been decrypted in the EVP_CipherUpdate. ++ // outOfs is the length of the gcmOut, where it's always > 0. ++ if ((gcmTag = (unsigned char*)malloc(tagLength)) == NULL || (gcmOut = (unsigned char*)malloc(outOfs)) == NULL) { ++ KAE_ThrowOOMException(env, "malloc error"); ++ goto cleanup; ++ } ++ memset(gcmTag, 0, tagLength); ++ memset(gcmOut, 0, outOfs); ++ ++ (*env)->GetByteArrayRegion(env, gcmTagArr, 0, tagLength, (jbyte*)gcmTag); ++ // Sets the expected gcmTag to tagLength bytes from gcmTag. ++ // Refer to {@link https://www.openssl.org/docs/man1.1.0/man3/EVP_CIPHER_CTX_ctrl.html} for details. ++ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tagLength, gcmTag) == 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_CTRL_AEAD_SET_TAG failed", KAE_ThrowRuntimeException); ++ goto cleanup; ++ } ++ ++ (*env)->GetByteArrayRegion(env, outArr, 0, outOfs, (jbyte*)gcmOut); ++ // Finalise: note get no output for GCM ++ if (EVP_CipherFinal_ex(ctx, gcmOut, &bytesWritten) == 0) { ++ KAE_ThrowFromOpenssl(env, "EVP_CipherFinal_ex failed", KAE_ThrowAEADBadTagException); ++ goto cleanup; ++ } ++ } ++ FreeMemoryFromFinalGcm(out, gcmTag, gcmOut); ++ ++ return bytesWritten; ++ ++cleanup: ++ FreeMemoryFromFinalGcm(out, gcmTag, gcmOut); ++ return 0; ++} ++ ++/* ++ * Class: org_openeuler_security_openssl_KAESymmetricCipherBase ++ * Method: nativeFree ++ * Signature: (J)V ++ */ ++JNIEXPORT void JNICALL ++Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeFree(JNIEnv* env, jclass cls, jlong ctxAddress) ++{ ++ EVP_CIPHER_CTX* ctx = (EVP_CIPHER_CTX*)ctxAddress; ++ KAE_TRACE("KAESymmetricCipherBase_nativeFree(ctx = %p)", ctx); ++ if (ctx != NULL) { ++ EVP_CIPHER_CTX_free(ctx); ++ ctx = NULL; ++ } ++ ++ KAE_TRACE("KAESymmetricCipherBase_nativeFree: finished"); ++} +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_util.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_util.c +index 4e4c31ec..a92ba406 100644 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_util.c ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_util.c +@@ -25,6 +25,15 @@ + #include "kae_util.h" + #include "kae_exception.h" + ++static ENGINE* kaeEngine = NULL; ++ ++void SetKaeEngine(ENGINE* engine) { ++ kaeEngine = engine; ++} ++ ++ENGINE* GetKaeEngine() { ++ return kaeEngine; ++} + + BIGNUM* KAE_GetBigNumFromByteArray(JNIEnv* env, jbyteArray byteArray) { + if (byteArray == NULL) { +@@ -47,17 +56,17 @@ BIGNUM* KAE_GetBigNumFromByteArray(JNIEnv* env, jbyteArray byteArray) { + jbyte* bytes = (*env)->GetByteArrayElements(env, byteArray, NULL); + if (bytes == NULL) { + KAE_ThrowNullPointerException(env,"GetByteArrayElements failed"); +- goto error; ++ goto cleanup; + } + BIGNUM* result = BN_bin2bn((const unsigned char*) bytes, len, bn); + (*env)->ReleaseByteArrayElements(env, byteArray, bytes, 0); + if (result == NULL) { + KAE_ThrowFromOpenssl(env, "BN_bin2bn", KAE_ThrowRuntimeException); +- goto error; ++ goto cleanup; + } + return bn; + +-error: ++cleanup: + BN_free(bn); + return NULL; + } +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_util.h b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_util.h +index 35715e1c..fee81627 100644 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_util.h ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_util.h +@@ -36,4 +36,12 @@ void KAE_ReleaseBigNumFromByteArray(BIGNUM* bn); + /* BIGNUM convert to jbyteArray */ + jbyteArray KAE_GetByteArrayFromBigNum(JNIEnv* env, const BIGNUM* bn, const char* sourceName); + ++void SetKaeEngine(ENGINE* engine); ++ ++ENGINE* GetKaeEngine(); ++ ++void SetKaeEngine(ENGINE* engine); ++ ++ENGINE* GetKaeEngine(); ++ + #endif +diff --git a/jdk/test/TEST.groups b/jdk/test/TEST.groups +index 9733e17c..d1b13922 100644 +--- a/jdk/test/TEST.groups ++++ b/jdk/test/TEST.groups +@@ -180,6 +180,9 @@ jdk_security = \ + jdk_security_infra = \ + security/infra/java/security/cert/CertPathValidator/certification + ++jdk_kae_security = \ ++ org/openeuler/security/openssl ++ + jdk_text = \ + java/text \ + sun/text +diff --git a/jdk/test/java/security/Signature/SignatureGetInstance.java b/jdk/test/java/security/Signature/SignatureGetInstance.java +index 1c1d796a..4584527d 100644 +--- a/jdk/test/java/security/Signature/SignatureGetInstance.java ++++ b/jdk/test/java/security/Signature/SignatureGetInstance.java +@@ -48,8 +48,11 @@ public class SignatureGetInstance { + MyPrivKey testPriv = new MyPrivKey(); + MyPubKey testPub = new MyPubKey(); + ++ Provider kaeProvider = Security.getProvider("KAEProvider"); ++ String expectedProvName = kaeProvider != null ? "KAEProvider" : "SunRsaSign"; ++ + testDblInit(testPriv, testPub, true, "TestProvider"); +- testDblInit(kp.getPrivate(), kp.getPublic(), true, "SunRsaSign"); ++ testDblInit(kp.getPrivate(), kp.getPublic(), true, expectedProvName); + testDblInit(testPriv, kp.getPublic(), false, null); + testDblInit(kp.getPrivate(), testPub, false, null); + +diff --git a/jdk/test/micro/org/openeuler/bench/security/openssl/AESBenchmark.java b/jdk/test/micro/org/openeuler/bench/security/openssl/AESBenchmark.java +index 0034b67c..e075bb03 100644 +--- a/jdk/test/micro/org/openeuler/bench/security/openssl/AESBenchmark.java ++++ b/jdk/test/micro/org/openeuler/bench/security/openssl/AESBenchmark.java +@@ -83,7 +83,7 @@ public class AESBenchmark extends BenchmarkBase { + } + + @Benchmark +- @Fork(jvmArgsAppend = {"-Dkae.disableKaeDispose=true"}) ++ @Fork(jvmArgsPrepend = {"-Xms100G", "-Xmx100G", "-XX:+AlwaysPreTouch", "-Dkae.disableKaeDispose=true"}, value = 5) + public byte[] encryptDispose() throws IllegalBlockSizeException, BadPaddingException { + byte[] d = data[index]; + index = (index + 1) % SET_SIZE; +@@ -98,7 +98,7 @@ public class AESBenchmark extends BenchmarkBase { + } + + @Benchmark +- @Fork(jvmArgsAppend = {"-Dkae.disableKaeDispose=true"}) ++ @Fork(jvmArgsPrepend = {"-Xms100G", "-Xmx100G", "-XX:+AlwaysPreTouch", "-Dkae.disableKaeDispose=true"}, value = 5) + public byte[] decryptDispose() throws IllegalBlockSizeException, BadPaddingException { + byte[] e = encryptedData[index]; + index = (index + 1) % SET_SIZE; +diff --git a/jdk/test/micro/org/openeuler/bench/security/openssl/AESGCMBenchmark.java b/jdk/test/micro/org/openeuler/bench/security/openssl/AESGCMBenchmark.java +new file mode 100644 +index 00000000..92eb6a59 +--- /dev/null ++++ b/jdk/test/micro/org/openeuler/bench/security/openssl/AESGCMBenchmark.java +@@ -0,0 +1,133 @@ ++/* ++ * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++package org.openeuler.bench.security.openssl; ++ ++import org.openjdk.jmh.annotations.Benchmark; ++import org.openjdk.jmh.annotations.Param; ++import org.openjdk.jmh.annotations.Setup; ++import org.openjdk.jmh.annotations.Fork; ++ ++import javax.crypto.BadPaddingException; ++import javax.crypto.Cipher; ++import javax.crypto.IllegalBlockSizeException; ++import javax.crypto.NoSuchPaddingException; ++import javax.crypto.spec.GCMParameterSpec; ++import javax.crypto.spec.SecretKeySpec; ++import java.security.InvalidAlgorithmParameterException; ++import java.security.InvalidKeyException; ++import java.security.NoSuchAlgorithmException; ++import java.security.spec.InvalidParameterSpecException; ++ ++import java.security.Provider; ++ ++ ++public class AESGCMBenchmark extends BenchmarkBase{ ++ ++ @Param({"AES/GCM/NoPadding","AES/GCM/PKCS5Padding"}) ++ private String algorithm; ++ ++ @Param({"128", "192", "256"}) ++ private int keyLength; ++ ++ @Param({""+1024, "" + 10 * 1024, "" + 100 * 1024, "" + 1024 * 1024}) ++ private int dataSize; ++ ++ byte[] data; ++ byte[] encryptedData; ++ private Cipher encryptCipher; ++ private Cipher decryptCipher; ++ SecretKeySpec ks; ++ GCMParameterSpec gcm_spec; ++ byte[] aad; ++ byte[] iv; ++ ++ public static final int IV_BUFFER_SIZE = 32; ++ public static final int IV_MODULO = IV_BUFFER_SIZE - 16; ++ int iv_index = 0; ++ ++ private int next_iv_index() { ++ int r = iv_index; ++ iv_index = (iv_index + 1) % IV_MODULO; ++ return r; ++ } ++ ++ @Setup ++ public void setup() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidParameterSpecException { ++ setupProvider(); ++ assert algorithm.split("/")[1].compareToIgnoreCase("GCM") == 0; ++ ++ byte[] keystring = fillSecureRandom(new byte[keyLength / 8]); ++ ks = new SecretKeySpec(keystring, "AES"); ++ iv = fillSecureRandom(new byte[IV_BUFFER_SIZE]); ++ gcm_spec = new GCMParameterSpec(96, iv, next_iv_index(), 16); ++ aad = fillSecureRandom(new byte[5]); ++ encryptCipher = makeCipher(prov, algorithm); ++ encryptCipher.init(Cipher.ENCRYPT_MODE, ks, gcm_spec); ++ encryptCipher.updateAAD(aad); ++ decryptCipher = makeCipher(prov, algorithm); ++ decryptCipher.init(Cipher.DECRYPT_MODE, ks, encryptCipher.getParameters().getParameterSpec(GCMParameterSpec.class)); ++ decryptCipher.updateAAD(aad); ++ data = fillRandom(new byte[dataSize]); ++ encryptedData = encryptCipher.doFinal(data); ++ } ++ ++ @Benchmark ++ public byte[] encrypt() throws BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException { ++ gcm_spec = new GCMParameterSpec(96, iv, next_iv_index(), 16); ++ encryptCipher.init(Cipher.ENCRYPT_MODE, ks, gcm_spec); ++ encryptCipher.updateAAD(aad); ++ return encryptCipher.doFinal(data); ++ } ++ ++ @Benchmark ++ @Fork(jvmArgsPrepend = {"-Xms100G", "-Xmx100G", "-XX:+AlwaysPreTouch", "-Dkae.disableKaeDispose=true"}, value = 5) ++ public byte[] encrypt_arg() throws BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException { ++ gcm_spec = new GCMParameterSpec(96, iv, next_iv_index(), 16); ++ encryptCipher.init(Cipher.ENCRYPT_MODE, ks, gcm_spec); ++ encryptCipher.updateAAD(aad); ++ return encryptCipher.doFinal(data); ++ } ++ ++ @Benchmark ++ public byte[] decrypt() throws BadPaddingException, IllegalBlockSizeException, InvalidParameterSpecException, InvalidAlgorithmParameterException, InvalidKeyException { ++ decryptCipher.init(Cipher.DECRYPT_MODE, ks, gcm_spec); ++ decryptCipher.updateAAD(aad); ++ return decryptCipher.doFinal(encryptedData); ++ } ++ ++ @Benchmark ++ @Fork(jvmArgsPrepend = {"-Xms100G", "-Xmx100G", "-XX:+AlwaysPreTouch", "-Dkae.disableKaeDispose=true"}, value = 5) ++ public byte[] decrypt_arg() throws BadPaddingException, IllegalBlockSizeException, InvalidParameterSpecException, InvalidAlgorithmParameterException, InvalidKeyException { ++ decryptCipher.init(Cipher.DECRYPT_MODE, ks, gcm_spec); ++ decryptCipher.updateAAD(aad); ++ return decryptCipher.doFinal(encryptedData); ++ } ++ ++ public static Cipher makeCipher(Provider prov, String algorithm) throws NoSuchPaddingException, NoSuchAlgorithmException { ++ return (prov == null) ? Cipher.getInstance(algorithm) : Cipher.getInstance(algorithm, prov); ++ } ++} ++ +diff --git a/jdk/test/micro/org/openeuler/bench/security/openssl/BenchmarkBase.java b/jdk/test/micro/org/openeuler/bench/security/openssl/BenchmarkBase.java +index 574d3a6d..9aef6dc6 100644 +--- a/jdk/test/micro/org/openeuler/bench/security/openssl/BenchmarkBase.java ++++ b/jdk/test/micro/org/openeuler/bench/security/openssl/BenchmarkBase.java +@@ -82,6 +82,12 @@ public class BenchmarkBase { + return data; + } + ++ public static byte[] fillRandom(byte[] data) { ++ Random rnd = new Random(); ++ rnd.nextBytes(data); ++ return data; ++ } ++ + public static byte[] fillSecureRandom(byte[] data) { + SecureRandom rnd = new SecureRandom(); + rnd.nextBytes(data); +diff --git a/jdk/test/micro/org/openeuler/bench/security/openssl/DHKeyAgreementBenchMark.java b/jdk/test/micro/org/openeuler/bench/security/openssl/DHKeyAgreementBenchMark.java +new file mode 100644 +index 00000000..8a9a2d5d +--- /dev/null ++++ b/jdk/test/micro/org/openeuler/bench/security/openssl/DHKeyAgreementBenchMark.java +@@ -0,0 +1,135 @@ ++/* ++ * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package org.openeuler.bench.security.openssl; ++ ++import java.math.BigInteger; ++import java.security.*; ++import javax.crypto.*; ++import javax.crypto.spec.*; ++import org.openjdk.jmh.annotations.Benchmark; ++import org.openjdk.jmh.annotations.Param; ++import org.openjdk.jmh.annotations.Setup; ++import java.util.concurrent.TimeUnit; ++import org.openjdk.jmh.annotations.Warmup; ++ ++import java.security.KeyPairGenerator; ++ ++public class DHKeyAgreementBenchMark extends BenchmarkBase { ++ @Param({"DH"}) ++ private String algorithm; ++ ++ @Param({"512", "1024", "2048", "3072", "4096"}) ++ private int keySize; ++ ++ private KeyPairGenerator aliceKpairGen, bobKpairGen, carolKpairGen; ++ ++ private KeyPair aliceKpair, bobKpair, carolKpair; ++ ++ private DHParameterSpec dhSkipParamSpec; ++ ++ @Setup ++ public void setUp() throws Exception { ++ setupProvider(); ++ aliceKpairGen = createKeyPairGenerator(); ++ bobKpairGen = createKeyPairGenerator(); ++ carolKpairGen = createKeyPairGenerator(); ++ ++ // Alice creates her own DH key pair ++ aliceKpairGen.initialize(keySize); ++ aliceKpair = aliceKpairGen.generateKeyPair(); ++ // Bob creates his own DH key pair ++ bobKpairGen.initialize(keySize); ++ bobKpair = bobKpairGen.generateKeyPair(); ++ // Carol creates her own DH key pair ++ carolKpairGen.initialize(keySize); ++ carolKpair = carolKpairGen.generateKeyPair(); ++ } ++ ++ @Benchmark ++ public void KeyAgreement() throws Exception { ++ ++ // Alice initialize ++ KeyAgreement aliceKeyAgree = (prov == null ? KeyAgreement.getInstance("DH") : KeyAgreement.getInstance("DH", prov)); ++ aliceKeyAgree.init(aliceKpair.getPrivate()); ++ // Bob initialize ++ KeyAgreement bobKeyAgree = (prov == null ? KeyAgreement.getInstance("DH") : KeyAgreement.getInstance("DH", prov)); ++ bobKeyAgree.init(bobKpair.getPrivate()); ++ // Carol initialize ++ KeyAgreement carolKeyAgree = (prov == null ? KeyAgreement.getInstance("DH") : KeyAgreement.getInstance("DH", prov)); ++ carolKeyAgree.init(carolKpair.getPrivate()); ++ // Alice uses Carol's public key ++ Key ac = aliceKeyAgree.doPhase(carolKpair.getPublic(), false); ++ // Bob uses Alice's public key ++ Key ba = bobKeyAgree.doPhase(aliceKpair.getPublic(), false); ++ // Carol uses Bob's public key ++ Key cb = carolKeyAgree.doPhase(bobKpair.getPublic(), false); ++ // Alice uses Carol's result from above ++ aliceKeyAgree.doPhase(cb, true); ++ // Bob uses Alice's result from above ++ bobKeyAgree.doPhase(ac, true); ++ // Carol uses Bob's result from above ++ carolKeyAgree.doPhase(ba, true); ++ ++ // Alice, Bob and Carol compute their secrets ++ byte[] aliceSharedSecret = aliceKeyAgree.generateSecret(); ++ int aliceLen = aliceSharedSecret.length; ++ ++ byte[] bobSharedSecret = bobKeyAgree.generateSecret(); ++ int bobLen = bobSharedSecret.length; ++ ++ byte[] carolSharedSecret = carolKeyAgree.generateSecret(); ++ int carolLen = carolSharedSecret.length; ++ ++ // Compare Alice and Bob ++ if (aliceLen != bobLen) { ++ throw new Exception("Alice and Bob have different lengths"); ++ } ++ for (int i=0; i pssParameterSpecMap; ++ ++ static { ++ initPSSParameterSpecMap(); ++ } ++ ++ @Param({"SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"}) ++ private String algorithm; ++ ++ @Param({"2048", "3072", "4096"}) ++ private int keySize; ++ ++ @Param({"" + 1024, "" + 10 * 1024, "" + 100 * 1024, "" + 256 * 1024, "" + 1024 * 1024, "" + 10 * 1024 * 1024}) ++ private int dataSize; ++ ++ private KeyPair keyPair; ++ ++ private byte[][] sigData; ++ ++ ++ private static void initPSSParameterSpecMap() { ++ pssParameterSpecMap = new HashMap<>(); ++ pssParameterSpecMap.put("SHA-1", new PSSParameterSpec("SHA-1", ++ "MGF1", MGF1ParameterSpec.SHA1, 20, PSSParameterSpec.TRAILER_FIELD_BC)); ++ pssParameterSpecMap.put("SHA-224", new PSSParameterSpec("SHA-224", ++ "MGF1", MGF1ParameterSpec.SHA224, 28, PSSParameterSpec.TRAILER_FIELD_BC)); ++ pssParameterSpecMap.put("SHA-256", new PSSParameterSpec("SHA-256", ++ "MGF1", MGF1ParameterSpec.SHA256, 32, PSSParameterSpec.TRAILER_FIELD_BC)); ++ pssParameterSpecMap.put("SHA-384", new PSSParameterSpec("SHA-384", ++ "MGF1", MGF1ParameterSpec.SHA384, 48, PSSParameterSpec.TRAILER_FIELD_BC)); ++ pssParameterSpecMap.put("SHA-512", new PSSParameterSpec("SHA-512", ++ "MGF1", MGF1ParameterSpec.SHA512, 64, PSSParameterSpec.TRAILER_FIELD_BC)); ++ } ++ ++ @Setup ++ public void setup() throws Exception { ++ setupProvider(); ++ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); ++ keyPairGenerator.initialize(keySize); ++ keyPair = keyPairGenerator.generateKeyPair(); ++ data = new byte[SET_SIZE][dataSize]; ++ sigData = getSigBytes(data); ++ } ++ ++ private byte[][] getSigBytes(byte[][] data) throws Exception { ++ byte[][] sigBytes = new byte[data.length][]; ++ Signature signature = prov != null ? Signature.getInstance("RSASSA-PSS", prov) : ++ Signature.getInstance("RSASSA-PSS"); ++ signature.setParameter(pssParameterSpecMap.get(algorithm)); ++ signature.initSign(keyPair.getPrivate()); ++ for (int i = 0; i < sigBytes.length; i++) { ++ signature.update(data[i]); ++ sigBytes[i] = signature.sign(); ++ } ++ return sigBytes; ++ } ++ ++ @Benchmark ++ public void sign() throws Exception { ++ Signature signature = prov != null ? Signature.getInstance("RSASSA-PSS", prov) : ++ Signature.getInstance("RSASSA-PSS"); ++ signature.setParameter(pssParameterSpecMap.get(algorithm)); ++ signature.initSign(keyPair.getPrivate()); ++ signature.update(data[index]); ++ signature.sign(); ++ index = (index + 1) % SET_SIZE; ++ } ++ ++ @Benchmark ++ public void verify() throws Exception { ++ Signature signature = prov != null ? Signature.getInstance("RSASSA-PSS", prov) : ++ Signature.getInstance("RSASSA-PSS"); ++ signature.setParameter(pssParameterSpecMap.get(algorithm)); ++ signature.initVerify(keyPair.getPublic()); ++ signature.update(data[index]); ++ signature.verify(sigData[index]); ++ index = (index + 1) % SET_SIZE; ++ } ++} +diff --git a/jdk/test/micro/org/openeuler/bench/security/openssl/RSASignatureBenchmark.java b/jdk/test/micro/org/openeuler/bench/security/openssl/RSASignatureBenchmark.java +new file mode 100644 +index 00000000..f1cd4b64 +--- /dev/null ++++ b/jdk/test/micro/org/openeuler/bench/security/openssl/RSASignatureBenchmark.java +@@ -0,0 +1,90 @@ ++/* ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++package org.openeuler.bench.security.openssl; ++ ++import org.openjdk.jmh.annotations.Benchmark; ++import org.openjdk.jmh.annotations.Param; ++import org.openjdk.jmh.annotations.Setup; ++ ++import java.security.*; ++ ++/** ++ * RSA Signature Benchmark ++ */ ++public class RSASignatureBenchmark extends BenchmarkBase { ++ @Param({"MD5withRSA", "SHA1withRSA", "SHA224withRSA", "SHA384withRSA", "SHA256withRSA", "SHA512withRSA"}) ++ private String algorithm; ++ ++ @Param({"2048", "3072", "4096"}) ++ private int keySize; ++ ++ @Param({"" + 1024, "" + 10 * 1024, "" + 100 * 1024, "" + 256 * 1024, "" + 1024 * 1024, "" + 10 * 1024 * 1024}) ++ private int dataSize; ++ ++ private KeyPair keyPair; ++ ++ private byte[][] sigData; ++ ++ @Setup ++ public void setup() throws Exception { ++ setupProvider(); ++ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); ++ keyPairGenerator.initialize(keySize); ++ keyPair = keyPairGenerator.generateKeyPair(); ++ data = new byte[SET_SIZE][dataSize]; ++ sigData = getSigBytes(data); ++ } ++ ++ private byte[][] getSigBytes(byte[][] data) throws Exception { ++ byte[][] sigBytes = new byte[data.length][]; ++ Signature signature = prov != null ? Signature.getInstance(algorithm, prov) : ++ Signature.getInstance(algorithm); ++ signature.initSign(keyPair.getPrivate()); ++ for (int i = 0; i < sigBytes.length; i++) { ++ signature.update(data[i]); ++ sigBytes[i] = signature.sign(); ++ } ++ return sigBytes; ++ } ++ ++ @Benchmark ++ public void sign() throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { ++ Signature signature = prov != null ? Signature.getInstance(algorithm, prov) : ++ Signature.getInstance(algorithm); ++ signature.initSign(keyPair.getPrivate()); ++ signature.update(data[index]); ++ signature.sign(); ++ index = (index + 1) % SET_SIZE; ++ } ++ ++ @Benchmark ++ public void verify() throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { ++ Signature signature = prov != null ? Signature.getInstance(algorithm, prov) : ++ Signature.getInstance(algorithm); ++ signature.initVerify(keyPair.getPublic()); ++ signature.update(data[index]); ++ signature.verify(sigData[index]); ++ index = (index + 1) % SET_SIZE; ++ } ++} +diff --git a/jdk/test/micro/org/openeuler/bench/security/openssl/SM3Benchmark.java b/jdk/test/micro/org/openeuler/bench/security/openssl/SM3Benchmark.java +new file mode 100644 +index 00000000..66465037 +--- /dev/null ++++ b/jdk/test/micro/org/openeuler/bench/security/openssl/SM3Benchmark.java +@@ -0,0 +1,98 @@ ++/* ++ * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++package org.openeuler.bench.security.openssl; ++ ++import org.openeuler.security.openssl.KAEProvider; ++import org.openjdk.jmh.annotations.BenchmarkMode; ++import org.openjdk.jmh.annotations.Benchmark; ++import org.openjdk.jmh.annotations.Fork; ++import org.openjdk.jmh.annotations.Measurement; ++import org.openjdk.jmh.annotations.Mode; ++import org.openjdk.jmh.annotations.OutputTimeUnit; ++import org.openjdk.jmh.annotations.Scope; ++import org.openjdk.jmh.annotations.Param; ++import org.openjdk.jmh.annotations.Setup; ++import org.openjdk.jmh.annotations.State; ++import org.openjdk.jmh.annotations.Threads; ++import org.openjdk.jmh.annotations.Warmup; ++ ++import java.security.MessageDigest; ++import java.security.NoSuchAlgorithmException; ++import java.security.Provider; ++import java.security.Security; ++import java.util.Random; ++import java.util.concurrent.TimeUnit; ++ ++@BenchmarkMode(Mode.Throughput) ++@OutputTimeUnit(TimeUnit.SECONDS) ++@Warmup(iterations = 3, time = 3, timeUnit = TimeUnit.SECONDS) ++@Measurement(iterations = 8, time = 2, timeUnit = TimeUnit.SECONDS) ++@Fork(jvmArgsPrepend = {"-Xms100G", "-Xmx100G", "-XX:+AlwaysPreTouch"}, value = 5) ++@Threads(1) ++@State(Scope.Thread) ++public class SM3Benchmark { ++ public static final int SET_SIZE = 128; ++ byte[][] data; ++ int index = 0; ++ ++ @Param({"SM3"}) ++ private String algorithm; ++ ++ @Param({"" + 1024, "" + 10 * 1024, "" + 100 * 1024, "" + 1024 * 1024}) ++ int dataSize; ++ ++ MessageDigest md; ++ ++ @Setup ++ public void setup() throws NoSuchAlgorithmException { ++ Security.addProvider(new KAEProvider()); ++ Provider prov = Security.getProvider("KAEProvider"); ++ data = fillRandom(new byte[SET_SIZE][dataSize]); ++ md = (prov == null) ? MessageDigest.getInstance(algorithm) : MessageDigest.getInstance(algorithm, prov); ++ } ++ ++ @Benchmark ++ public byte[] digest() { ++ byte[] d = data[index]; ++ index = (index + 1) % SET_SIZE; ++ return md.digest(d); ++ } ++ ++ @Benchmark ++ @Fork(jvmArgsPrepend = {"-Xms100G", "-Xmx100G", "-XX:+AlwaysPreTouch", "-Dkae.disableKaeDispose=true"}, value = 5) ++ public byte[] digestDispose() { ++ byte[] d = data[index]; ++ index = (index + 1) % SET_SIZE; ++ return md.digest(d); ++ } ++ ++ public static byte[][] fillRandom(byte[][] data) { ++ Random rnd = new Random(); ++ for (byte[] d : data) { ++ rnd.nextBytes(d); ++ } ++ return data; ++ } ++} ++ +diff --git a/jdk/test/micro/org/openeuler/bench/security/openssl/SM4Benchmark.java b/jdk/test/micro/org/openeuler/bench/security/openssl/SM4Benchmark.java +new file mode 100644 +index 00000000..e62e68c4 +--- /dev/null ++++ b/jdk/test/micro/org/openeuler/bench/security/openssl/SM4Benchmark.java +@@ -0,0 +1,157 @@ ++/* ++ * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++package org.openeuler.bench.security.openssl; ++ ++import org.openeuler.security.openssl.KAEProvider; ++import org.openjdk.jmh.annotations.BenchmarkMode; ++import org.openjdk.jmh.annotations.Benchmark; ++import org.openjdk.jmh.annotations.Fork; ++import org.openjdk.jmh.annotations.Measurement; ++import org.openjdk.jmh.annotations.Mode; ++import org.openjdk.jmh.annotations.OutputTimeUnit; ++import org.openjdk.jmh.annotations.Scope; ++import org.openjdk.jmh.annotations.Param; ++import org.openjdk.jmh.annotations.Setup; ++import org.openjdk.jmh.annotations.State; ++import org.openjdk.jmh.annotations.Threads; ++import org.openjdk.jmh.annotations.Warmup; ++ ++import java.security.InvalidKeyException; ++import java.security.InvalidAlgorithmParameterException; ++import java.security.NoSuchAlgorithmException; ++import java.security.Provider; ++import java.security.SecureRandom; ++import java.security.Security; ++import java.util.Random; ++import java.util.concurrent.TimeUnit; ++ ++import javax.crypto.BadPaddingException; ++import javax.crypto.Cipher; ++import javax.crypto.IllegalBlockSizeException; ++import javax.crypto.NoSuchPaddingException; ++import javax.crypto.spec.SecretKeySpec; ++ ++@BenchmarkMode(Mode.Throughput) ++@OutputTimeUnit(TimeUnit.SECONDS) ++@Warmup(iterations = 3, time = 3, timeUnit = TimeUnit.SECONDS) ++@Measurement(iterations = 8, time = 2, timeUnit = TimeUnit.SECONDS) ++@Fork(jvmArgsPrepend = {"-Xms100G", "-Xmx100G", "-XX:+AlwaysPreTouch"}, value = 5) ++@Threads(1) ++@State(Scope.Thread) ++public class SM4Benchmark { ++ public static final int SET_SIZE = 128; ++ byte[][] data; ++ int index = 0; ++ ++ @Param({"SM4/ECB/NoPadding", "SM4/ECB/PKCS5Padding", "SM4/CBC/NoPadding", "SM4/CBC/PKCS5Padding", "SM4/CTR/NoPadding", "SM4/OFB/NoPadding", "SM4/OFB/PKCS5Padding"}) ++ private String algorithm; ++ ++ @Param({"128"}) ++ private int keyLength; ++ ++ @Param({"" + 1024, "" + 10 * 1024, "" + 100 * 1024, "" + 1024 * 1024}) ++ private int dataSize; ++ ++ private byte[][] encryptedData; ++ private Cipher encryptCipher; ++ private Cipher decryptCipher; ++ ++ @Setup ++ public void setup() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, ++ InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException { ++ Security.addProvider(new KAEProvider()); ++ Provider prov = Security.getProvider("KAEProvider"); ++ ++ byte[] keystring = fillSecureRandom(new byte[keyLength / 8]); ++ SecretKeySpec ks = new SecretKeySpec(keystring, "SM4"); ++ ++ encryptCipher = (prov == null) ? Cipher.getInstance(algorithm) : Cipher.getInstance(algorithm, prov); ++ encryptCipher.init(Cipher.ENCRYPT_MODE, ks); ++ decryptCipher = (prov == null) ? Cipher.getInstance(algorithm) : Cipher.getInstance(algorithm, prov); ++ decryptCipher.init(Cipher.DECRYPT_MODE, ks, encryptCipher.getParameters()); ++ ++ data = fillRandom(new byte[SET_SIZE][dataSize]); ++ encryptedData = fillEncrypted(data, encryptCipher); ++ } ++ ++ @Benchmark ++ public byte[] encrypt() throws IllegalBlockSizeException, BadPaddingException { ++ byte[] d = data[index]; ++ index = (index + 1) % SET_SIZE; ++ return encryptCipher.doFinal(d); ++ } ++ ++ @Benchmark ++ @Fork(jvmArgsPrepend = {"-Xms100G", "-Xmx100G", "-XX:+AlwaysPreTouch", "-Dkae.disableKaeDispose=true"}, value = 5) ++ public byte[] encryptDispose() throws IllegalBlockSizeException, BadPaddingException { ++ byte[] d = data[index]; ++ index = (index + 1) % SET_SIZE; ++ return encryptCipher.doFinal(d); ++ } ++ ++ @Benchmark ++ public byte[] decrypt() throws IllegalBlockSizeException, BadPaddingException { ++ byte[] e = encryptedData[index]; ++ index = (index + 1) % SET_SIZE; ++ return decryptCipher.doFinal(e); ++ } ++ ++ @Benchmark ++ @Fork(jvmArgsPrepend = {"-Xms100G", "-Xmx100G", "-XX:+AlwaysPreTouch", "-Dkae.disableKaeDispose=true"}, value = 5) ++ public byte[] decryptDispose() throws IllegalBlockSizeException, BadPaddingException { ++ byte[] e = encryptedData[index]; ++ index = (index + 1) % SET_SIZE; ++ return decryptCipher.doFinal(e); ++ } ++ ++ public static byte[][] fillRandom(byte[][] data) { ++ Random rnd = new Random(); ++ for (byte[] d : data) { ++ rnd.nextBytes(d); ++ } ++ return data; ++ } ++ ++ public static byte[] fillRandom(byte[] data) { ++ Random rnd = new Random(); ++ rnd.nextBytes(data); ++ return data; ++ } ++ ++ public static byte[] fillSecureRandom(byte[] data) { ++ SecureRandom rnd = new SecureRandom(); ++ rnd.nextBytes(data); ++ return data; ++ } ++ ++ public static byte[][] fillEncrypted(byte[][] data, Cipher encryptCipher) ++ throws IllegalBlockSizeException, BadPaddingException { ++ byte[][] encryptedData = new byte[data.length][]; ++ for (int i = 0; i < encryptedData.length; i++) { ++ encryptedData[i] = encryptCipher.doFinal(data[i]); ++ } ++ return encryptedData; ++ } ++} ++ +diff --git a/jdk/test/org/openeuler/security/openssl/DHTest.java b/jdk/test/org/openeuler/security/openssl/DHTest.java +new file mode 100644 +index 00000000..6eb5e7c9 +--- /dev/null ++++ b/jdk/test/org/openeuler/security/openssl/DHTest.java +@@ -0,0 +1,130 @@ ++/* ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++ ++import java.io.Serializable; ++import java.math.BigInteger; ++import java.security.*; ++import java.util.Arrays; ++import java.util.Date; ++import javax.crypto.KeyAgreement; ++import javax.crypto.spec.*; ++import org.openeuler.security.openssl.KAEProvider; ++ ++/** ++ * This class implements the Diffie-Hellman key exchange algorithm. ++ * D-H means combining your private key with your partners public key to ++ * generate a number. The peer does the same with its private key and our ++ * public key. Through the magic of Diffie-Hellman we both come up with the ++ * same number. This number is secret (discounting MITM attacks) and hence ++ * called the shared secret. It has the same length as the modulus, e.g. 512 ++ * or 1024 bit. Man-in-the-middle attacks are typically countered by an ++ * independent authentication step using certificates (RSA, DSA, etc.). ++ * ++ * The thing to note is that the shared secret is constant for two partners ++ * with constant private keys. This is often not what we want, which is why ++ * it is generally a good idea to create a new private key for each session. ++ * Generating a private key involves one modular exponentiation assuming ++ * suitable D-H parameters are available. ++ * ++ * General usage of this class (TLS DHE case): ++ * . if we are server, call DHCrypt(keyLength,random). This generates ++ * an ephemeral keypair of the request length. ++ * . if we are client, call DHCrypt(modulus, base, random). This ++ * generates an ephemeral keypair using the parameters specified by ++ * the server. ++ * . send parameters and public value to remote peer ++ * . receive peers ephemeral public key ++ * . call getAgreedSecret() to calculate the shared secret ++ * ++ * In TLS the server chooses the parameter values itself, the client must use ++ * those sent to it by the server. ++ * ++ * The use of ephemeral keys as described above also achieves what is called ++ * "forward secrecy". This means that even if the authentication keys are ++ * broken at a later date, the shared secret remains secure. The session is ++ * compromised only if the authentication keys are already broken at the ++ * time the key exchange takes place and an active MITM attack is used. ++ * This is in contrast to straightforward encrypting RSA key exchanges. ++ * ++ */ ++ ++ ++/** ++ * @test ++ * @summary Basic test for DH ++ * @run main DHTest ++ */ ++ ++final class DHTest implements Serializable { ++ private static int bitLength = 8192; ++ private static BigInteger g512; ++ private static BigInteger p512; ++ Throwable t = null; ++ ++ private static volatile Provider sunJceProvider; ++ private static volatile Provider kaeProvider; ++ Date d = new Date(); ++ ++ public static void main(String[] args) throws Exception { ++ Security.addProvider(new KAEProvider()); ++ sunJceProvider = Security.getProvider("SunJCE"); ++ kaeProvider = Security.getProvider("KAEProvider"); ++ ++ g512 = new BigInteger("30270326776012916323988175351831539351616124181011347910931933302640902603480679235129557617566480716138395926949700593986872757726720164601940036524221141391913433558162442022339559255078339658108149162251643458301671465579040759659507434340437396584664407572026953757806341363255195983514333141770938654900099033797866272818739547343977583089845850158637618703095710047154252655157633638171416516716598940884520592858762209135010804267830977334033327483815694794951984230264309784679409488441905236794443014066406150649287037909246107758452315504212879842042858577191624250834553614056794526338841821045329189780334"); ++ ++ p512 = new BigInteger("27672987386729926592037876826877634387173876890702920770064392919138769821035856568775311919542560094764667151024449425954917954337048895981297730855891532066350935045229294626339548842381843985759061682551900379979643117695834175891578650111093016914264824311693147701566019122696621248493126219217339690346346921463135605151471303957324058301097079967414639146647429422884520134312590056632178576758580657240245655739869017244657144448267757255018625514803292549109401806336918448001843022629625467069714240279603204909633404992842479161100500474744098408277938070656334892106100534117209709263785505019003765693651"); ++ ++ DHTest.bitLength = 0; ++ ++ DHParameterSpec dhParams = new DHParameterSpec(p512, g512); ++ KeyPairGenerator SunJCEkeyGen = KeyPairGenerator.getInstance("DH", sunJceProvider); ++ KeyPairGenerator KAEkeyGen = KeyPairGenerator.getInstance("DH", kaeProvider); ++ SunJCEkeyGen.initialize(dhParams, new SecureRandom()); ++ KAEkeyGen.initialize(dhParams, new SecureRandom()); ++ KeyAgreement aKeyAgree = KeyAgreement.getInstance("DH", sunJceProvider); ++ KeyPair aPair = SunJCEkeyGen.generateKeyPair(); ++ KeyAgreement bKeyAgree = KeyAgreement.getInstance("DH", kaeProvider); ++ KeyPair bPair = KAEkeyGen.generateKeyPair(); ++ ++ aKeyAgree.init(aPair.getPrivate()); ++ bKeyAgree.init(bPair.getPrivate()); ++ ++ aKeyAgree.doPhase(bPair.getPublic(), true); ++ bKeyAgree.doPhase(aPair.getPublic(), true); ++ ++ MessageDigest hash = MessageDigest.getInstance("MD5"); ++ byte[] b1 = hash.digest(aKeyAgree.generateSecret()); ++ byte[] b2 = hash.digest(bKeyAgree.generateSecret()); ++ if(Arrays.equals(b1, b2)){ ++ System.out.println("SUCCESS!"); ++ }else{ ++ System.out.println("Failed!"); ++ throw new RuntimeException("Not Equal DH keyagreement ouput from SunJCE and KAE Provider!"); ++ } ++ ++ } ++ ++} +diff --git a/jdk/test/org/openeuler/security/openssl/ECDHTest.java b/jdk/test/org/openeuler/security/openssl/ECDHTest.java +new file mode 100644 +index 00000000..590c3115 +--- /dev/null ++++ b/jdk/test/org/openeuler/security/openssl/ECDHTest.java +@@ -0,0 +1,104 @@ ++/* ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import org.openeuler.security.openssl.KAEProvider; ++import sun.security.ec.ECPrivateKeyImpl; ++import sun.security.ec.ECPublicKeyImpl; ++ ++import javax.crypto.KeyAgreement; ++import java.math.BigInteger; ++import java.security.KeyPair; ++import java.security.KeyPairGenerator; ++import java.security.Provider; ++import java.security.Security; ++import java.security.spec.ECFieldFp; ++import java.security.spec.ECParameterSpec; ++import java.security.spec.ECPoint; ++import java.security.spec.EllipticCurve; ++import java.util.Arrays; ++import java.nio.charset.StandardCharsets; ++ ++/** ++ * @test ++ * @summary Basic test for ECDH ++ * @run main ECDHTest ++ */ ++ ++public class ECDHTest { ++ ++ private static KeyPairGenerator keyPairGenerator; ++ private static String algorithm = "EC"; ++ private static int[] keyArr = {224, 256, 384, 521}; ++ ++ public static void main(String[] args) throws Exception { ++ Security.insertProviderAt(new KAEProvider(), 1); ++ ++ BigInteger a = new BigInteger("26959946667150639794667015087019630673557916260026308143510066298878"); ++ BigInteger b = new BigInteger("18958286285566608000408668544493926415504680968679321075787234672564"); ++ BigInteger p = new BigInteger("26959946667150639794667015087019630673557916260026308143510066298881"); ++ BigInteger x = new BigInteger("19277929113566293071110308034699488026831934219452440156649784352033"); ++ BigInteger y = new BigInteger("19926808758034470970197974370888749184205991990603949537637343198772"); ++ EllipticCurve CURVE = new EllipticCurve(new ECFieldFp(p), a, b); ++ ECPoint POINT = new ECPoint(x, y); ++ BigInteger ORDER = new BigInteger("26959946667150639794667015087019625940457807714424391721682722368061"); ++ int COFACTOR = 1; ++ ECParameterSpec PARAMS = new ECParameterSpec(CURVE, POINT, ORDER, COFACTOR); ++ ++ testKeyPairByParam(PARAMS); ++ for (int keySize : keyArr) { ++ testKeyPairByKeySize(keySize); ++ } ++ ++ ECPrivateKeyImpl ecPrivKey = new ECPrivateKeyImpl(new BigInteger("20135071615800221517902437867016717688420688735490569283842831828983"), PARAMS); ++ ECPoint ecPoint = new ECPoint(new BigInteger("9490267631555585552004372465967099662885480699902812460349461311384"), new BigInteger("1974573604976093871117393045089050409882519645527397292712281520811")); ++ ECPublicKeyImpl ecPublicKey = new ECPublicKeyImpl(ecPoint, PARAMS); ++ testKeyAgreement(ecPrivKey, ecPublicKey, new byte[]{-88, -65, 43, -84, 26, 43, 46, 106, 20, 39, -76, 30, -71, 72, -102, 120, 108, -92, -86, -14, -96, -42, 93, -40, -43, -25, 15, -62}); ++ ++ } ++ ++ public static void testKeyPairByParam(ECParameterSpec PARAMS) throws Exception { ++ keyPairGenerator = KeyPairGenerator.getInstance(algorithm); ++ keyPairGenerator.initialize(PARAMS); ++ KeyPair keyPair = keyPairGenerator.generateKeyPair(); ++ ECPrivateKeyImpl ecPrivKey = (ECPrivateKeyImpl) keyPair.getPrivate(); ++ ECPublicKeyImpl ecPublicKey = (ECPublicKeyImpl) keyPair.getPublic(); ++ } ++ ++ public static void testKeyPairByKeySize(int keySize) throws Exception { ++ keyPairGenerator = KeyPairGenerator.getInstance(algorithm); ++ keyPairGenerator.initialize(keySize); ++ KeyPair keyPair = keyPairGenerator.generateKeyPair(); ++ ECPrivateKeyImpl ecPrivKey = (ECPrivateKeyImpl) keyPair.getPrivate(); ++ ECPublicKeyImpl ecPublicKey = (ECPublicKeyImpl) keyPair.getPublic(); ++ } ++ ++ public static void testKeyAgreement(ECPrivateKeyImpl ecPrivKey, ECPublicKeyImpl ecPublicKey, byte[] expectRes) throws Exception { ++ KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH"); ++ keyAgreement.init(ecPrivKey); ++ keyAgreement.doPhase(ecPublicKey, true); ++ byte[] res = keyAgreement.generateSecret(); ++ if (!Arrays.equals(res, expectRes)) { ++ throw new RuntimeException("keyagreement failed"); ++ } ++ } ++} +diff --git a/jdk/test/org/openeuler/security/openssl/SM3Test.java b/jdk/test/org/openeuler/security/openssl/SM3Test.java +new file mode 100644 +index 00000000..181f708f +--- /dev/null ++++ b/jdk/test/org/openeuler/security/openssl/SM3Test.java +@@ -0,0 +1,54 @@ ++/* ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import org.openeuler.security.openssl.KAEProvider; ++import java.nio.charset.StandardCharsets; ++import java.util.Arrays; ++import java.security.MessageDigest; ++import java.security.Security; ++ ++/** ++ * @test ++ * @summary Basic test for sm3 ++ * @run main SM3Test ++ */ ++ ++public class SM3Test { ++ ++ private static String plainText = "helloworldhellow"; ++ ++ public static void main(String[] args) throws Exception { ++ Security.insertProviderAt(new KAEProvider(), 1); ++ test(plainText, "SM3", new byte[]{40, -103, -71, 4, -80, -49, 94, 112, 11, -75, -66, 121, 63, 80, 62, -14, -45, -75, -34, 66, -77, -34, -26, 26, 33, -23, 45, 52, -74, 67, -18, 118}); ++ } ++ ++ public static void test(String plainText, String algo, byte[] expectRes) throws Exception { ++ MessageDigest md = MessageDigest.getInstance(algo); ++ md.update(plainText.getBytes(StandardCharsets.UTF_8)); ++ byte[] res = md.digest(); ++ if (!Arrays.equals(res, expectRes)) { ++ throw new RuntimeException("sm3 failed"); ++ } ++ } ++ ++} +diff --git a/jdk/test/org/openeuler/security/openssl/SM4Test.java b/jdk/test/org/openeuler/security/openssl/SM4Test.java +new file mode 100644 +index 00000000..4c28dc5b +--- /dev/null ++++ b/jdk/test/org/openeuler/security/openssl/SM4Test.java +@@ -0,0 +1,95 @@ ++/* ++ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import org.openeuler.security.openssl.KAEProvider; ++import java.nio.charset.StandardCharsets; ++import java.util.Arrays; ++import java.security.NoSuchAlgorithmException; ++import java.security.Security; ++import javax.crypto.Cipher; ++import javax.crypto.spec.IvParameterSpec; ++import javax.crypto.spec.SecretKeySpec; ++ ++/** ++ * @test ++ * @summary Basic test for sm4 ++ * @run main SM4Test ++ */ ++ ++public class SM4Test { ++ ++ private static SecretKeySpec ks = new SecretKeySpec("sm4EncryptionKey".getBytes(StandardCharsets.UTF_8), "SM4"); // key has 16 bytes ++ private static IvParameterSpec iv = new IvParameterSpec("abcdefghabcdefgh".getBytes(StandardCharsets.UTF_8)); // iv has 16 bytes ++ private static IvParameterSpec shortIv = new IvParameterSpec("abcdefgh".getBytes(StandardCharsets.UTF_8)); // CTR support >= 8bytes iv ++ private static String plainText = "helloworldhellow"; // 16bytes for NoPadding ++ private static String shortPlainText = "helloworld"; // 5 bytes for padding ++ ++ public static void main(String[] args) throws Exception { ++ Security.insertProviderAt(new KAEProvider(), 1); ++ test(plainText, "SM4/CBC/NOPADDING", new byte[]{86, 69, 47, -115, -63, 54, 35, 24, -2, 114, 113, 102, 82, 20, 69, 59}); ++ test(shortPlainText, "SM4/CBC/PKCS5Padding", new byte[]{10, 105, 75, -80, -85, -68, 13, -53, 42, 91, -64, 99, 104, 35, -85, 8}); ++ test(plainText, "SM4/ECB/NOPADDING", new byte[]{103, 36, -31, -53, -109, -12, -71, -79, -54, 106, 10, -3, -35, -22, -122, -67}); ++ test(shortPlainText, "SM4/ECB/PKCS5Padding", new byte[]{-10, 99, -9, 90, 58, -36, -109, 54, -55, -52, 7, -49, 110, -88, 72, 40}); ++ test(plainText, "SM4/CTR/NOPADDING", new byte[]{32, 108, 35, 108, -16, 119, -111, 114, 94, 110, -100, -113, -46, -29, -11, 71}); ++ test(plainText, "SM4/OFB/NOPADDING", new byte[]{32, 108, 35, 108, -16, 119, -111, 114, 94, 110, -100, -113, -46, -29, -11, 71}); ++ test(shortPlainText, "SM4/OFB/PKCS5Padding", new byte[]{32, 108, 35, 108, -16, 119, -111, 114, 94, 110}); ++ ++ testCtrShortIv(plainText, "SM4/CTR/NOPADDING", new byte[]{-13, 73, 40, -36, -64, -67, 75, -72, 90, 58, 73, -4, -36, 115, 126, -48}); ++ } ++ ++ public static void test(String plainText, String algo, byte[] expectRes) throws Exception { ++ Cipher encryptCipher = Cipher.getInstance(algo); ++ if (algo.contains("ECB")) { ++ encryptCipher.init(Cipher.ENCRYPT_MODE, ks); ++ } else { ++ encryptCipher.init(Cipher.ENCRYPT_MODE, ks, iv); ++ } ++ byte[] cipherText = encryptCipher.doFinal(plainText.getBytes(StandardCharsets.UTF_8)); ++ if (!Arrays.equals(cipherText, expectRes)) { ++ throw new RuntimeException("sm4 encryption failed, algo = " + algo); ++ } ++ ++ Cipher decryptCipher = Cipher.getInstance(algo); ++ decryptCipher.init(Cipher.DECRYPT_MODE, ks, encryptCipher.getParameters()); ++ String decryptPlainText = new String(decryptCipher.doFinal(cipherText)); ++ if (!plainText.equals(decryptPlainText)) { ++ throw new RuntimeException("sm4 decryption failed, algo = " + algo); ++ } ++ } ++ ++ public static void testCtrShortIv(String plainText, String algo, byte[] expectRes) throws Exception { ++ Cipher encryptCipher = Cipher.getInstance(algo); ++ encryptCipher.init(Cipher.ENCRYPT_MODE, ks, shortIv); ++ byte[] cipherText = encryptCipher.doFinal(plainText.getBytes(StandardCharsets.UTF_8)); ++ if (!Arrays.equals(cipherText, expectRes)) { ++ throw new RuntimeException("sm4 encryption failed, algo = " + algo); ++ } ++ ++ Cipher decryptCipher = Cipher.getInstance(algo); ++ decryptCipher.init(Cipher.DECRYPT_MODE, ks, encryptCipher.getParameters()); ++ String decryptPlainText = new String(decryptCipher.doFinal(cipherText)); ++ if (!plainText.equals(decryptPlainText)) { ++ throw new RuntimeException("sm4 decryption failed, algo = " + algo); ++ } ++ } ++} +diff --git a/jdk/test/sun/security/ssl/SSLSocketImpl/NotifyHandshakeTest.policy b/jdk/test/sun/security/ssl/SSLSocketImpl/NotifyHandshakeTest.policy +index b426b173..6f65e48a 100644 +--- a/jdk/test/sun/security/ssl/SSLSocketImpl/NotifyHandshakeTest.policy ++++ b/jdk/test/sun/security/ssl/SSLSocketImpl/NotifyHandshakeTest.policy +@@ -33,5 +33,7 @@ grant codeBase "file:com.jar" { + "javax.net.ssl.trustStore", "write"; + permission java.util.PropertyPermission + "javax.net.ssl.trustStorePassword", "write"; ++ permission java.util.PropertyPermission ++ "kae.disableKaeDispose", "read"; + }; + diff --git a/keep-the-binary-equal.patch b/keep-the-binary-equal.patch new file mode 100644 index 0000000000000000000000000000000000000000..41d281d28d4aa1e849043218be8dbe52c0527f77 --- /dev/null +++ b/keep-the-binary-equal.patch @@ -0,0 +1,132 @@ +From c31020cc5a6f503739cb6998ab2b8b9f8440e3c9 Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Thu, 4 Mar 2021 09:16:31 +0800 +Subject: [PATCH] [Huawei]keep the binary equal + + + +Signed-off-by: Zhou Yong +--- + common/autoconf/flags.m4 | 2 +- + common/autoconf/generated-configure.sh | 2 +- + .../com/sun/tools/corba/se/idl/toJavaPortable/Util.java | 3 --- + .../share/classes/com/sun/tools/corba/se/logutil/MC.java | 1 - + jdk/make/CompileLaunchers.gmk | 6 +++--- + jdk/make/lib/CoreLibraries.gmk | 2 +- + .../build/tools/generatecharacter/GenerateCharacter.java | 3 --- + 7 files changed, 6 insertions(+), 13 deletions(-) + +diff --git a/common/autoconf/flags.m4 b/common/autoconf/flags.m4 +index 077efa297..838a76734 100644 +--- a/common/autoconf/flags.m4 ++++ b/common/autoconf/flags.m4 +@@ -686,7 +686,7 @@ AC_DEFUN_ONCE([FLAGS_SETUP_COMPILER_FLAGS_FOR_JDK], + LDFLAGS_JDK="$LDFLAGS_JDK -safeseh" + fi + # TODO: make -debug optional "--disable-full-debug-symbols" +- LDFLAGS_JDK="$LDFLAGS_JDK -debug" ++ LDFLAGS_JDK="$LDFLAGS_JDK" + LDFLAGS_JDKLIB="${LDFLAGS_JDK} -dll -libpath:${JDK_OUTPUTDIR}/lib" + LDFLAGS_JDKLIB_SUFFIX="" + if test "x$OPENJDK_TARGET_CPU_BITS" = "x64"; then +diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh +index 93d0fbdcb..03872a3c9 100644 +--- a/common/autoconf/generated-configure.sh ++++ b/common/autoconf/generated-configure.sh +@@ -42154,7 +42154,7 @@ $as_echo "$supports" >&6; } + LDFLAGS_JDK="$LDFLAGS_JDK -safeseh" + fi + # TODO: make -debug optional "--disable-full-debug-symbols" +- LDFLAGS_JDK="$LDFLAGS_JDK -debug" ++ LDFLAGS_JDK="$LDFLAGS_JDK" + LDFLAGS_JDKLIB="${LDFLAGS_JDK} -dll -libpath:${JDK_OUTPUTDIR}/lib" + LDFLAGS_JDKLIB_SUFFIX="" + if test "x$OPENJDK_TARGET_CPU_BITS" = "x64"; then +diff --git a/corba/src/share/classes/com/sun/tools/corba/se/idl/toJavaPortable/Util.java b/corba/src/share/classes/com/sun/tools/corba/se/idl/toJavaPortable/Util.java +index 7e0d8373d..b5da891d6 100644 +--- a/corba/src/share/classes/com/sun/tools/corba/se/idl/toJavaPortable/Util.java ++++ b/corba/src/share/classes/com/sun/tools/corba/se/idl/toJavaPortable/Util.java +@@ -1129,7 +1129,6 @@ public class Util extends com.sun.tools.corba.se.idl.Util + Util.getMessage ("Version.product", Util.getMessage ("Version.number")))); + // Do not introduce invalid escape characters into comment! + //stream.println ("* " + Util.getMessage ("toJavaProlog2", Compile.compiler.arguments.file)); +- stream.println ("* " + Util.getMessage ("toJavaProlog2", Compile.compiler.arguments.file.replace (File.separatorChar, '/'))); + + /////////////// + // This SHOULD work, but there's a bug in the JDK. +@@ -1146,8 +1145,6 @@ public class Util extends com.sun.tools.corba.se.idl.Util + else + formatter.setTimeZone (java.util.TimeZone.getDefault ()); + +- stream.println ("* " + formatter.format (new Date ())); +- + // + /////////////// + +diff --git a/corba/src/share/classes/com/sun/tools/corba/se/logutil/MC.java b/corba/src/share/classes/com/sun/tools/corba/se/logutil/MC.java +index b2fd98a52..1a6f80359 100644 +--- a/corba/src/share/classes/com/sun/tools/corba/se/logutil/MC.java ++++ b/corba/src/share/classes/com/sun/tools/corba/se/logutil/MC.java +@@ -154,7 +154,6 @@ public class MC { + groupName); + pw.println("//"); + pw.printMsg("// Generated by MC.java version @, DO NOT EDIT BY HAND!", VERSION); +- pw.printMsg("// Generated from input file @ on @", inFile, new Date()); + pw.println(); + } + +diff --git a/jdk/make/CompileLaunchers.gmk b/jdk/make/CompileLaunchers.gmk +index 9bd19ae91..baaea8a99 100644 +--- a/jdk/make/CompileLaunchers.gmk ++++ b/jdk/make/CompileLaunchers.gmk +@@ -490,9 +490,9 @@ UNPACKEXE_DEBUG_SYMBOLS := true + # It's also linked incrementally, producing a .ilk file that needs to + # be kept away. + ifeq ($(OPENJDK_TARGET_OS), windows) +- BUILD_UNPACKEXE_LDEXE := $(CC) ++ BUILD_UNPACKEXE_LDEXE := $(LD) + EXE_OUT_OPTION_save := $(EXE_OUT_OPTION) +- EXE_OUT_OPTION := -Fe ++ EXE_OUT_OPTION := -out: + # With the current way unpack200 is built, debug symbols aren't supported + # anyway. + UNPACKEXE_DEBUG_SYMBOLS := +@@ -520,7 +520,7 @@ $(eval $(call SetupNativeCompilation,BUILD_UNPACKEXE, \ + CFLAGS_macosx := -fPIC, \ + MAPFILE := $(UNPACK_MAPFILE),\ + LDFLAGS := $(UNPACKEXE_ZIPOBJS), \ +- LDFLAGS_windows := $(CXXFLAGS_JDKEXE), \ ++ LDFLAGS_windows := -incremental, \ + LDFLAGS_posix := $(LDFLAGS_JDKEXE) $(LDFLAGS_CXX_JDK) \ + $(call SET_SHARED_LIBRARY_NAME,$(LIBRARY_PREFIX)unpack$(SHARED_LIBRARY_SUFFIX)) \ + $(call SET_SHARED_LIBRARY_ORIGIN), \ +diff --git a/jdk/make/lib/CoreLibraries.gmk b/jdk/make/lib/CoreLibraries.gmk +index 75886a628..afcebcb35 100644 +--- a/jdk/make/lib/CoreLibraries.gmk ++++ b/jdk/make/lib/CoreLibraries.gmk +@@ -331,7 +331,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBUNPACK, \ + MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libunpack/mapfile-vers, \ + LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK) \ + $(call SET_SHARED_LIBRARY_ORIGIN), \ +- LDFLAGS_windows := -map:$(JDK_OUTPUTDIR)/objs/unpack.map -debug \ ++ LDFLAGS_windows := -map:$(JDK_OUTPUTDIR)/objs/unpack.map \ + jvm.lib $(WIN_JAVA_LIB), \ + LDFLAGS_SUFFIX_posix := -ljvm $(LIBCXX) -ljava -lc, \ + OBJECT_DIR := $(JDK_OUTPUTDIR)/objs/libunpack, \ +diff --git a/jdk/make/src/classes/build/tools/generatecharacter/GenerateCharacter.java b/jdk/make/src/classes/build/tools/generatecharacter/GenerateCharacter.java +index 83973ef07..fc33a4ef9 100644 +--- a/jdk/make/src/classes/build/tools/generatecharacter/GenerateCharacter.java ++++ b/jdk/make/src/classes/build/tools/generatecharacter/GenerateCharacter.java +@@ -691,9 +691,6 @@ OUTER: for (int i = 0; i < n; i += m) { + throws FileNotFoundException, IOException { + BufferedReader in = new BufferedReader(new FileReader(theTemplateFileName)); + PrintWriter out = new PrintWriter(new BufferedWriter(new FileWriter(theOutputFileName))); +- out.println(commentStart + +- " This file was generated AUTOMATICALLY from a template file " + +- new java.util.Date() + commentEnd); + int marklen = commandMarker.length(); + LOOP: while(true) { + try { +-- +2.19.0 + diff --git a/link-option-use-rpath-instead-of-runpath.patch b/link-option-use-rpath-instead-of-runpath.patch new file mode 100644 index 0000000000000000000000000000000000000000..17053856c77132d6114cfdea977db251469e6de5 --- /dev/null +++ b/link-option-use-rpath-instead-of-runpath.patch @@ -0,0 +1,42 @@ +From 0fa7d25d938ba1af326ca2564c9f4498604fb190 Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Thu, 4 Mar 2021 10:07:43 +0800 +Subject: [PATCH] [Huawei]link option use rpath instead of runpath + + + +Signed-off-by: Sun Jianye +--- + common/autoconf/flags.m4 | 2 +- + common/autoconf/generated-configure.sh | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/common/autoconf/flags.m4 b/common/autoconf/flags.m4 +index a8a938072..c920ca2a2 100644 +--- a/common/autoconf/flags.m4 ++++ b/common/autoconf/flags.m4 +@@ -170,7 +170,7 @@ AC_DEFUN_ONCE([FLAGS_SETUP_COMPILER_FLAGS_FOR_LIBS], + else + # Default works for linux, might work on other platforms as well. + SHARED_LIBRARY_FLAGS='-shared' +- SET_EXECUTABLE_ORIGIN='-Xlinker -rpath -Xlinker \$$$$ORIGIN[$]1' ++ SET_EXECUTABLE_ORIGIN='-Xlinker -rpath -Xlinker \$$$$ORIGIN[$]1 -Xlinker --disable-new-dtags' + SET_SHARED_LIBRARY_ORIGIN="-Xlinker -z -Xlinker origin $SET_EXECUTABLE_ORIGIN" + SET_SHARED_LIBRARY_NAME='-Xlinker -soname=[$]1' + SET_SHARED_LIBRARY_MAPFILE='-Xlinker -version-script=[$]1' +diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh +index b8ae42603..3b2b51f6f 100644 +--- a/common/autoconf/generated-configure.sh ++++ b/common/autoconf/generated-configure.sh +@@ -41288,7 +41288,7 @@ $as_echo "$ac_cv_c_bigendian" >&6; } + else + # Default works for linux, might work on other platforms as well. + SHARED_LIBRARY_FLAGS='-shared' +- SET_EXECUTABLE_ORIGIN='-Xlinker -rpath -Xlinker \$$$$ORIGIN$1' ++ SET_EXECUTABLE_ORIGIN='-Xlinker -rpath -Xlinker \$$$$ORIGIN$1 -Xlinker --disable-new-dtags' + SET_SHARED_LIBRARY_ORIGIN="-Xlinker -z -Xlinker origin $SET_EXECUTABLE_ORIGIN" + SET_SHARED_LIBRARY_NAME='-Xlinker -soname=$1' + SET_SHARED_LIBRARY_MAPFILE='-Xlinker -version-script=$1' +-- +2.19.0 + diff --git a/make-disable-precompiled-headers-work.patch b/make-disable-precompiled-headers-work.patch deleted file mode 100644 index 6a1c9f54ded6ba5972ed84ba1d9b42144566bdcb..0000000000000000000000000000000000000000 --- a/make-disable-precompiled-headers-work.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 16d2fb7faaaad6ae1d3f508af0c654c5c83bf484 Mon Sep 17 00:00:00 2001 -Date: Tue, 8 Sep 2020 09:13:31 +0800 -Subject: [PATCH] make disable precompiled headers work - -Summary: :make disable precompiled headers work -LLT: N/A -Bug url: ---- - hotspot/src/share/vm/oops/oop.hpp | 2 +- - hotspot/src/share/vm/oops/oop.inline.hpp | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hotspot/src/share/vm/oops/oop.hpp b/hotspot/src/share/vm/oops/oop.hpp -index 41a7bce4d..8a33412ec 100644 ---- a/hotspot/src/share/vm/oops/oop.hpp -+++ b/hotspot/src/share/vm/oops/oop.hpp -@@ -91,7 +91,7 @@ class oopDesc { - narrowKlass* compressed_klass_addr(); - - void set_klass(Klass* k); -- inline void release_set_klass(Klass* k); -+ void release_set_klass(Klass* k); - - // For klass field compression - int klass_gap() const; -diff --git a/hotspot/src/share/vm/oops/oop.inline.hpp b/hotspot/src/share/vm/oops/oop.inline.hpp -index c3abdb128..3e3883cb6 100644 ---- a/hotspot/src/share/vm/oops/oop.inline.hpp -+++ b/hotspot/src/share/vm/oops/oop.inline.hpp -@@ -141,7 +141,7 @@ inline void oopDesc::set_klass(Klass* k) { - } - } - --void oopDesc::release_set_klass(Klass* k) { -+inline void oopDesc::release_set_klass(Klass* k) { - CHECK_SET_KLASS(k); - if (UseCompressedClassPointers) { - OrderAccess::release_store(compressed_klass_addr(), --- -2.12.3 - diff --git a/java-1.8.0-openjdk.spec b/openjdk-1.8.0.spec similarity index 94% rename from java-1.8.0-openjdk.spec rename to openjdk-1.8.0.spec index 33df699c1eed826be747d24b8334505ec2705c9f..1286486b0cd6f4e77681aeead314715224965313 100644 --- a/java-1.8.0-openjdk.spec +++ b/openjdk-1.8.0.spec @@ -148,17 +148,13 @@ # Define old aarch64/jdk8u tree variables for compatibility %global project aarch64-port %global repo jdk8u-shenandoah -%global revision aarch64-shenandoah-jdk8u282-b08 +%global revision aarch64-shenandoah-jdk8u292-b10 %global full_revision %{project}-%{repo}-%{revision} # Define IcedTea version used for SystemTap tapsets and desktop files %global icedteaver 3.15.0 -# eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%) -%global whole_update %(VERSION=%{revision}; echo ${VERSION%%-*}) -# eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60 -%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) -# eg jdk8u60-b27 -> b27 -%global buildver %(VERSION=%{revision}; echo ${VERSION##*-}) +%global updatever 292 +%global buildver b10 # priority must be 7 digits in total. The expression is workarounding tip %global priority 1800%{updatever} @@ -589,6 +585,7 @@ exit 0 %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnpt.so %ifarch %{aarch64} %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libj2kae.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/kaeprovider.conf %endif %ifarch %{sa_arches} %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsaproc.so @@ -921,7 +918,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever}.%{buildver} -Release: 8 +Release: 7 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -976,9 +973,7 @@ Source14: TestECDSA.java Source20: repackReproduciblePolycies.sh Patch8: replace-vector-to-improve-performance-of-xml.validat.patch -Patch9: AARCH64-fix-itable-stub-code-size-limit.patch Patch10: 8221658.patch -Patch12: add-debuginfo-for-libsaproc-on-aarch64.patch Patch18: fix-vendor-info.patch Patch21: 8202952.patch Patch24: 8134883.patch @@ -995,10 +990,7 @@ Patch35: 8186042.patch Patch36: 8060463.patch Patch37: 8131600.patch Patch38: 8138971.patch -Patch40: 8129626.patch Patch41: 8203699.patch -Patch45: 8191129.patch -Patch46: 8182036.patch Patch47: 8166197.patch Patch50: 8158946.patch Patch51: add-with-company-name-option.patch @@ -1012,11 +1004,9 @@ Patch70: 8164948.patch Patch72: inline-optimize-for-aarch64.patch # 8u242 -Patch74: 8191915.patch Patch75: Add-ability-to-configure-third-port-for-remote-JMX.patch Patch76: 8203196.patch Patch77: 8190332.patch -Patch78: 8171410.patch Patch83: 8204947.patch Patch85: 8139041.patch @@ -1041,7 +1031,6 @@ Patch103: Ddot-intrinsic-implement.patch Patch104: 8234003.patch Patch105: 8220159.patch Patch106: fast-serializer-jdk8.patch -Patch107: 6896810.patch Patch108: 8231631.patch Patch109: Test8167409.sh-fails-to-run-with-32bit-jdk-on-64bit-.patch Patch112: 8048210-8056152.patch @@ -1055,11 +1044,9 @@ Patch122: optimize-jmap-F-dump-xxx.patch Patch123: recreate-.java_pid-file-when-deleted-for-attach-mechanism.patch Patch124: Support-Git-commit-ID-in-the-SOURCE-field-of-the-release.patch Patch125: Extend-CDS-to-support-app-class-metadata-sharing.patch -Patch126: zlib-optimization.patch Patch127: add-DumpSharedSpace-guarantee-when-create-anonymous-classes.patch # 8u272 -Patch129: 8248336.patch Patch133: 8160369.patch Patch134: PS-GC-adding-acquire_size-method-for-PSParallelCompa.patch Patch138: add-appcds-file-lock.patch @@ -1067,28 +1054,56 @@ Patch139: G1-memory-uncommit.patch Patch140: 8015927.patch Patch141: 8040327.patch Patch142: 8207160.patch -Patch143: delete-untrustworthy-cacert-files.patch Patch144: add-appcds-test-case.patch # 8u282 -Patch145: 8080911.patch Patch146: 8168926.patch Patch147: 8215047.patch Patch148: 8237894.patch Patch149: Remove-the-parentheses-around-company-name.patch -Patch150: 8240353.patch Patch151: kae-phase1.patch Patch152: 8231841-debug.cpp-help-is-missing-an-AArch64-line-fo.patch Patch153: initialized-value-should-be-0-in-perfInit.patch Patch154: 8254078-DataOutputStream-is-very-slow-post-disabling.patch Patch155: Use-atomic-operation-when-G1Uncommit.patch -Patch156: 8168996-backport-of-C2-crash-at-postaloc.cpp-140-ass.patch Patch157: 8140597-Postpone-the-initial-mark-request-until-the-.patch Patch158: Use-Mutex-when-G1Uncommit.patch Patch159: C1-typos-repair.patch Patch160: 8214418-half-closed-SSLEngine-status-may-cause-appli.patch Patch161: 8259886-Improve-SSL-session-cache-performance-and-sc.patch Patch162: 8214535-support-Jmap-parallel.patch +Patch163: Fixed-a-copyright-writing-problem.patch +Patch164: fix-arguments.cpp-error-C2131-on-windows.patch +Patch165: 818172_overflow_when_strength_reducing_interger_multiply.patch +Patch166: add-missing-test-case.patch +Patch167: fix-BoxTypeCachedMax-build-failure-when-jvm-variants.patch +Patch168: fix-windows-compile-fail.patch +Patch169: Code-style-fix.patch +Patch170: kae-phase2.patch +Patch171: add-kaeEngine-to-rsa.patch + +# 8u292 +Patch172: 8031818.patch +Patch173: 8193518.patch +Patch174: Disable-ddot-intrinsic-on-CPUs-that-not-suppo.patch +Patch175: add-appcds-jtreg-test-case-UnusedCPDuringDump.patch +Patch176: add-safe-compilation-flags.patch +Patch177: downgrade-symver-of-memcpy-GLIBC.patch +Patch178: fix-log-bug-enhance-aes-hmac-performance.patch +Patch179: keep-the-binary-equal.patch +Patch180: link-option-use-rpath-instead-of-runpath.patch +Patch181: remove-gnu-debuglink-when-using-enable-debug-.patch +Patch183: revert-windows-bugfix.patch +Patch184: set-vm.vendor-by-configure.patch +Patch185: update-cacerts-and-VerifyCACerts.java-test.patch +Patch186: update-to-keep-same-with-master.patch +Patch187: 8182036.patch +Patch188: 8247691_incorrect_handling_of_VM_exceptions_in_C1_deopt_stub.patch +Patch189: 8266187_Memory_leak_in_appendBootClassPath.patch +Patch190: 8266929_huawei_add_oid_mapping_common_sig_types.patch +Patch191: 8264640.patch +Patch192: add_kae_implementation_add_default_conf_file.patch +Patch193: improve_algorithmConstraints_checkAlgorithm_performance.patch ############################################# # @@ -1425,9 +1440,7 @@ pushd %{top_level_dir_name} # OpenJDK patches %patch8 -p1 -%patch9 -p1 %patch10 -p1 -%patch12 -p1 %patch18 -p1 %patch21 -p1 %patch24 -p1 @@ -1444,10 +1457,7 @@ pushd %{top_level_dir_name} %patch36 -p1 %patch37 -p1 %patch38 -p1 -%patch40 -p1 %patch41 -p1 -%patch45 -p1 -%patch46 -p1 %patch47 -p1 %patch50 -p1 %patch51 -p1 @@ -1459,11 +1469,9 @@ pushd %{top_level_dir_name} %patch68 -p1 %patch70 -p1 %patch72 -p1 -%patch74 -p1 %patch75 -p1 %patch76 -p1 %patch77 -p1 -%patch78 -p1 %patch83 -p1 %patch85 -p1 %patch86 -p1 @@ -1482,7 +1490,6 @@ pushd %{top_level_dir_name} %patch104 -p1 %patch105 -p1 %patch106 -p1 -%patch107 -p1 %patch108 -p1 %patch109 -p1 %patch112 -p1 @@ -1496,9 +1503,7 @@ pushd %{top_level_dir_name} %patch123 -p1 %patch124 -p1 %patch125 -p1 -%patch126 -p1 %patch127 -p1 -%patch129 -p1 %patch133 -p1 %patch134 -p1 %patch138 -p1 @@ -1506,26 +1511,52 @@ pushd %{top_level_dir_name} %patch140 -p1 %patch141 -p1 %patch142 -p1 -%patch143 -p1 %patch144 -p1 -%patch145 -p1 %patch146 -p1 %patch147 -p1 %patch148 -p1 %patch149 -p1 -%patch150 -p1 %patch151 -p1 %patch152 -p1 %patch153 -p1 %patch154 -p1 %patch155 -p1 -%patch156 -p1 %patch157 -p1 %patch158 -p1 %patch159 -p1 %patch160 -p1 %patch161 -p1 %patch162 -p1 +%patch163 -p1 +%patch164 -p1 +%patch165 -p1 +%patch166 -p1 +%patch167 -p1 +%patch168 -p1 +%patch169 -p1 +%patch170 -p1 +%patch171 -p1 +%patch172 -p1 +%patch173 -p1 +%patch174 -p1 +%patch175 -p1 +%patch176 -p1 +%patch177 -p1 +%patch178 -p1 +%patch179 -p1 +%patch180 -p1 +%patch181 -p1 +%patch183 -p1 +%patch184 -p1 +%patch185 -p1 +%patch186 -p1 +%patch187 -p1 +%patch188 -p1 +%patch189 -p1 +%patch190 -p1 +%patch191 -p1 +%patch192 -p1 +%patch193 -p1 popd @@ -1535,7 +1566,7 @@ popd # %patch203 # RPM-only fixes -%patch1000 +# %patch1000 # Extract systemtap tapsets %if %{with_systemtap} @@ -1601,7 +1632,7 @@ export ARCH_DATA_MODEL=64 # We use ourcppflags because the OpenJDK build seems to # pass EXTRA_CFLAGS to the HotSpot C++ compiler... EXTRA_CFLAGS="%ourcppflags -Wno-error -fcommon" -EXTRA_CPP_FLAGS="%ourcppflags" +EXTRA_CPP_FLAGS="%ourcppflags -Wno-error" EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes" export EXTRA_CFLAGS EXTRA_ASFLAGS @@ -1636,6 +1667,7 @@ bash ${top_srcdir_abs_path}/configure \ --with-debug-level=$debugbuild \ --enable-unlimited-crypto \ --with-zlib=system \ + --enable-kae=yes \ --with-stdc++lib=dynamic \ --with-extra-cflags="$EXTRA_CFLAGS" \ --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \ @@ -2142,6 +2174,70 @@ require "copy_jdk_configs.lua" %endif %changelog +* Tue Jun 8 2021 kuenking111 - 1:1.8.0.292-b10.7 +- add improve_algorithmConstraints_checkAlgorithm_performance.patch + +* Mon Jun 7 2021 kuenking111 - 1:1.8.0.292-b10.6 +- add add_kae_implementation_add_default_conf_file.patch + +* Fri Jun 4 2021 hedongbo - 1:1.8.0.292-b10.5 +- change the way to get the version in openjdk-1.8.0.spec + +* Thu May 27 2021 kuenking111 - 1:1.8.0.292-b10.4 +- add 8264640.patch + +* Fri May 20 2021 kuenking111 - 1:1.8.0.292-b10.3 +- add 8266929_huawei_add_oid_mapping_common_sig_types.patch + +* Fri May 20 2021 kuenking111 - 1:1.8.0.292-b10.2 +- add 8266187_Memory_leak_in_appendBootClassPath.patch + +* Fri May 20 2021 kuenking111 - 1:1.8.0.292-b10.1 +- add 8247691_incorrect_handling_of_VM_exceptions_in_C1_deopt_stub.patch + +* Tue May 18 2021 eapen - 1:1.8.0.292-b10.0 +- update to jdk8u292-b10 +- split sync-patch to multi patches + +* Wed May 19 2021 Noah - 1:1.8.0.282-b08.19 +- add add-kaeEngine-to-rsa.patch + +* Mon May 17 2021 Noah - 1:1.8.0.282-b08.18 +- add kae-phase2.patch + +* Tue Apr 20 2021 aijm - 1:1.8.0.282-b08.17 +- delete zlib-optimization.patch +- modify src-openeuler-openjdk-1.8.0-resolve-code-inconsistencies.patch + +* Tue Apr 20 2021 aijm - 1:1.8.0.282-b08.16 +- add Code-style-fix.patch + +* Tue Apr 20 2021 aijm - 1:1.8.0.282-b08.15 +- add fix-windows-compile-fail.patch + +* Tue Apr 20 2021 aijm - 1:1.8.0.282-b08.14 +- add fix-BoxTypeCachedMax-build-failure-when-jvm-variants.patch + +* Mon Apr 19 2021 aijm - 1:1.8.0.282-b08.13 +- add add-missing-test-case.patch + +* Thu Apr 15 2021 kuenking - 1:1.8.0.282-b08.12 +- add 818172_overflow_when_strength_reducing_interger_multiply.patch + +* Tue Apr 13 2021 kuenking - 1:1.8.0.282-b08.11 +- add src-openeuler-openjdk-1.8.0-resolve-code-inconsistencies.patch + +* Fri Apr 2 2021 Benshuai5D - 1:1.8.0.282-b08.10 +- delete redundant set-vm.vendor-by-configure.patch +- delete redundant make-disable-precompiled-headers-work.patch +- delete redundant FromCardCache-default-card-index-can-cause.patch +- delete redundant The-runok-method-retrying-another-port-does-not-take.patch +- delete redundant fix-incorrect-offset-for-opp-field-with-weak-memory-.patch +- delete redundant dismiss-company_name-info-of-java-version.patch + +* Sat Mar 27 2021 Noah - 1:1.8.0.282-b08.9 +- add fix_VerifyCerts.java_testcase_bug.patch + * Fri Mar 19 2021 kuenking111 - 1:1.8.0.282-b08.8 - add 8214535-support-Jmap-parallel.patch diff --git a/remove-gnu-debuglink-when-using-enable-debug-.patch b/remove-gnu-debuglink-when-using-enable-debug-.patch new file mode 100644 index 0000000000000000000000000000000000000000..569e32183ce803ed04449ab6cc3facea81cc599f --- /dev/null +++ b/remove-gnu-debuglink-when-using-enable-debug-.patch @@ -0,0 +1,68 @@ +From 39774b66e6b962a89a02504f08c20b309f9eef1f Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Thu, 4 Mar 2021 10:10:30 +0800 +Subject: [PATCH] [Huawei]remove gnu debuglink when using enable debug + symbols + + + +Signed-off-by: Sun Jianye +--- + hotspot/make/linux/makefiles/jsig.make | 1 - + hotspot/make/linux/makefiles/saproc.make | 1 - + hotspot/make/linux/makefiles/vm.make | 1 - + make/common/NativeCompilation.gmk | 2 +- + 4 files changed, 1 insertion(+), 4 deletions(-) + +diff --git a/hotspot/make/linux/makefiles/jsig.make b/hotspot/make/linux/makefiles/jsig.make +index 6290db5af..9838a50aa 100644 +--- a/hotspot/make/linux/makefiles/jsig.make ++++ b/hotspot/make/linux/makefiles/jsig.make +@@ -63,7 +63,6 @@ $(LIBJSIG): $(JSIGSRCDIR)/jsig.c $(LIBJSIG_MAPFILE) + ifeq ($(ENABLE_FULL_DEBUG_SYMBOLS),1) + ifneq ($(STRIP_POLICY),no_strip) + $(QUIETLY) $(OBJCOPY) --only-keep-debug $@ $(LIBJSIG_DEBUGINFO) +- $(QUIETLY) $(OBJCOPY) --add-gnu-debuglink=$(LIBJSIG_DEBUGINFO) $@ + endif + ifeq ($(STRIP_POLICY),all_strip) + $(QUIETLY) $(STRIP) $@ +diff --git a/hotspot/make/linux/makefiles/saproc.make b/hotspot/make/linux/makefiles/saproc.make +index ffc0ec5ce..dfeb254da 100644 +--- a/hotspot/make/linux/makefiles/saproc.make ++++ b/hotspot/make/linux/makefiles/saproc.make +@@ -107,7 +107,6 @@ $(LIBSAPROC): $(SASRCFILES) $(SAMAPFILE) + ifeq ($(ENABLE_FULL_DEBUG_SYMBOLS),1) + ifneq ($(STRIP_POLICY),no_strip) + $(QUIETLY) $(OBJCOPY) --only-keep-debug $@ $(LIBSAPROC_DEBUGINFO) +- $(QUIETLY) $(OBJCOPY) --add-gnu-debuglink=$(LIBSAPROC_DEBUGINFO) $@ + endif + ifeq ($(STRIP_POLICY),all_strip) + $(QUIETLY) $(STRIP) $@ +diff --git a/hotspot/make/linux/makefiles/vm.make b/hotspot/make/linux/makefiles/vm.make +index 1985db071..408b0cc9d 100644 +--- a/hotspot/make/linux/makefiles/vm.make ++++ b/hotspot/make/linux/makefiles/vm.make +@@ -359,7 +359,6 @@ $(LIBJVM): $(LIBJVM.o) $(LIBJVM_MAPFILE) $(LD_SCRIPT) + ifeq ($(ENABLE_FULL_DEBUG_SYMBOLS),1) + ifneq ($(STRIP_POLICY),no_strip) + $(QUIETLY) $(OBJCOPY) --only-keep-debug $@ $(LIBJVM_DEBUGINFO) +- $(QUIETLY) $(OBJCOPY) --add-gnu-debuglink=$(LIBJVM_DEBUGINFO) $@ + endif + ifeq ($(STRIP_POLICY),all_strip) + $(QUIETLY) $(STRIP) $@ +diff --git a/make/common/NativeCompilation.gmk b/make/common/NativeCompilation.gmk +index 9980e8ab9..4fa9f14cf 100644 +--- a/make/common/NativeCompilation.gmk ++++ b/make/common/NativeCompilation.gmk +@@ -487,7 +487,7 @@ define SetupNativeCompilation + $$($1_DEBUGINFO_FILES): $$($1_TARGET) + $(RM) $$@ + $(OBJCOPY) --only-keep-debug $$< $$@ +- $(CD) $$(@D) && $(OBJCOPY) --add-gnu-debuglink=$$(@F) $$< ++ $(CD) $$(@D) + $(TOUCH) $$@ + endif + endif # No MacOS X support +-- +2.19.0 + diff --git a/revert-windows-bugfix.patch b/revert-windows-bugfix.patch new file mode 100644 index 0000000000000000000000000000000000000000..6734b1dee819aa5058384c210eb0a09ec14db948 --- /dev/null +++ b/revert-windows-bugfix.patch @@ -0,0 +1,61 @@ +From 8ede718dfa4b52c8565eead7e360822a2759bd34 Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Tue, 16 Mar 2021 09:11:27 +0800 +Subject: [PATCH] [Huawei]revert windows bugfix + + + +Signed-off-by: Lin Haibing +--- + hotspot/make/windows/create_obj_files.sh | 4 ++-- + .../share/vm/gc_implementation/shared/owstTaskTerminator.cpp | 3 +-- + jdk/make/lib/ServiceabilityLibraries.gmk | 2 +- + 3 files changed, 4 insertions(+), 5 deletions(-) + +diff --git a/hotspot/make/windows/create_obj_files.sh b/hotspot/make/windows/create_obj_files.sh +index 5449d866a..ad734bebd 100644 +--- a/hotspot/make/windows/create_obj_files.sh ++++ b/hotspot/make/windows/create_obj_files.sh +@@ -113,8 +113,8 @@ case "${TYPE}" in + "shark") Src_Dirs="${BASE_PATHS}" ;; + esac + +-COMPILER2_SPECIFIC_FILES="opto libadt bcEscapeAnalyzer.cpp c2_* runtime_*" +-COMPILER1_SPECIFIC_FILES="c1_*" ++COMPILER2_SPECIFIC_FILES="opto libadt bcEscapeAnalyzer.cpp c2_* runtime_* shenandoahBarrierSetC2.cpp shenandoahSupport.cpp" ++COMPILER1_SPECIFIC_FILES="c1_* shenandoahBarrierSetC1.cpp" + SHARK_SPECIFIC_FILES="shark" + ZERO_SPECIFIC_FILES="zero" + +diff --git a/hotspot/src/share/vm/gc_implementation/shared/owstTaskTerminator.cpp b/hotspot/src/share/vm/gc_implementation/shared/owstTaskTerminator.cpp +index 90f490272..181628567 100644 +--- a/hotspot/src/share/vm/gc_implementation/shared/owstTaskTerminator.cpp ++++ b/hotspot/src/share/vm/gc_implementation/shared/owstTaskTerminator.cpp +@@ -21,10 +21,9 @@ + * + */ + ++#include "precompiled.hpp" + #include "owstTaskTerminator.hpp" + +-#include "precompiled/precompiled.hpp" +- + bool OWSTTaskTerminator::exit_termination(size_t tasks, TerminatorTerminator* terminator) { + return tasks > 0 || (terminator != NULL && terminator->should_exit_termination()); + } +diff --git a/jdk/make/lib/ServiceabilityLibraries.gmk b/jdk/make/lib/ServiceabilityLibraries.gmk +index 5a58b3a35..02fded0dc 100644 +--- a/jdk/make/lib/ServiceabilityLibraries.gmk ++++ b/jdk/make/lib/ServiceabilityLibraries.gmk +@@ -299,7 +299,7 @@ endif + + BUILD_LIBMANAGEMENT_EXCLUDES := + +-BUILD_LIBMANAGEMENT_CFLAGS += -I$(JDK_TOPDIR)/src/share/native/sun/management ++BUILD_LIBMANAGEMENT_CFLAGS += -I$(JDK_TOPDIR)/src/share/native/sun/management -DPSAPI_VERSION=1 + + ifneq ($(OPENJDK_TARGET_OS), solaris) + BUILD_LIBMANAGEMENT_EXCLUDES += SolarisOperatingSystem.c +-- +2.19.0 + diff --git a/set-vm.vendor-by-configure.patch b/set-vm.vendor-by-configure.patch index b7b3604dbea8259c4e0157ad8d21d34dc751c13a..8c7d8df758bb91fb9204403a3a0e4ac767612d70 100644 --- a/set-vm.vendor-by-configure.patch +++ b/set-vm.vendor-by-configure.patch @@ -1,10 +1,11 @@ -From cdc9dd2e9c2454259394d4b7f46c9bb720db6643 Mon Sep 17 00:00:00 2001 -Date: Fri, 22 Jan 2021 16:25:03 +0800 -Subject: set vm.vendor by configure +From 7eaf2a172d905fb80466daea7a02265eaa58b0c8 Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Thu, 4 Mar 2021 11:26:22 +0800 +Subject: [PATCH] [Huawei]set vm.vendor by configure -Summary: : -LLT: java -XshowSettings:properties -Bug url: NA + + +Signed-off-by: Guo Ge --- hotspot/src/share/vm/runtime/vm_version.cpp | 7 ++++++- jdk/src/share/native/java/lang/System.c | 6 +++--- diff --git a/sources b/sources index 552f136aa8ca6a9159b9e4cb0cbe97a1880c23d8..cca1c8a9b425e9c194aafbecc96473d5886e0b10 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (tapsets-icedtea-3.15.0.tar.xz) = 36eed87c370306c715d7a9d0906a7d719d6d956d38d03fb8f2d528d22e0067cabb3a7df10e8a7c5b65b70f2c12b9a8e7078a78a3cac478b6031d42f36415b05f -SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08.tar.xz) = c0a525bc2c8e5b81af7903952eac1e3d9e6b7793399b38ef4c1abbb14370798dcc0478bc6bbf9ef63ba4461c98e16fa99d13d642413b045ef39d4305d6312b5f +SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b10.tar.xz) = 0e6628de812fa6bcd82203c285bb2232475403c1f09df7011054a24826b6266e603acd5a21532f38ebefdde1d13b2fa6c699b13ef16f3b6d2d90cf20ca080afb diff --git a/delete-untrustworthy-cacert-files.patch b/update-cacerts-and-VerifyCACerts.java-test.patch similarity index 59% rename from delete-untrustworthy-cacert-files.patch rename to update-cacerts-and-VerifyCACerts.java-test.patch index 5c96039f5832cd63e535fc0ee5e97b6f718bc5e3..1748414107281209064bcd916b168056a1261540 100644 --- a/delete-untrustworthy-cacert-files.patch +++ b/update-cacerts-and-VerifyCACerts.java-test.patch @@ -1,28 +1,31 @@ -From 00a5f242451e72d32e29156bb132ceb4b78cf719 Mon Sep 17 00:00:00 2001 -Date: Tue, 26 Jan 2021 16:46:28 +0800 -Subject: delete untrustworthy cacert files +From 1125b6be8c484b41b46954a38b6e01861157b6d7 Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Tue, 20 Apr 2021 10:40:35 +0800 +Subject: [PATCH] [Huawei]update cacerts and VerifyCACerts.java test -Summary: : delete untrustworthy cacert files -LLT: jtreg -nr -va jdk/test/sun/security/lib/cacerts/VerifyCACerts.java -Bug url: NA +Signed-off-by: Wang Kun --- - jdk/make/data/cacerts/addtrustexternalca | 32 ------------------ - jdk/make/data/cacerts/addtrustqualifiedca | 32 ------------------ - jdk/make/data/cacerts/thawtepremiumserverca | 27 --------------- - jdk/make/data/cacerts/utnuserfirstobjectca | 33 ------------------- - jdk/make/data/cacerts/verisigntsaca | 24 -------------- - .../security/lib/cacerts/VerifyCACerts.java | 25 +++----------- - 6 files changed, 5 insertions(+), 168 deletions(-) + jdk/make/data/cacerts/addtrustexternalca | 32 ----------------- + jdk/make/data/cacerts/addtrustqualifiedca | 32 ----------------- + jdk/make/data/cacerts/luxtrustglobalrootca | 28 --------------- + jdk/make/data/cacerts/quovadisrootca | 41 ---------------------- + jdk/make/data/cacerts/thawtepremiumserverca | 27 -------------- + jdk/make/data/cacerts/utnuserfirstobjectca | 33 ----------------- + jdk/make/data/cacerts/verisigntsaca | 24 ------------- + .../sun/security/lib/cacerts/VerifyCACerts.java | 40 ++------------------- + 8 files changed, 3 insertions(+), 254 deletions(-) delete mode 100644 jdk/make/data/cacerts/addtrustexternalca delete mode 100644 jdk/make/data/cacerts/addtrustqualifiedca + delete mode 100644 jdk/make/data/cacerts/luxtrustglobalrootca + delete mode 100644 jdk/make/data/cacerts/quovadisrootca delete mode 100644 jdk/make/data/cacerts/thawtepremiumserverca delete mode 100644 jdk/make/data/cacerts/utnuserfirstobjectca delete mode 100644 jdk/make/data/cacerts/verisigntsaca diff --git a/jdk/make/data/cacerts/addtrustexternalca b/jdk/make/data/cacerts/addtrustexternalca deleted file mode 100644 -index ad84cad96..000000000 +index ad84cad..0000000 --- a/jdk/make/data/cacerts/addtrustexternalca +++ /dev/null @@ -1,32 +0,0 @@ @@ -60,7 +63,7 @@ index ad84cad96..000000000 ------END CERTIFICATE----- diff --git a/jdk/make/data/cacerts/addtrustqualifiedca b/jdk/make/data/cacerts/addtrustqualifiedca deleted file mode 100644 -index 0c62d44c7..000000000 +index 0c62d44..0000000 --- a/jdk/make/data/cacerts/addtrustqualifiedca +++ /dev/null @@ -1,32 +0,0 @@ @@ -96,9 +99,90 @@ index 0c62d44c7..000000000 -iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no -xqE= ------END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/luxtrustglobalrootca b/jdk/make/data/cacerts/luxtrustglobalrootca +deleted file mode 100644 +index 7fb3d81..0000000 +--- a/jdk/make/data/cacerts/luxtrustglobalrootca ++++ /dev/null +@@ -1,28 +0,0 @@ +-Owner: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU +-Issuer: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU +-Serial number: bb8 +-Valid from: Thu Mar 17 09:51:37 GMT 2011 until: Wed Mar 17 09:51:37 GMT 2021 +-Signature algorithm name: SHA256withRSA +-Subject Public Key Algorithm: 2048-bit RSA key +-Version: 3 +------BEGIN CERTIFICATE----- +-MIIDZDCCAkygAwIBAgICC7gwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCTFUx +-FjAUBgNVBAoTDUx1eFRydXN0IHMuYS4xHTAbBgNVBAMTFEx1eFRydXN0IEdsb2Jh +-bCBSb290MB4XDTExMDMxNzA5NTEzN1oXDTIxMDMxNzA5NTEzN1owRDELMAkGA1UE +-BhMCTFUxFjAUBgNVBAoTDUx1eFRydXN0IHMuYS4xHTAbBgNVBAMTFEx1eFRydXN0 +-IEdsb2JhbCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsn+n +-QPAiygz267Hxyw6VV0B1r6A/Ps7sqjJX5hmxZ0OYWmt8s7j6eJyqpoSyYBuAQc5j +-zR8XCJmk9e8+EsdMsFeaXHhAePxFjdqRZ9w6Ubltc+a3OY52OrQfBfVpVfmTz3iI +-Sr6qm9d7R1tGBEyCFqY19vx039a0r9jitScRdFmiwmYsaArhmIiIPIoFdRTjuK7z +-CISbasE/MRivJ6VLm6T9eTHemD0OYcqHmMH4ijCc+j4z1aXEAwfh95Z0GAAnOCfR +-K6qq4UFFi2/xJcLcopeVx0IUM115hCNq52XAV6DYXaljAeew5Ivo+MVjuOVsdJA9 +-x3f8K7p56aTGEnin/wIDAQABo2AwXjAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQE +-AwIBBjAfBgNVHSMEGDAWgBQXFYWJCS8kh28/HRvk8pZ5g0gTzjAdBgNVHQ4EFgQU +-FxWFiQkvJIdvPx0b5PKWeYNIE84wDQYJKoZIhvcNAQELBQADggEBAFrwHNDUUM9B +-fua4nX3DcNBeNv9ujnov3kgR1TQuPLdFwlQlp+HBHjeDtpSutkVIA+qVvuucarQ3 +-XB8u02uCgUNbCj8RVWOs+nwIAjegPDkEM/6XMshS5dklTbDG7mgfcKpzzlcD3H0K +-DTPy0lrfCmw7zBFRlxqkIaKFNQLXgCLShLL4wKpov9XrqsMLq6F8K/f1O4fhVFfs +-BSTveUJO84ton+Ruy4KZycwq3FPCH3CDqyEPVrRI/98HIrOM+R2mBN8tAza53W/+ +-MYhm/2xtRDSvCHc+JtJy9LtHVpM8mGPhM7uZI5K1g3noHZ9nrWLWidb2/CfeMifL +-hNp3hSGhEiE= +------END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/quovadisrootca b/jdk/make/data/cacerts/quovadisrootca +deleted file mode 100644 +index 0c195ff..0000000 +--- a/jdk/make/data/cacerts/quovadisrootca ++++ /dev/null +@@ -1,41 +0,0 @@ +-Owner: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM +-Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM +-Serial number: 3ab6508b +-Valid from: Mon Mar 19 18:33:33 GMT 2001 until: Wed Mar 17 18:33:33 GMT 2021 +-Signature algorithm name: SHA1withRSA +-Subject Public Key Algorithm: 2048-bit RSA key +-Version: 3 +------BEGIN CERTIFICATE----- +-MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC +-TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 +-aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 +-aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz +-MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw +-IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR +-dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG +-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp +-li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D +-rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ +-WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug +-F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU +-xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC +-Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv +-dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw +-ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl +-IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh +-c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy +-ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh +-Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI +-KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T +-KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq +-y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p +-dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD +-VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL +-MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk +-fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 +-7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R +-cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y +-mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW +-xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK +-SnQ2+Q== +------END CERTIFICATE----- diff --git a/jdk/make/data/cacerts/thawtepremiumserverca b/jdk/make/data/cacerts/thawtepremiumserverca deleted file mode 100644 -index 2df456ab0..000000000 +index 2df456a..0000000 --- a/jdk/make/data/cacerts/thawtepremiumserverca +++ /dev/null @@ -1,27 +0,0 @@ @@ -131,7 +215,7 @@ index 2df456ab0..000000000 ------END CERTIFICATE----- diff --git a/jdk/make/data/cacerts/utnuserfirstobjectca b/jdk/make/data/cacerts/utnuserfirstobjectca deleted file mode 100644 -index 80a0b5c23..000000000 +index 80a0b5c..0000000 --- a/jdk/make/data/cacerts/utnuserfirstobjectca +++ /dev/null @@ -1,33 +0,0 @@ @@ -170,7 +254,7 @@ index 80a0b5c23..000000000 ------END CERTIFICATE----- diff --git a/jdk/make/data/cacerts/verisigntsaca b/jdk/make/data/cacerts/verisigntsaca deleted file mode 100644 -index 9813ddaea..000000000 +index 9813dda..0000000 --- a/jdk/make/data/cacerts/verisigntsaca +++ /dev/null @@ -1,24 +0,0 @@ @@ -199,27 +283,25 @@ index 9813ddaea..000000000 -JvUXzMEZXkt8XOKDgJH6L/uatxY= ------END CERTIFICATE----- diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java -index 1f443381c..29d4f0f97 100644 +index dd107fc..791ddb6 100644 --- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java -@@ -27,7 +27,6 @@ - * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923 8195774 8199779 - * 8209452 8209506 8210432 8195793 8216577 8222089 8222133 8222137 8222136 - * 8223499 8225392 8232019 8234245 8233223 8225068 8225069 8243321 8243320 -- * 8225072 8258630 - * @summary Check root CA entries in cacerts file - */ - import java.io.ByteArrayInputStream; -@@ -58,7 +57,7 @@ public class VerifyCACerts { +@@ -53,12 +53,12 @@ public class VerifyCACerts { + + File.separator + "security" + File.separator + "cacerts"; + + // The numbers of certs now. +- private static final int COUNT = 97; ++ private static final int COUNT = 90; + // SHA-256 of cacerts, can be generated with // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 private static final String CHECKSUM -- = "84:BB:36:9E:B0:07:A7:C5:7F:38:EC:36:82:5C:0F:46:C0:35:3B:B1:1F:06:C2:D0:47:B9:39:FA:87:64:E5:9D"; -+ = "8E:A5:85:3C:66:C0:7C:B1:2A:B6:67:31:B3:4A:8E:78:1B:8D:DC:49:F1:42:65:DB:CE:7C:69:41:F3:94:3A:F7"; +- = "9F:6B:41:1D:05:AF:E3:C5:4F:E8:39:89:50:79:60:B1:F6:A4:02:40:0C:28:8D:73:78:08:E5:61:7C:17:EA:59"; ++ = "DC:22:7E:D7:F3:46:1F:8B:A8:4E:EE:C2:A8:4B:8E:26:89:4F:95:5C:71:A3:1B:5A:6E:A6:48:FD:CB:C9:F2:95"; // map of cert alias to SHA-256 fingerprint @SuppressWarnings("serial") -@@ -93,12 +92,6 @@ public class VerifyCACerts { +@@ -93,12 +93,6 @@ public class VerifyCACerts { "E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2"); put("usertrusteccca [jdk]", "4F:F4:60:D5:4B:9C:86:DA:BF:BC:FC:57:12:E0:40:0D:2B:ED:3F:BC:4D:4F:BD:AA:86:E0:6A:DC:D2:A9:AD:7A"); @@ -232,7 +314,35 @@ index 1f443381c..29d4f0f97 100644 put("baltimorecybertrustca [jdk]", "16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB"); put("digicertglobalrootca [jdk]", -@@ -253,19 +246,11 @@ public class VerifyCACerts { +@@ -133,16 +127,6 @@ public class VerifyCACerts { + "A4:31:0D:50:AF:18:A6:44:71:90:37:2A:86:AF:AF:8B:95:1F:FB:43:1D:83:7F:1E:56:88:B4:59:71:ED:15:57"); + put("thawteprimaryrootcag3 [jdk]", + "4B:03:F4:58:07:AD:70:F2:1B:FC:2C:AE:71:C9:FD:E4:60:4C:06:4C:F5:FF:B6:86:BA:E5:DB:AA:D7:FD:D3:4C"); +- put("thawtepremiumserverca [jdk]", +- "3F:9F:27:D5:83:20:4B:9E:09:C8:A3:D2:06:6C:4B:57:D3:A2:47:9C:36:93:65:08:80:50:56:98:10:5D:BC:E9"); +- put("verisigntsaca [jdk]", +- "CB:6B:05:D9:E8:E5:7C:D8:82:B1:0B:4D:B7:0D:E4:BB:1D:E4:2B:A4:8A:7B:D0:31:8B:63:5B:F6:E7:78:1A:9D"); +- put("verisignclass2g2ca [jdk]", +- "3A:43:E2:20:FE:7F:3E:A9:65:3D:1E:21:74:2E:AC:2B:75:C2:0F:D8:98:03:05:BC:50:2C:AF:8C:2D:9B:41:A1"); +- put("verisignclass3ca [jdk]", +- "A4:B6:B3:99:6F:C2:F3:06:B3:FD:86:81:BD:63:41:3D:8C:50:09:CC:4F:A3:29:C2:CC:F0:E2:FA:1B:14:03:05"); +- put("verisignclass3g2ca [jdk]", +- "83:CE:3C:12:29:68:8A:59:3D:48:5F:81:97:3C:0F:91:95:43:1E:DA:37:CC:5E:36:43:0E:79:C7:A8:88:63:8B"); + put("verisignuniversalrootca [jdk]", + "23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C"); + put("verisignclass3g3ca [jdk]", +@@ -163,10 +147,6 @@ public class VerifyCACerts { + "5D:56:49:9B:E4:D2:E0:8B:CF:CA:D0:8A:3E:38:72:3D:50:50:3B:DE:70:69:48:E4:2F:55:60:30:19:E5:28:AE"); + put("letsencryptisrgx1 [jdk]", + "96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6"); +- put("luxtrustglobalrootca [jdk]", +- "A1:B2:DB:EB:64:E7:06:C6:16:9E:3C:41:18:B2:3B:AA:09:01:8A:84:27:66:6D:8B:F0:E2:88:91:EC:05:19:50"); +- put("quovadisrootca [jdk]", +- "A4:5E:DE:3B:BB:F0:9C:8A:E1:5C:72:EF:C0:72:68:D6:93:A2:1C:99:6F:D5:1E:67:CA:07:94:60:FD:6D:88:73"); + put("quovadisrootca1g3 [jdk]", + "8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74"); + put("quovadisrootca2 [jdk]", +@@ -267,21 +247,7 @@ public class VerifyCACerts { @SuppressWarnings("serial") private static final HashSet EXPIRY_EXC_ENTRIES = new HashSet() { { @@ -247,15 +357,14 @@ index 1f443381c..29d4f0f97 100644 - // Valid until: Fri Jan 01 15:59:59 PST 2021 - add("thawtepremiumserverca [jdk]"); - // Valid until: Wed Mar 17 02:51:37 PDT 2021 -+ // Valid until: Wed Mar 17 17:51:37 HKT 2021 - add("luxtrustglobalrootca [jdk]"); +- add("luxtrustglobalrootca [jdk]"); - // Valid until: Wed Mar 17 11:33:33 PDT 2021 +- add("quovadisrootca [jdk]"); +- // Valid until: Tue Apr 06 00:29:40 PDT 2021 + // Valid until: Tue Apr 06 15:29:40 HKT 2021 -+ add("soneraclass2ca [jdk]"); -+ // Valid until: Thu Mar 18 02:33:33 HKT 2021 - add("quovadisrootca [jdk]"); + add("soneraclass2ca [jdk]"); } }; -- -2.19.0 +1.8.3.1 diff --git a/update-to-keep-same-with-master.patch b/update-to-keep-same-with-master.patch new file mode 100644 index 0000000000000000000000000000000000000000..aeae53f12935786b30d2a6262639e4337f3f7bb8 --- /dev/null +++ b/update-to-keep-same-with-master.patch @@ -0,0 +1,83 @@ +From 0b24d78d6e226413d9e95eb13646a313dd2396ef Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Thu, 11 Mar 2021 16:31:50 +0800 +Subject: [PATCH] [Huawei]update to keep same with master + + + +Signed-off-by: Lin Haibing +--- + .../share/vm/classfile/systemDictionary.cpp | 51 +++++++++---------- + 4 files changed, 28 insertions(+), 28 deletions(-) + +diff --git a/hotspot/src/share/vm/classfile/systemDictionary.cpp b/hotspot/src/share/vm/classfile/systemDictionary.cpp +index c3dec0a30..201dd9594 100644 +--- a/hotspot/src/share/vm/classfile/systemDictionary.cpp ++++ b/hotspot/src/share/vm/classfile/systemDictionary.cpp +@@ -1097,7 +1097,7 @@ static char* convert_into_package_name(char* name) { + char* index = strrchr(name, '/'); + if (index == NULL) { + return NULL; +- } else { ++ } else { + *index = '\0'; // chop to just the package name + while ((index = strchr(name, '/')) != NULL) { + *index = '.'; // replace '/' with '.' in package name +@@ -1170,29 +1170,31 @@ Klass* SystemDictionary::resolve_from_stream(Symbol* class_name, + !class_loader.is_null() && + parsed_name != NULL && + parsed_name->utf8_length() >= (int)pkglen) { +- ResourceMark rm(THREAD); +- bool prohibited; +- const jbyte* base = parsed_name->base(); +- if ((base[0] | base[1] | base[2] | base[3] | base[4]) & 0x80) { +- prohibited = is_prohibited_package_slow(parsed_name); +- } else { +- char* name = parsed_name->as_C_string(); +- prohibited = (strncmp(name, pkg, pkglen) == 0); +- } +- if (prohibited) { +- // It is illegal to define classes in the "java." package from +- // JVM_DefineClass or jni_DefineClass unless you're the bootclassloader +- char* name = parsed_name->as_C_string(); +- name = convert_into_package_name(name); +- assert(name != NULL, "must be"); +- +- const char* fmt = "Prohibited package name: %s"; +- size_t len = strlen(fmt) + strlen(name); +- char* message = NEW_RESOURCE_ARRAY(char, len); +- jio_snprintf(message, len, fmt, name); +- Exceptions::_throw_msg(THREAD_AND_LOCATION, +- vmSymbols::java_lang_SecurityException(), message); +- } ++ bool prohibited; ++ const jbyte* base = parsed_name->base(); ++ if ((base[0] | base[1] | base[2] | base[3] | base[4]) & 0x80) { ++ prohibited = is_prohibited_package_slow(parsed_name); ++ } else { ++ char* name = parsed_name->as_C_string(); ++ prohibited = (strncmp(name, pkg, pkglen) == 0); ++ } ++ if (prohibited) { ++ // It is illegal to define classes in the "java." package from ++ // JVM_DefineClass or jni_DefineClass unless you're the bootclassloader ++ char* name = parsed_name->as_C_string(); ++ char* index = strrchr(name, '/'); ++ assert(index != NULL, "must be"); ++ *index = '\0'; // chop to just the package name ++ while ((index = strchr(name, '/')) != NULL) { ++ *index = '.'; // replace '/' with '.' in package name ++ } ++ const char* fmt = "Prohibited package name: %s"; ++ size_t len = strlen(fmt) + strlen(name); ++ char* message = NEW_RESOURCE_ARRAY(char, len); ++ jio_snprintf(message, len, fmt, name); ++ Exceptions::_throw_msg(THREAD_AND_LOCATION, ++ vmSymbols::java_lang_SecurityException(), message); ++ } + } + + if (!HAS_PENDING_EXCEPTION) { +-- +2.19.0 + diff --git a/update_main_sources.sh b/update_main_sources.sh index 557d5778ee26bd98f2de4c423d466805b50653cf..5967aced1ee73de0617caae73f021143e5fcf2a9 100755 --- a/update_main_sources.sh +++ b/update_main_sources.sh @@ -31,7 +31,7 @@ if [ "x$REPO_NAME" = "x" ] ; then REPO_NAME="jdk8u-shenandoah" fi if [ "x$VERSION" = "x" ] ; then - VERSION="aarch64-shenandoah-jdk8u282-b08" + VERSION="aarch64-shenandoah-jdk8u292-b10" fi if [ "x$COMPRESSION" = "x" ] ; then diff --git a/zlib-optimization.patch b/zlib-optimization.patch deleted file mode 100644 index 866a553e5d3f44b511e49d503010421f7ef4ba41..0000000000000000000000000000000000000000 --- a/zlib-optimization.patch +++ /dev/null @@ -1,882 +0,0 @@ -diff --git a/jdk/make/lib/CoreLibraries.gmk b/jdk/make/lib/CoreLibraries.gmk -index c8e4815..c36ac39 100644 ---- a/jdk/make/lib/CoreLibraries.gmk -+++ b/jdk/make/lib/CoreLibraries.gmk -@@ -257,6 +257,9 @@ ifeq ($(USE_EXTERNAL_LIBZ), true) - LIBZIP_EXCLUDES += zlib - else - ZLIB_CPPFLAGS := -I$(JDK_TOPDIR)/src/share/native/java/util/zip/zlib -+ ifeq ($(OPENJDK_TARGET_CPU), aarch64) -+ ZLIB_CPPFLAGS += -DCRC32_ARMV8_CRC32 -DHASH_ARMV8_CRC32 -march=armv8-a+crc -DUNALIGNED_OK -DADLER32_SIMD_NEON -DSLIDE_HASH_NEON -DINFLATE_CHUNK_SIMD_NEON -O3 -+ endif - endif - - BUILD_LIBZIP_REORDER := -@@ -274,7 +277,7 @@ $(eval $(call SetupNativeCompilation,BUILD_LIBZIP, \ - LIBRARY := zip, \ - OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \ - LANG := C, \ -- OPTIMIZATION := LOW, \ -+ OPTIMIZATION := HIGHEST, \ - SRC := $(JDK_TOPDIR)/src/share/native/java/util/zip, \ - EXCLUDES := $(LIBZIP_EXCLUDES), \ - CFLAGS := $(CFLAGS_JDKLIB) \ -diff --git a/jdk/src/share/native/java/util/zip/zlib/deflate.c b/jdk/src/share/native/java/util/zip/zlib/deflate.c -index f30f71b..c018064 100644 ---- a/jdk/src/share/native/java/util/zip/zlib/deflate.c -+++ b/jdk/src/share/native/java/util/zip/zlib/deflate.c -@@ -184,8 +184,16 @@ local const config configuration_table[10] = { - * characters, so that a running hash key can be computed from the previous - * key instead of complete recalculation each time. - */ --#define UPDATE_HASH(s,h,c) (h = (((h)<hash_shift) ^ (c)) & s->hash_mask) -+#if defined(HASH_ARMV8_CRC32) -+#include -+#define UPDATE_HASH_CRC_INTERNAL(s, h, c) \ -+ (h = __crc32w(0, (c) & 0xFFFFFF) & ((deflate_state *)s)->hash_mask) - -+#define UPDATE_HASH(s, h, c) \ -+ UPDATE_HASH_CRC_INTERNAL(s, h, *(unsigned *)((uintptr_t)(&c) - (MIN_MATCH-1))) -+#else -+#define UPDATE_HASH(s,h,c) (h = (((h)<hash_shift) ^ (c)) & s->hash_mask) -+#endif - - /* =========================================================================== - * Insert string str in the dictionary and set match_head to the previous head -@@ -222,6 +230,46 @@ local const config configuration_table[10] = { - * bit values at the expense of memory usage). We slide even when level == 0 to - * keep the hash table consistent if we switch back to level > 0 later. - */ -+ -+#if defined(SLIDE_HASH_NEON) -+#include -+static inline void slide_hash_chain(Pos *table, unsigned int entries, uint16_t window_size) { -+ register uint16x8_t v, *p; -+ register size_t n; -+ -+ size_t size = entries * sizeof(table[0]); /* the size of hash table */ -+ Assert((size % (sizeof(uint16x8_t) * 8) == 0), "hash table size err"); /* if it's not 0, size err occurs */ -+ -+ Assert(sizeof(Pos) == 2, "Wrong Pos size"); /* if size of Pos is not 2, release wrong size error */ -+ v = vdupq_n_u16(window_size); -+ -+ p = (uint16x8_t *)table; -+ n = size / (sizeof(uint16x8_t) * 8); -+ do { -+ p[0] = vqsubq_u16(p[0], v); -+ p[1] = vqsubq_u16(p[1], v); -+ p[2] = vqsubq_u16(p[2], v); -+ p[3] = vqsubq_u16(p[3], v); -+ p[4] = vqsubq_u16(p[4], v); -+ p[5] = vqsubq_u16(p[5], v); -+ p[6] = vqsubq_u16(p[6], v); -+ p[7] = vqsubq_u16(p[7], v); -+ p += 8; -+ } while (--n); -+} -+ -+local void slide_hash(s) -+ deflate_state *s; -+{ -+ const size_t size = s->hash_size * sizeof(s->head[0]); -+ Assert(sizeof(Pos) == 2, "Wrong Pos size."); /* if size of Pos is not 2, release wrong size error */ -+ Assert((size % (sizeof(uint16x8_t)*2)) == 0, "Hash table size error."); /* if it's not 0, size err occurs */ -+ slide_hash_chain(s->head, s->hash_size, s->w_size); -+#ifndef FASTEST -+ slide_hash_chain(s->prev, s->w_size, s->w_size); -+#endif -+} -+#else - local void slide_hash(s) - deflate_state *s; - { -@@ -247,6 +295,7 @@ local void slide_hash(s) - } while (--n); - #endif - } -+#endif - - /* ========================================================================= */ - int ZEXPORT deflateInit_(strm, level, version, stream_size) -@@ -1198,14 +1247,15 @@ local unsigned read_buf(strm, buf, size) - strm->avail_in -= len; - - zmemcpy(buf, strm->next_in, len); -- if (strm->state->wrap == 1) { -- strm->adler = adler32(strm->adler, buf, len); -- } - #ifdef GZIP -- else if (strm->state->wrap == 2) { -+ if (strm->state->wrap == 2) { /* use crc32 algo */ - strm->adler = crc32(strm->adler, buf, len); -- } -+ } else - #endif -+ if (strm->state->wrap == 1) { -+ strm->adler = adler32(strm->adler, buf, len); -+ } -+ - strm->next_in += len; - strm->total_in += len; - -diff --git a/jdk/src/share/native/java/util/zip/zlib/inffast.c b/jdk/src/share/native/java/util/zip/zlib/inffast.c -index 4bfc995..2084739 100644 ---- a/jdk/src/share/native/java/util/zip/zlib/inffast.c -+++ b/jdk/src/share/native/java/util/zip/zlib/inffast.c -@@ -81,6 +81,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - unsigned char FAR *out; /* local strm->next_out */ - unsigned char FAR *beg; /* inflate()'s initial strm->next_out */ - unsigned char FAR *end; /* while out < end, enough space available */ -+#if defined(INFLATE_CHUNK_SIMD_NEON) -+ unsigned char FAR *limit; /* safety limit for chunky copies */ -+#endif - #ifdef INFLATE_STRICT - unsigned dmax; /* maximum distance from zlib header */ - #endif -@@ -113,7 +116,12 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - #endif - wsize = state->wsize; - whave = state->whave; -+#if defined(INFLATE_CHUNK_SIMD_NEON) -+ limit = out + strm->avail_out; -+ wnext = (state->wnext == 0 && whave >= wsize) ? wsize : state->wnext; -+#else - wnext = state->wnext; -+#endif - window = state->window; - hold = state->hold; - bits = state->bits; -@@ -221,6 +229,45 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - #endif - } - from = window; -+#if defined(INFLATE_CHUNK_SIMD_NEON) -+ if (wnext >= op) { /* contiguous in window */ -+ from += wnext - op; -+ } -+ else { /* wrap around window */ -+ op -= wnext; -+ from += wsize - op; -+ if (op < len) { /* some from end of window */ -+ len -= op; -+ out = chunkcopy_safe(out, from, op, limit); -+ from = window; /* more from start of window */ -+ op = wnext; -+ /* This (rare) case can create a situation where -+ the first chunkcopy below must be checked. -+ */ -+ } -+ } -+ if (op < len) { /* still need some from output */ -+ out = chunkcopy_safe(out, from, op, limit); -+ len -= op; -+ /* When dist is small the amount of data that can be -+ copied from the window is also small, and progress -+ towards the dangerous end of the output buffer is -+ also small. This means that for trivial memsets and -+ for chunkunroll_relaxed() a safety check is -+ unnecessary. However, these conditions may not be -+ entered at all, and in that case it's possible that -+ the main copy is near the end. -+ */ -+ out = chunkunroll_relaxed(out, &dist, &len); -+ out = chunkcopy_safe(out, out - dist, len, limit); -+ } -+ else { -+ /* from points to window, so there is no risk of -+ overlapping pointers requiring memset-like behaviour -+ */ -+ out = chunkcopy_safe(out, from, len, limit); -+ } -+#else - if (wnext == 0) { /* very common case */ - from += wsize - op; - if (op < len) { /* some from window */ -@@ -271,8 +318,18 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - if (len > 1) - *out++ = *from++; - } -+#endif - } -- else { -+ else { -+#if defined(INFLATE_CHUNK_SIMD_NEON) -+ /* Whole reference is in range of current output. No -+ range checks are necessary because we start with room -+ for at least 258 bytes of output, so unroll and roundoff -+ operations can write beyond `out+len` so long as they -+ stay within 258 bytes of `out`. -+ */ -+ out = chunkcopy_lapped_relaxed(out, dist, len); -+#else - from = out - dist; /* copy direct from output */ - do { /* minimum length is three */ - *out++ = *from++; -@@ -284,7 +341,8 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ - *out++ = *from++; - if (len > 1) - *out++ = *from++; -- } -+ } -+#endif - } - } - else if ((op & 64) == 0) { /* 2nd level distance code */ -diff --git a/jdk/src/share/native/java/util/zip/zlib/inffast.h b/jdk/src/share/native/java/util/zip/zlib/inffast.h -index b8da8bb..0def2e3 100644 ---- a/jdk/src/share/native/java/util/zip/zlib/inffast.h -+++ b/jdk/src/share/native/java/util/zip/zlib/inffast.h -@@ -32,4 +32,374 @@ - subject to change. Applications should only use zlib.h. - */ - -+/* -+ * The chunk-copy code below deals with writing the decoded DEFLATE data to -+ * the output with SIMD methods to increase decode speed. Reading the input -+ * to the DEFLATE decoder with a wide, SIMD method can also increase decode -+ * speed. This option is supported on little endian machines, and reads the -+ * input data in 64-bit (8 byte) chunks. -+ */ -+ - void ZLIB_INTERNAL inflate_fast OF((z_streamp strm, unsigned start)); -+ -+#if defined(INFLATE_CHUNK_SIMD_NEON) -+ -+#include -+#include "zutil.h" -+#include -+ -+typedef uint8x16_t z_vec128i_t; -+ -+#define Z_STATIC_ASSERT(name, assert) typedef char name[(assert) ? 1 : -1] -+ -+#if __STDC_VERSION__ >= 199901L -+#define Z_RESTRICT restrict -+#else -+#define Z_RESTRICT -+#endif -+ -+#if defined(__clang__) || defined(__GNUC__) || defined(__llvm__) -+#define Z_BUILTIN_MEMCPY __builtin_memcpy -+#else -+#define Z_BUILTIN_MEMCPY zmemcpy -+#endif -+ -+/* -+ * chunk copy type: the z_vec128i_t type size should be exactly 128-bits -+ * and equal to CHUNKCOPY_CHUNK_SIZE. -+ */ -+#define CHUNKCOPY_CHUNK_SIZE sizeof(z_vec128i_t) -+ -+Z_STATIC_ASSERT(vector_128_bits_wide, -+ CHUNKCOPY_CHUNK_SIZE == sizeof(int8_t) * 16); -+ -+/* -+ * Ask the compiler to perform a wide, unaligned load with a machinevst1q_u8 -+ * instruction appropriate for the z_vec128i_t type. -+ */ -+static inline z_vec128i_t loadchunk( -+ const unsigned char FAR* s) -+{ -+ z_vec128i_t v; -+ Z_BUILTIN_MEMCPY(&v, s, sizeof(v)); -+ return v; -+} -+ -+/* -+ * Ask the compiler to perform a wide, unaligned store with a machine -+ * instruction appropriate for the z_vec128i_t type. -+ */ -+static inline void storechunk( -+ unsigned char FAR* d, -+ const z_vec128i_t v) -+{ -+ Z_BUILTIN_MEMCPY(d, &v, sizeof(v)); -+} -+ -+/* -+ * Perform a memcpy-like operation, assuming that length is non-zero and that -+ * it's OK to overwrite at least CHUNKCOPY_CHUNK_SIZE bytes of output even if -+ * the length is shorter than this. -+ * -+ * It also guarantees that it will properly unroll the data if the distance -+ * between `out` and `from` is at least CHUNKCOPY_CHUNK_SIZE, which we rely on -+ * in chunkcopy_relaxed(). -+ * -+ * Aside from better memory bus utilisation, this means that short copies -+ * (CHUNKCOPY_CHUNK_SIZE bytes or fewer) will fall straight through the loop -+ * without iteration, which will hopefully make the branch prediction more -+ * reliable. -+ */ -+static inline unsigned char FAR* chunkcopy_core( -+ unsigned char FAR* out, -+ const unsigned char FAR* from, -+ unsigned len) -+{ -+ const int bump = (--len % CHUNKCOPY_CHUNK_SIZE) + 1; -+ storechunk(out, loadchunk(from)); -+ out += bump; -+ from += bump; -+ len /= CHUNKCOPY_CHUNK_SIZE; -+ while (len-- > 0) { -+ storechunk(out, loadchunk(from)); -+ out += CHUNKCOPY_CHUNK_SIZE; -+ from += CHUNKCOPY_CHUNK_SIZE; -+ } -+ return out; -+} -+ -+/* -+ * Like chunkcopy_core(), but avoid writing beyond of legal output. -+ * -+ * Accepts an additional pointer to the end of safe output. A generic safe -+ * copy would use (out + len), but it's normally the case that the end of the -+ * output buffer is beyond the end of the current copy, and this can still be -+ * exploited. -+ */ -+static inline unsigned char FAR* chunkcopy_core_safe( -+ unsigned char FAR* out, -+ const unsigned char FAR* from, -+ unsigned len, -+ unsigned char FAR* limit) -+{ -+ Assert(out + len <= limit, "chunk copy exceeds safety limit"); -+ if ((limit - out) < (ptrdiff_t) CHUNKCOPY_CHUNK_SIZE) { -+ const unsigned char FAR* Z_RESTRICT rfrom = from; -+ if (len & 8) { -+ Z_BUILTIN_MEMCPY(out, rfrom, 8); -+ out += 8; -+ rfrom += 8; -+ } -+ if (len & 4) { -+ Z_BUILTIN_MEMCPY(out, rfrom, 4); -+ out += 4; -+ rfrom += 4; -+ } -+ if (len & 2) { -+ Z_BUILTIN_MEMCPY(out, rfrom, 2); -+ out += 2; -+ rfrom += 2; -+ } -+ if (len & 1) { -+ *out++ = *rfrom++; -+ } -+ return out; -+ } -+ return chunkcopy_core(out, from, len); -+} -+ -+/* -+ * Perform short copies until distance can be rewritten as being at least -+ * CHUNKCOPY_CHUNK_SIZE. -+ * -+ * Assumes it's OK to overwrite at least the first 2*CHUNKCOPY_CHUNK_SIZE -+ * bytes of output even if the copy is shorter than this. This assumption -+ * holds within zlib inflate_fast(), which starts every iteration with at -+ * least 258 bytes of output space available (258 being the maximum length -+ * output from a single token; see inffast.c). -+ */ -+static inline unsigned char FAR* chunkunroll_relaxed( -+ unsigned char FAR* out, -+ unsigned FAR* dist, -+ unsigned FAR* len) -+{ -+ const unsigned char FAR* from = out - *dist; -+ while (*dist < *len && *dist < CHUNKCOPY_CHUNK_SIZE) { -+ storechunk(out, loadchunk(from)); -+ out += *dist; -+ *len -= *dist; -+ *dist += *dist; -+ } -+ return out; -+} -+ -+/* -+ * v_load64_dup(): load *src as an unaligned 64-bit int and duplicate it in -+ * every 64-bit component of the 128-bit result (64-bit int splat). -+ */ -+static inline z_vec128i_t v_load64_dup(const void* src) -+{ -+ return vcombine_u8(vld1_u8(src), vld1_u8(src)); -+} -+ -+/* -+ * v_load32_dup(): load *src as an unaligned 32-bit int and duplicate it in -+ * every 32-bit component of the 128-bit result (32-bit int splat). -+ */ -+static inline z_vec128i_t v_load32_dup(const void* src) -+{ -+ int32_t i32; -+ Z_BUILTIN_MEMCPY(&i32, src, sizeof(i32)); -+ return vreinterpretq_u8_s32(vdupq_n_s32(i32)); -+} -+ -+/* -+ * v_load16_dup(): load *src as an unaligned 16-bit int and duplicate it in -+ * every 16-bit component of the 128-bit result (16-bit int splat). -+ */ -+static inline z_vec128i_t v_load16_dup(const void* src) -+{ -+ int16_t i16; -+ Z_BUILTIN_MEMCPY(&i16, src, sizeof(i16)); -+ return vreinterpretq_u8_s16(vdupq_n_s16(i16)); -+} -+ -+/* -+ * v_load8_dup(): load the 8-bit int *src and duplicate it in every 8-bit -+ * component of the 128-bit result (8-bit int splat). -+ */ -+static inline z_vec128i_t v_load8_dup(const void* src) -+{ -+ return vld1q_dup_u8((const uint8_t*) src); -+} -+ -+/* -+ * v_store_128(): store the 128-bit vec in a memory destination (that might -+ * not be 16-byte aligned) void* out. -+ */ -+static inline void v_store_128(unsigned char* out, const z_vec128i_t vec) -+{ -+ vst1q_u8(out, vec); -+} -+ -+/* -+ * Perform an overlapping copy which behaves as a memset() operation, but -+ * supporting periods other than one, and assume that length is non-zero and -+ * that it's OK to overwrite at least CHUNKCOPY_CHUNK_SIZE*3 bytes of output -+ * even if the length is shorter than this. -+ */ -+static inline unsigned char FAR* chunkset_store_result( -+ unsigned len, -+ unsigned char FAR* out, -+ z_vec128i_t v) -+{ -+ do { -+ v_store_128(out, v); -+ out += sizeof(v); -+ len -= sizeof(v); -+ } while (len > 0); -+ return out; -+} -+ -+static inline unsigned char FAR* chunkset_core(unsigned char FAR* out, unsigned period, unsigned len) -+{ -+ z_vec128i_t v; -+ const int bump = ((len - 1) % sizeof(v)) + 1; -+ switch (period) { -+ case 1: -+ v = v_load8_dup(out - 1); -+ v_store_128(out, v); -+ out += bump; -+ len -= bump; -+ while (len > 0) { -+ v_store_128(out, v); -+ out += sizeof(v); -+ len -= sizeof(v); -+ } -+ return out; -+ case 2: -+ v = v_load16_dup(out - 2); -+ v_store_128(out, v); -+ out += bump; -+ len -= bump; -+ if (len > 0) { -+ v = v_load16_dup(out - 2); -+ out = chunkset_store_result(len, out, v); -+ } -+ return out; -+ case 4: -+ v = v_load32_dup(out - 4); -+ v_store_128(out, v); -+ out += bump; -+ len -= bump; -+ if (len > 0) { -+ v = v_load32_dup(out - 4); -+ out = chunkset_store_result(len, out, v); -+ } -+ return out; -+ case 8: -+ v = v_load64_dup(out - 8); -+ v_store_128(out, v); -+ out += bump; -+ len -= bump; -+ if (len > 0) { -+ v = v_load64_dup(out - 8); -+ out = chunkset_store_result(len, out, v); -+ } -+ return out; -+ } -+ out = chunkunroll_relaxed(out, &period, &len); -+ return chunkcopy_core(out, out - period, len); -+} -+ -+/* -+ * Perform a memcpy-like operation, but assume that length is non-zero and that -+ * it's OK to overwrite at least CHUNKCOPY_CHUNK_SIZE bytes of output even if -+ * the length is shorter than this. -+ * -+ * Unlike chunkcopy_core() above, no guarantee is made regarding the behaviour -+ * of overlapping buffers, regardless of the distance between the pointers. -+ * This is reflected in the `restrict`-qualified pointers, allowing the -+ * compiler to re-order loads and stores. -+ */ -+static inline unsigned char FAR* chunkcopy_relaxed( -+ unsigned char FAR* Z_RESTRICT out, -+ const unsigned char FAR* Z_RESTRICT from, -+ unsigned len) -+{ -+ return chunkcopy_core(out, from, len); -+} -+ -+/* -+ * Like chunkcopy_relaxed(), but avoid writing beyond of legal output. -+ * -+ * Unlike chunkcopy_core_safe() above, no guarantee is made regarding the -+ * behaviour of overlapping buffers, regardless of the distance between the -+ * pointers. This is reflected in the `restrict`-qualified pointers, allowing -+ * the compiler to re-order loads and stores. -+ * -+ * Accepts an additional pointer to the end of safe output. A generic safe -+ * copy would use (out + len), but it's normally the case that the end of the -+ * output buffer is beyond the end of the current copy, and this can still be -+ * exploited. -+ */ -+static inline unsigned char FAR* chunkcopy_safe( -+ unsigned char FAR* out, -+ const unsigned char FAR* Z_RESTRICT from, -+ unsigned len, -+ unsigned char FAR* limit) -+{ -+ Assert(out + len <= limit, "chunk copy exceeds safety limit"); -+ return chunkcopy_core_safe(out, from, len, limit); -+} -+ -+/* -+ * Perform chunky copy within the same buffer, where the source and destination -+ * may potentially overlap. -+ * -+ * Assumes that len > 0 on entry, and that it's safe to write at least -+ * CHUNKCOPY_CHUNK_SIZE*3 bytes to the output. -+ */ -+static inline unsigned char FAR* chunkcopy_lapped_relaxed( -+ unsigned char FAR* out, -+ unsigned dist, -+ unsigned len) -+{ -+ if (dist < len && dist < CHUNKCOPY_CHUNK_SIZE) { -+ return chunkset_core(out, dist, len); -+ } -+ return chunkcopy_core(out, out - dist, len); -+} -+ -+/* -+ * Behave like chunkcopy_lapped_relaxed(), but avoid writing beyond of legal -+ * output. -+ * -+ * Accepts an additional pointer to the end of safe output. A generic safe -+ * copy would use (out + len), but it's normally the case that the end of the -+ * output buffer is beyond the end of the current copy, and this can still be -+ * exploited. -+ */ -+static inline unsigned char FAR* chunkcopy_lapped_safe( -+ unsigned char FAR* out, -+ unsigned dist, -+ unsigned len, -+ unsigned char FAR* limit) -+{ -+ Assert(out + len <= limit, "chunk copy exceeds safety limit"); -+ if ((limit - out) < (ptrdiff_t) (3 * CHUNKCOPY_CHUNK_SIZE)) { -+ while (len-- > 0) { -+ *out = *(out - dist); -+ out++; -+ } -+ return out; -+ } -+ return chunkcopy_lapped_relaxed(out, dist, len); -+} -+ -+ -+#undef Z_STATIC_ASSERT -+#undef Z_RESTRICT -+#undef Z_BUILTIN_MEMCPY -+ -+#endif //defined(INFLATE_CHUNK_SIMD_NEON) -diff --git a/jdk/src/share/native/java/util/zip/zlib/inflate.c b/jdk/src/share/native/java/util/zip/zlib/inflate.c -index ca904e7..c78e05b 100644 ---- a/jdk/src/share/native/java/util/zip/zlib/inflate.c -+++ b/jdk/src/share/native/java/util/zip/zlib/inflate.c -@@ -429,9 +429,16 @@ unsigned copy; - - /* if it hasn't been done already, allocate space for the window */ - if (state->window == Z_NULL) { -+#if defined(INFLATE_CHUNK_SIMD_NEON) -+ unsigned wsize = 1U << state->wbits; -+ state->window = (unsigned char FAR *) -+ ZALLOC(strm, CHUNKCOPY_CHUNK_SIZE + wsize, -+ sizeof(unsigned char)); -+#else - state->window = (unsigned char FAR *) - ZALLOC(strm, 1U << state->wbits, - sizeof(unsigned char)); -+#endif - if (state->window == Z_NULL) return 1; - } - -diff --git a/jdk/src/share/native/java/util/zip/zlib/zadler32.c b/jdk/src/share/native/java/util/zip/zlib/zadler32.c -index e148022..e024a15 100644 ---- a/jdk/src/share/native/java/util/zip/zlib/zadler32.c -+++ b/jdk/src/share/native/java/util/zip/zlib/zadler32.c -@@ -83,7 +83,169 @@ local uLong adler32_combine_ OF((uLong adler1, uLong adler2, z_off64_t len2)); - # define MOD63(a) a %= BASE - #endif - --/* ========================================================================= */ -+#if defined(ADLER32_SIMD_NEON) -+#include -+/* -+ * Multiply-add bytes by [ 32, 31, 30, ... ] for s2. -+ */ -+uint32x4_t ZLIB_INTERNAL mul_add_bytes( -+ uint32x4_t v_s2, -+ uint16x8_t v_column_sum_1, -+ uint16x8_t v_column_sum_2, -+ uint16x8_t v_column_sum_3, -+ uint16x8_t v_column_sum_4) -+{ -+ v_s2 = vshlq_n_u32(v_s2, 5); -+ -+ v_s2 = vmlal_u16(v_s2, vget_low_u16 (v_column_sum_1), -+ (uint16x4_t) { 32, 31, 30, 29 }); -+ v_s2 = vmlal_u16(v_s2, vget_high_u16(v_column_sum_1), -+ (uint16x4_t) { 28, 27, 26, 25 }); -+ v_s2 = vmlal_u16(v_s2, vget_low_u16 (v_column_sum_2), -+ (uint16x4_t) { 24, 23, 22, 21 }); -+ v_s2 = vmlal_u16(v_s2, vget_high_u16(v_column_sum_2), -+ (uint16x4_t) { 20, 19, 18, 17 }); -+ v_s2 = vmlal_u16(v_s2, vget_low_u16 (v_column_sum_3), -+ (uint16x4_t) { 16, 15, 14, 13 }); -+ v_s2 = vmlal_u16(v_s2, vget_high_u16(v_column_sum_3), -+ (uint16x4_t) { 12, 11, 10, 9 }); -+ v_s2 = vmlal_u16(v_s2, vget_low_u16 (v_column_sum_4), -+ (uint16x4_t) { 8, 7, 6, 5 }); -+ v_s2 = vmlal_u16(v_s2, vget_high_u16(v_column_sum_4), -+ (uint16x4_t) { 4, 3, 2, 1 }); -+ return v_s2; -+} -+ -+/* -+ * Handle leftover data. -+ */ -+uLong ZLIB_INTERNAL leftover_handler(uint32_t s1, uint32_t s2, const Bytef *buf, z_size_t len) -+{ -+ if (len) { -+ if (len >= 16) { -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ s2 += (s1 += *buf++); -+ -+ len -= 16; -+ } -+ -+ while (len--) { -+ s2 += (s1 += *buf++); -+ } -+ -+ if (s1 >= BASE) -+ s1 -= BASE; -+ s2 %= BASE; -+ } -+ -+ /* -+ * Return the recombined sums. -+ */ -+ return s1 | (s2 << 16); -+} -+ -+uLong ZLIB_INTERNAL adler32_simd_(uLong adler, const Bytef *buf, z_size_t len) -+{ -+ /* -+ * Split Adler-32 into component sums. -+ */ -+ uint32_t s1 = adler & 0xffff; -+ uint32_t s2 = adler >> 16; -+ /* -+ * Serially compute s1 & s2, until the data is 16-byte aligned. -+ */ -+ if ((uintptr_t)buf & 0xf) { -+ while ((uintptr_t)buf & 0xf) { -+ s2 += (s1 += *buf++); -+ --len; -+ } -+ if (s1 >= BASE) -+ s1 -= BASE; -+ s2 %= BASE; -+ } -+ /* -+ * Process the data in blocks. -+ */ -+ const unsigned BLOCK_SIZE = 1 << 5; -+ z_size_t blocks = len / BLOCK_SIZE; -+ len -= blocks * BLOCK_SIZE; -+ while (blocks) { -+ unsigned n = NMAX / BLOCK_SIZE; /* The NMAX constraint. */ -+ if (n > blocks) -+ n = (unsigned) blocks; -+ blocks -= n; -+ /* -+ * Process n blocks of data. At most NMAX data bytes can be -+ * processed before s2 must be reduced modulo BASE. -+ */ -+ uint32x4_t v_s2 = (uint32x4_t) { 0, 0, 0, s1 * n }; -+ uint32x4_t v_s1 = (uint32x4_t) { 0, 0, 0, 0 }; -+ -+ uint16x8_t v_column_sum_1 = vdupq_n_u16(0); -+ uint16x8_t v_column_sum_2 = vdupq_n_u16(0); -+ uint16x8_t v_column_sum_3 = vdupq_n_u16(0); -+ uint16x8_t v_column_sum_4 = vdupq_n_u16(0); -+ do { -+ /* -+ * Load 32 input bytes. -+ */ -+ const uint8x16_t bytes1 = vld1q_u8((uint8_t*)(buf)); -+ const uint8x16_t bytes2 = vld1q_u8((uint8_t*)(buf + 16)); -+ /* -+ * Add previous block byte sum to v_s2. -+ */ -+ v_s2 = vaddq_u32(v_s2, v_s1); -+ /* -+ * Horizontally add the bytes for s1. -+ */ -+ v_s1 = vpadalq_u16(v_s1, vpadalq_u8(vpaddlq_u8(bytes1), bytes2)); -+ /* -+ * Vertically add the bytes for s2. -+ */ -+ v_column_sum_1 = vaddw_u8(v_column_sum_1, vget_low_u8 (bytes1)); -+ v_column_sum_2 = vaddw_u8(v_column_sum_2, vget_high_u8(bytes1)); -+ v_column_sum_3 = vaddw_u8(v_column_sum_3, vget_low_u8 (bytes2)); -+ v_column_sum_4 = vaddw_u8(v_column_sum_4, vget_high_u8(bytes2)); -+ buf += BLOCK_SIZE; -+ } while (--n); -+ v_s2 = mul_add_bytes(v_s2, v_column_sum_1, v_column_sum_2, v_column_sum_3, v_column_sum_4); -+ /* -+ * Sum epi32 ints v_s1(s2) and accumulate in s1(s2). -+ */ -+ uint32x2_t sum1 = vpadd_u32(vget_low_u32(v_s1), vget_high_u32(v_s1)); -+ uint32x2_t sum2 = vpadd_u32(vget_low_u32(v_s2), vget_high_u32(v_s2)); -+ uint32x2_t s1s2 = vpadd_u32(sum1, sum2); -+ -+ s1 += vget_lane_u32(s1s2, 0); -+ s2 += vget_lane_u32(s1s2, 1); -+ /* -+ * Reduce. -+ */ -+ s1 %= BASE; -+ s2 %= BASE; -+ } -+ return leftover_handler(s1, s2, buf, len); -+ -+} -+#endif -+ - uLong ZEXPORT adler32_z(adler, buf, len) - uLong adler; - const Bytef *buf; -@@ -92,6 +254,11 @@ uLong ZEXPORT adler32_z(adler, buf, len) - unsigned long sum2; - unsigned n; - -+#if defined(ADLER32_SIMD_NEON) -+ if (buf && len >= 64) -+ return adler32_simd_(adler, buf, len); -+#endif -+ - /* split Adler-32 into component sums */ - sum2 = (adler >> 16) & 0xffff; - adler &= 0xffff; -diff --git a/jdk/src/share/native/java/util/zip/zlib/zcrc32.c b/jdk/src/share/native/java/util/zip/zlib/zcrc32.c -index c1965fd..ee4e440 100644 ---- a/jdk/src/share/native/java/util/zip/zlib/zcrc32.c -+++ b/jdk/src/share/native/java/util/zip/zlib/zcrc32.c -@@ -257,7 +257,56 @@ uLong ZEXPORT crc32_z(crc, buf, len) - return crc ^ 0xffffffffUL; - } - --/* ========================================================================= */ -+ -+#ifdef CRC32_ARMV8_CRC32 -+#include -+ -+uLong ZEXPORT crc32(crc, buf, len) -+ uLong crc; -+ const unsigned char FAR *buf; -+ uInt len; -+{ -+ -+ uint32_t c = (uint32_t) ~crc; -+ -+ if (buf == Z_NULL) return 0UL; -+ -+ while (len && ((uintptr_t)buf & 7)) { -+ c = __crc32b(c, *buf++); -+ --len; -+ } -+ -+ const uint64_t *buf8 = (const uint64_t *)buf; -+ -+ while (len >= 64) { -+ c = __crc32d(c, *buf8++); -+ c = __crc32d(c, *buf8++); -+ c = __crc32d(c, *buf8++); -+ c = __crc32d(c, *buf8++); -+ -+ c = __crc32d(c, *buf8++); -+ c = __crc32d(c, *buf8++); -+ c = __crc32d(c, *buf8++); -+ c = __crc32d(c, *buf8++); -+ len -= 64; -+ } -+ -+ while (len >= 8) { -+ c = __crc32d(c, *buf8++); -+ len -= 8; -+ } -+ -+ buf = (const unsigned char *)buf8; -+ -+ while (len--) { -+ c = __crc32b(c, *buf++); -+ } -+ -+ return ~c; -+} -+ -+#else -+ - uLong ZEXPORT crc32(crc, buf, len) - uLong crc; - const unsigned char FAR *buf; -@@ -266,6 +315,8 @@ uLong ZEXPORT crc32(crc, buf, len) - return crc32_z(crc, buf, len); - } - -+#endif -+ - #ifdef BYFOUR - - /*