!160 I3UR1Y: improve algorithm Constraints and check Algorithm performance

From: @kuenking111 Reviewed-by: @jvmboy Signed-off-by: @jvmboy
2021-06-08 10:28:50 +08:00 · 2021-06-08 10:28:50 +08:00 · 1846f3e621
commit 1846f3e621
parent a038af3879 d4c77069ce
2 changed files with 141 additions and 2 deletions
--- a/improve_algorithmConstraints_checkAlgorithm_performance.patch
+++ b/improve_algorithmConstraints_checkAlgorithm_performance.patch
@ -0,0 +1,134 @@
 diff --git a/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java b/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
 index 944958de4..5c7602925 100644
 --- a/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
 +++ b/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
@@ -77,34 +77,26 @@ public abstract class AbstractAlgorithmConstraints
         return new ArrayList<>(Arrays.asList(algorithmsInProperty));
     }
 -    static boolean checkAlgorithm(List<String> algorithms, String algorithm,
 +    static boolean checkAlgorithm(Set<String> algorithms, String algorithm,
             AlgorithmDecomposer decomposer) {
         if (algorithm == null || algorithm.length() == 0) {
             throw new IllegalArgumentException("No algorithm name specified");
         }
         Set<String> elements = null;
 -        for (String item : algorithms) {
 -            if (item == null || item.isEmpty()) {
 -                continue;
 -            }
 +        if (algorithms.contains(algorithm.toLowerCase())) {
 +            return false;
 +        }
 -            // check the full name
 -            if (item.equalsIgnoreCase(algorithm)) {
 +        // decompose the algorithm into sub-elements
 +        if (elements == null) {
 +            elements = decomposer.decompose(algorithm);
 +        }
 +        // check the element of the elements
 +        for (String element : elements) {
 +            if (algorithms.contains(element.toLowerCase())) {
                 return false;
             }
 -
 -            // decompose the algorithm into sub-elements
 -            if (elements == null) {
 -                elements = decomposer.decompose(algorithm);
 -            }
 -
 -            // check the items of the algorithm
 -            for (String element : elements) {
 -                if (item.equalsIgnoreCase(element)) {
 -                    return false;
 -                }
 -            }
         }
         return true;
 diff --git a/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java b/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
 index 51e625632..6ff26bf2f 100644
 --- a/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
 +++ b/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
@@ -96,7 +96,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
             new DisabledAlgorithmConstraints(PROPERTY_JAR_DISABLED_ALGS);
     }
 -    private final List<String> disabledAlgorithms;
 +    private final Set<String> disabledAlgorithms;
     private final Constraints algorithmConstraints;
     public static DisabledAlgorithmConstraints certPathConstraints() {
@@ -128,11 +128,11 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
     public DisabledAlgorithmConstraints(String propertyName,
             AlgorithmDecomposer decomposer) {
         super(decomposer);
 -        disabledAlgorithms = getAlgorithms(propertyName);
 +        List<String> disabledAlgorithmsList = getAlgorithms(propertyName);
         // Check for alias
         int ecindex = -1, i = 0;
 -        for (String s : disabledAlgorithms) {
 +        for (String s : disabledAlgorithmsList) {
             if (s.regionMatches(true, 0,"include ", 0, 8)) {
                 if (s.regionMatches(true, 8, PROPERTY_DISABLED_EC_CURVES, 0,
                         PROPERTY_DISABLED_EC_CURVES.length())) {
@@ -143,11 +143,19 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
             i++;
         }
         if (ecindex > -1) {
 -            disabledAlgorithms.remove(ecindex);
 -            disabledAlgorithms.addAll(ecindex,
 +            disabledAlgorithmsList.remove(ecindex);
 +            disabledAlgorithmsList.addAll(ecindex,
                     getAlgorithms(PROPERTY_DISABLED_EC_CURVES));
         }
 -        algorithmConstraints = new Constraints(propertyName, disabledAlgorithms);
 +        algorithmConstraints = new Constraints(propertyName, disabledAlgorithmsList);
 +
 +        disabledAlgorithms = new HashSet<String>();
 +        for (String algorithm : disabledAlgorithmsList) {
 +            if (algorithm == null || algorithm.isEmpty()) {
 +                continue;
 +            }
 +            disabledAlgorithms.add(algorithm.toLowerCase());
 +        }
     }
     /*
 diff --git a/jdk/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java b/jdk/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
 index 4e7502fb5..01d0447ab 100644
 --- a/jdk/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
 +++ b/jdk/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
@@ -28,6 +28,7 @@ package sun.security.util;
 import java.security.AlgorithmParameters;
 import java.security.CryptoPrimitive;
 import java.security.Key;
 +import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -40,12 +41,19 @@ public class LegacyAlgorithmConstraints extends AbstractAlgorithmConstraints {
     public final static String PROPERTY_TLS_LEGACY_ALGS =
             "jdk.tls.legacyAlgorithms";
 -    private final List<String> legacyAlgorithms;
 +    private final Set<String> legacyAlgorithms;
     public LegacyAlgorithmConstraints(String propertyName,
             AlgorithmDecomposer decomposer) {
         super(decomposer);
 -        legacyAlgorithms = getAlgorithms(propertyName);
 +        List<String> legacyAlgorithmsList = getAlgorithms(propertyName);
 +        legacyAlgorithms = new HashSet<String>();
 +        for (String algorithm : legacyAlgorithmsList) {
 +            if (algorithm == null || algorithm.isEmpty()) {
 +                continue;
 +            }
 +            legacyAlgorithms.add(algorithm.toLowerCase());
 +        }
     }
     @Override
--- a/openjdk-1.8.0.spec
+++ b/openjdk-1.8.0.spec
@ -918,7 +918,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r
 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}.%{buildver}
-Release: 6
+Release: 7
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@ -1103,6 +1103,7 @@ Patch189: 8266187_Memory_leak_in_appendBootClassPath.patch
 Patch190: 8266929_huawei_add_oid_mapping_common_sig_types.patch
 Patch191: 8264640.patch
 Patch192: add_kae_implementation_add_default_conf_file.patch
 Patch193: improve_algorithmConstraints_checkAlgorithm_performance.patch
 #############################################
 #
@ -1555,6 +1556,7 @@ pushd %{top_level_dir_name}
 %patch190 -p1
 %patch191 -p1
 %patch192 -p1
 %patch193 -p1
 popd
@ -2172,7 +2174,10 @@ require "copy_jdk_configs.lua"
 %endif
 %changelog
-* Mon Jun 27 2021 kuenking111 <wangkun49@huawei.com> - 1:1.8.0.292-b10.6
+* Tue Jun 8 2021 kuenking111 <wangkun49@huawei.com> - 1:1.8.0.292-b10.7
 - add improve_algorithmConstraints_checkAlgorithm_performance.patch
 * Mon Jun 7 2021 kuenking111 <wangkun49@huawei.com> - 1:1.8.0.292-b10.6
 - add add_kae_implementation_add_default_conf_file.patch
 * Fri Jun 4 2021 hedongbo <hedongbo@huawei.com> - 1:1.8.0.292-b10.5