Skip to content

Commit

Permalink
Merge pull request #745 from ibmruntimes/openj9
Browse files Browse the repository at this point in the history
Merge the latest openj9 changes to 0.43
  • Loading branch information
AdamBrousseau authored Dec 12, 2023
2 parents dbdd719 + 6fd19af commit 09095f6
Show file tree
Hide file tree
Showing 4 changed files with 97 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
import java.security.KeyPair;
import java.security.KeyPairGeneratorSpi;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
Expand All @@ -56,6 +57,7 @@

import sun.security.ec.point.*;
import sun.security.jca.JCAUtil;
import sun.security.provider.Sun;
import sun.security.util.ECUtil;

import static sun.security.ec.ECOperations.IntermediateValueException;
Expand Down Expand Up @@ -97,6 +99,28 @@ public NativeECKeyPairGenerator() {

@Override
public void initialize(int keySize, SecureRandom random) {
if (random == null) {
if (nativeCryptTrace) {
System.err.println("No SecureRandom implementation was provided during"
+ " initialization. Using OpenSSL.");
}
} else if ((random.getProvider() instanceof Sun)
&& ("NativePRNG".equals(random.getAlgorithm()) || "DRBG".equals(random.getAlgorithm()))
) {
if (nativeCryptTrace) {
System.err.println("Default SecureRandom implementation was provided during"
+ " initialization. Using OpenSSL.");
}
} else {
if (nativeCryptTrace) {
System.err.println("SecureRandom implementation was provided during"
+ " initialization. Using Java implementation instead of OpenSSL.");
}
this.javaImplementation = new ECKeyPairGenerator();
this.javaImplementation.initialize(keySize, random);
return;
}

if (keySize < KEY_SIZE_MIN) {
throw new InvalidParameterException
("Key size must be at least " + KEY_SIZE_MIN + " bits");
Expand Down Expand Up @@ -125,6 +149,28 @@ public void initialize(int keySize, SecureRandom random) {
@Override
public void initialize(AlgorithmParameterSpec params, SecureRandom random)
throws InvalidAlgorithmParameterException {
if (random == null) {
if (nativeCryptTrace) {
System.err.println("No SecureRandom implementation was provided during"
+ " initialization. Using OpenSSL.");
}
} else if ((random.getProvider() instanceof Sun)
&& ("NativePRNG".equals(random.getAlgorithm()) || "DRBG".equals(random.getAlgorithm()))
) {
if (nativeCryptTrace) {
System.err.println("Default SecureRandom implementation was provided during"
+ " initialization. Using OpenSSL.");
}
} else {
if (nativeCryptTrace) {
System.err.println("SecureRandom implementation was provided during"
+ " initialization. Using Java implementation instead of OpenSSL.");
}
this.javaImplementation = new ECKeyPairGenerator();
this.javaImplementation.initialize(params, random);
return;
}

ECParameterSpec ecSpec = null;

if (params instanceof ECParameterSpec) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGeneratorSpi;
import java.security.Provider;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
Expand All @@ -46,6 +47,8 @@

import jdk.crypto.jniprovider.NativeCrypto;

import sun.security.jca.JCAUtil;
import sun.security.provider.Sun;
import sun.security.util.BitArray;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X509Key;
Expand All @@ -59,6 +62,7 @@ public class NativeXDHKeyPairGenerator extends KeyPairGeneratorSpi {
private final XECParameters lockedParams;

private XDHKeyPairGenerator javaImplementation;
private boolean useJavaImpl;

public NativeXDHKeyPairGenerator() {
tryInitialize(NamedParameterSpec.X25519);
Expand Down Expand Up @@ -105,10 +109,42 @@ private void initializeImpl(XECParameters params, SecureRandom random) {
}

ops = new XECOperations(params);
this.random = (random != null) ? random : JCAUtil.getSecureRandom();

useJavaImpl = false;
if (random == null) {
if (nativeCryptTrace) {
System.err.println("No SecureRandom implementation was provided during"
+ " initialization. Using OpenSSL.");
}
} else if ((random.getProvider() instanceof Sun)
&& ("NativePRNG".equals(random.getAlgorithm()) || "DRBG".equals(random.getAlgorithm()))
) {
if (nativeCryptTrace) {
System.err.println("Default SecureRandom implementation was provided during"
+ " initialization. Using OpenSSL.");
}
} else {
if (nativeCryptTrace) {
System.err.println("SecureRandom implementation was provided during"
+ " initialization. Using Java implementation instead of OpenSSL.");
}
useJavaImpl = true;
}
}

@Override
public KeyPair generateKeyPair() {
/*
* When the keypair generator is initialized with
* anything other than the default SecureRandom
* implementation, use the Java implementation
* to generate the keypair.
*/
if (useJavaImpl) {
return javaImplGenerateKeyPair();
}

/* If library isn't loaded, use Java implementation. */
if (!NativeCrypto.isAllowedAndLoaded()) {
if (nativeCryptTrace) {
Expand Down Expand Up @@ -177,12 +213,16 @@ public KeyPair generateKeyPair() {
*/
private void initializeJavaImplementation() {
if (javaImplementation == null) {
if (isX25519(ops.getParameters())) {
if (lockedParams == null) {
javaImplementation = new XDHKeyPairGenerator();
} else if (isX25519(lockedParams)) {
javaImplementation = new XDHKeyPairGenerator.X25519();
} else {
javaImplementation = new XDHKeyPairGenerator.X448();
}
}

javaImplementation.initialize(ops.getParameters().getBits(), random);
}

/*
Expand Down
3 changes: 2 additions & 1 deletion src/java.base/share/classes/module-info.java
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@

/*
* ===========================================================================
* (c) Copyright IBM Corp. 2022, 2022 All Rights Reserved
* (c) Copyright IBM Corp. 2022, 2023 All Rights Reserved
* ===========================================================================
*/

Expand Down Expand Up @@ -298,6 +298,7 @@
java.rmi,
java.security.jgss,
jdk.crypto.cryptoki,
jdk.crypto.ec,
jdk.security.auth;
exports sun.security.provider.certpath to
java.naming,
Expand Down
8 changes: 8 additions & 0 deletions test/jdk/ProblemList-FIPS140_2.txt
Original file line number Diff line number Diff line change
Expand Up @@ -1128,3 +1128,11 @@ sun/security/ssl/SSLSocketImpl/SSLSocketSSLEngineCloseInbound.java https://githu
# NSS can not be initialized twice, because the FIPS already initial it.

sun/security/pkcs11/tls/TestKeyMaterialChaCha20.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/591 linux-x64,linux-ppc64le,linux-s390x

# Temporary Exclusion
java/util/jar/JarFile/VerifySignedJar.java https://github.ibm.com/runtimes/backlog/issues/1089 linux-x64,linux-ppc64le,linux-s390x
java/util/jar/JarFile/SignedJarPendingBlock.java https://github.ibm.com/runtimes/backlog/issues/1089 linux-x64,linux-ppc64le,linux-s390x
com/sun/jndi/ldap/LdapSSLHandshakeFailureTest.java https://github.ibm.com/runtimes/backlog/issues/1089 linux-x64,linux-ppc64le,linux-s390x
javax/smartcardio/TerminalFactorySpiTest.java https://github.ibm.com/runtimes/backlog/issues/1089 linux-x64,linux-ppc64le,linux-s390x
sun/security/krb5/auto/Unavailable.java https://github.ibm.com/runtimes/backlog/issues/1089 linux-x64,linux-ppc64le,linux-s390x
sun/security/krb5/etype/WeakCrypto.java https://github.ibm.com/runtimes/backlog/issues/1089 linux-x64,linux-ppc64le,linux-s390x

0 comments on commit 09095f6

Please sign in to comment.