I3RX5F: Add kaeEngine to rsa

add-kaeEngine-to-rsa.patch

@@ -0,0 +1,106 @@
+commit ab97dd8f89c5a3ce17b9d90bc8ae2e407c450012
+Author: Noah <hedongbo@huawei.com>
+Date:   Wed May 19 09:38:34 2021 +0800
+
+    I3RWVC: Add kaeEngine to rsa
+
+diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c
+index 3fbacf77..cbab7bdb 100644
+--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c
++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_cipher_rsa.c
+@@ -28,6 +28,8 @@
+ #include "kae_exception.h"
+ #include "org_openeuler_security_openssl_KAERSACipher.h"
+ 
++static ENGINE* kaeEngine = NULL;
++
+ typedef int RSACryptOperation(int, const unsigned char*, unsigned char*, RSA*, int);
+ 
+ typedef int EvpPkeyCryptOperation(EVP_PKEY_CTX*, unsigned char*, size_t*, const unsigned char*, size_t);
+@@ -171,12 +173,13 @@ static int RSACryptOAEPPadding(JNIEnv* env, jlong keyAddress, jint inLen, jbyteA
+     // outLen type should be size_t
+     // EVP_PKEY_encrypt takes the outLen address as a parameter, and the parameter type is size_t*
+     size_t outLen = 0;
++    kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine;
+ 
+     EVP_PKEY* pkey = (EVP_PKEY*) keyAddress;
+ 
+     // new ctx
+     // rsa encrypt/decrypt init
+-    if ((pkeyCtx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL || cryptInitOperation(pkeyCtx) <= 0) {
++    if ((pkeyCtx = EVP_PKEY_CTX_new(pkey, kaeEngine)) == NULL || cryptInitOperation(pkeyCtx) <= 0) {
+         KAE_ThrowFromOpenssl(env, pkeyCtx == NULL ? "EVP_PKEY_CTX_new" : cryptInitName, KAE_ThrowInvalidKeyException);
+         goto cleanup;
+     }
+@@ -192,8 +195,7 @@ static int RSACryptOAEPPadding(JNIEnv* env, jlong keyAddress, jint inLen, jbyteA
+      * set rsa mgf1 md
+      * set rsa oaep md
+      */
+-    if(!SetRSAPadding(env, pkeyCtx, paddingType) ||
+-       !SetRSAMgf1Md(env, pkeyCtx, mgf1MdAlgoUTF) ||
++    if(!SetRSAPadding(env, pkeyCtx, paddingType) || !SetRSAMgf1Md(env, pkeyCtx, mgf1MdAlgoUTF) ||
+        !SetRSAOaepMd(env, pkeyCtx, oaepMdAlgoUTF)) {
+         goto cleanup;
+     }
+@@ -267,6 +269,7 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC
+     BIGNUM* bnIQMP = NULL;
+     RSA* rsa = NULL;
+     EVP_PKEY* pkey = NULL;
++    kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine;
+ 
+     // convert to big num
+     if ((bnN = KAE_GetBigNumFromByteArray(env, n)) == NULL ||
+@@ -288,9 +291,9 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC
+     }
+ 
+     // new rsa
+-    rsa = RSA_new();
++    rsa = RSA_new_method(kaeEngine);
+     if (rsa == NULL) {
+-        KAE_ThrowFromOpenssl(env, "RSA_new", KAE_ThrowRuntimeException);
++        KAE_ThrowFromOpenssl(env, "RSA_new_method", KAE_ThrowRuntimeException);
+         goto cleanup;
+     }
+ 
+@@ -328,6 +331,7 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC
+     BIGNUM* bnE = NULL;
+     RSA* rsa = NULL;
+     EVP_PKEY* pkey = NULL;
++    kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine;
+ 
+     // get public key param n
+     bnN = KAE_GetBigNumFromByteArray(env, n);
+@@ -341,10 +345,10 @@ JNIEXPORT jlong JNICALL Java_org_openeuler_security_openssl_KAERSACipher_nativeC
+         goto cleanup;
+     }
+ 
+-    // new RSA
+-    rsa = RSA_new();
++    // new rsa
++    rsa = RSA_new_method(kaeEngine);
+     if (rsa == NULL) {
+-        KAE_ThrowFromOpenssl(env, "RSA_new", KAE_ThrowRuntimeException);
++        KAE_ThrowFromOpenssl(env, "RSA_new_method", KAE_ThrowRuntimeException);
+         goto cleanup;
+     }
+ 
+diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c
+index ddbc2958..de724593 100644
+--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c
++++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c
+@@ -65,10 +65,12 @@ static const BIGNUM* (* GetRSAParamFunctionList[])(const RSA*) = {
+  * step 3.Generate rsa key, and all key information is stored in RSA
+  */
+ static RSA* NewRSA(JNIEnv* env, jint keySize, jbyteArray publicExponent) {
+-    // RSA_new
+-    RSA* rsa = RSA_new();
++    static ENGINE* kaeEngine = NULL;
++    kaeEngine = (kaeEngine == NULL) ? GetKaeEngine() : kaeEngine;
++    // new rsa
++    RSA* rsa = RSA_new_method(kaeEngine);
+     if (rsa == NULL) {
+-        KAE_ThrowFromOpenssl(env, "RSA_new", KAE_ThrowRuntimeException);
++        KAE_ThrowFromOpenssl(env, "RSA_new_method", KAE_ThrowRuntimeException);
+         return NULL;
+     }
+ 

java-1.8.0-openjdk.spec

@@ -921,7 +921,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r
 
 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}.%{buildver}
-Release: 18
+Release: 19
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@@ -1096,6 +1096,7 @@ Patch167: fix-BoxTypeCachedMax-build-failure-when-jvm-variants.patch
 Patch168: fix-windows-compile-fail.patch
 Patch169: Code-style-fix.patch
 Patch170: kae-phase2.patch
+Patch171: add-kaeEngine-to-rsa.patch
 
 #############################################
 #
@@ -1540,6 +1541,7 @@ pushd %{top_level_dir_name}
 %patch168 -p1
 %patch169 -p1
 %patch170 -p1
+%patch171 -p1
 
 popd
 
@@ -2157,6 +2159,9 @@ require "copy_jdk_configs.lua"
 %endif
 
 %changelog
+* Wed May 19 2021 Noah <hedongbo@huawei.com> - 1:1.8.0.282-b08.19
+- add add-kaeEngine-to-rsa.patch
+
 * Mon May 17 2021 Noah <hedongbo@huawei.com> - 1:1.8.0.282-b08.18
 - add kae-phase2.patch