[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-distro-pkg-dev
Subject:    /hg/release/icedtea8-forest-3.0/jdk: PR2934: SunEC provider thro...
From:       andrew () icedtea ! classpath ! org
Date:       2016-04-22 18:16:55
Message-ID: hg.dab76de2f91c.1461349015.-200225411925184265 () icedtea ! classpath ! org
[Download RAW message or body]

changeset dab76de2f91c in /hg/release/icedtea8-forest-3.0/jdk
details: http://icedtea.classpath.org/hg/release/icedtea8-forest-3.0/jdk?cmd=changeset;node=dab76de2f91c
author: andrew
date: Fri Apr 22 19:17:13 2016 +0100

	PR2934: SunEC provider throwing KeyException with current NSS
	Summary: Initialise the random number generator and feed the seed to it.


diffstat:

 src/share/native/sun/security/ec/ECC_JNI.cpp |  23 +++++++++++++++++++++++
 src/share/native/sun/security/ec/ecc_impl.h  |   4 ++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diffs (81 lines):

diff -r 3fa42705acab -r dab76de2f91c src/share/native/sun/security/ec/ECC_JNI.cpp
--- a/src/share/native/sun/security/ec/ECC_JNI.cpp	Wed Apr 20 03:39:11 2016 +0100
+++ b/src/share/native/sun/security/ec/ECC_JNI.cpp	Fri Apr 22 19:17:13 2016 +0100
@@ -134,8 +134,17 @@
     env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
 
     // Generate the new keypair (using the supplied seed)
+#ifdef SYSTEM_NSS
+    if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+	!= SECSuccess) {
+	ThrowException(env, KEY_EXCEPTION);
+	goto cleanup;
+    }
+    if (EC_NewKey(ecparams, &privKey) != SECSuccess) {
+#else
     if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer,
         jSeedLength, 0) != SECSuccess) {
+#endif
         ThrowException(env, KEY_EXCEPTION);
         goto cleanup;
     }
@@ -267,8 +276,18 @@
     env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
 
     // Sign the digest (using the supplied seed)
+#ifdef SYSTEM_NSS
+    if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+	!= SECSuccess) {
+	ThrowException(env, KEY_EXCEPTION);
+	goto cleanup;
+    }
+    if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item)
+	!= SECSuccess) {
+#else
     if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item,
         (unsigned char *) pSeedBuffer, jSeedLength, 0) != SECSuccess) {
+#endif
         ThrowException(env, KEY_EXCEPTION);
         goto cleanup;
     }
@@ -499,6 +518,9 @@
     if (SECOID_Init() != SECSuccess) {
 	ThrowException(env, INTERNAL_ERROR);
     }
+    if (RNG_RNGInit() != SECSuccess) {
+	ThrowException(env, INTERNAL_ERROR);
+    }
 #endif
 }
 
@@ -507,6 +529,7 @@
   (JNIEnv *env, jclass UNUSED(clazz))
 {
 #ifdef SYSTEM_NSS
+    RNG_RNGShutdown();
     if (SECOID_Shutdown() != SECSuccess) {
 	ThrowException(env, INTERNAL_ERROR);
     }
diff -r 3fa42705acab -r dab76de2f91c src/share/native/sun/security/ec/ecc_impl.h
--- a/src/share/native/sun/security/ec/ecc_impl.h	Wed Apr 20 03:39:11 2016 +0100
+++ b/src/share/native/sun/security/ec/ecc_impl.h	Fri Apr 22 19:17:13 2016 +0100
@@ -254,8 +254,10 @@
  This function is no longer required because the random bytes are now
  supplied by the caller. Force a failure.
 */
+#ifndef SYSTEM_NSS
 #define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
 #endif
+#endif
 #define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
 #define MP_TO_SEC_ERROR(err)
 
@@ -267,8 +269,6 @@
 
 #ifdef SYSTEM_NSS
 #define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
-#define EC_NewKey(a,b,c,d,e) EC_NewKey(a,b)
-#define ECDSA_SignDigest(a,b,c,d,e,f) ECDSA_SignDigest(a,b,c)
 #define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
 #define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
 #else
[prev in list] [next in list] [prev in thread] [next in thread]