diff --git a/8137165-Tests-fail-in-SR_Handler-because-thread-is-n.patch b/8137165-Tests-fail-in-SR_Handler-because-thread-is-n.patch new file mode 100644 index 0000000000000000000000000000000000000000..0eb257dca5b1764f287371e2fef0f5bc2fb4adf8 --- /dev/null +++ b/8137165-Tests-fail-in-SR_Handler-because-thread-is-n.patch @@ -0,0 +1,72 @@ +From 11116ea71b22635302759817b43c555ded53f882 Mon Sep 17 00:00:00 2001 +Subject: 8137165: Tests fail in SR_Handler because thread is not VMThread or JavaThread + +--- + hotspot/src/os/linux/vm/os_linux.cpp | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/hotspot/src/os/linux/vm/os_linux.cpp b/hotspot/src/os/linux/vm/os_linux.cpp +index 6ee49eedc..773c746af 100644 +--- a/hotspot/src/os/linux/vm/os_linux.cpp ++++ b/hotspot/src/os/linux/vm/os_linux.cpp +@@ -1070,6 +1070,13 @@ void os::free_thread(OSThread* osthread) { + assert(osthread != NULL, "osthread not set"); + + if (Thread::current()->osthread() == osthread) { ++#ifdef ASSERT ++ sigset_t current; ++ sigemptyset(¤t); ++ pthread_sigmask(SIG_SETMASK, NULL, ¤t); ++ assert(!sigismember(¤t, SR_signum), "SR signal should not be blocked!"); ++#endif ++ + // Restore caller's signal mask + sigset_t sigmask = osthread->caller_sigmask(); + pthread_sigmask(SIG_SETMASK, &sigmask, NULL); +@@ -4723,7 +4730,8 @@ static void SR_handler(int sig, siginfo_t* siginfo, ucontext_t* context) { + // after sigsuspend. + int old_errno = errno; + +- Thread* thread = Thread::current(); ++ Thread* thread = Thread::current_or_null(); ++ assert(thread != NULL, "Missing current thread in SR_handler"); + OSThread* osthread = thread->osthread(); + assert(thread->is_VM_thread() || thread->is_Java_thread(), "Must be VMThread or JavaThread"); + +@@ -4735,7 +4743,7 @@ static void SR_handler(int sig, siginfo_t* siginfo, ucontext_t* context) { + os::SuspendResume::State state = osthread->sr.suspended(); + if (state == os::SuspendResume::SR_SUSPENDED) { + sigset_t suspend_set; // signals for sigsuspend() +- ++ sigemptyset(&suspend_set); + // get current set of blocked signals and unblock resume signal + pthread_sigmask(SIG_BLOCK, NULL, &suspend_set); + sigdelset(&suspend_set, SR_signum); +@@ -5025,6 +5033,7 @@ static bool call_chained_handler(struct sigaction *actp, int sig, + + // try to honor the signal mask + sigset_t oset; ++ sigemptyset(&oset); + pthread_sigmask(SIG_SETMASK, &(actp->sa_mask), &oset); + + // call into the chained handler +@@ -5035,7 +5044,7 @@ static bool call_chained_handler(struct sigaction *actp, int sig, + } + + // restore the signal mask +- pthread_sigmask(SIG_SETMASK, &oset, 0); ++ pthread_sigmask(SIG_SETMASK, &oset, NULL); + } + // Tell jvm's signal handler the signal is taken care of. + return true; +@@ -6699,6 +6708,7 @@ void Parker::park(bool isAbsolute, jlong time) { + // Don't catch signals while blocked; let the running threads have the signals. + // (This allows a debugger to break into the running thread.) + sigset_t oldsigs; ++ sigemptyset(&oldsigs); + sigset_t* allowdebug_blocked = os::Linux::allowdebug_blocked_signals(); + pthread_sigmask(SIG_BLOCK, allowdebug_blocked, &oldsigs); + #endif +-- +2.19.1 + diff --git a/Extending-the-IV-Length-Supported-by-KAEProvider-AES.patch b/Extending-the-IV-Length-Supported-by-KAEProvider-AES.patch new file mode 100644 index 0000000000000000000000000000000000000000..03e949a677b51dbcac637e123b27f2cd08158248 --- /dev/null +++ b/Extending-the-IV-Length-Supported-by-KAEProvider-AES.patch @@ -0,0 +1,135 @@ +From f4b0357c01f51e813642c3ac5c8ff33c1576eb72 Mon Sep 17 00:00:00 2001 +Subject: Extending the IV Length Supported by KAEProvider AES/Gcm +--- + .../security/openssl/kae_symmetric_cipher.c | 23 ++++++-- + .../security/openssl/KAEGcmIvLenTest.java | 52 +++++++++++++++++++ + 2 files changed, 72 insertions(+), 3 deletions(-) + create mode 100644 jdk/test/org/openeuler/security/openssl/KAEGcmIvLenTest.java + +diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c +index ec8894f1a..7618d6e16 100644 +--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c ++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c +@@ -146,6 +146,7 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en + const EVP_CIPHER* cipher = NULL; + ENGINE* kaeEngine = NULL; + int keyLength = (*env)->GetArrayLength(env, key); ++ int ivLength = 0; + + const char* algo = (*env)->GetStringUTFChars(env, cipherType, 0); + if (StartsWith("aes", algo)) { +@@ -158,7 +159,6 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en + + KAE_TRACE("KAESymmetricCipherBase_nativeInit: kaeEngine => %p", kaeEngine); + +- (*env)->ReleaseStringUTFChars(env, cipherType, algo); + if (cipher == NULL) { + KAE_ThrowOOMException(env, "create EVP_CIPHER fail"); + goto cleanup; +@@ -170,19 +170,35 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en + + if (iv != NULL) { + ivBytes = (*env)->GetByteArrayElements(env, iv, NULL); ++ ivLength = (*env)->GetArrayLength(env, iv); + } + if (key != NULL) { + keyBytes = (*env)->GetByteArrayElements(env, key, NULL); + } + +- if (!EVP_CipherInit_ex(ctx, cipher, kaeEngine, (const unsigned char*)keyBytes, +- (const unsigned char*)ivBytes, encrypt ? 1 : 0)) { ++ if (!EVP_CipherInit_ex(ctx, cipher, kaeEngine, NULL, ++ NULL, encrypt ? 1 : 0)) { + KAE_ThrowFromOpenssl(env, "EVP_CipherInit_ex failed", KAE_ThrowRuntimeException); + goto cleanup; + } + ++ if (strcasecmp(algo + 8, "gcm") == 0) { ++ /* Set IV length if default 12 bytes (96 bits) is not appropriate */ ++ if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivLength, NULL)) { ++ KAE_ThrowFromOpenssl(env, "EVP_CIPHER_CTX_ctrl failed", KAE_ThrowRuntimeException); ++ goto cleanup; ++ } ++ } ++ ++ if (!EVP_CipherInit_ex(ctx, NULL, kaeEngine, (const unsigned char*)keyBytes, ++ (const unsigned char*)ivBytes, encrypt ? 1 : 0)) { ++ KAE_ThrowFromOpenssl(env, "EVP_CipherInit_ex int key & iv failed", KAE_ThrowRuntimeException); ++ goto cleanup; ++ } ++ + EVP_CIPHER_CTX_set_padding(ctx, padding ? 1 : 0); + ++ (*env)->ReleaseStringUTFChars(env, cipherType, algo); + FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes, keyLength); + return (jlong)ctx; + +@@ -190,6 +206,7 @@ cleanup: + if (ctx != NULL) { + EVP_CIPHER_CTX_free(ctx); + } ++ (*env)->ReleaseStringUTFChars(env, cipherType, algo); + FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes, keyLength); + return 0; + } +diff --git a/jdk/test/org/openeuler/security/openssl/KAEGcmIvLenTest.java b/jdk/test/org/openeuler/security/openssl/KAEGcmIvLenTest.java +new file mode 100644 +index 000000000..c9e2257aa +--- /dev/null ++++ b/jdk/test/org/openeuler/security/openssl/KAEGcmIvLenTest.java +@@ -0,0 +1,52 @@ ++import org.openeuler.security.openssl.KAEProvider; ++ ++import javax.crypto.Cipher; ++import javax.crypto.spec.GCMParameterSpec; ++import javax.crypto.spec.SecretKeySpec; ++import java.nio.charset.StandardCharsets; ++import java.security.Security; ++import java.util.Arrays; ++ ++/** ++ * @test ++ * @summary Basic test for AES/GCM Iv ++ * @requires os.arch=="aarch64" ++ * @run main KAEGcmIvLenTest ++ */ ++public class KAEGcmIvLenTest { ++ private static String plainText = "helloworldhellow"; // 16bytes for NoPadding ++ private static String shortPlainText = "helloworld"; // 5 bytes for padding ++ private static SecretKeySpec ks = new SecretKeySpec("AESEncryptionKey".getBytes(StandardCharsets.UTF_8), "AES"); // key has 16 bytes ++ private static int[] ivLens = {12, 16}; ++ public static void main(String[] args) throws Exception { ++ Security.addProvider(new KAEProvider()); ++ for (int ivLen : ivLens) { ++ testGcm(plainText,"AES/GCM/NoPadding", "KAEProvider", "SunJCE", ivLen); ++ testGcm(plainText,"AES/GCM/NoPadding", "SunJCE", "KAEProvider", ivLen); ++ testGcm(shortPlainText,"AES/GCM/PKCS5Padding", "KAEProvider", "SunJCE", ivLen); ++ testGcm(shortPlainText,"AES/GCM/PKCS5Padding", "SunJCE", "KAEProvider", ivLen); ++ } ++ ++ } ++ ++ private static void testGcm(String plainText, String algo, String encryptProvider, String decryptProvider, int ivLen) throws Exception { ++ Cipher enCipher = Cipher.getInstance(algo, encryptProvider); ++ enCipher.init(Cipher.ENCRYPT_MODE, ks, getIv(ivLen)); ++ byte[] cipherText = enCipher.doFinal(plainText.getBytes()); ++ ++ Cipher deCipher = Cipher.getInstance(algo, decryptProvider); ++ deCipher.init(Cipher.DECRYPT_MODE, ks, getIv(ivLen)); ++ byte[] origin = deCipher.doFinal(cipherText); ++ ++ if (!Arrays.equals(plainText.getBytes(), origin)) { ++ throw new RuntimeException("gcm decryption failed, algo = " + algo); ++ } ++ } ++ ++ private static GCMParameterSpec getIv(int ivLen) { ++ if (ivLen == 16) { ++ return new GCMParameterSpec(128, "abcdefghabcdefgh".getBytes(StandardCharsets.UTF_8)); ++ } ++ return new GCMParameterSpec(96, "abcdefghabcd".getBytes(StandardCharsets.UTF_8)); ++ } ++} +-- +2.19.1 + diff --git a/openjdk-1.8.0.spec b/openjdk-1.8.0.spec index d83a90b059b1a97458720703aa1c4215ba33acfb..11b604a4d6636b06027f0507c80c62313bdc5d7e 100644 --- a/openjdk-1.8.0.spec +++ b/openjdk-1.8.0.spec @@ -943,7 +943,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever}.%{buildver} -Release: 3 +Release: 4 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -1339,9 +1339,13 @@ Patch438: Huawei-Add-Aggressive-CDS.patch Patch439: Backport-8151845-Comment-in-globals.hpp-for-MetaspaceSize-is-.patch Patch440: Backport-8210706-G1-may-deadlock-when-starting-a-concurrent-c.patch Patch441: Backport-8318889-Backport-Important-Fixed-Issues-in-Later-Ver.patch + +#422 Patch442: Huawei-Keep-objects-when-remove-unshareable-info.patch Patch443: The-fast-serialization-function-of-sun.rmi.transport.patch Patch444: Fix-the-ActiveProcessorCount-function-of-the-spark-s.patch +Patch445: Extending-the-IV-Length-Supported-by-KAEProvider-AES.patch +Patch446: 8137165-Tests-fail-in-SR_Handler-because-thread-is-n.patch ############################################# # # Upstreamable patches @@ -1999,6 +2003,8 @@ pushd %{top_level_dir_name} %patch442 -p1 %patch443 -p1 %patch444 -p1 +%patch445 -p1 +%patch446 -p1 %endif %ifarch loongarch64 @@ -2664,6 +2670,10 @@ cjc.mainProgram(args) -- the returns from copy_jdk_configs.lua should not affect %endif %changelog +* Sat Aug 3 2024 kuenking111 -1:1.8.0.422-b05.4 +- Add 8137165-Tests-fail-in-SR_Handler-because-thread-is-n.patch +- Extending-the-IV-Length-Supported-by-KAEProvider-AES.patch + * Tue Jul 30 2024 benshuai5D -1:1.8.0.422-b05.3 - Fix-the-ActiveProcessorCount-function-of-the-spark-s.patch