Address comments

KostasTsiounis · Nov 1, 2024 · 899c1d8 · 899c1d8
1 parent 98bcf82
commit 899c1d8
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 21 deletions.
diff --git a/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java b/closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java
@@ -71,7 +71,7 @@ public class NativeCrypto {
     private static final boolean traceEnabled = Boolean.parseBoolean(
             GetPropertyAction.privilegedGetProperty("jdk.nativeCryptoTrace", "false"));
 
-    private static final Set<String> disallowedAlgosFIPS = Set.of("MD5", "ChaCha20");
+    private static final Set<String> disallowedAlgosFIPS = Set.of("ChaCha20", "MD5");
 
     private static final class InstanceHolder {
         private static final NativeCrypto instance = new NativeCrypto();
@@ -205,18 +205,18 @@ public static final boolean isAlgorithmAvailable(String algorithm) {
         if (isAllowedAndLoaded()) {
             if (isOpenSSLFIPSVersion()) {
                 if (disallowedAlgosFIPS.contains(algorithm)) {
-                    return false;
+                    isAlgorithmAvailable = false;
                 }
             }
             switch (algorithm) {
                 case "MD5":
-                    return isMD5Available();
+                    isAlgorithmAvailable = isMD5Available();
                 default:
-                    return true;
+                    isAlgorithmAvailable = true;
             }
         }
 
-        //Issue a message indicating whether the crypto implementation is available.
+        // Issue a message indicating whether the crypto implementation is available.
         if (traceEnabled) {
             if (isAlgorithmAvailable) {
                 System.err.println(algorithm + " native crypto implementation is available.");
@@ -251,10 +251,10 @@ public void run() {
 
     private static final native long loadCrypto(boolean trace);
 
-    private static final native boolean isOpenSSLFIPS();
-
     public static final native boolean isMD5Available();
 
+    private static final native boolean isOpenSSLFIPS();
+
     public final native long DigestCreateContext(long nativeBuffer,
                                                  int algoIndex);
 

diff --git a/closed/src/java.base/share/native/libjncrypto/NativeCrypto.c b/closed/src/java.base/share/native/libjncrypto/NativeCrypto.c
@@ -82,8 +82,8 @@ int OSSL102_RSA_set0_crt_params(RSA *, BIGNUM *, BIGNUM *, BIGNUM *);
 #define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG
 #endif
 
-/* Check whether loaded library is in FIPS mode. */
-jboolean OSSL_IS_FIPS;
+/* Whether loaded library is in FIPS mode. */
+static jboolean OSSL_IS_FIPS;
 
 /* Header for EC algorithm */
 jboolean OSSL_ECGF2M;
@@ -375,7 +375,7 @@ static void *crypto_library = NULL;
  * Signature: ()Z
  */
 JNIEXPORT jboolean JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_isOpenSSLFIPS
-  (JNIEnv *env, jclass thisObj)
+  (JNIEnv *env, jclass clazz)
 {
     return OSSL_IS_FIPS;
 }
@@ -458,18 +458,16 @@ JNIEXPORT jlong JNICALL Java_jdk_crypto_jniprovider_NativeCrypto_loadCrypto
     /* Check whether the loaded OpenSSL library is in FIPS mode. */
     if (ossl_ver >= OPENSSL_VERSION_3_0_0) {
         typedef int OSSL_fipsmode_t(OSSL_LIB_CTX *);
-        OSSL_fipsmode_t* OSSL_fipsmode;
-        OSSL_fipsmode = (OSSL_fipsmode_t*)find_crypto_symbol(crypto_library, "EVP_default_properties_is_fips_enabled");
-        if ((NULL != OSSL_fipsmode) && ((*OSSL_fipsmode)(NULL) == 1)) {
+        OSSL_fipsmode_t* OSSL_fipsmode = (OSSL_fipsmode_t*)find_crypto_symbol(crypto_library, "EVP_default_properties_is_fips_enabled");
+        if ((NULL != OSSL_fipsmode) && (1 == (*OSSL_fipsmode)(NULL))) {
             OSSL_IS_FIPS = JNI_TRUE;
         } else {
             OSSL_IS_FIPS = JNI_FALSE;
         }
     } else {
         typedef int OSSL_fipsmode_t(void);
-        OSSL_fipsmode_t* OSSL_fipsmode;
-        OSSL_fipsmode = (OSSL_fipsmode_t*)find_crypto_symbol(crypto_library, "FIPS_mode");
-        if ((NULL != OSSL_fipsmode) && ((*OSSL_fipsmode)() == 1)) {
+        OSSL_fipsmode_t* OSSL_fipsmode = (OSSL_fipsmode_t*)find_crypto_symbol(crypto_library, "FIPS_mode");
+        if ((NULL != OSSL_fipsmode) && (1 == (*OSSL_fipsmode)())) {
             OSSL_IS_FIPS = JNI_TRUE;
         } else {
             OSSL_IS_FIPS = JNI_FALSE;

diff --git a/src/java.base/share/classes/sun/security/ec/SunEC.java b/src/java.base/share/classes/sun/security/ec/SunEC.java
@@ -65,30 +65,30 @@ public final class SunEC extends Provider {
     /* The property 'jdk.nativeEC' is used to control enablement of the native
      * ECDH implementation.
      */
-    private static final boolean useNativeECDH = NativeCrypto.isAlgorithmEnabled("jdk.nativeEC", "ECDH");
+    private static final boolean useNativeECDH = NativeCrypto.isAlgorithmEnabled("jdk.nativeEC", "SunEC");
 
     /* The property 'jdk.nativeECKeyGen' is used to control enablement of the native
      * ECKeyGeneration implementation.
      * OpenSSL 1.1.0 or above is required for EC key generation support.
      */
-    private static final boolean useNativeECKeyGen = NativeCrypto.isAlgorithmEnabled("jdk.nativeECKeyGen", "ECKeyGen");
+    private static final boolean useNativeECKeyGen = NativeCrypto.isAlgorithmEnabled("jdk.nativeECKeyGen", "SunEC");
 
     /* The property 'jdk.nativeECDSA' is used to control enablement of the native
      * ECDSA signature implementation.
      */
-    private static final boolean useNativeECDSA = NativeCrypto.isAlgorithmEnabled("jdk.nativeECDSA", "ECDSA");
+    private static final boolean useNativeECDSA = NativeCrypto.isAlgorithmEnabled("jdk.nativeECDSA", "SunEC");
 
     /* The property 'jdk.nativeXDHKeyAgreement' is used to control enablement of the native
      * XDH key agreement. XDH key agreement is only supported in OpenSSL 1.1.1 and above.
      */
     private static final boolean useNativeXDHKeyAgreement =
-        NativeCrypto.isAlgorithmEnabled("jdk.nativeXDHKeyAgreement", "XDHKeyAgreement");
+        NativeCrypto.isAlgorithmEnabled("jdk.nativeXDHKeyAgreement", "SunEC");
 
     /* The property 'jdk.nativeXDHKeyGen' is used to control enablement of the native
      * XDH key generation. XDH key generation is only supported in OpenSSL 1.1.1 and above.
      */
     private static final boolean useNativeXDHKeyGen =
-        NativeCrypto.isAlgorithmEnabled("jdk.nativeXDHKeyGen", "XDHKeyGen");
+        NativeCrypto.isAlgorithmEnabled("jdk.nativeXDHKeyGen", "SunEC");
 
     private static class ProviderServiceA extends ProviderService {
         ProviderServiceA(Provider p, String type, String algo, String cn,