Skip to content

Commit

Permalink
Merge pull request #608 from JasonFengJ9/mergetmp
Browse files Browse the repository at this point in the history 
Merge master HEAD into openj9-staging
  • Loading branch information
@keithc-ca
keithc-ca authored Jun 20, 2023
2 parents 4e23dcd + 90cd34c commit b57347e
Show file tree
Hide file tree
Showing 2,246 changed files with 111,088 additions and 25,222 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ jobs:
apt-architecture: 'i386'
# Some multilib libraries do not have proper inter-dependencies, so we have to
# install their dependencies manually.
apt-extra-packages: 'libfreetype6-dev:i386 libtiff-dev:i386 libcupsimage2-dev:i386 libc6-i386'
apt-extra-packages: 'libfreetype6-dev:i386 libtiff-dev:i386 libcupsimage2-dev:i386 libc6-i386 libgcc-s1:i386 libstdc++6:i386'
extra-conf-options: '--with-target-bits=32'
configure-arguments: ${{ github.event.inputs.configure-arguments }}
make-arguments: ${{ github.event.inputs.make-arguments }}
Expand Down
14 changes: 2 additions & 12 deletions bin/idea.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,17 +193,7 @@ for root in $MODULE_ROOTS; do
root=`wslpath -am $root`
fi

VM_CI="jdk.internal.vm.ci/share/classes"
VM_COMPILER="src/jdk.internal.vm.compiler/share/classes"
if test "${root#*$VM_CI}" != "$root" || test "${root#*$VM_COMPILER}" != "$root"; then
for subdir in "$root"/*; do
if [ -d "$subdir" ]; then
SOURCES=$SOURCES" $SOURCE_PREFIX""$subdir"/src"$SOURCE_POSTFIX"
fi
done
else
SOURCES=$SOURCES" $SOURCE_PREFIX""$root""$SOURCE_POSTFIX"
fi
SOURCES=$SOURCES" $SOURCE_PREFIX""$root""$SOURCE_POSTFIX"
done

add_replacement "###SOURCE_ROOTS###" "$SOURCES"
Expand Down Expand Up @@ -274,4 +264,4 @@ $BOOT_JDK/bin/$JAVAC -d $JAVAC_CLASSES -sourcepath $JAVAC_SOURCE_PATH -cp $JAVAC

if [ "x$WSL_DISTRO_NAME" != "x" ]; then
rm -rf $ANT_TEMP
fi
fi
2 changes: 1 addition & 1 deletion closed/openjdk-tag.gmk
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
OPENJDK_TAG := jdk-21+20
OPENJDK_TAG := jdk-21+25
19 changes: 19 additions & 0 deletions closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,13 @@ public class NativeCrypto {
public static final int ECField_Fp = 0;
public static final int ECField_F2m = 1;

/* Define XDH curve constants used by OpenSSL. */
public static final int X25519 = 1034;
public static final int X448 = 1035;

public static final long OPENSSL_VERSION_1_0_0 = 0x1_00_00_000L;
public static final long OPENSSL_VERSION_1_1_0 = 0x1_01_00_000L;
public static final long OPENSSL_VERSION_1_1_1 = 0x1_01_01_000L;
public static final long OPENSSL_VERSION_3_0_0 = 0x3_00_00_000L;

private static final Cleaner ECKeyCleaner = CleanerFactory.cleaner();
Expand Down Expand Up @@ -399,4 +404,18 @@ public final native int PBEDerive(byte[] password,
int id,
int hashAlgorithm);

/* Native XDH (X25519, X448) interfaces. */
public final native int XDHCreateKeys(byte[] privateKey,
int privateKeyLength,
byte[] publicKey,
int publicKeyLength,
int curveType);

public final native int XDHGenerateSecret(byte[] privateKey,
int privateKeyLength,
byte[] publicKey,
int publicKeyLength,
byte[] computedSecret,
int computedSecretLength,
int curveType);
}
245 changes: 241 additions & 4 deletions closed/src/java.base/share/native/libjncrypto/NativeCrypto.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@

#define OPENSSL_VERSION_1_0_0 OPENSSL_VERSION_CODE(1, 0, 0, 0)
#define OPENSSL_VERSION_1_1_0 OPENSSL_VERSION_CODE(1, 1, 0, 0)
#define OPENSSL_VERSION_1_1_1 OPENSSL_VERSION_CODE(1, 1, 1, 0)
#define OPENSSL_VERSION_2_0_0 OPENSSL_VERSION_CODE(2, 0, 0, 0)
/* Per new OpenSSL naming convention starting from OpenSSL 3, all major versions are ABI and API compatible. */
#define OPENSSL_VERSION_3_0_0 OPENSSL_VERSION_CODE(3, 0, 0, 0)
Expand Down Expand Up @@ -149,6 +150,20 @@ typedef int OSSL_EC_KEY_check_key_t(const EC_KEY *);
typedef int EC_set_public_key_t(EC_KEY *, BIGNUM *, BIGNUM *, int);
typedef const BIGNUM *OSSL_EC_KEY_get0_private_key_t(const EC_KEY *);

typedef EVP_PKEY_CTX *OSSL_EVP_PKEY_CTX_new_t(EVP_PKEY *, ENGINE *);
typedef EVP_PKEY_CTX *OSSL_EVP_PKEY_CTX_new_id_t(int, ENGINE *);
typedef int OSSL_EVP_PKEY_keygen_init_t(EVP_PKEY_CTX *);
typedef int OSSL_EVP_PKEY_keygen_t(EVP_PKEY_CTX *, EVP_PKEY **);
typedef void OSSL_EVP_PKEY_CTX_free_t(EVP_PKEY_CTX *);
typedef int OSSL_EVP_PKEY_get_raw_private_key_t(const EVP_PKEY *, unsigned char *, size_t *);
typedef int OSSL_EVP_PKEY_get_raw_public_key_t(const EVP_PKEY *, unsigned char *, size_t *);
typedef EVP_PKEY *OSSL_EVP_PKEY_new_raw_private_key_t(int, ENGINE *, const unsigned char *, size_t);
typedef EVP_PKEY *OSSL_EVP_PKEY_new_raw_public_key_t(int, ENGINE *, const unsigned char *, size_t);
typedef int OSSL_EVP_PKEY_derive_init_t(EVP_PKEY_CTX *);
typedef int OSSL_EVP_PKEY_derive_set_peer_t(EVP_PKEY_CTX *, EVP_PKEY *);
typedef int OSSL_EVP_PKEY_derive_t(EVP_PKEY_CTX *, unsigned char *, size_t *);
typedef void OSSL_EVP_PKEY_free_t(EVP_PKEY *);

typedef int OSSL_PKCS12_key_gen_t(const char *, int, unsigned char *, int, int, int, int, unsigned char *, const EVP_MD *);

typedef int OSSL_CRYPTO_num_locks_t();
Expand Down Expand Up @@ -261,6 +276,21 @@ OSSL_EC_KEY_check_key_t* OSSL_EC_KEY_check_key;
EC_set_public_key_t* EC_set_public_key;
OSSL_EC_KEY_get0_private_key_t *OSSL_EC_KEY_get0_private_key;

/* Define pointers for OpenSSL functions to handle XDH algorithm. */
OSSL_EVP_PKEY_CTX_new_t *OSSL_EVP_PKEY_CTX_new;
OSSL_EVP_PKEY_CTX_new_id_t *OSSL_EVP_PKEY_CTX_new_id;
OSSL_EVP_PKEY_keygen_init_t *OSSL_EVP_PKEY_keygen_init;
OSSL_EVP_PKEY_keygen_t *OSSL_EVP_PKEY_keygen;
OSSL_EVP_PKEY_CTX_free_t *OSSL_EVP_PKEY_CTX_free;
OSSL_EVP_PKEY_get_raw_private_key_t *OSSL_EVP_PKEY_get_raw_private_key;
OSSL_EVP_PKEY_get_raw_public_key_t *OSSL_EVP_PKEY_get_raw_public_key;
OSSL_EVP_PKEY_new_raw_private_key_t *OSSL_EVP_PKEY_new_raw_private_key;
OSSL_EVP_PKEY_new_raw_public_key_t *OSSL_EVP_PKEY_new_raw_public_key;
OSSL_EVP_PKEY_derive_init_t *OSSL_EVP_PKEY_derive_init;
OSSL_EVP_PKEY_derive_set_peer_t *OSSL_EVP_PKEY_derive_set_peer;
OSSL_EVP_PKEY_derive_t *OSSL_EVP_PKEY_derive;
OSSL_EVP_PKEY_free_t *OSSL_EVP_PKEY_free;

/* Define pointers for OpenSSL functions to handle PBE algorithm. */
OSSL_PKCS12_key_gen_t* OSSL_PKCS12_key_gen;

Expand Down Expand Up @@ -528,6 +558,37 @@ JNIEXPORT jlong JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_loadCrypto
OSSL_ECGF2M = JNI_TRUE;
}

/* Load the functions symbols for OpenSSL XDH algorithm. (Need OpenSSL 1.1.x or above). */
if (ossl_ver >= OPENSSL_VERSION_1_1_1) {
OSSL_EVP_PKEY_CTX_new = (OSSL_EVP_PKEY_CTX_new_t *)find_crypto_symbol(crypto_library, "EVP_PKEY_CTX_new");
OSSL_EVP_PKEY_CTX_new_id = (OSSL_EVP_PKEY_CTX_new_id_t *)find_crypto_symbol(crypto_library, "EVP_PKEY_CTX_new_id");
OSSL_EVP_PKEY_keygen_init = (OSSL_EVP_PKEY_keygen_init_t *)find_crypto_symbol(crypto_library, "EVP_PKEY_keygen_init");
OSSL_EVP_PKEY_keygen = (OSSL_EVP_PKEY_keygen_t *)find_crypto_symbol(crypto_library, "EVP_PKEY_keygen");
OSSL_EVP_PKEY_CTX_free = (OSSL_EVP_PKEY_CTX_free_t *)find_crypto_symbol(crypto_library, "EVP_PKEY_CTX_free");
OSSL_EVP_PKEY_get_raw_private_key = (OSSL_EVP_PKEY_get_raw_private_key_t *)find_crypto_symbol(crypto_library, "EVP_PKEY_get_raw_private_key");
OSSL_EVP_PKEY_get_raw_public_key = (OSSL_EVP_PKEY_get_raw_public_key_t *)find_crypto_symbol(crypto_library, "EVP_PKEY_get_raw_public_key");
OSSL_EVP_PKEY_new_raw_private_key = (OSSL_EVP_PKEY_new_raw_private_key_t *)find_crypto_symbol(crypto_library, "EVP_PKEY_new_raw_private_key");
OSSL_EVP_PKEY_new_raw_public_key = (OSSL_EVP_PKEY_new_raw_public_key_t *)find_crypto_symbol(crypto_library, "EVP_PKEY_new_raw_public_key");
OSSL_EVP_PKEY_derive_init = (OSSL_EVP_PKEY_derive_init_t *)find_crypto_symbol(crypto_library, "EVP_PKEY_derive_init");
OSSL_EVP_PKEY_derive_set_peer = (OSSL_EVP_PKEY_derive_set_peer_t *)find_crypto_symbol(crypto_library, "EVP_PKEY_derive_set_peer");
OSSL_EVP_PKEY_derive = (OSSL_EVP_PKEY_derive_t *)find_crypto_symbol(crypto_library, "EVP_PKEY_derive");
OSSL_EVP_PKEY_free = (OSSL_EVP_PKEY_free_t *)find_crypto_symbol(crypto_library, "EVP_PKEY_free");
} else {
OSSL_EVP_PKEY_CTX_new = NULL;
OSSL_EVP_PKEY_CTX_new_id = NULL;
OSSL_EVP_PKEY_keygen_init = NULL;
OSSL_EVP_PKEY_keygen = NULL;
OSSL_EVP_PKEY_CTX_free = NULL;
OSSL_EVP_PKEY_get_raw_private_key = NULL;
OSSL_EVP_PKEY_get_raw_public_key = NULL;
OSSL_EVP_PKEY_new_raw_private_key = NULL;
OSSL_EVP_PKEY_new_raw_public_key = NULL;
OSSL_EVP_PKEY_derive_init = NULL;
OSSL_EVP_PKEY_derive_set_peer = NULL;
OSSL_EVP_PKEY_derive = NULL;
OSSL_EVP_PKEY_free = NULL;
}

/* Load the functions symbols for OpenSSL PBE algorithm. */
OSSL_PKCS12_key_gen = (OSSL_PKCS12_key_gen_t*)find_crypto_symbol(crypto_library, "PKCS12_key_gen_uni");

Expand Down Expand Up @@ -596,6 +657,21 @@ JNIEXPORT jlong JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_loadCrypto
(NULL == OSSL_EC_KEY_set_public_key) ||
(NULL == OSSL_EC_KEY_check_key) ||
(NULL == OSSL_PKCS12_key_gen) ||
/* Check symbols that are only available in OpenSSL 1.1.1 and above. */
((ossl_ver >= OPENSSL_VERSION_1_1_1) &&
((NULL == OSSL_EVP_PKEY_get_raw_private_key) ||
(NULL == OSSL_EVP_PKEY_get_raw_public_key) ||
(NULL == OSSL_EVP_PKEY_new_raw_private_key) ||
(NULL == OSSL_EVP_PKEY_new_raw_public_key) ||
(NULL == OSSL_EVP_PKEY_CTX_new) ||
(NULL == OSSL_EVP_PKEY_CTX_new_id) ||
(NULL == OSSL_EVP_PKEY_keygen_init) ||
(NULL == OSSL_EVP_PKEY_keygen) ||
(NULL == OSSL_EVP_PKEY_CTX_free) ||
(NULL == OSSL_EVP_PKEY_derive_init) ||
(NULL == OSSL_EVP_PKEY_derive_set_peer) ||
(NULL == OSSL_EVP_PKEY_derive) ||
(NULL == OSSL_EVP_PKEY_free))) ||
/* Check symbols that are only available in OpenSSL 1.1.x and above */
((ossl_ver >= OPENSSL_VERSION_1_1_0) && ((NULL == OSSL_chacha20) || (NULL == OSSL_chacha20_poly1305))) ||
/* Check symbols that are only available in OpenSSL 1.0.x and above */
Expand All @@ -604,10 +680,11 @@ JNIEXPORT jlong JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_loadCrypto
((NULL == OSSL_OPENSSL_malloc) && (ossl_ver < OPENSSL_VERSION_1_1_0)) ||
((NULL == OSSL_OPENSSL_free) && (ossl_ver < OPENSSL_VERSION_1_1_0)) ||
((NULL == OSSL_CRYPTO_THREADID_set_callback) && (ossl_ver < OPENSSL_VERSION_1_1_0)) ||
((NULL == OSSL_CRYPTO_set_locking_callback) && (ossl_ver < OPENSSL_VERSION_1_1_0))) {
if (trace) {
fprintf(stderr, "Error loading OpenSSL: One or more of the required symbols are missing in the crypto library: %s\n", openssl_version);
}
((NULL == OSSL_CRYPTO_set_locking_callback) && (ossl_ver < OPENSSL_VERSION_1_1_0))
) {
if (trace) {
fprintf(stderr, "Error loading OpenSSL: One or more of the required symbols are missing in the crypto library: %s\n", openssl_version);
}
unload_crypto_library(crypto_library);
crypto_library = NULL;
return -1;
Expand Down Expand Up @@ -3054,3 +3131,163 @@ Java_jdk_crypto_jniprovider_NativeCrypto_PBEDerive

return ret;
}

/* Create a pair of private and public keys for XDH Key Agreement.
*
* Class: jdk_crypto_jniprovider_NativeCrypto
* Method: XDHCreateKeys
* Signature: ([BI[BII)I
*/
JNIEXPORT jint JNICALL
Java_jdk_crypto_jniprovider_NativeCrypto_XDHCreateKeys
(JNIEnv *env, jclass obj, jbyteArray privateKey, jint privateKeyLength, jbyteArray publicKey, jint publicKeyLength, jint curveType)
{
jint ret = -1;

EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;

size_t priv_len = (size_t)privateKeyLength;
size_t pub_len = (size_t)publicKeyLength;

unsigned char *privateKeyArray = NULL;
unsigned char *publicKeyArray = NULL;

// Create PKEY (public/private pair) based on curve type (X25519 or X448)
pctx = (*OSSL_EVP_PKEY_CTX_new_id)(curveType, NULL);

if (NULL == pctx) {
goto cleanup;
}

(*OSSL_EVP_PKEY_keygen_init)(pctx);
(*OSSL_EVP_PKEY_keygen)(pctx, &pkey);

if (NULL == pkey) {
goto cleanup;
}

// Separate private and public and store into arrays
privateKeyArray = (unsigned char *)((*env)->GetPrimitiveArrayCritical(env, privateKey, 0));
if (NULL == privateKeyArray) {
goto cleanup;
}
publicKeyArray = (unsigned char *)((*env)->GetPrimitiveArrayCritical(env, publicKey, 0));
if (NULL == publicKeyArray) {
goto cleanup;
}

if (0 >= (*OSSL_EVP_PKEY_get_raw_private_key)(pkey, privateKeyArray, &priv_len)) {
goto cleanup;
}
if (0 >= (*OSSL_EVP_PKEY_get_raw_public_key)(pkey, publicKeyArray, &pub_len)) {
goto cleanup;
}

ret = 0;

cleanup:
if (NULL != publicKeyArray) {
(*env)->ReleasePrimitiveArrayCritical(env, publicKey, publicKeyArray, 0);
}
if (NULL != privateKeyArray) {
(*env)->ReleasePrimitiveArrayCritical(env, privateKey, privateKeyArray, 0);
}
if (NULL != pkey) {
(*OSSL_EVP_PKEY_free)(pkey);
}
if (NULL != pctx) {
(*OSSL_EVP_PKEY_CTX_free)(pctx);
}
return ret;
}

/* XDH key agreement, derive shared secret key.
*
* Class: jdk_crypto_jniprovider_NativeCrypto
* Method: XDHGenerateSecret
* Signature: ([BI[BI[BII)I
*/
JNIEXPORT jint JNICALL
Java_jdk_crypto_jniprovider_NativeCrypto_XDHGenerateSecret
(JNIEnv *env, jclass obj, jbyteArray privateKey, jint privateKeyLength, jbyteArray publicKey, jint publicKeyLength, jbyteArray sharedKey, jint sharedKeyLength, jint curveType)
{
jint ret = -1;

EVP_PKEY_CTX *pctx = NULL;

EVP_PKEY *pkey = NULL;
EVP_PKEY *peerkey = NULL;

size_t skeylen = (size_t)sharedKeyLength;
size_t privateKey_len = (size_t)privateKeyLength;
size_t publicKey_len = (size_t)publicKeyLength;

unsigned char *privateKeyArray = NULL;
unsigned char *publicKeyArray = NULL;
unsigned char *sharedKeyArray = NULL;

privateKeyArray = (unsigned char *)((*env)->GetPrimitiveArrayCritical(env, privateKey, 0));
if (NULL == privateKeyArray) {
goto cleanup;
}
publicKeyArray = (unsigned char *)((*env)->GetPrimitiveArrayCritical(env, publicKey, 0));
if (NULL == publicKeyArray) {
goto cleanup;
}

// Setup EVP_PKEY instances for user private and peer public keys
pkey = (*OSSL_EVP_PKEY_new_raw_private_key)(curveType, NULL, privateKeyArray, privateKey_len);
peerkey = (*OSSL_EVP_PKEY_new_raw_public_key)(curveType, NULL, publicKeyArray, publicKey_len);

if ((NULL == pkey) || (NULL == peerkey)) {
goto cleanup;
}

// Create key agreement context
pctx = (*OSSL_EVP_PKEY_CTX_new)(pkey, NULL);
if (NULL == pctx) {
goto cleanup;
}

// Initialize with user private key
if (0 >= (*OSSL_EVP_PKEY_derive_init)(pctx)) {
goto cleanup;
}

// Set peer's public key
if (0 >= (*OSSL_EVP_PKEY_derive_set_peer)(pctx, peerkey)) {
goto cleanup;
}

// Derive shared secret and save in sharedKeyArray
sharedKeyArray = (unsigned char *)((*env)->GetPrimitiveArrayCritical(env, sharedKey, 0));
if (NULL == sharedKeyArray) {
goto cleanup;
}
if (0 >= (*OSSL_EVP_PKEY_derive)(pctx, sharedKeyArray, &skeylen)) {
goto cleanup;
}

ret = 0;
cleanup:
if (NULL != sharedKeyArray) {
(*env)->ReleasePrimitiveArrayCritical(env, sharedKey, sharedKeyArray, 0);
}
if (NULL != pctx) {
(*OSSL_EVP_PKEY_CTX_free)(pctx);
}
if (NULL != peerkey) {
(*OSSL_EVP_PKEY_free)(peerkey);
}
if (NULL != pkey) {
(*OSSL_EVP_PKEY_free)(pkey);
}
if (NULL != publicKeyArray) {
(*env)->ReleasePrimitiveArrayCritical(env, publicKey, publicKeyArray, 0);
}
if (NULL != privateKeyArray) {
(*env)->ReleasePrimitiveArrayCritical(env, privateKey, privateKeyArray, 0);
}
return ret;
}
Loading

0 comments on commit b57347e

Please sign in to comment.