Merge pull request #702 from ibmruntimes/openj9

Merge jdk-11.0.21+6 and the latest OpenJ9 changes to 0.41
ibmruntimes · Sep 8, 2023 · 14080ab · 14080ab
2 parents e81a7f1 + 27c0f0f
commit 14080ab
Show file tree

Hide file tree

Showing 14 changed files with 519 additions and 277 deletions.
diff --git a/closed/openjdk-tag.gmk b/closed/openjdk-tag.gmk
@@ -1 +1 @@
-OPENJDK_TAG := jdk-11.0.21+5
+OPENJDK_TAG := jdk-11.0.21+6
diff --git a/closed/src/java.base/share/classes/com/sun/crypto/provider/NativeCipherBlockChaining.java b/closed/src/java.base/share/classes/com/sun/crypto/provider/NativeCipherBlockChaining.java
@@ -24,7 +24,7 @@
  */
 /*
  * ===========================================================================
- * (c) Copyright IBM Corp. 2018, 2022 All Rights Reserved
+ * (c) Copyright IBM Corp. 2018, 2023 All Rights Reserved
  * ===========================================================================
  */
 
@@ -56,6 +56,7 @@ class NativeCipherBlockChaining extends FeedbackCipher {
 
  private static final NativeCrypto nativeCrypto;
  private static final Cleaner contextCleaner;
+ private int previousKeyLength = -1;
 
  /*
  * Initialize the CBC context.
@@ -184,7 +185,12 @@ void init(boolean decrypting, String algorithm, byte[] key, byte[] iv)
 
  int ret;
  synchronized (this) {
- ret = nativeCrypto.CBCInit(nativeContext, mode, iv, iv.length, key, key.length);
+ if (previousKeyLength == key.length) {
+ ret = nativeCrypto.CBCInit(nativeContext, mode, iv, iv.length, key, key.length, true);
+ } else {
+ ret = nativeCrypto.CBCInit(nativeContext, mode, iv, iv.length, key, key.length, false);
+ previousKeyLength = key.length;
+ }
  }
  if (ret == -1) {
  throw new ProviderException("Error in Native CipherBlockChaining");
@@ -201,7 +207,7 @@ void reset() {
  System.arraycopy(iv, 0, r, 0, blockSize);
  int ret;
  synchronized (this) {
- ret = nativeCrypto.CBCInit(nativeContext, mode, iv, iv.length, key, key.length);
+ ret = nativeCrypto.CBCInit(nativeContext, mode, iv, iv.length, key, key.length, true);
  }
  if (ret == -1) {
  throw new ProviderException("Error in Native CipherBlockChaining");
@@ -225,7 +231,7 @@ void restore() {
  System.arraycopy(rSave, 0, r, 0, blockSize);
  int ret;
  synchronized (this) {
- ret = nativeCrypto.CBCInit(nativeContext, mode, r, r.length, key, key.length);
+ ret = nativeCrypto.CBCInit(nativeContext, mode, r, r.length, key, key.length, true);
  }
  if (ret == -1) {
  throw new ProviderException("Error in Native CipherBlockChaining");

diff --git a/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java b/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java
@@ -218,7 +218,7 @@ public final native int DigestComputeAndReset(long context,
  int digestOffset,
  int digestLen);
 
- public final native void DigestReset(long context);
+ public final native int DigestReset(long context);
 
  /* Native interfaces shared by CBC and ChaCha20 */
 
@@ -233,7 +233,8 @@ public final native int CBCInit(long context,
  byte[] iv,
  int ivlen,
  byte[] key,
- int keylen);
+ int keylen,
+ boolean doReset);
 
  public final native int CBCUpdate(long context,
  byte[] input,

diff --git a/closed/src/java.base/share/classes/sun/security/provider/NativeDigest.java b/closed/src/java.base/share/classes/sun/security/provider/NativeDigest.java
@@ -24,11 +24,10 @@
  */
 /*
  * ===========================================================================
- * (c) Copyright IBM Corp. 2018, 2019 All Rights Reserved
+ * (c) Copyright IBM Corp. 2018, 2023 All Rights Reserved
  * ===========================================================================
  */
 
-
 package sun.security.provider;
 
 import java.security.MessageDigestSpi;
@@ -137,7 +136,10 @@ synchronized protected final void engineReset() {
  return;
  }
 
- nativeCrypto.DigestReset(context);
+ int ret = nativeCrypto.DigestReset(context);
+ if (ret == -1) {
+ throw new ProviderException("Error in Native Digest Reset");
+ }
  bytesProcessed = 0;
  }
 

diff --git a/closed/src/java.base/share/native/libjncrypto/NativeCrypto.c b/closed/src/java.base/share/native/libjncrypto/NativeCrypto.c
@@ -298,6 +298,7 @@ OSSL_PKCS12_key_gen_t* OSSL_PKCS12_key_gen;
 typedef struct OpenSSLMDContext {
  EVP_MD_CTX *ctx;
  const EVP_MD *digestAlg;
+ EVP_MD_CTX *cachedInitializedDigestContext;
 } OpenSSLMDContext;
 
 /* Handle errors from OpenSSL calls. */
@@ -896,22 +897,38 @@ JNIEXPORT jlong JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_DigestCreateCon
  context->ctx = ctx;
  context->digestAlg = digestAlg;
 
+ /*
+ * Create a second initialized openssl digest context. This is being done for performance reasons since
+ * creating and or re-initializing digest contexts later during processing is found to be expensive.
+ * This second context, context->cachedInitializedDigestContext, will be copied over the working context,
+ * context->ctx, using the EVP_MD_CTX_copy_ex API whenever we wish to re-initalize this cipher. This occurs
+ * during an explicit reset of the cipher or whenever a final digest is computed.
+ */
+ context->cachedInitializedDigestContext = (*OSSL_MD_CTX_new)();
+ if (NULL == context->cachedInitializedDigestContext) {
+ goto releaseContexts;
+ }
+
+ if (1 != (*OSSL_MD_CTX_copy_ex)(context->cachedInitializedDigestContext, context->ctx)) {
+ goto releaseContexts;
+ }
+
  if (0 != copyContext) {
  EVP_MD_CTX *contextToCopy = ((OpenSSLMDContext*)(intptr_t)copyContext)->ctx;
  if (NULL == contextToCopy) {
- (*OSSL_MD_CTX_free)(ctx);
- free(context);
- return -1;
+ goto releaseContexts;
  }
  if (0 == (*OSSL_MD_CTX_copy_ex)(ctx, contextToCopy)) {
- printErrors();
- (*OSSL_MD_CTX_free)(ctx);
- free(context);
- return -1;
+ goto releaseContexts;
  }
  }
 
  return (jlong)(intptr_t)context;
+
+releaseContexts:
+ printErrors();
+ Java_jdk_crypto_jniprovider_NativeCrypto_DigestDestroyContext(env, thisObj, (jlong)(intptr_t)context);
+ return -1;
 }
 
 /*
@@ -923,11 +940,20 @@ JNIEXPORT jint JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_DigestDestroyCon
  (JNIEnv *env, jclass thisObj, jlong c) {
 
  OpenSSLMDContext *context = (OpenSSLMDContext*)(intptr_t) c;
- if ((NULL == context) || (NULL == context->ctx)) {
+ if (NULL == context) {
  return -1;
  }
 
- (*OSSL_MD_CTX_free)(context->ctx);
+ if (NULL != context->ctx) {
+ (*OSSL_MD_CTX_free)(context->ctx);
+ context->ctx = NULL;
+ }
+
+ if (NULL != context->cachedInitializedDigestContext) {
+ (*OSSL_MD_CTX_free)(context->cachedInitializedDigestContext);
+ context->cachedInitializedDigestContext = NULL;
+ }
+
  free(context);
  return 0;
 }
@@ -984,7 +1010,7 @@ JNIEXPORT jint JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_DigestComputeAnd
  unsigned char* messageNative = NULL;
  unsigned char* digestNative = NULL;
 
- if ((NULL == context) || (NULL == context->ctx)) {
+ if ((NULL == context) || (NULL == context->ctx) || (NULL == context->cachedInitializedDigestContext)) {
  return -1;
  }
 
@@ -1016,10 +1042,23 @@ JNIEXPORT jint JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_DigestComputeAnd
 
  (*env)->ReleasePrimitiveArrayCritical(env, digest, digestNative, 0);
 
- (*OSSL_MD_CTX_reset)(context->ctx);
-
- if (1 != (*OSSL_DigestInit_ex)(context->ctx, context->digestAlg, NULL)) {
+ /*
+ * Reset the message digest context to the original context. We are then ready to perform
+ * digest operations again using a copy of this cached context.
+ */
+ if (1 != (*OSSL_MD_CTX_copy_ex)(context->ctx, context->cachedInitializedDigestContext)) {
  printErrors();
+
+ if (NULL != context->ctx) {
+ (*OSSL_MD_CTX_free)(context->ctx);
+ context->ctx = NULL;
+ }
+
+ if (NULL != context->cachedInitializedDigestContext) {
+ (*OSSL_MD_CTX_free)(context->cachedInitializedDigestContext);
+ context->cachedInitializedDigestContext = NULL;
+ }
+
  return -1;
  }
 
@@ -1030,22 +1069,38 @@ JNIEXPORT jint JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_DigestComputeAnd
  *
  * Class: jdk_crypto_jniprovider_NativeCrypto
  * Method: DigestReset
- * Signature: (J)V
+ * Signature: (J)I
  */
-JNIEXPORT void JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_DigestReset
+JNIEXPORT jint JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_DigestReset
  (JNIEnv *env, jclass thisObj, jlong c) {
 
  OpenSSLMDContext *context = (OpenSSLMDContext*)(intptr_t) c;
 
- if ((NULL == context) || (NULL == context->ctx)) {
- return;
+ if ((NULL == context) || (NULL == context->ctx) || (NULL == context->cachedInitializedDigestContext)) {
+ return -1;
  }
 
- (*OSSL_MD_CTX_reset)(context->ctx);
-
- if (1 != (*OSSL_DigestInit_ex)(context->ctx, context->digestAlg, NULL)) {
+ /*
+ * Reset the message digest context to the original context. We are then ready to perform
+ * digest operations again using a copy of this cached context.
+ */
+ if (1 != (*OSSL_MD_CTX_copy_ex)(context->ctx, context->cachedInitializedDigestContext)) {
  printErrors();
+
+ if (NULL != context->ctx) {
+ (*OSSL_MD_CTX_free)(context->ctx);
+ context->ctx = NULL;
+ }
+
+ if (NULL != context->cachedInitializedDigestContext) {
+ (*OSSL_MD_CTX_free)(context->cachedInitializedDigestContext);
+ context->cachedInitializedDigestContext = NULL;
+ }
+
+ return -1;
  }
+
+ return 0;
 }
 
 /*
@@ -1092,7 +1147,7 @@ JNIEXPORT jint JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_DestroyContext
  */
 JNIEXPORT jint JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_CBCInit
  (JNIEnv *env, jclass thisObj, jlong c, jint mode, jbyteArray iv, jint iv_len,
- jbyteArray key, jint key_len) {
+ jbyteArray key, jint key_len, jboolean doReset) {
 
  EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX*)(intptr_t) c;
  unsigned char* ivNative = NULL;
@@ -1103,18 +1158,20 @@ JNIEXPORT jint JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_CBCInit
  return -1;
  }
 
- switch(key_len) {
- case 16:
- evp_cipher1 = (*OSSL_aes_128_cbc)();
- break;
- case 24:
- evp_cipher1 = (*OSSL_aes_192_cbc)();
- break;
- case 32:
- evp_cipher1 = (*OSSL_aes_256_cbc)();
- break;
- default:
- break;
+ if (JNI_FALSE == doReset) {
+ switch (key_len) {
+ case 16:
+ evp_cipher1 = (*OSSL_aes_128_cbc)();
+ break;
+ case 24:
+ evp_cipher1 = (*OSSL_aes_192_cbc)();
+ break;
+ case 32:
+ evp_cipher1 = (*OSSL_aes_256_cbc)();
+ break;
+ default:
+ break;
+ }
  }
 
  ivNative = (unsigned char*)((*env)->GetByteArrayElements(env, iv, 0));
@@ -1135,7 +1192,9 @@ JNIEXPORT jint JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_CBCInit
  return -1;
  }
 
- (*OSSL_CIPHER_CTX_set_padding)(ctx, 0);
+ if (JNI_FALSE == doReset) {
+ (*OSSL_CIPHER_CTX_set_padding)(ctx, 0);
+ }
 
  (*env)->ReleaseByteArrayElements(env, iv, (jbyte*)ivNative, JNI_ABORT);
  (*env)->ReleaseByteArrayElements(env, key, (jbyte*)keyNative, JNI_ABORT);

diff --git a/make/data/cacerts/certignarootca b/make/data/cacerts/certignarootca
@@ -0,0 +1,43 @@
+Owner: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR
+Issuer: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR
+Serial number: cae91b89f155030da3e6416dc4e3a6e1
+Valid from: Tue Oct 01 08:32:27 GMT 2013 until: Sat Oct 01 08:32:27 GMT 2033
+Signature algorithm name: SHA256withRSA
+Subject Public Key Algorithm: 4096-bit RSA key
+Version: 3
+-----BEGIN CERTIFICATE-----
+MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAw
+WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw
+MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x
+MzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjdaMFoxCzAJBgNVBAYTAkZSMRIwEAYD
+VQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxGTAX
+BgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sO
+ty3tRQgXstmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9M
+CiBtnyN6tMbaLOQdLNyzKNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPu
+I9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8JXrJhFwLrN1CTivngqIkicuQstDuI7pm
+TLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16XdG+RCYyKfHx9WzMfgIh
+C59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq4NYKpkDf
+ePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3Yz
+IoejwpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWT
+Co/1VTp2lc5ZmIoJlXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1k
+JWumIWmbat10TWuXekG9qxf5kBdIjzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5
+hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp//TBt2dzhauH8XwIDAQABo4IB
+GjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of
+1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczov
+L3d3d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilo
+dHRwOi8vY3JsLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYr
+aHR0cDovL2NybC5kaGlteW90aXMuY29tL2NlcnRpZ25hcm9vdGNhLmNybDANBgkq
+hkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOItOoldaDgvUSILSo3L
+6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxPTGRG
+HVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH6
+0BGM+RFq7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncB
+lA2c5uk5jR+mUYyZDDl34bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdi
+o2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1
+gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS6Cvu5zHbugRqh5jnxV/v
+faci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaYtlu3zM63
+Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayh
+jWZSaX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw
+3kAP+HwV96LOPNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0=
+-----END CERTIFICATE-----
diff --git a/src/java.base/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java b/src/java.base/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java
@@ -61,7 +61,7 @@ class NativeUnpack {
 
  // Resets the engine and frees all resources.
  // Returns total number of bytes consumed by the engine.
- private synchronized native long finish();
+ synchronized native long finish();
 
  // Setting state in the unpacker.
  protected synchronized native boolean setOption(String opt, String value);

diff --git a/src/java.base/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java b/src/java.base/share/classes/com/sun/java/util/jar/pack/UnpackerImpl.java
@@ -116,6 +116,11 @@ public synchronized void unpack(InputStream in, JarOutputStream out) throws IOEx
  } catch (UnsatisfiedLinkError | NoClassDefFoundError ex) {
  // failover to java implementation
  (new DoUnpack()).run(in0, out);
+ } finally {
+ if (_nunp != null) {
+ // Free up native memory and JNI handles to prevent leaks
+ ((NativeUnpack) _nunp).finish();
+ }
  }
  in0.close();
  Utils.markJarFile(out);

diff --git a/src/jdk.pack/share/native/libunpack/jni.cpp b/src/jdk.pack/share/native/libunpack/jni.cpp
@@ -314,9 +314,12 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject
 
 JNIEXPORT jlong JNICALL
 Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) {
- unpacker* uPtr = get_unpacker(env, pObj, false);
+ // There's no need to create a new unpacker here if we don't already have one
+ // just to immediatly free it afterwards.
+ unpacker* uPtr = get_unpacker(env, pObj, /* noCreate= */ true);
  CHECK_EXCEPTION_RETURN_VALUE(uPtr, 0);
  size_t consumed = uPtr->input_consumed();
+ // free_unpacker() will set the unpacker field on 'pObj' to null
  free_unpacker(env, pObj, uPtr);
  return consumed;
 }

diff --git a/test/jdk/java/awt/Window/MultiWindowApp/ChildAlwaysOnTopTest.java b/test/jdk/java/awt/Window/MultiWindowApp/ChildAlwaysOnTopTest.java
@@ -110,7 +110,7 @@ public static void main(String[] args) throws Exception {
  System.out.println("CASE 3 Completed");
  System.out.println();
 
- if (errorLog.length() == 0)
+ if (errorLog.length() == 0) {
  System.out.println("All three cases passed !!");
  }
  else {