Skip to content

Commit

Permalink
Add FIPS NSS support on p/z linux platforms
Browse files Browse the repository at this point in the history
Signed-off-by: Tao Liu <[email protected]>
  • Loading branch information
taoliult committed Nov 30, 2023
1 parent 7b49cd4 commit a99c313
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 5 deletions.
4 changes: 2 additions & 2 deletions closed/custom/modules/java.base/Copy.gmk
Original file line number Diff line number Diff line change
Expand Up @@ -243,9 +243,9 @@ ifneq ($(OPENSSL_BUNDLE_LIB_PATH), )
endif # OPENJ9_ENABLE_JITSERVER
endif # OPENSSL_BUNDLE_LIB_PATH
################################################################################
# Copy the nss.fips.cfg only on x86 linux
# Copy the nss.fips.cfg only on x86/p/z linux

ifeq ($(OPENJDK_TARGET_OS)-$(OPENJDK_TARGET_CPU_ARCH), linux-x86)
ifneq ($(filter linux-x86_64 linux-ppc64le linux-s390x, $(OPENJDK_TARGET_OS)-$(OPENJDK_TARGET_CPU)), )
NSS_FIPS_CFG_SRC := $(TOPDIR)/closed/src/java.base/share/conf/security/nss.fips.cfg
NSS_FIPS_CFG_DST := $(CONF_DST_DIR)/security/nss.fips.cfg

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ public final class RestrictedSecurity {

private static RestrictedSecurityProperties restricts;

private static final List<String> supportPlatforms = List.of("amd64");
private static final List<String> supportPlatforms = List.of("amd64", "ppc64le", "s390x");

static {
@SuppressWarnings("removal")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@
* questions.
*/

/*
* ===========================================================================
* (c) Copyright IBM Corp. 2023, 2023 All Rights Reserved
* ===========================================================================
*/

package build.tools.makejavasecurity;

import java.io.*;
Expand Down Expand Up @@ -91,7 +97,8 @@ public static void main(String[] args) throws Exception {
}

// Filter out platform-unrelated ones. We only support
// #ifdef, #ifndef, #else, and #endif. Nesting not supported (yet).
// #ifdef, #ifndef, #else, #endif and #if defined A || B.
// Other Nesting not supported (yet).
int mode = 0; // 0: out of block, 1: in match, 2: in non-match
Iterator<String> iter = lines.iterator();
while (iter.hasNext()) {
Expand All @@ -113,6 +120,18 @@ public static void main(String[] args) throws Exception {
mode = line.endsWith(args[2]) ? 2 : 1;
}
iter.remove();
} else if (line.startsWith("#if defined ")) {
for (String l : line.split("\\|\\|")) {
if (l.indexOf('-') > 0) {
mode = l.trim().endsWith(args[2] + "-" + args[3]) ? 1 : 2;
} else {
mode = l.trim().endsWith(args[2]) ? 1 : 2;
}
if (mode == 1) {
break;
}
}
iter.remove();
} else if (line.startsWith("#else")) {
if (mode == 0) {
throw new IllegalStateException("#else not in #if block");
Expand Down
2 changes: 1 addition & 1 deletion src/java.base/share/conf/security/java.security
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ security.provider.tbd=Apple
#endif
security.provider.tbd=SunPKCS11

#ifdef linux-x86
#if defined linux-x86 || defined linux-ppc || defined linux-s390
#
# Java Restricted Security Mode
#
Expand Down

0 comments on commit a99c313

Please sign in to comment.