Skip to content

Commit

Permalink
Consistently load OpenSSL libraries among different platforms
Browse files Browse the repository at this point in the history
As part of this pull request, these changes are performed:
- Allow loading specific user-defined OpenSSL library using the
  -Djdk.native.openssl.lib option.
- OpenSSL library loading is consolidated into a single file using
  ifdefs.
- The platform-specific MD files are no longer needed and are thus
  deleted.
- Additional traces are added to indicate the attempts and actual
  OpenSSL library loaded.
- The location of the library loaded is printed.

Moreover, the order of preference for loading a library is updated to
follow this order:

1. Explicitly load what was specified via JVM property. Fail if loading
   fails.
2. Search within the Semeru directories for a bundled version.
3. Search the system for existing libraries and attempt to find the
   higher version.
4. If all of the previous steps fail, revert to original Java
   implementation for crypto.

Co-authored by: Paritosh Kumar <[email protected]>
Co-authored by: Kostas Tsiounis <[email protected]>

Signed-off-by: Kostas Tsiounis <[email protected]>
  • Loading branch information
paritkum authored and KostasTsiounis committed Jan 16, 2025
1 parent ffe963f commit c3f84c1
Show file tree
Hide file tree
Showing 7 changed files with 515 additions and 405 deletions.
77 changes: 0 additions & 77 deletions closed/src/java.base/aix/native/libjncrypto/NativeCrypto_md.c

This file was deleted.

63 changes: 0 additions & 63 deletions closed/src/java.base/macosx/native/libjncrypto/NativeCrypto_md.c

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
* ===========================================================================
* (c) Copyright IBM Corp. 2018, 2024 All Rights Reserved
* (c) Copyright IBM Corp. 2018, 2025 All Rights Reserved
* ===========================================================================
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -32,6 +32,7 @@
import jdk.internal.ref.CleanerFactory;
import jdk.internal.reflect.Reflection;
import jdk.internal.reflect.CallerSensitive;
import jdk.internal.util.StaticProperty;

import sun.security.action.GetPropertyAction;

Expand Down Expand Up @@ -81,24 +82,39 @@ private static final class InstanceHolder {

private final boolean isOpenSSLFIPS;

@SuppressWarnings("restricted")
private static long loadCryptoLibraries() {
long osslVersion;

try {
// load jncrypto JNI library
// Load jncrypto JNI library.
System.loadLibrary("jncrypto");
// load OpenSSL crypto library dynamically
osslVersion = loadCrypto(traceEnabled);
if (traceEnabled && (osslVersion != -1)) {
System.err.println("Native crypto library load succeeded - using native crypto library.");

// Get user-specified OpenSSL library to use, if available.
String nativeLibName =
GetPropertyAction.privilegedGetProperty("jdk.native.openssl.lib", "");

// Get the JDK location.
String javaHome = StaticProperty.javaHome();

// Load OpenSSL crypto library dynamically.
osslVersion = loadCrypto(traceEnabled, nativeLibName, javaHome);
if (osslVersion != -1) {
if (traceEnabled) {
System.err.println("Native crypto library load succeeded - using native crypto library.");
}
} else {
if (!nativeLibName.isEmpty()) {
throw new RuntimeException(nativeLibName + " is not available, crypto libraries are not loaded");
}
}
} catch (UnsatisfiedLinkError usle) {
if (traceEnabled) {
System.err.println("UnsatisfiedLinkError: Failure attempting to load jncrypto JNI library");
System.err.println("Warning: Native crypto library load failed." +
" Using Java crypto implementation.");
}
// signal load failure
// Signal load failure.
osslVersion = -1;
}
return osslVersion;
Expand Down Expand Up @@ -253,14 +269,18 @@ public void run() {
});
}

/* Native digest interfaces */
/* OpenSSL utility interfaces */

private static final native long loadCrypto(boolean trace);
private static final native long loadCrypto(boolean trace,
String libName,
String javaHome);

public static final native boolean isMD5Available();

private static final native boolean isOpenSSLFIPS();

/* Native digest interfaces */

public final native long DigestCreateContext(long nativeBuffer,
int algoIndex);

Expand Down
Loading

0 comments on commit c3f84c1

Please sign in to comment.