rpms/java-1.8.0-openjdk
5
0
Fork 0
Code Issues Pull Requests Releases Activity

added patch518 httpsFix1329342.patch, test based on SOURCE14 enabled

Browse Source 
- Resolves: rhbz#1329342
This commit is contained in:
Jiri 2016-04-24 10:58:15 +02:00
parent c7d7bec80a
commit 9565950e8d
2 changed files with 99 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
httpsFix1329342.patch Normal file
View File

@ -0,0 +1,91 @@
# HG changeset patch
# User andrew
# Date 1461349033 -3600
# Node ID dab76de2f91cf1791c03560a3f45aaa69f8351fd
# Parent 3fa42705acab6d69b6141f47ebba4f85739a338c
PR2934: SunEC provider throwing KeyException with current NSS
Summary: Initialise the random number generator and feed the seed to it.
diff -r 3fa42705acab -r dab76de2f91c src/share/native/sun/security/ec/ECC_JNI.cpp
--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Apr 20 03:39:11 2016 +0100
+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Fri Apr 22 19:17:13 2016 +0100
@@ -134,8 +134,17 @@
env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
// Generate the new keypair (using the supplied seed)
+#ifdef SYSTEM_NSS
+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+ != SECSuccess) {
+ ThrowException(env, KEY_EXCEPTION);
+ goto cleanup;
+ }
+ if (EC_NewKey(ecparams, &privKey) != SECSuccess) {
+#else
if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer,
jSeedLength, 0) != SECSuccess) {
+#endif
ThrowException(env, KEY_EXCEPTION);
goto cleanup;
}
@@ -267,8 +276,18 @@
env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
// Sign the digest (using the supplied seed)
+#ifdef SYSTEM_NSS
+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+ != SECSuccess) {
+ ThrowException(env, KEY_EXCEPTION);
+ goto cleanup;
+ }
+ if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item)
+ != SECSuccess) {
+#else
if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item,
(unsigned char *) pSeedBuffer, jSeedLength, 0) != SECSuccess) {
+#endif
ThrowException(env, KEY_EXCEPTION);
goto cleanup;
}
@@ -499,6 +518,9 @@
if (SECOID_Init() != SECSuccess) {
ThrowException(env, INTERNAL_ERROR);
}
+ if (RNG_RNGInit() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
#endif
}
@@ -507,6 +529,7 @@
(JNIEnv *env, jclass UNUSED(clazz))
{
#ifdef SYSTEM_NSS
+ RNG_RNGShutdown();
if (SECOID_Shutdown() != SECSuccess) {
ThrowException(env, INTERNAL_ERROR);
}
diff -r 3fa42705acab -r dab76de2f91c src/share/native/sun/security/ec/ecc_impl.h
--- openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h Wed Apr 20 03:39:11 2016 +0100
+++ openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h Fri Apr 22 19:17:13 2016 +0100
@@ -254,8 +254,10 @@
This function is no longer required because the random bytes are now
supplied by the caller. Force a failure.
*/
+#ifndef SYSTEM_NSS
#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
#endif
+#endif
#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
#define MP_TO_SEC_ERROR(err)
@@ -267,8 +269,6 @@
#ifdef SYSTEM_NSS
#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
-#define EC_NewKey(a,b,c,d,e) EC_NewKey(a,b)
-#define ECDSA_SignDigest(a,b,c,d,e,f) ECDSA_SignDigest(a,b,c)
#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
#else

10
java-1.8.0-openjdk.spec
View File

@ -766,7 +766,7 @@ Obsoletes: java-1.7.0-openjdk-accessibility%1
Name: java-%{javaver}-%{origin} Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever} Version: %{javaver}.%{updatever}
Release: 1.%{buildver}%{?dist} Release: 2.%{buildver}%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons, # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
# and this change was brought into RHEL-4. java-1.5.0-ibm packages # and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a # also included the epoch in their virtual provides. This created a
@ -849,6 +849,7 @@ Patch514: pr1983-root.patch
Patch515: pr2127.patch Patch515: pr2127.patch
Patch516: pr2815.patch Patch516: pr2815.patch
Patch517: pr2899.patch Patch517: pr2899.patch
Patch518: httpsFix1329342.patch
# Arch-specific upstreamable patches # Arch-specific upstreamable patches
# PR2415: JVM -Xmx requirement is too high on s390 # PR2415: JVM -Xmx requirement is too high on s390
@ -1224,6 +1225,7 @@ sh %{SOURCE12}
%patch515 %patch515
%patch516 %patch516
%patch517 %patch517
%patch518
%patch400 %patch400
# Extract systemtap tapsets # Extract systemtap tapsets
@ -1389,7 +1391,7 @@ $JAVA_HOME/bin/java TestCryptoLevel
# Check ECC is working # Check ECC is working
$JAVA_HOME/bin/javac -d . %{SOURCE14} $JAVA_HOME/bin/javac -d . %{SOURCE14}
#$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
# Check debug symbols are present and can identify code # Check debug symbols are present and can identify code
SERVER_JVM="$JAVA_HOME/jre/lib/%{archinstall}/server/libjvm.so" SERVER_JVM="$JAVA_HOME/jre/lib/%{archinstall}/server/libjvm.so"
@ -1813,6 +1815,10 @@ require "copy_jdk_configs.lua"
%endif %endif
%changelog %changelog
* Sun Apr 24 2016 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.91-2.b14
- added patch518 httpsFix1329342.patch
- test based on SOURCE14 enabled
- Resolves: rhbz#1329342
* Tue Apr 12 2016 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.91-1.b14 * Tue Apr 12 2016 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.91-1.b14
- Roll back release number as release 1 never succeeded, even with tests disabled. - Roll back release number as release 1 never succeeded, even with tests disabled.