rpms / java-11-openjdk

Clone
Source Code
GIT

Blame SOURCES/rh2021263-fips_separate_policy_and_fips_init.patch

c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta c9-containeronly-stream-flatpak
  1.   a3b432ecff57c3b14b4fa6e15eb9a610d2a6b4d6
  2.   SOURCES
  3.   rh2021263-fips_separate_policy_and_fips_init.patch
Blob History Raw
a3b432 
commit 0cd8cee94fe0f867b0b39890e00be620af1d9b07
a3b432 
Author: Andrew Hughes <gnu.andrew@redhat.com>
a3b432 
Date:   Tue Jan 18 02:09:27 2022 +0000
a3b432
a3b432 
    RH2021263: Improve Security initialisation, now FIPS support no longer relies on crypto policy support
a3b432
a3b432 
diff --git openjdk.orig/src/java.base/share/classes/java/security/Security.java openjdk/src/java.base/share/classes/java/security/Security.java
a3b432 
index 28ab1846173..f9726741afd 100644
a3b432 
--- openjdk.orig/src/java.base/share/classes/java/security/Security.java
a3b432 
+++ openjdk/src/java.base/share/classes/java/security/Security.java
a3b432 
@@ -61,10 +61,6 @@ public final class Security {
a3b432 
     private static final Debug sdebug =
a3b432 
                         Debug.getInstance("properties");
a3b432
a3b432 
-    /* System property file*/
a3b432 
-    private static final String SYSTEM_PROPERTIES =
a3b432 
-        "/etc/crypto-policies/back-ends/java.config";
a3b432 
-
a3b432 
     /* The java.security properties */
a3b432 
     private static Properties props;
a3b432
a3b432 
@@ -206,22 +202,36 @@ public final class Security {
a3b432 
             }
a3b432 
         }
a3b432
a3b432 
+        if (!loadedProps) {
a3b432 
+            initializeStatic();
a3b432 
+            if (sdebug != null) {
a3b432 
+                sdebug.println("unable to load security properties " +
a3b432 
+                        "-- using defaults");
a3b432 
+            }
a3b432 
+        }
a3b432 
+
a3b432 
         String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
a3b432 
         if ((disableSystemProps == null || "false".equalsIgnoreCase(disableSystemProps)) &&
a3b432 
             "true".equalsIgnoreCase(props.getProperty("security.useSystemPropertiesFile"))) {
a3b432 
-            if (SystemConfigurator.configure(props)) {
a3b432 
-                loadedProps = true;
a3b432 
+            if (!SystemConfigurator.configureSysProps(props)) {
a3b432 
+                if (sdebug != null) {
a3b432 
+                    sdebug.println("WARNING: System properties could not be loaded.");
a3b432 
+                }
a3b432 
             }
a3b432 
         }
a3b432
a3b432 
-        if (!loadedProps) {
a3b432 
-            initializeStatic();
a3b432 
+        // FIPS support depends on the contents of java.security so
a3b432 
+        // ensure it has loaded first
a3b432 
+        if (loadedProps) {
a3b432 
+            boolean fipsEnabled = SystemConfigurator.configureFIPS(props);
a3b432 
             if (sdebug != null) {
a3b432 
-                sdebug.println("unable to load security properties " +
a3b432 
-                        "-- using defaults");
a3b432 
+                if (fipsEnabled) {
a3b432 
+                    sdebug.println("FIPS support enabled.");
a3b432 
+                } else {
a3b432 
+                    sdebug.println("FIPS support disabled.");
a3b432 
+                }
a3b432 
             }
a3b432 
         }
a3b432 
-
a3b432 
     }
a3b432
a3b432 
     /*
a3b432 
diff --git openjdk.orig/src/java.base/share/classes/java/security/SystemConfigurator.java openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
a3b432 
index 874c6221ebe..b7ed41acf0f 100644
a3b432 
--- openjdk.orig/src/java.base/share/classes/java/security/SystemConfigurator.java
a3b432 
+++ openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
a3b432 
@@ -76,7 +76,7 @@ final class SystemConfigurator {
a3b432 
      * java.security.disableSystemPropertiesFile property is not set and
a3b432 
      * security.useSystemPropertiesFile is true.
a3b432 
      */
a3b432 
-    static boolean configure(Properties props) {
a3b432 
+    static boolean configureSysProps(Properties props) {
a3b432 
         boolean loadedProps = false;
a3b432
a3b432 
         try (BufferedInputStream bis =
a3b432 
@@ -96,11 +96,19 @@ final class SystemConfigurator {
a3b432 
                 e.printStackTrace();
a3b432 
             }
a3b432 
         }
a3b432 
+        return loadedProps;
a3b432 
+    }
a3b432 
+
a3b432 
+    /*
a3b432 
+     * Invoked at the end of java.security.Security initialisation
a3b432 
+     * if java.security properties have been loaded
a3b432 
+     */
a3b432 
+    static boolean configureFIPS(Properties props) {
a3b432 
+        boolean loadedProps = false;
a3b432
a3b432 
         try {
a3b432 
             if (enableFips()) {
a3b432 
                 if (sdebug != null) { sdebug.println("FIPS mode detected"); }
a3b432 
-                loadedProps = false;
a3b432 
                 // Remove all security providers
a3b432 
                 Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
a3b432 
                 while (i.hasNext()) {

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation