I3UR1Y: improve algorithm Constraints and check Algorithm performance

2021-06-08 09:24:04 +08:00 · 2021-06-08 09:24:04 +08:00 · d4c77069ce
commit d4c77069ce
parent a038af3879
2 changed files with 141 additions and 2 deletions
--- a/improve_algorithmConstraints_checkAlgorithm_performance.patch
+++ b/improve_algorithmConstraints_checkAlgorithm_performance.patch
@ -0,0 +1,134 @@
+diff --git a/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java b/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
+index 944958de4..5c7602925 100644
+--- a/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
+++ b/jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
+@@ -77,34 +77,26 @@ public abstract class AbstractAlgorithmConstraints
+         return new ArrayList<>(Arrays.asList(algorithmsInProperty));
+     }
+ 
+-    static boolean checkAlgorithm(List<String> algorithms, String algorithm,
+    static boolean checkAlgorithm(Set<String> algorithms, String algorithm,
+             AlgorithmDecomposer decomposer) {
+         if (algorithm == null || algorithm.length() == 0) {
+             throw new IllegalArgumentException("No algorithm name specified");
+         }
+ 
+         Set<String> elements = null;
+-        for (String item : algorithms) {
+-            if (item == null || item.isEmpty()) {
+-                continue;
+-            }
+        if (algorithms.contains(algorithm.toLowerCase())) {
+            return false;
+        }
+ 
+-            // check the full name
+-            if (item.equalsIgnoreCase(algorithm)) {
+        // decompose the algorithm into sub-elements
+        if (elements == null) {
+            elements = decomposer.decompose(algorithm);
+        }
+        // check the element of the elements
+        for (String element : elements) {
+            if (algorithms.contains(element.toLowerCase())) {
+                 return false;
+             }
+-
+-            // decompose the algorithm into sub-elements
+-            if (elements == null) {
+-                elements = decomposer.decompose(algorithm);
+-            }
+-
+-            // check the items of the algorithm
+-            for (String element : elements) {
+-                if (item.equalsIgnoreCase(element)) {
+-                    return false;
+-                }
+-            }
+         }
+ 
+         return true;
+diff --git a/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java b/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
+index 51e625632..6ff26bf2f 100644
+--- a/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
+++ b/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
+@@ -96,7 +96,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
+             new DisabledAlgorithmConstraints(PROPERTY_JAR_DISABLED_ALGS);
+     }
+ 
+-    private final List<String> disabledAlgorithms;
+    private final Set<String> disabledAlgorithms;
+     private final Constraints algorithmConstraints;
+ 
+     public static DisabledAlgorithmConstraints certPathConstraints() {
+@@ -128,11 +128,11 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
+     public DisabledAlgorithmConstraints(String propertyName,
+             AlgorithmDecomposer decomposer) {
+         super(decomposer);
+-        disabledAlgorithms = getAlgorithms(propertyName);
+        List<String> disabledAlgorithmsList = getAlgorithms(propertyName);
+ 
+         // Check for alias
+         int ecindex = -1, i = 0;
+-        for (String s : disabledAlgorithms) {
+        for (String s : disabledAlgorithmsList) {
+             if (s.regionMatches(true, 0,"include ", 0, 8)) {
+                 if (s.regionMatches(true, 8, PROPERTY_DISABLED_EC_CURVES, 0,
+                         PROPERTY_DISABLED_EC_CURVES.length())) {
+@@ -143,11 +143,19 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
+             i++;
+         }
+         if (ecindex > -1) {
+-            disabledAlgorithms.remove(ecindex);
+-            disabledAlgorithms.addAll(ecindex,
+            disabledAlgorithmsList.remove(ecindex);
+            disabledAlgorithmsList.addAll(ecindex,
+                     getAlgorithms(PROPERTY_DISABLED_EC_CURVES));
+         }
+-        algorithmConstraints = new Constraints(propertyName, disabledAlgorithms);
+        algorithmConstraints = new Constraints(propertyName, disabledAlgorithmsList);
+
+        disabledAlgorithms = new HashSet<String>();
+        for (String algorithm : disabledAlgorithmsList) {
+            if (algorithm == null || algorithm.isEmpty()) {
+                continue;
+            }
+            disabledAlgorithms.add(algorithm.toLowerCase());
+        }
+     }
+ 
+     /*
+diff --git a/jdk/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java b/jdk/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
+index 4e7502fb5..01d0447ab 100644
+--- a/jdk/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
+++ b/jdk/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
+@@ -28,6 +28,7 @@ package sun.security.util;
+ import java.security.AlgorithmParameters;
+ import java.security.CryptoPrimitive;
+ import java.security.Key;
+import java.util.HashSet;
+ import java.util.List;
+ import java.util.Set;
+ 
+@@ -40,12 +41,19 @@ public class LegacyAlgorithmConstraints extends AbstractAlgorithmConstraints {
+     public final static String PROPERTY_TLS_LEGACY_ALGS =
+             "jdk.tls.legacyAlgorithms";
+ 
+-    private final List<String> legacyAlgorithms;
+    private final Set<String> legacyAlgorithms;
+ 
+     public LegacyAlgorithmConstraints(String propertyName,
+             AlgorithmDecomposer decomposer) {
+         super(decomposer);
+-        legacyAlgorithms = getAlgorithms(propertyName);
+        List<String> legacyAlgorithmsList = getAlgorithms(propertyName);
+        legacyAlgorithms = new HashSet<String>();
+        for (String algorithm : legacyAlgorithmsList) {
+            if (algorithm == null || algorithm.isEmpty()) {
+                continue;
+            }
+            legacyAlgorithms.add(algorithm.toLowerCase());
+        }
+     }
+ 
+     @Override
--- a/openjdk-1.8.0.spec
+++ b/openjdk-1.8.0.spec
@ -918,7 +918,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r

 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}.%{buildver}
-Release: 6
+Release: 7
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@ -1103,6 +1103,7 @@ Patch189: 8266187_Memory_leak_in_appendBootClassPath.patch
 Patch190: 8266929_huawei_add_oid_mapping_common_sig_types.patch
 Patch191: 8264640.patch
 Patch192: add_kae_implementation_add_default_conf_file.patch
+Patch193: improve_algorithmConstraints_checkAlgorithm_performance.patch

 #############################################
 #
@ -1555,6 +1556,7 @@ pushd %{top_level_dir_name}
 %patch190 -p1
 %patch191 -p1
 %patch192 -p1
+%patch193 -p1

 popd

@ -2172,7 +2174,10 @@ require "copy_jdk_configs.lua"
 %endif

 %changelog
-* Mon Jun 27 2021 kuenking111 <wangkun49@huawei.com> - 1:1.8.0.292-b10.6
+* Tue Jun 8 2021 kuenking111 <wangkun49@huawei.com> - 1:1.8.0.292-b10.7
+- add improve_algorithmConstraints_checkAlgorithm_performance.patch
+
+* Mon Jun 7 2021 kuenking111 <wangkun49@huawei.com> - 1:1.8.0.292-b10.6
 - add add_kae_implementation_add_default_conf_file.patch

 * Fri Jun 4 2021 hedongbo <hedongbo@huawei.com> - 1:1.8.0.292-b10.5