openjdk-1.8.0/add-fix-lock_fd-no-close-and-improve-KAEProvider.patch

From eb4284c06d643ec1204a922ccc06970331055bc4 Mon Sep 17 00:00:00 2001
Date: Thu, 21 Sep 2023 15:23:38 +0800
Subject: add fix-lock_fd-no-close-and-improve-KAEProvider

---
 hotspot/src/share/vm/memory/filemap.cpp       | 21 +++++++++++++++++++
 hotspot/src/share/vm/memory/filemap.hpp       |  2 ++
 .../src/share/vm/memory/metaspaceShared.cpp   |  4 ++++
 hotspot/src/share/vm/prims/unsafe.cpp         |  1 +
 .../security/openssl/KAESM4Cipher.java        |  6 ++++--
 .../security/openssl/kae_keyagreement_dh.c    |  6 ++++--
 .../security/openssl/kae_keyagreement_ecdh.c  |  7 ++++---
 .../security/openssl/kae_symmetric_cipher.c   | 11 ++++++----
 8 files changed, 47 insertions(+), 11 deletions(-)

diff --git a/hotspot/src/share/vm/memory/filemap.cpp b/hotspot/src/share/vm/memory/filemap.cpp
index 0d217078a..166fe2b80 100644
--- a/hotspot/src/share/vm/memory/filemap.cpp
+++ b/hotspot/src/share/vm/memory/filemap.cpp
@@ -181,6 +181,18 @@ FileMapInfo::~FileMapInfo() {
     _file_open = false;
     _fd = -1;
   }
+
+  if (DumpSharedSpaces && UseAppCDS && AppCDSLockFile != NULL) {
+    // delete appcds.lock 
+    if (_lock_file_open) {
+      if (::close(_lock_fd) < 0) {
+        fail_stop("Unable to close the lock file.");
+      }
+      _lock_file_open = false;
+      _lock_fd = -1;
+    }
+    remove(_appcds_file_lock_path);
+  }
 }
 
 void FileMapInfo::populate_header(size_t alignment) {
@@ -606,6 +618,8 @@ void FileMapInfo::open_for_write() {
                       "2. You have the permission.\n 3. Make sure no other process using the same lock file.\n");
         fail_stop("Failed to create appcds lock file, the lock path is: %s.", _appcds_file_lock_path);
       }
+      _lock_fd = lock_fd;
+      _lock_file_open = true;
       tty->print_cr("You are using file lock %s in concurrent mode", AppCDSLockFile);
     }
 #endif
@@ -772,6 +786,13 @@ void FileMapInfo::write_bytes_aligned(const void* buffer, int nbytes) {
 
 void FileMapInfo::close() {
   if (UseAppCDS && AppCDSLockFile != NULL) {
+    if (_lock_file_open) {
+      if (::close(_lock_fd) < 0) {
+        fail_stop("Unable to close the lock file.");
+      }
+      _lock_file_open = false;
+      _lock_fd = -1;
+    }
     // delete appcds.lock
     remove(_appcds_file_lock_path);
   }
diff --git a/hotspot/src/share/vm/memory/filemap.hpp b/hotspot/src/share/vm/memory/filemap.hpp
index debfb5049..f6cf43a64 100644
--- a/hotspot/src/share/vm/memory/filemap.hpp
+++ b/hotspot/src/share/vm/memory/filemap.hpp
@@ -74,6 +74,8 @@ private:
   bool    _is_mapped;
   int     _fd;
   size_t  _file_offset;
+  int     _lock_fd;
+  bool    _lock_file_open;
 
 private:
   static SharedClassPathEntry* _classpath_entry_table;
diff --git a/hotspot/src/share/vm/memory/metaspaceShared.cpp b/hotspot/src/share/vm/memory/metaspaceShared.cpp
index e6bd39d85..eea79cc09 100644
--- a/hotspot/src/share/vm/memory/metaspaceShared.cpp
+++ b/hotspot/src/share/vm/memory/metaspaceShared.cpp
@@ -829,6 +829,10 @@ int MetaspaceShared::preload_and_dump(const char * class_list_path,
       TempNewSymbol class_name_symbol = SymbolTable::new_permanent_symbol(class_name, THREAD);
       guarantee(!HAS_PENDING_EXCEPTION, "Exception creating a symbol.");
 
+      // If preload_and_dump has anonymous class failed ,pls del this class_name in classlist
+      if (TraceClassLoading) {
+        tty->print_cr("preload_and_dump start: %s", class_name);
+      }
       Handle loader = UseAppCDS ? SystemDictionary::java_system_loader() : Handle();
       Klass* klass = SystemDictionary::resolve_or_null(class_name_symbol,
                                                        loader,
diff --git a/hotspot/src/share/vm/prims/unsafe.cpp b/hotspot/src/share/vm/prims/unsafe.cpp
index fa3e46782..d6c33dd33 100644
--- a/hotspot/src/share/vm/prims/unsafe.cpp
+++ b/hotspot/src/share/vm/prims/unsafe.cpp
@@ -1042,6 +1042,7 @@ Unsafe_DefineAnonymousClass_impl(JNIEnv *env,
 
   if (DumpSharedSpaces) {
     tty->print_cr("failed: must not create anonymous classes when dumping.");
+    tty->print_cr("Please delete the last class_name prefixed with \"preload_and_dump start\" from -XX:SharedClassListFile to avoid anonymous classes.");
     JVM_Halt(0);
   }
 
diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAESM4Cipher.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAESM4Cipher.java
index cca619e1a..830f058e3 100644
--- a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAESM4Cipher.java
+++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAESM4Cipher.java
@@ -356,8 +356,10 @@ abstract class KAESM4Cipher extends KAESymmetricCipherBase {
             throw new InvalidAlgorithmParameterException("Wrong IV length: iv is null ");
         }
         if (mode == Mode.CTR) {
-            if (ivBytes.length < 8) {
-                throw new InvalidAlgorithmParameterException("Wrong IV length: CTR mode requires IV of at least: 8 bytes.");
+            // For compatibility, SM4 CTR allows 8 < IV < blockSize, the remaining bytes will be filled with 0 in engineInit 
+            if (ivBytes.length < 8 || ivBytes.length > blockSize) {
+                throw new InvalidAlgorithmParameterException("Wrong IV length: CTR mode requires IV of at least" +
+                    "8 bytes, and no greater than " + blockSize + "bytes");
             }
             return;
         }
diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_dh.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_dh.c
index d8d2ee7cb..74af15a51 100644
--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_dh.c
+++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_dh.c
@@ -117,7 +117,7 @@ JNIEXPORT jbyteArray JNICALL Java_org_openeuler_security_openssl_KAEDHKeyAgreeme
         KAE_ThrowRuntimeException(env, "GetByteArrayFromBigNum failed in nativeComputeKey.");
         goto cleanup;
     }
-    KAE_TRACE("Java_org_openeuler_security_openssl_KAEDHKeyAgreement_nativeGenerateSecret finished!");
+    KAE_TRACE("Java_org_openeuler_security_openssl_KAEDHKeyAgreement_nativeComputeKey finished!");
 
 cleanup:
     if (dh != NULL)
@@ -130,8 +130,10 @@ cleanup:
         KAE_ReleaseBigNumFromByteArray(p_bn);
     if (g_bn != NULL)
         KAE_ReleaseBigNumFromByteArray(g_bn);
-    if (secret != NULL)
+    if (secret != NULL) {
+        memset(secret, 0, pSizeInByte);
         free(secret);
+    }
     if (computeKeyRetBn != NULL)
         BN_free(computeKeyRetBn);
 
diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_ecdh.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_ecdh.c
index 5fc4d68fd..877a915f0 100644
--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_ecdh.c
+++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keyagreement_ecdh.c
@@ -30,7 +30,7 @@
 #include "org_openeuler_security_openssl_KAEECDHKeyAgreement.h"
 
 static void FreeGenerateSecretParam(BIGNUM* s, BIGNUM* wX, BIGNUM* wY,
-    EC_POINT* pub, EC_KEY* eckey, EC_GROUP* group, unsigned char* shareKey)
+    EC_POINT* pub, EC_KEY* eckey, EC_GROUP* group, unsigned char* shareKey, int shareKeyLen)
 {
     KAE_ReleaseBigNumFromByteArray(s);
     KAE_ReleaseBigNumFromByteArray(wX);
@@ -45,6 +45,7 @@ static void FreeGenerateSecretParam(BIGNUM* s, BIGNUM* wX, BIGNUM* wY,
         EC_GROUP_free(group);
     }
     if (shareKey != NULL) {
+        memset(shareKey, 0, shareKeyLen);
         free(shareKey);
     }
 }
@@ -106,10 +107,10 @@ JNIEXPORT jbyteArray JNICALL Java_org_openeuler_security_openssl_KAEECDHKeyAgree
         goto cleanup;
     }
     (*env)->SetByteArrayRegion(env, javaBytes, 0, expectSecretLen, (jbyte*)shareKey);
-    FreeGenerateSecretParam(s, wX, wY, pub, eckey, group, shareKey);
+    FreeGenerateSecretParam(s, wX, wY, pub, eckey, group, shareKey, expectSecretLen);
     return javaBytes;
 
 cleanup:
-    FreeGenerateSecretParam(s, wX, wY, pub, eckey, group, shareKey);
+    FreeGenerateSecretParam(s, wX, wY, pub, eckey, group, shareKey, expectSecretLen);
     return NULL;
 }
diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c
index 43f6326b2..ec8894f1a 100644
--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c
+++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c
@@ -119,13 +119,15 @@ static const EVP_CIPHER* EVPGetAesCipherByName(JNIEnv* env, const char* algo)
     }
 }
 
-void FreeMemoryFromInit(JNIEnv* env, jbyteArray iv, jbyte* ivBytes, jbyteArray key, jbyte* keyBytes)
+void FreeMemoryFromInit(JNIEnv* env, jbyteArray iv, jbyte* ivBytes, jbyteArray key, jbyte* keyBytes,
+    int keyLength)
 {
     if (ivBytes != NULL) {
         (*env)->ReleaseByteArrayElements(env, iv, ivBytes, 0);
     }
     if (keyBytes != NULL) {
-        (*env)->ReleaseByteArrayElements(env, key, keyBytes, 0);
+        memset(keyBytes, 0, keyLength);
+        (*env)->ReleaseByteArrayElements(env, key, keyBytes, JNI_ABORT);
     }
 }
 
@@ -143,6 +145,7 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en
     jbyte* ivBytes = NULL;
     const EVP_CIPHER* cipher = NULL;
     ENGINE* kaeEngine = NULL;
+    int keyLength = (*env)->GetArrayLength(env, key);
 
     const char* algo = (*env)->GetStringUTFChars(env, cipherType, 0);
     if (StartsWith("aes", algo)) {
@@ -180,14 +183,14 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en
 
     EVP_CIPHER_CTX_set_padding(ctx, padding ? 1 : 0);
 
-    FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes);
+    FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes, keyLength);
     return (jlong)ctx;
 
 cleanup:
     if (ctx != NULL) {
         EVP_CIPHER_CTX_free(ctx);
     }
-    FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes);
+    FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes, keyLength);
     return 0;
 }
 
-- 
2.22.0