Merge pull request #740 from WilburZjh/CRIUSupportMD5AndSHA256

Add SHA-256 and MD5 MessageDigest to CRIUSecProvider
ibmruntimes · Dec 8, 2023 · e191906 · e191906
2 parents 22b3657 + 8b92199
commit e191906
Show file tree

Hide file tree

Showing 10 changed files with 201 additions and 1,022 deletions.
diff --git a/closed/GensrcJ9JCL.gmk b/closed/GensrcJ9JCL.gmk
@@ -39,6 +39,7 @@ $(eval $(call SetupCopyFiles,COPY_OVERLAY_FILES, \
 	SRC := $(TOPDIR), \
 	DEST := $(SUPPORT_OUTPUTDIR)/overlay, \
 	FILES := \
+		src/java.base/share/classes/com/sun/crypto/provider/HmacCore.java \
 		src/java.base/share/classes/java/lang/ClassValue.java \
 		src/java.base/share/classes/java/net/InetAddress.java \
 		src/java.base/share/classes/java/security/Security.java \
@@ -48,7 +49,10 @@ $(eval $(call SetupCopyFiles,COPY_OVERLAY_FILES, \
 		src/java.base/share/classes/jdk/internal/misc/JavaNetInetAddressAccess.java \
 		src/java.base/share/classes/sun/security/jca/ProviderConfig.java \
 		src/java.base/share/classes/sun/security/jca/ProviderList.java \
+		src/java.base/share/classes/sun/security/provider/DigestBase.java \
+		src/java.base/share/classes/sun/security/provider/SecureRandom.java \
 		src/java.base/unix/classes/java/lang/ProcessEnvironment.java \
+		src/java.base/unix/classes/sun/security/provider/NativePRNG.java \
 	))
 
 IncludeIfUnsure := -includeIfUnsure -noWarnIncludeIf

diff --git a/closed/src/java.base/share/classes/openj9/internal/criu/CRIUSECProvider.java b/closed/src/java.base/share/classes/openj9/internal/criu/CRIUSECProvider.java
@@ -1,7 +1,7 @@
 /*[INCLUDE-IF CRIU_SUPPORT]*/
 /*
  * ===========================================================================
- * (c) Copyright IBM Corp. 2022, 2022 All Rights Reserved
+ * (c) Copyright IBM Corp. 2022, 2023 All Rights Reserved
  * ===========================================================================
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,9 @@
 package openj9.internal.criu;
 
 import java.security.Provider;
+import java.util.Map;
+import java.util.WeakHashMap;
+import java.util.function.Consumer;
 
 /**
  * The CRIUSECProvider is a security provider that is used as follows when CRIU
@@ -39,26 +42,47 @@ public final class CRIUSECProvider extends Provider {
 
     private static final long serialVersionUID = -3240458633432287743L;
 
+    private static final Map<Object, Consumer<Object>> actions = new WeakHashMap<>();
+
+    @SuppressWarnings("unchecked")
+    public static <T> void doOnRestart(T object, Consumer<T> action) {
+        if (InternalCRIUSupport.isCheckpointAllowed()) {
+            synchronized (actions) {
+                // This unchecked cast is safe because the action
+                // is only applied the supplied object.
+                actions.put(object, (Consumer<Object>) action);
+            }
+        }
+    }
+
     public CRIUSECProvider() {
         super("CRIUSEC", "1", "CRIUSEC Provider");
 
-        String packageName = CRIUSECProvider.class.getPackage().getName() + ".";
-
         String[] aliases = new String[] { "SHA",
                                           "SHA1",
                                           "OID.1.3.14.3.2.26",
                                           "1.3.14.3.2.26" };
 
         // SHA1PRNG is the default name needed by the jdk, but SHA1 is not used, rather it reads directly from /dev/random.
-        putService(new Service(this, "MessageDigest", "SHA-1", packageName + "SHA", java.util.Arrays.asList(aliases), null));
-        putService(new Service(this, "SecureRandom", "SHA1PRNG", packageName + "NativePRNG", null, null));
+        putService(new Service(this, "MessageDigest", "SHA-1", "sun.security.provider.SHA", java.util.Arrays.asList(aliases), null));
+        putService(new Service(this, "MessageDigest", "SHA-256", "sun.security.provider.SHA2$SHA256", null, null));
+        putService(new Service(this, "MessageDigest", "MD5", "sun.security.provider.MD5", null, null));
+        putService(new Service(this, "Mac", "HmacSHA256", "com.sun.crypto.provider.HmacCore$HmacSHA256", null, null));
+        putService(new Service(this, "SecureRandom", "SHA1PRNG", "sun.security.provider.NativePRNG$CRIUNativePRNG", null, null));
     }
 
     /**
-     * Resets the security digests.
+     * Reset security algorithms.
      */
     public static void resetCRIUSEC() {
-        NativePRNG.clearRNGState();
-        DigestBase.resetDigests();
+        synchronized (actions) {
+            for (Map.Entry<Object, Consumer<Object>> entry : actions.entrySet()) {
+                Object object = entry.getKey();
+
+                if (object != null) {
+                    entry.getValue().accept(object);
+                }
+            }
+        }
     }
 }
diff --git a/closed/src/java.base/share/classes/openj9/internal/criu/DigestBase.java b/closed/src/java.base/share/classes/openj9/internal/criu/DigestBase.java