Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add openssl version 3.0+ support for Linux platforms #499

Merged
merged 1 commit into from
Apr 19, 2022
Merged

Add openssl version 3.0+ support for Linux platforms #499

merged 1 commit into from
Apr 19, 2022

Conversation

WilburZjh
Copy link
Contributor

@WilburZjh WilburZjh commented Apr 11, 2022
edited by pshipton
Loading

@pshipton
Copy link
Member

Pls fix the copyright and line endings failures.

@pshipton pshipton requested a review from keithc-ca April 11, 2022 15:39
keithc-ca
keithc-ca requested changes Apr 11, 2022
View reviewed changes
closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java Outdated Show resolved Hide resolved
closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java Outdated Show resolved Hide resolved
closed/src/java.base/share/native/libjncrypto/NativeCrypto.c Outdated Show resolved Hide resolved
closed/src/java.base/share/native/libjncrypto/NativeCrypto.c Outdated Show resolved Hide resolved
closed/src/java.base/share/native/libjncrypto/NativeCrypto.c Outdated Show resolved Hide resolved
closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java Outdated Show resolved Hide resolved
closed/src/java.base/share/native/libjncrypto/NativeCrypto.c Outdated Show resolved Hide resolved
closed/src/java.base/unix/native/libjncrypto/NativeCrypto_md.c Outdated Show resolved Hide resolved
@keithc-ca
Copy link
Member

keithc-ca commented Apr 11, 2022
edited
Loading

The declaration in NativeCrypto_md.h must be updated:

#include <jni.h>

void * load_crypto_library(jboolean traceEnabled);

(This assumes the proposed change to NativeCrypto.loadCrypto().)

@WilburZjh WilburZjh force-pushed the opensslv3-support branch 2 times, most recently from a5eefa9 to 1ec09b8 Compare April 12, 2022 04:11
@pshipton pshipton mentioned this pull request Apr 12, 2022
Merged
@pshipton
Copy link
Member

pshipton commented Apr 12, 2022
edited
Loading

Manual testing on a machine (rhel8le-rt1-1) with openssl3 looks good.

jdk/bin/java -Djdk.nativeCryptoTrace=true CryptoTest
Attempt to load OpenSSL /lib64/libcrypto.so.3
Supported OpenSSL version: OpenSSL 3.0.1 14 Dec 2021
MessageDigest load - using Native crypto library.
NativeChaCha20Cipher load - using Native crypto library.
CipherCore Load - using native crypto library.
Crypto test COMPLETED

I'm also running the openjdk crypto/security tests I could find from sanity/extended on the same machine, /job/Grinder/22688.
testList TESTLIST=jdk11_tier1_cipher,jdk_security1,jdk_security2,jdk_security3,jdk_security4,jdk_security_infra

@pshipton
Copy link
Member

pshipton commented Apr 12, 2022
edited
Loading

Setting as draft since there is one failure (that occurred 4 times).

jdk_security2_0 -XX:+UseCompressedOops (also jdk_security2_1 -XX:-UseCompressedOops, and the same test runs in jdk11_tier1_cipher)

09:25:33  TEST: com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java
09:25:33  TEST JDK: /home/jenkins/workspace/Grinder/openjdkbinary/j2sdk-image
09:25:33  
09:25:33  ACTION: build -- Passed. Build successful
09:25:33  REASON: Named class compiled on demand
09:25:33  TIME:   0.173 seconds
09:25:33  messages:
09:25:33  command: build GCMParameterSpecTest
09:25:33  reason: Named class compiled on demand
09:25:33  Test directory:
09:25:33    compile: GCMParameterSpecTest
09:25:33  elapsed time (seconds): 0.173
09:25:33  
09:25:33  ACTION: compile -- Passed. Compilation successful
09:25:33  REASON: .class file out of date or does not exist
09:25:33  TIME:   0.173 seconds
09:25:33  messages:
09:25:33  command: compile /home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java
09:25:33  reason: .class file out of date or does not exist
09:25:33  Mode: agentvm
09:25:33  Agent id: 2
09:25:33  elapsed time (seconds): 0.173
09:25:33  configuration:
09:25:33  Boot Layer (javac runtime environment)
09:25:33    class path: /home/jenkins/workspace/Grinder/jvmtest/openjdk/jtreg/lib/javatest.jar 
09:25:33                /home/jenkins/workspace/Grinder/jvmtest/openjdk/jtreg/lib/jtreg.jar 
09:25:33    patch:      java.base /home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/patches/java.base
09:25:33  
09:25:33  javac compilation environment
09:25:33    source path: /home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD
09:25:33    class path:  /home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD
09:25:33                 /home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/classes/1/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.d
09:25:33  
09:25:33  rerun:
09:25:33  cd /home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/scratch/1 && \
09:25:33  DISPLAY=:0 \
09:25:33  HOME=/home/jenkins \
09:25:33  LANG=en_US.UTF-8 \
09:25:33  PATH=/bin:/usr/bin:/usr/sbin \
09:25:33      /home/jenkins/workspace/Grinder/openjdkbinary/j2sdk-image/bin/javac \
09:25:33          -J-ea \
09:25:33          -J-esa \
09:25:33          -J-Xmx512m \
09:25:33          -J-XX:+UseCompressedOops \
09:25:33          -J-Djava.library.path=/home/jenkins/workspace/Grinder/openjdkbinary/openjdk-test-image/jdk/jtreg/native \
09:25:33          -J-Dtest.vm.opts='-ea -esa -Xmx512m -XX:+UseCompressedOops' \
09:25:33          -J-Dtest.tool.vm.opts='-J-ea -J-esa -J-Xmx512m -J-XX:+UseCompressedOops' \
09:25:33          -J-Dtest.compiler.opts= \
09:25:33          -J-Dtest.java.opts= \
09:25:33          -J-Dtest.jdk=/home/jenkins/workspace/Grinder/openjdkbinary/j2sdk-image \
09:25:33          -J-Dcompile.jdk=/home/jenkins/workspace/Grinder/openjdkbinary/j2sdk-image \
09:25:33          -J-Dtest.timeout.factor=8.0 \
09:25:33          -J-Dtest.nativepath=/home/jenkins/workspace/Grinder/openjdkbinary/openjdk-test-image/jdk/jtreg/native \
09:25:33          -J-Dtest.root=/home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk \
09:25:33          -J-Dtest.name=com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java \
09:25:33          -J-Dtest.file=/home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java \
09:25:33          -J-Dtest.src=/home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD \
09:25:33          -J-Dtest.src.path=/home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD \
09:25:33          -J-Dtest.classes=/home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/classes/1/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.d \
09:25:33          -J-Dtest.class.path=/home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/classes/1/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.d \
09:25:33          -J-Dtest.class.path.prefix=/home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/classes/1/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.d:/home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD \
09:25:33          -d /home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/classes/1/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.d \
09:25:33          -sourcepath /home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD \
09:25:33          -classpath /home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD:/home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/classes/1/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.d /home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java
09:25:33  
09:25:33  ACTION: main -- Failed. Execution failed: `main' threw exception: java.security.ProviderException: Error in Native GaloisCounterMode
09:25:33  REASON: Assumed action based on file name: run main GCMParameterSpecTest 
09:25:33  TIME:   0.095 seconds
09:25:33  messages:
09:25:33  command: main GCMParameterSpecTest
09:25:33  reason: Assumed action based on file name: run main GCMParameterSpecTest 
09:25:33  Mode: agentvm
09:25:33  Agent id: 4
09:25:33  elapsed time (seconds): 0.095
09:25:33  configuration:
09:25:33  Boot Layer
09:25:33    class path: /home/jenkins/workspace/Grinder/jvmtest/openjdk/jtreg/lib/javatest.jar 
09:25:33                /home/jenkins/workspace/Grinder/jvmtest/openjdk/jtreg/lib/jtreg.jar 
09:25:33                /home/jenkins/workspace/Grinder/jvmtest/openjdk/jtreg/lib/junit.jar 
09:25:33                /home/jenkins/workspace/Grinder/jvmtest/openjdk/jtreg/lib/testng.jar 
09:25:33                /home/jenkins/workspace/Grinder/jvmtest/openjdk/jtreg/lib/jcommander.jar 
09:25:33    patch:      java.base /home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/patches/java.base
09:25:33  
09:25:33  Test Layer
09:25:33    class path: /home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/classes/1/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.d
09:25:33                /home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD
09:25:33  
09:25:33  rerun:
09:25:33  cd /home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/scratch/1 && \
09:25:33  DISPLAY=:0 \
09:25:33  HOME=/home/jenkins \
09:25:33  LANG=en_US.UTF-8 \
09:25:33  PATH=/bin:/usr/bin:/usr/sbin \
09:25:33      /home/jenkins/workspace/Grinder/openjdkbinary/j2sdk-image/bin/java \
09:25:33          -Dtest.vm.opts='-ea -esa -Xmx512m -XX:+UseCompressedOops' \
09:25:33          -Dtest.tool.vm.opts='-J-ea -J-esa -J-Xmx512m -J-XX:+UseCompressedOops' \
09:25:33          -Dtest.compiler.opts= \
09:25:33          -Dtest.java.opts= \
09:25:33          -Dtest.jdk=/home/jenkins/workspace/Grinder/openjdkbinary/j2sdk-image \
09:25:33          -Dcompile.jdk=/home/jenkins/workspace/Grinder/openjdkbinary/j2sdk-image \
09:25:33          -Dtest.timeout.factor=8.0 \
09:25:33          -Dtest.nativepath=/home/jenkins/workspace/Grinder/openjdkbinary/openjdk-test-image/jdk/jtreg/native \
09:25:33          -Dtest.root=/home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk \
09:25:33          -Dtest.name=com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java \
09:25:33          -Dtest.file=/home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java \
09:25:33          -Dtest.src=/home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD \
09:25:33          -Dtest.src.path=/home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD \
09:25:33          -Dtest.classes=/home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/classes/1/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.d \
09:25:33          -Dtest.class.path=/home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/classes/1/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.d \
09:25:33          -Dtest.class.path.prefix=/home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/classes/1/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.d:/home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD \
09:25:33          -classpath /home/jenkins/workspace/Grinder/aqa-tests/TKG/output_16497686393003/jdk_security2_0/work/classes/1/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.d:/home/jenkins/workspace/Grinder/aqa-tests/openjdk/openjdk-jdk/test/jdk/com/sun/crypto/provider/Cipher/AEAD:/home/jenkins/workspace/Grinder/jvmtest/openjdk/jtreg/lib/javatest.jar:/home/jenkins/workspace/Grinder/jvmtest/openjdk/jtreg/lib/jtreg.jar \
09:25:33          GCMParameterSpecTest
09:25:33  STDOUT:
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 0
09:25:33    AAD length = 0
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 0
09:25:33    AAD length = 0
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 0
09:25:33    AAD length = 0
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 0
09:25:33    AAD length = 0
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 0
09:25:33    AAD length = 128
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 0
09:25:33    AAD length = 128
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 0
09:25:33    AAD length = 128
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 0
09:25:33    AAD length = 128
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 0
09:25:33    AAD length = 1024
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 0
09:25:33    AAD length = 1024
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 0
09:25:33    AAD length = 1024
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 0
09:25:33    AAD length = 1024
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 128
09:25:33    AAD length = 0
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 128
09:25:33    AAD length = 0
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 128
09:25:33    AAD length = 0
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 128
09:25:33    AAD length = 0
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 128
09:25:33    AAD length = 128
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 128
09:25:33    AAD length = 128
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 128
09:25:33    AAD length = 128
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 128
09:25:33    AAD length = 128
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 128
09:25:33    AAD length = 1024
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 128
09:25:33    AAD length = 1024
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 128
09:25:33    AAD length = 1024
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 128
09:25:33    AAD length = 1024
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 1024
09:25:33    AAD length = 0
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 1024
09:25:33    AAD length = 0
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 1024
09:25:33    AAD length = 0
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 1024
09:25:33    AAD length = 0
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 1024
09:25:33    AAD length = 128
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 1024
09:25:33    AAD length = 128
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 1024
09:25:33    AAD length = 128
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 1024
09:25:33    AAD length = 128
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 1024
09:25:33    AAD length = 1024
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 1024
09:25:33    AAD length = 1024
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 1024
09:25:33    AAD length = 1024
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 96
09:25:33    data length = 1024
09:25:33    AAD length = 1024
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 0
09:25:33    AAD length = 0
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 0
09:25:33    AAD length = 0
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 0
09:25:33    AAD length = 0
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 0
09:25:33    AAD length = 0
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 0
09:25:33    AAD length = 128
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 0
09:25:33    AAD length = 128
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 0
09:25:33    AAD length = 128
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 0
09:25:33    AAD length = 128
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 0
09:25:33    AAD length = 1024
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 0
09:25:33    AAD length = 1024
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 0
09:25:33    AAD length = 1024
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 0
09:25:33    AAD length = 1024
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 128
09:25:33    AAD length = 0
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 128
09:25:33    AAD length = 0
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 128
09:25:33    AAD length = 0
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 128
09:25:33    AAD length = 0
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 128
09:25:33    AAD length = 128
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 128
09:25:33    AAD length = 128
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 128
09:25:33    AAD length = 128
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 128
09:25:33    AAD length = 128
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 128
09:25:33    AAD length = 1024
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 128
09:25:33    AAD length = 1024
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 128
09:25:33    AAD length = 1024
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 128
09:25:33    AAD length = 1024
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 1024
09:25:33    AAD length = 0
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 1024
09:25:33    AAD length = 0
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 1024
09:25:33    AAD length = 0
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 1024
09:25:33    AAD length = 0
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 1024
09:25:33    AAD length = 128
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 1024
09:25:33    AAD length = 128
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 1024
09:25:33    AAD length = 128
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 1024
09:25:33    AAD length = 128
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 1024
09:25:33    AAD length = 1024
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 1024
09:25:33    AAD length = 1024
09:25:33    offset = 2
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 1024
09:25:33    AAD length = 1024
09:25:33    offset = 5
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 8
09:25:33    data length = 1024
09:25:33    AAD length = 1024
09:25:33    offset = 99
09:25:33    keylength = 128
09:25:33  Test:
09:25:33    tag = 128
09:25:33    IV length = 1024
09:25:33    data length = 0
09:25:33    AAD length = 0
09:25:33    offset = 0
09:25:33    keylength = 128
09:25:33  STDERR:
09:25:33  java.security.ProviderException: Error in Native GaloisCounterMode
09:25:33  	at java.base/com.sun.crypto.provider.NativeGaloisCounterMode.encryptFinal(NativeGaloisCounterMode.java:366)
09:25:33  	at java.base/com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1179)
09:25:33  	at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1114)
09:25:33  	at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:914)
09:25:33  	at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
09:25:33  	at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202)
09:25:33  	at GCMParameterSpecTest.getCipherTextBySpec(GCMParameterSpecTest.java:183)
09:25:33  	at GCMParameterSpecTest.doTest(GCMParameterSpecTest.java:139)
09:25:33  	at GCMParameterSpecTest.main(GCMParameterSpecTest.java:114)

09:25:33  stderr:
09:25:33  An OpenSSL error occurred
09:25:33  error:1C80006D:Provider routines::invalid iv length

@pshipton pshipton marked this pull request as draft April 12, 2022 13:27
This was referenced Apr 12, 2022
Merged
Merged
@pshipton
Copy link
Member

pshipton commented Apr 12, 2022
edited
Loading

I missed a piece of output, added in previous comment

09:25:33  stderr:
09:25:33  An OpenSSL error occurred
09:25:33  error:1C80006D:Provider routines::invalid iv length

@pshipton
Copy link
Member

No other failures found in the previous openjdk test run.

Also ran some additional internal tests, which passed.
/job/Grinder/22695
/job/Grinder/22696

@keithc-ca keithc-ca changed the title openssl version 3.0+ supported Support openssl version 3.0+ Apr 12, 2022
keithc-ca
keithc-ca requested changes Apr 12, 2022
View reviewed changes
Copy link
Member

@keithc-ca keithc-ca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes will also be required:

  • to custom-hook.m4 to accept version 3+
  • to get_openssl_source.sh to accept version 3+ and properly format the OPENSSL_SOURCE_TAG

closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java
@@ -40,11 +40,16 @@ public class NativeCrypto {
private static final int ossl_ver = AccessController.doPrivileged(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment on lines 36-39 needs to be updated.

closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java Outdated Show resolved Hide resolved
closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java Outdated Show resolved Hide resolved
closed/src/java.base/share/native/libjncrypto/NativeCrypto_md.h Outdated Show resolved Hide resolved
closed/src/java.base/unix/native/libjncrypto/NativeCrypto_md.c Outdated Show resolved Hide resolved
closed/src/java.base/share/native/libjncrypto/NativeCrypto.c Outdated Show resolved Hide resolved
closed/src/java.base/share/native/libjncrypto/NativeCrypto.c Outdated
/* Per new OpenSSL naming convention starting from OpenSSL3, all major versions are ABI and API compatible. */
#define OPENSSL_VERSION_3_0 "OpenSSL 3."

/* needed for OpenSSL 1.0.2 Thread handling routines. */
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't a sentence; a period is not appropriate.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Edited

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The period is still here.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@WilburZjh can you please fix this, I think everything else was addressed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @pshipton , I am not sure whether to remove the period or not, please check this comment

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The other review comment seems a different situation, it's code that was incorrect. In this case, Keith has suggested the code comment is not formed as a sentence and so the period at the end should be removed. Either remove the period, or re-write the code comment as a sentence.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Edited.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You say edited, and I see a force push, but I don't see the expected change.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Edited

closed/src/java.base/share/native/libjncrypto/NativeCrypto.c Outdated Show resolved Hide resolved
closed/src/java.base/share/native/libjncrypto/NativeCrypto.c Outdated Show resolved Hide resolved
closed/src/java.base/share/native/libjncrypto/NativeCrypto.c Outdated Show resolved Hide resolved
@pshipton
Copy link
Member

Re: Changes will also be required:

to custom-hook.m4 to accept version 3+
to get_openssl_source.sh to accept version 3+ and properly format the OPENSSL_SOURCE_TAG

I think we can separate allowing use of openssl3 at runtime vs building with it.

FYI #500 and friends for 8, 17 so far. There are currently problems building on Windows as you know.

@keithc-ca
Copy link
Member

closed/custom/copy/Copy-java.base.gmk will also need changes to recognize version 3+.

@pshipton
Copy link
Member

closed/custom/copy/Copy-java.base.gmk will also need changes to recognize version 3+.

See #499 (comment) and #500.

@alon-sh
Copy link
Contributor

alon-sh commented Apr 14, 2022
edited
Loading

I investigated that one failure in GCMParameterSpecTest.java. The issue is that OpenSSL3 only supports IV lengths up to 16Bytes, see here

When the IV length is set to be larger than 16Bytes, an error is thrown. In OpenSSL1.1.1 and older, there is no error thrown but OpenSSL documentation states behavior is unpredictable for large IV sizes.

Given this is a failure by design due to OpenSSL implementation, I suggest we merge OpenSSL3 support as it currently is but document that IV sizes above 16Bytes are not supported by OpenSSL and if a user needs such functionality - they should disable OpenSSL support via command line.

pshipton
pshipton requested changes Apr 14, 2022
View reviewed changes
Copy link
Member

@pshipton pshipton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pls update the commit title to indicate this only adds openssl3 support for Linux platforms.

@WilburZjh WilburZjh force-pushed the opensslv3-support branch 2 times, most recently from 2f9004f to 2c5244d Compare April 14, 2022 03:58
@pshipton pshipton changed the title Support openssl version 3.0+ Add openssl version 3.0+ support for Linux platforms Apr 14, 2022
@pshipton
Copy link
Member

Note commit titles should preferably not end in a period.
https://github.com/eclipse-openj9/openj9/blob/master/CONTRIBUTING.md

@pshipton
Copy link
Member

Before this can come out of draft and be merged, the following test needs to be updated so it doesn't fail with openssl3. Or excluded, but better if it's fixed to avoid IV lengths greater than 16 and we continue to have the test coverage.

com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java

@pshipton
Copy link
Member

pshipton commented Apr 14, 2022
edited
Loading

Testing the test change at https://openj9-jenkins.osuosl.org/view/Test/job/Grinder/779/

@pshipton
Copy link
Member

Testing passed, removing from draft state. @keithc-ca anything else?

@pshipton pshipton marked this pull request as ready for review April 14, 2022 16:40
@pshipton
Copy link
Member

Testing on alinux, zlinux didn't uncover any other issues. OpenSSL 3 doesn't build on the xlinux build machines atm due to a missing perl module (IPC/Cmd.pm - infrastructure/issues/6790).

keithc-ca
keithc-ca reviewed Apr 14, 2022
View reviewed changes
closed/src/java.base/share/native/libjncrypto/NativeCrypto.c Outdated
/* Per new OpenSSL naming convention starting from OpenSSL3, all major versions are ABI and API compatible. */
#define OPENSSL_VERSION_3_0 "OpenSSL 3."

/* needed for OpenSSL 1.0.2 Thread handling routines. */
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The period is still here.

closed/src/java.base/share/native/libjncrypto/NativeCrypto.c Outdated Show resolved Hide resolved
closed/src/java.base/share/native/libjncrypto/NativeCrypto_md.h Show resolved Hide resolved
closed/src/java.base/share/native/libjncrypto/NativeCrypto.c Outdated Show resolved Hide resolved
test/jdk/com/sun/crypto/provider/Cipher/AEAD/GCMParameterSpecTest.java Show resolved Hide resolved
@WilburZjh WilburZjh force-pushed the opensslv3-support branch 4 times, most recently from e0b459b to 04ca799 Compare April 18, 2022 21:36
@pshipton
Copy link
Member

jenkins compile alinux64 jdk11

@pshipton
Copy link
Member

Retest looks good

jdk/bin/java -Djdk.nativeCryptoTrace=true CryptoTest
Attempt to load OpenSSL /lib64/libcrypto.so.3
Supported OpenSSL version: OpenSSL 3.0.1 14 Dec 2021
MessageDigest load - using Native crypto library.
NativeChaCha20Cipher load - using Native crypto library.
CipherCore Load - using native crypto library.
Crypto test COMPLETED

keithc-ca
keithc-ca approved these changes Apr 19, 2022
View reviewed changes
closed/src/java.base/unix/native/libjncrypto/NativeCrypto_md.c
Comment on lines +57 to +60
struct link_map *map = NULL;
dlinfo(result, RTLD_DI_LINKMAP, &map);
fprintf(stderr, "Attempt to load OpenSSL %s\n", map->l_name);
fflush(stderr);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This ought to check that dlinfo() succeeds and, perhaps, that NULL != map, but because we only take that path for tracing, it can wait for a future pull request.

@keithc-ca
Copy link
Member

jenkins test sanity aix,osx,xlinux,win jdk11

@pshipton
Copy link
Member

@WilburZjh pls create/update PRs for the other versions to contain the same changes.

@WilburZjh
Copy link
Contributor Author

WilburZjh commented Apr 19, 2022
edited
Loading

Yes, for sure.

@WilburZjh WilburZjh closed this Apr 19, 2022
@keithc-ca keithc-ca reopened this Apr 19, 2022
@pshipton pshipton merged commit 56bf805 into ibmruntimes:openj9 Apr 19, 2022
@pshipton pshipton mentioned this pull request Apr 19, 2022
Merged
@doveye doveye mentioned this pull request Apr 20, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alon-sh alon-sh alon-sh left review comments

@pshipton pshipton pshipton approved these changes

@keithc-ca keithc-ca keithc-ca approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@WilburZjh @pshipton @keithc-ca @alon-sh @JinhangZhang