1 Star 0 Fork 82

xuyuchao/openjdk-1.8.0

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
add-fix-lock_fd-no-close-and-improve-KAEProvider.patch 9.87 KB
一键复制 编辑 原始数据 按行查看 历史
DXwangg 提交于 2023-09-26 09:10 . Add feature and bug fix for 8u382
From eb4284c06d643ec1204a922ccc06970331055bc4 Mon Sep 17 00:00:00 2001
Date: Thu, 21 Sep 2023 15:23:38 +0800
Subject: add fix-lock_fd-no-close-and-improve-KAEProvider
---
hotspot/src/share/vm/memory/filemap.cpp | 21 +++++++++++++++++++
hotspot/src/share/vm/memory/filemap.hpp | 2 ++
.../src/share/vm/memory/metaspaceShared.cpp | 4 ++++
hotspot/src/share/vm/prims/unsafe.cpp | 1 +
.../security/openssl/KAESM4Cipher.java | 6 ++++--
.../security/openssl/kae_keyagreement_dh.c | 6 ++++--
.../security/openssl/kae_keyagreement_ecdh.c | 7 ++++---
.../security/openssl/kae_symmetric_cipher.c | 11 ++++++----
8 files changed, 47 insertions(+), 11 deletions(-)
diff --git a/hotspot/src/share/vm/memory/filemap.cpp b/hotspot/src/share/vm/memory/filemap.cpp
index 0d217078a..166fe2b80 100644
--- a/hotspot/src/share/vm/memory/filemap.cpp
+++ b/hotspot/src/share/vm/memory/filemap.cpp
@@ -181,6 +181,18 @@ FileMapInfo::~FileMapInfo() {
_file_open = false;
_fd = -1;
}
+
+ if (DumpSharedSpaces && UseAppCDS && AppCDSLockFile != NULL) {
+ // delete appcds.lock
+ if (_lock_file_open) {
+ if (::close(_lock_fd) < 0) {
+ fail_stop("Unable to close the lock file.");
+ }
+ _lock_file_open = false;
+ _lock_fd = -1;
+ }
+ remove(_appcds_file_lock_path);
+ }
}
void FileMapInfo::populate_header(size_t alignment) {
@@ -606,6 +618,8 @@ void FileMapInfo::open_for_write() {
"2. You have the permission.\n 3. Make sure no other process using the same lock file.\n");
fail_stop("Failed to create appcds lock file, the lock path is: %s.", _appcds_file_lock_path);
}
+ _lock_fd = lock_fd;
+ _lock_file_open = true;
tty->print_cr("You are using file lock %s in concurrent mode", AppCDSLockFile);
}
#endif
@@ -772,6 +786,13 @@ void FileMapInfo::write_bytes_aligned(const void* buffer, int nbytes) {
void FileMapInfo::close() {
if (UseAppCDS && AppCDSLockFile != NULL) {
+ if (_lock_file_open) {
+ if (::close(_lock_fd) < 0) {
+ fail_stop("Unable to close the lock file.");
+ }
+ _lock_file_open = false;
+ _lock_fd = -1;
+ }
// delete appcds.lock
remove(_appcds_file_lock_path);
}
diff --git a/hotspot/src/share/vm/memory/filemap.hpp b/hotspot/src/share/vm/memory/filemap.hpp
index debfb5049..f6cf43a64 100644
--- a/hotspot/src/share/vm/memory/filemap.hpp
+++ b/hotspot/src/share/vm/memory/filemap.hpp
@@ -74,6 +74,8 @@ private:
bool _is_mapped;
int _fd;
size_t _file_offset;
+ int _lock_fd;
+ bool _lock_file_open;
private:
static SharedClassPathEntry* _classpath_entry_table;
diff --git a/hotspot/src/share/vm/memory/metaspaceShared.cpp b/hotspot/src/share/vm/memory/metaspaceShared.cpp
index e6bd39d85..eea79cc09 100644
--- a/hotspot/src/share/vm/memory/metaspaceShared.cpp
+++ b/hotspot/src/share/vm/memory/metaspaceShared.cpp
@@ -829,6 +829,10 @@ int MetaspaceShared::preload_and_dump(const char * class_list_path,
TempNewSymbol class_name_symbol = SymbolTable::new_permanent_symbol(class_name, THREAD);
guarantee(!HAS_PENDING_EXCEPTION, "Exception creating a symbol.");
+ // If preload_and_dump has anonymous class failed ,pls del this class_name in classlist
+ if (TraceClassLoading) {
+ tty->print_cr("preload_and_dump start: %s", class_name);
+ }
Handle loader = UseAppCDS ? SystemDictionary::java_system_loader() : Handle();
Klass* klass = SystemDictionary::resolve_or_null(class_name_symbol,
loader,
diff --git a/hotspot/src/share/vm/prims/unsafe.cpp b/hotspot/src/share/vm/prims/unsafe.cpp
index fa3e46782..d6c33dd33 100644
--- a/hotspot/src/share/vm/prims/unsafe.cpp
+++ b/hotspot/src/share/vm/prims/unsafe.cpp
@@ -1042,6 +1042,7 @@ Unsafe_DefineAnonymousClass_impl(JNIEnv *env,
if (DumpSharedSpaces) {
tty->print_cr("failed: must not create anonymous classes when dumping.");
+ tty->print_cr("Please delete the last class_name prefixed with \"preload_and_dump start\" from -XX:SharedClassListFile to avoid anonymous classes.");
JVM_Halt(0);
}
diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAESM4Cipher.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAESM4Cipher.java
index cca619e1a..830f058e3 100644
--- a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAESM4Cipher.java
+++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAESM4Cipher.java
@@ -356,8 +356,10 @@ abstract class KAESM4Cipher extends KAESymmetricCipherBase {
throw new InvalidAlgorithmParameterException("Wrong IV length: iv is null ");
}
if (mode == Mode.CTR) {
- if (ivBytes.length < 8) {
- throw new InvalidAlgorithmParameterException("Wrong IV length: CTR mode requires IV of at least: 8 bytes.");
+ // For compatibility, SM4 CTR allows 8 < IV < blockSize, the remaining bytes will be filled with 0 in engineInit
+ if (ivBytes.length < 8 || ivBytes.length > blockSize) {
+ throw new InvalidAlgorithmParameterException("Wrong IV length: CTR mode requires IV of at least" +
+ "8 bytes, and no greater than " + blockSize + "bytes");
}
return;
}
diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_dh.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_dh.c
index d8d2ee7cb..74af15a51 100644
--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_dh.c
+++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_dh.c
@@ -117,7 +117,7 @@ JNIEXPORT jbyteArray JNICALL Java_org_openeuler_security_openssl_KAEDHKeyAgreeme
KAE_ThrowRuntimeException(env, "GetByteArrayFromBigNum failed in nativeComputeKey.");
goto cleanup;
}
- KAE_TRACE("Java_org_openeuler_security_openssl_KAEDHKeyAgreement_nativeGenerateSecret finished!");
+ KAE_TRACE("Java_org_openeuler_security_openssl_KAEDHKeyAgreement_nativeComputeKey finished!");
cleanup:
if (dh != NULL)
@@ -130,8 +130,10 @@ cleanup:
KAE_ReleaseBigNumFromByteArray(p_bn);
if (g_bn != NULL)
KAE_ReleaseBigNumFromByteArray(g_bn);
- if (secret != NULL)
+ if (secret != NULL) {
+ memset(secret, 0, pSizeInByte);
free(secret);
+ }
if (computeKeyRetBn != NULL)
BN_free(computeKeyRetBn);
diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_ecdh.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_ecdh.c
index 5fc4d68fd..877a915f0 100644
--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_ecdh.c
+++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_ecdh.c
@@ -30,7 +30,7 @@
#include "org_openeuler_security_openssl_KAEECDHKeyAgreement.h"
static void FreeGenerateSecretParam(BIGNUM* s, BIGNUM* wX, BIGNUM* wY,
- EC_POINT* pub, EC_KEY* eckey, EC_GROUP* group, unsigned char* shareKey)
+ EC_POINT* pub, EC_KEY* eckey, EC_GROUP* group, unsigned char* shareKey, int shareKeyLen)
{
KAE_ReleaseBigNumFromByteArray(s);
KAE_ReleaseBigNumFromByteArray(wX);
@@ -45,6 +45,7 @@ static void FreeGenerateSecretParam(BIGNUM* s, BIGNUM* wX, BIGNUM* wY,
EC_GROUP_free(group);
}
if (shareKey != NULL) {
+ memset(shareKey, 0, shareKeyLen);
free(shareKey);
}
}
@@ -106,10 +107,10 @@ JNIEXPORT jbyteArray JNICALL Java_org_openeuler_security_openssl_KAEECDHKeyAgree
goto cleanup;
}
(*env)->SetByteArrayRegion(env, javaBytes, 0, expectSecretLen, (jbyte*)shareKey);
- FreeGenerateSecretParam(s, wX, wY, pub, eckey, group, shareKey);
+ FreeGenerateSecretParam(s, wX, wY, pub, eckey, group, shareKey, expectSecretLen);
return javaBytes;
cleanup:
- FreeGenerateSecretParam(s, wX, wY, pub, eckey, group, shareKey);
+ FreeGenerateSecretParam(s, wX, wY, pub, eckey, group, shareKey, expectSecretLen);
return NULL;
}
diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c
index 43f6326b2..ec8894f1a 100644
--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c
+++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c
@@ -119,13 +119,15 @@ static const EVP_CIPHER* EVPGetAesCipherByName(JNIEnv* env, const char* algo)
}
}
-void FreeMemoryFromInit(JNIEnv* env, jbyteArray iv, jbyte* ivBytes, jbyteArray key, jbyte* keyBytes)
+void FreeMemoryFromInit(JNIEnv* env, jbyteArray iv, jbyte* ivBytes, jbyteArray key, jbyte* keyBytes,
+ int keyLength)
{
if (ivBytes != NULL) {
(*env)->ReleaseByteArrayElements(env, iv, ivBytes, 0);
}
if (keyBytes != NULL) {
- (*env)->ReleaseByteArrayElements(env, key, keyBytes, 0);
+ memset(keyBytes, 0, keyLength);
+ (*env)->ReleaseByteArrayElements(env, key, keyBytes, JNI_ABORT);
}
}
@@ -143,6 +145,7 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en
jbyte* ivBytes = NULL;
const EVP_CIPHER* cipher = NULL;
ENGINE* kaeEngine = NULL;
+ int keyLength = (*env)->GetArrayLength(env, key);
const char* algo = (*env)->GetStringUTFChars(env, cipherType, 0);
if (StartsWith("aes", algo)) {
@@ -180,14 +183,14 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en
EVP_CIPHER_CTX_set_padding(ctx, padding ? 1 : 0);
- FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes);
+ FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes, keyLength);
return (jlong)ctx;
cleanup:
if (ctx != NULL) {
EVP_CIPHER_CTX_free(ctx);
}
- FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes);
+ FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes, keyLength);
return 0;
}
--
2.22.0
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/xuyuchao/openjdk-1.8.0.git
git@gitee.com:xuyuchao/openjdk-1.8.0.git
xuyuchao
openjdk-1.8.0
openjdk-1.8.0
master

搜索帮助