From 2d77681a30f2846c7f0c54db1fad6636041656fe Mon Sep 17 00:00:00 2001 From: Tao Liu Date: Mon, 13 Nov 2023 14:08:40 -0500 Subject: [PATCH] Add FIPS NSS support on p/z linux platforms Signed-off-by: Tao Liu --- closed/custom/modules/java.base/Copy.gmk | 4 ++-- .../internal/security/RestrictedSecurity.java | 2 +- .../makejavasecurity/MakeJavaSecurity.java | 18 +++++++++++++++++- .../share/conf/security/java.security | 2 +- 4 files changed, 21 insertions(+), 5 deletions(-) diff --git a/closed/custom/modules/java.base/Copy.gmk b/closed/custom/modules/java.base/Copy.gmk index a20152e2304..074ba383504 100644 --- a/closed/custom/modules/java.base/Copy.gmk +++ b/closed/custom/modules/java.base/Copy.gmk @@ -243,9 +243,9 @@ ifneq ($(OPENSSL_BUNDLE_LIB_PATH), ) endif # OPENJ9_ENABLE_JITSERVER endif # OPENSSL_BUNDLE_LIB_PATH ################################################################################ -# Copy the nss.fips.cfg only on x86 linux +# Copy the nss.fips.cfg only on x86/p/z linux -ifeq ($(OPENJDK_TARGET_OS)-$(OPENJDK_TARGET_CPU_ARCH), linux-x86) +ifneq ($(filter linux-x86_64 linux-ppc64le linux-s390x, $(OPENJDK_TARGET_OS)-$(OPENJDK_TARGET_CPU)), ) NSS_FIPS_CFG_SRC := $(TOPDIR)/closed/src/java.base/share/conf/security/nss.fips.cfg NSS_FIPS_CFG_DST := $(CONF_DST_DIR)/security/nss.fips.cfg diff --git a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java index 9bacf62f094..a41ffd84d1d 100644 --- a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java +++ b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java @@ -64,7 +64,7 @@ public final class RestrictedSecurity { private static RestrictedSecurityProperties restricts; - private static final List supportPlatforms = List.of("amd64"); + private static final List supportPlatforms = List.of("amd64", "ppc64le", "s390x"); static { @SuppressWarnings("removal") diff --git a/make/jdk/src/classes/build/tools/makejavasecurity/MakeJavaSecurity.java b/make/jdk/src/classes/build/tools/makejavasecurity/MakeJavaSecurity.java index 963db0b593e..8adb202f696 100644 --- a/make/jdk/src/classes/build/tools/makejavasecurity/MakeJavaSecurity.java +++ b/make/jdk/src/classes/build/tools/makejavasecurity/MakeJavaSecurity.java @@ -91,7 +91,8 @@ public static void main(String[] args) throws Exception { } // Filter out platform-unrelated ones. We only support - // #ifdef, #ifndef, #else, and #endif. Nesting not supported (yet). + // #ifdef, #ifndef, #else, #endif and #if defined A || B. + // Other Nesting not supported (yet). int mode = 0; // 0: out of block, 1: in match, 2: in non-match Iterator iter = lines.iterator(); while (iter.hasNext()) { @@ -113,6 +114,21 @@ public static void main(String[] args) throws Exception { mode = line.endsWith(args[2]) ? 2 : 1; } iter.remove(); + } else if (line.startsWith("#if defined ")) { + System.out.println("TAO DEBUG - args[2]: " + args[2]); + System.out.println("TAO DEBUG - args[3]: " + args[3]); + for (String l : line.split("\\|\\|")) { + System.out.println("TAO DEBUG - l: " + l); + if (l.indexOf('-') > 0) { + mode = l.trim().endsWith(args[2] + "-" + args[3]) ? 1 : 2; + } else { + mode = l.trim().endsWith(args[2]) ? 1 : 2; + } + if (mode == 1) { + break; + } + } + iter.remove(); } else if (line.startsWith("#else")) { if (mode == 0) { throw new IllegalStateException("#else not in #if block"); diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security index 7fe0e69659b..fdef56066f7 100644 --- a/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security @@ -82,7 +82,7 @@ security.provider.tbd=Apple #endif security.provider.tbd=SunPKCS11 -#ifdef linux-x86 +#if defined linux-x86 || defined linux-ppc || defined linux-s390 # # Java Restricted Security Mode #