Switch to in-tree SunEC code, dropping NSS runtime dependencies and patches to link against it.
This commit is contained in:
parent
d7a3fcfdc3
commit
b66e592e09
@ -129,10 +129,3 @@ rm -vf ${LCMS_SRC}/lcms2.h
|
|||||||
rm -vf ${LCMS_SRC}/lcms2_internal.h
|
rm -vf ${LCMS_SRC}/lcms2_internal.h
|
||||||
rm -vf ${LCMS_SRC}/lcms2_plugin.h
|
rm -vf ${LCMS_SRC}/lcms2_plugin.h
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Get rid of in-tree SunEC until RH1656676 is implemented
|
|
||||||
echo "Removing SunEC native code"
|
|
||||||
mv -v openjdk/jdk/src/share/native/sun/security/ec/impl/ecc_impl.h .
|
|
||||||
rm -vrf openjdk/jdk/src/share/native/sun/security/ec/impl
|
|
||||||
mkdir openjdk/jdk/src/share/native/sun/security/ec/impl
|
|
||||||
mv -v ecc_impl.h openjdk/jdk/src/share/native/sun/security/ec/impl
|
|
||||||
|
@ -234,7 +234,7 @@
|
|||||||
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
|
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
|
||||||
# eg jdk8u60-b27 -> b27
|
# eg jdk8u60-b27 -> b27
|
||||||
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
|
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
|
||||||
%global rpmrelease 2
|
%global rpmrelease 3
|
||||||
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
|
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
|
||||||
# Release will be (where N is usually a number starting at 1):
|
# Release will be (where N is usually a number starting at 1):
|
||||||
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
||||||
@ -897,9 +897,6 @@ Requires: javapackages-filesystem
|
|||||||
Requires: tzdata-java >= 2015d
|
Requires: tzdata-java >= 2015d
|
||||||
# libsctp.so.1 is being `dlopen`ed on demand
|
# libsctp.so.1 is being `dlopen`ed on demand
|
||||||
Requires: lksctp-tools%{?_isa}
|
Requires: lksctp-tools%{?_isa}
|
||||||
# there is a need to depend on the exact version of NSS
|
|
||||||
Requires: nss%{?_isa} %{NSS_BUILDTIME_VERSION}
|
|
||||||
Requires: nss-softokn%{?_isa} %{NSSSOFTOKN_BUILDTIME_VERSION}
|
|
||||||
# tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it,
|
# tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it,
|
||||||
# not rpm transaction and so no configs are persisted when pure rpm -u is run. It may be
|
# not rpm transaction and so no configs are persisted when pure rpm -u is run. It may be
|
||||||
# considered as regression
|
# considered as regression
|
||||||
@ -1115,20 +1112,6 @@ Patch529: rh1566890-CVE_2018_3639-speculative_store_bypass.patch
|
|||||||
Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
|
Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
|
||||||
# PR3601: Fix additional -Wreturn-type issues introduced by 8061651
|
# PR3601: Fix additional -Wreturn-type issues introduced by 8061651
|
||||||
Patch530: pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch
|
Patch530: pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch
|
||||||
# Support for building the SunEC provider with the system NSS installation
|
|
||||||
# PR1983: Support using the system installation of NSS with the SunEC provider
|
|
||||||
# PR2127: SunEC provider crashes when built using system NSS
|
|
||||||
# PR2815: Race condition in SunEC provider with system NSS
|
|
||||||
# PR2899: Don't use WithSeed versions of NSS functions as they don't fully process the seed
|
|
||||||
# PR2934: SunEC provider throwing KeyException with current NSS
|
|
||||||
# PR3479, RH1486025: ECC and NSS JVM crash
|
|
||||||
Patch513: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk8.patch
|
|
||||||
Patch514: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_root8.patch
|
|
||||||
Patch515: pr2127-sunec_provider_crashes_when_built_using_system_nss_thus_use_of_nss_memory_management_functions.patch
|
|
||||||
Patch516: pr2815-race_condition_in_sunec_provider_with_system_nss_fix.patch
|
|
||||||
Patch517: pr2899-dont_use_withseed_versions_of_nss_functions_as_they_dont_fully_process_the_seed.patch
|
|
||||||
Patch518: pr2934-sunec_provider_throwing_keyexception_withine.separator_current_nss_thus_initialise_the_random_number_generator_and_feed_the_seed_to_it.patch
|
|
||||||
Patch519: pr3479-rh1486025-sunec_provider_can_have_multiple_instances_leading_to_premature_nss_shutdown.patch
|
|
||||||
# PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
|
# PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
|
||||||
# PR3575, RH1567204: System cacerts database handling should not affect jssecacerts
|
# PR3575, RH1567204: System cacerts database handling should not affect jssecacerts
|
||||||
Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch
|
Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch
|
||||||
@ -1285,8 +1268,6 @@ BuildRequires: libffi-devel
|
|||||||
BuildRequires: tzdata-java >= 2015d
|
BuildRequires: tzdata-java >= 2015d
|
||||||
# Earlier versions have a bug in tree vectorization on PPC
|
# Earlier versions have a bug in tree vectorization on PPC
|
||||||
BuildRequires: gcc >= 4.8.3-8
|
BuildRequires: gcc >= 4.8.3-8
|
||||||
# Build requirements for SunEC system NSS support
|
|
||||||
BuildRequires: nss-softokn-freebl-devel >= 3.16.1
|
|
||||||
|
|
||||||
%if %{with_systemtap}
|
%if %{with_systemtap}
|
||||||
BuildRequires: systemtap-sdt-devel
|
BuildRequires: systemtap-sdt-devel
|
||||||
@ -1557,13 +1538,6 @@ sh %{SOURCE12}
|
|||||||
%patch502
|
%patch502
|
||||||
%patch504
|
%patch504
|
||||||
%patch512
|
%patch512
|
||||||
%patch513
|
|
||||||
%patch514
|
|
||||||
%patch515
|
|
||||||
%patch516
|
|
||||||
%patch517
|
|
||||||
%patch518
|
|
||||||
%patch519
|
|
||||||
%patch400
|
%patch400
|
||||||
%patch523
|
%patch523
|
||||||
%patch528
|
%patch528
|
||||||
@ -1688,8 +1662,6 @@ top_dir_abs_path=$(pwd)/%{top_level_dir_name}
|
|||||||
mkdir -p %{buildoutputdir -- $suffix}
|
mkdir -p %{buildoutputdir -- $suffix}
|
||||||
pushd %{buildoutputdir -- $suffix}
|
pushd %{buildoutputdir -- $suffix}
|
||||||
|
|
||||||
NSS_LIBS="%{NSS_LIBS} -lfreebl" \
|
|
||||||
NSS_CFLAGS="%{NSS_CFLAGS}" \
|
|
||||||
bash ../../configure \
|
bash ../../configure \
|
||||||
%ifnarch %{jit_arches}
|
%ifnarch %{jit_arches}
|
||||||
--with-jvm-variants=zero \
|
--with-jvm-variants=zero \
|
||||||
@ -1701,7 +1673,6 @@ bash ../../configure \
|
|||||||
--with-boot-jdk=/usr/lib/jvm/java-openjdk \
|
--with-boot-jdk=/usr/lib/jvm/java-openjdk \
|
||||||
--with-debug-level=$debugbuild \
|
--with-debug-level=$debugbuild \
|
||||||
--enable-unlimited-crypto \
|
--enable-unlimited-crypto \
|
||||||
--enable-system-nss \
|
|
||||||
--with-zlib=system \
|
--with-zlib=system \
|
||||||
--with-libjpeg=system \
|
--with-libjpeg=system \
|
||||||
--with-giflib=system \
|
--with-giflib=system \
|
||||||
@ -2225,6 +2196,9 @@ require "copy_jdk_configs.lua"
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 15 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b10-3
|
||||||
|
- Switch to in-tree SunEC code, dropping NSS runtime dependencies and patches to link against it.
|
||||||
|
|
||||||
* Thu Aug 08 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b10-2
|
* Thu Aug 08 2019 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.222.b10-2
|
||||||
- Drop unnecessary build requirement on gtk2-devel, as OpenJDK searches for Gtk+ at runtime.
|
- Drop unnecessary build requirement on gtk2-devel, as OpenJDK searches for Gtk+ at runtime.
|
||||||
- Add missing build requirements for libXext-devel and libXrender-devel, previously masked by Gtk2+ dependency.
|
- Add missing build requirements for libXext-devel and libXrender-devel, previously masked by Gtk2+ dependency.
|
||||||
|
@ -1,699 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User andrew
|
|
||||||
# Date 1453863246 0
|
|
||||||
# Wed Jan 27 02:54:06 2016 +0000
|
|
||||||
# Node ID 48c15869ecd568263249af4b9a4e98d4e57f9a8f
|
|
||||||
# Parent afd392dfaed501ac674a7cc3e37353ce300969c7
|
|
||||||
PR1983: Support using the system installation of NSS with the SunEC provider
|
|
||||||
Summary: Apply code changes from PR1699 & PR1742 & forward-port Makefile changes to the new build.
|
|
||||||
Updated 2017/07/04 to accomodate 8175110
|
|
||||||
|
|
||||||
diff -r 984a4af2ed4e make/lib/SecurityLibraries.gmk
|
|
||||||
--- openjdk/jdk/make/lib/SecurityLibraries.gmk
|
|
||||||
+++ openjdk/jdk/make/lib/SecurityLibraries.gmk
|
|
||||||
@@ -218,8 +218,17 @@
|
|
||||||
|
|
||||||
ifeq ($(ENABLE_INTREE_EC), yes)
|
|
||||||
|
|
||||||
- BUILD_LIBSUNEC_FLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/security/ec \
|
|
||||||
+ BUILD_LIBSUNEC_FLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/security/ec
|
|
||||||
+
|
|
||||||
+ ifeq ($(USE_EXTERNAL_NSS), true)
|
|
||||||
+ BUILD_LIBSUNEC_IMPL_DIR :=
|
|
||||||
+ BUILD_LIBSUNEC_FLAGS += $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC
|
|
||||||
+ else
|
|
||||||
+ BUILD_LIBSUNEC_IMPL_DIR := \
|
|
||||||
+ $(JDK_TOPDIR)/src/share/native/sun/security/ec/impl
|
|
||||||
+ BUILD_LIBSUNEC_FLAGS += \
|
|
||||||
-I$(JDK_TOPDIR)/src/share/native/sun/security/ec/impl
|
|
||||||
+ endif
|
|
||||||
|
|
||||||
#
|
|
||||||
# On sol-sparc...all libraries are compiled with -xregs=no%appl
|
|
||||||
@@ -235,8 +244,8 @@
|
|
||||||
$(eval $(call SetupNativeCompilation,BUILD_LIBSUNEC, \
|
|
||||||
LIBRARY := sunec, \
|
|
||||||
OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
|
|
||||||
- SRC := $(JDK_TOPDIR)/src/share/native/sun/security/ec \
|
|
||||||
- $(JDK_TOPDIR)/src/share/native/sun/security/ec/impl, \
|
|
||||||
+ SRC := $(JDK_TOPDIR)/src/share/native/sun/security/ec/ECC_JNI.cpp \
|
|
||||||
+ $(BUILD_LIBSUNEC_IMPL_DIR), \
|
|
||||||
LANG := C++, \
|
|
||||||
OPTIMIZATION := LOW, \
|
|
||||||
CFLAGS := $(filter-out $(ECC_JNI_SOLSPARC_FILTER), $(CFLAGS_JDKLIB)) \
|
|
||||||
@@ -245,11 +254,12 @@
|
|
||||||
CXXFLAGS := $(filter-out $(ECC_JNI_SOLSPARC_FILTER), $(CXXFLAGS_JDKLIB)) \
|
|
||||||
$(BUILD_LIBSUNEC_FLAGS), \
|
|
||||||
MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsunec/mapfile-vers, \
|
|
||||||
- LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK), \
|
|
||||||
+ LDFLAGS := $(subst -Xlinker --as-needed,, \
|
|
||||||
+ $(subst -Wl$(COMMA)--as-needed,, $(LDFLAGS_JDKLIB))) $(LDFLAGS_CXX_JDK), \
|
|
||||||
LDFLAGS_macosx := $(call SET_SHARED_LIBRARY_ORIGIN), \
|
|
||||||
LDFLAGS_SUFFIX := $(LIBCXX), \
|
|
||||||
- LDFLAGS_SUFFIX_linux := -lc, \
|
|
||||||
- LDFLAGS_SUFFIX_solaris := -lc, \
|
|
||||||
+ LDFLAGS_SUFFIX_linux := -lc $(NSS_LIBS), \
|
|
||||||
+ LDFLAGS_SUFFIX_solaris := -lc $(NSS_LIBS), \
|
|
||||||
VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \
|
|
||||||
RC_FLAGS := $(RC_FLAGS) \
|
|
||||||
-D "JDK_FNAME=sunec.dll" \
|
|
||||||
diff -r 984a4af2ed4e src/share/native/sun/security/ec/ECC_JNI.cpp
|
|
||||||
--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
|
|
||||||
+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
|
|
||||||
@@ -24,7 +24,7 @@
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include <jni.h>
|
|
||||||
-#include "impl/ecc_impl.h"
|
|
||||||
+#include "ecc_impl.h"
|
|
||||||
|
|
||||||
#define ILLEGAL_STATE_EXCEPTION "java/lang/IllegalStateException"
|
|
||||||
#define INVALID_ALGORITHM_PARAMETER_EXCEPTION \
|
|
||||||
@@ -89,7 +89,7 @@
|
|
||||||
*/
|
|
||||||
JNIEXPORT jobjectArray
|
|
||||||
JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair
|
|
||||||
- (JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed)
|
|
||||||
+ (JNIEnv *env, jclass UNUSED(clazz), jint UNUSED(keySize), jbyteArray encodedParams, jbyteArray seed)
|
|
||||||
{
|
|
||||||
ECPrivateKey *privKey = NULL; // contains both public and private values
|
|
||||||
ECParams *ecparams = NULL;
|
|
||||||
@@ -190,7 +190,7 @@
|
|
||||||
*/
|
|
||||||
JNIEXPORT jbyteArray
|
|
||||||
JNICALL Java_sun_security_ec_ECDSASignature_signDigest
|
|
||||||
- (JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
|
|
||||||
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
|
|
||||||
{
|
|
||||||
jbyte* pDigestBuffer = NULL;
|
|
||||||
jint jDigestLength = env->GetArrayLength(digest);
|
|
||||||
@@ -299,7 +299,7 @@
|
|
||||||
*/
|
|
||||||
JNIEXPORT jboolean
|
|
||||||
JNICALL Java_sun_security_ec_ECDSASignature_verifySignedDigest
|
|
||||||
- (JNIEnv *env, jclass clazz, jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
|
|
||||||
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams)
|
|
||||||
{
|
|
||||||
jboolean isValid = false;
|
|
||||||
|
|
||||||
@@ -384,7 +384,7 @@
|
|
||||||
*/
|
|
||||||
JNIEXPORT jbyteArray
|
|
||||||
JNICALL Java_sun_security_ec_ECDHKeyAgreement_deriveKey
|
|
||||||
- (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
|
|
||||||
+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams)
|
|
||||||
{
|
|
||||||
jbyteArray jSecret = NULL;
|
|
||||||
ECParams *ecparams = NULL;
|
|
||||||
diff -r 984a4af2ed4e src/share/native/sun/security/ec/ecc_impl.h
|
|
||||||
--- /dev/null
|
|
||||||
+++ openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h
|
|
||||||
@@ -0,0 +1,298 @@
|
|
||||||
+/*
|
|
||||||
+ * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
|
|
||||||
+ * Use is subject to license terms.
|
|
||||||
+ *
|
|
||||||
+ * This library is free software; you can redistribute it and/or
|
|
||||||
+ * modify it under the terms of the GNU Lesser General Public
|
|
||||||
+ * License as published by the Free Software Foundation; either
|
|
||||||
+ * version 2.1 of the License, or (at your option) any later version.
|
|
||||||
+ *
|
|
||||||
+ * This library is distributed in the hope that it will be useful,
|
|
||||||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
+ * Lesser General Public License for more details.
|
|
||||||
+ *
|
|
||||||
+ * You should have received a copy of the GNU Lesser General Public License
|
|
||||||
+ * along with this library; if not, write to the Free Software Foundation,
|
|
||||||
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
||||||
+ *
|
|
||||||
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
||||||
+ * or visit www.oracle.com if you need additional information or have any
|
|
||||||
+ * questions.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+/* *********************************************************************
|
|
||||||
+ *
|
|
||||||
+ * The Original Code is the Netscape security libraries.
|
|
||||||
+ *
|
|
||||||
+ * The Initial Developer of the Original Code is
|
|
||||||
+ * Netscape Communications Corporation.
|
|
||||||
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
|
|
||||||
+ * the Initial Developer. All Rights Reserved.
|
|
||||||
+ *
|
|
||||||
+ * Contributor(s):
|
|
||||||
+ * Dr Vipul Gupta <vipul.gupta@sun.com> and
|
|
||||||
+ * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
|
|
||||||
+ *
|
|
||||||
+ * Last Modified Date from the Original Code: May 2017
|
|
||||||
+ *********************************************************************** */
|
|
||||||
+
|
|
||||||
+#ifndef _ECC_IMPL_H
|
|
||||||
+#define _ECC_IMPL_H
|
|
||||||
+
|
|
||||||
+#ifdef __cplusplus
|
|
||||||
+extern "C" {
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+#include <sys/types.h>
|
|
||||||
+
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+#include <secitem.h>
|
|
||||||
+#include <secerr.h>
|
|
||||||
+#include <keythi.h>
|
|
||||||
+#ifdef LEGACY_NSS
|
|
||||||
+#include <softoken.h>
|
|
||||||
+#else
|
|
||||||
+#include <blapi.h>
|
|
||||||
+#endif
|
|
||||||
+#else
|
|
||||||
+#include "ecl-exp.h"
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Multi-platform definitions
|
|
||||||
+ */
|
|
||||||
+#ifdef __linux__
|
|
||||||
+#define B_FALSE FALSE
|
|
||||||
+#define B_TRUE TRUE
|
|
||||||
+typedef unsigned char uint8_t;
|
|
||||||
+typedef unsigned long ulong_t;
|
|
||||||
+typedef enum { B_FALSE, B_TRUE } boolean_t;
|
|
||||||
+#endif /* __linux__ */
|
|
||||||
+
|
|
||||||
+#ifdef _ALLBSD_SOURCE
|
|
||||||
+#include <stdint.h>
|
|
||||||
+#define B_FALSE FALSE
|
|
||||||
+#define B_TRUE TRUE
|
|
||||||
+typedef unsigned long ulong_t;
|
|
||||||
+typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
|
|
||||||
+#endif /* _ALLBSD_SOURCE */
|
|
||||||
+
|
|
||||||
+#ifdef AIX
|
|
||||||
+#define B_FALSE FALSE
|
|
||||||
+#define B_TRUE TRUE
|
|
||||||
+typedef unsigned char uint8_t;
|
|
||||||
+typedef unsigned long ulong_t;
|
|
||||||
+#endif /* AIX */
|
|
||||||
+
|
|
||||||
+#ifdef _WIN32
|
|
||||||
+typedef unsigned char uint8_t;
|
|
||||||
+typedef unsigned long ulong_t;
|
|
||||||
+typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
|
|
||||||
+#define strdup _strdup /* Replace POSIX name with ISO C++ name */
|
|
||||||
+#endif /* _WIN32 */
|
|
||||||
+
|
|
||||||
+#ifndef _KERNEL
|
|
||||||
+#include <stdlib.h>
|
|
||||||
+#endif /* _KERNEL */
|
|
||||||
+
|
|
||||||
+#define EC_MAX_DIGEST_LEN 1024 /* max digest that can be signed */
|
|
||||||
+#define EC_MAX_POINT_LEN 145 /* max len of DER encoded Q */
|
|
||||||
+#define EC_MAX_VALUE_LEN 72 /* max len of ANSI X9.62 private value d */
|
|
||||||
+#define EC_MAX_SIG_LEN 144 /* max signature len for supported curves */
|
|
||||||
+#define EC_MIN_KEY_LEN 112 /* min key length in bits */
|
|
||||||
+#define EC_MAX_KEY_LEN 571 /* max key length in bits */
|
|
||||||
+#define EC_MAX_OID_LEN 10 /* max length of OID buffer */
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Various structures and definitions from NSS are here.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#ifndef SYSTEM_NSS
|
|
||||||
+#ifdef _KERNEL
|
|
||||||
+#define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f))
|
|
||||||
+#define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f))
|
|
||||||
+#define PORT_ArenaGrow(a, b, c, d) NULL
|
|
||||||
+#define PORT_ZAlloc(n, f) kmem_zalloc((n), (f))
|
|
||||||
+#define PORT_Alloc(n, f) kmem_alloc((n), (f))
|
|
||||||
+#else
|
|
||||||
+#define PORT_ArenaAlloc(a, n, f) malloc((n))
|
|
||||||
+#define PORT_ArenaZAlloc(a, n, f) calloc(1, (n))
|
|
||||||
+#define PORT_ArenaGrow(a, b, c, d) NULL
|
|
||||||
+#define PORT_ZAlloc(n, f) calloc(1, (n))
|
|
||||||
+#define PORT_Alloc(n, f) malloc((n))
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+#define PORT_NewArena(b) (char *)12345
|
|
||||||
+#define PORT_ArenaMark(a) NULL
|
|
||||||
+#define PORT_ArenaUnmark(a, b)
|
|
||||||
+#define PORT_ArenaRelease(a, m)
|
|
||||||
+#define PORT_FreeArena(a, b)
|
|
||||||
+#define PORT_Strlen(s) strlen((s))
|
|
||||||
+#define PORT_SetError(e)
|
|
||||||
+
|
|
||||||
+#define PRBool boolean_t
|
|
||||||
+#define PR_TRUE B_TRUE
|
|
||||||
+#define PR_FALSE B_FALSE
|
|
||||||
+
|
|
||||||
+#ifdef _KERNEL
|
|
||||||
+#define PORT_Assert ASSERT
|
|
||||||
+#define PORT_Memcpy(t, f, l) bcopy((f), (t), (l))
|
|
||||||
+#else
|
|
||||||
+#define PORT_Assert assert
|
|
||||||
+#define PORT_Memcpy(t, f, l) memcpy((t), (f), (l))
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+#define CHECK_OK(func) if (func == NULL) goto cleanup
|
|
||||||
+#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
|
|
||||||
+
|
|
||||||
+#ifndef SYSTEM_NSS
|
|
||||||
+typedef enum {
|
|
||||||
+ siBuffer = 0,
|
|
||||||
+ siClearDataBuffer = 1,
|
|
||||||
+ siCipherDataBuffer = 2,
|
|
||||||
+ siDERCertBuffer = 3,
|
|
||||||
+ siEncodedCertBuffer = 4,
|
|
||||||
+ siDERNameBuffer = 5,
|
|
||||||
+ siEncodedNameBuffer = 6,
|
|
||||||
+ siAsciiNameString = 7,
|
|
||||||
+ siAsciiString = 8,
|
|
||||||
+ siDEROID = 9,
|
|
||||||
+ siUnsignedInteger = 10,
|
|
||||||
+ siUTCTime = 11,
|
|
||||||
+ siGeneralizedTime = 12
|
|
||||||
+} SECItemType;
|
|
||||||
+
|
|
||||||
+typedef struct SECItemStr SECItem;
|
|
||||||
+
|
|
||||||
+struct SECItemStr {
|
|
||||||
+ SECItemType type;
|
|
||||||
+ unsigned char *data;
|
|
||||||
+ unsigned int len;
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+typedef SECItem SECKEYECParams;
|
|
||||||
+
|
|
||||||
+typedef enum { ec_params_explicit,
|
|
||||||
+ ec_params_named
|
|
||||||
+} ECParamsType;
|
|
||||||
+
|
|
||||||
+typedef enum { ec_field_GFp = 1,
|
|
||||||
+ ec_field_GF2m
|
|
||||||
+} ECFieldType;
|
|
||||||
+
|
|
||||||
+struct ECFieldIDStr {
|
|
||||||
+ int size; /* field size in bits */
|
|
||||||
+ ECFieldType type;
|
|
||||||
+ union {
|
|
||||||
+ SECItem prime; /* prime p for (GFp) */
|
|
||||||
+ SECItem poly; /* irreducible binary polynomial for (GF2m) */
|
|
||||||
+ } u;
|
|
||||||
+ int k1; /* first coefficient of pentanomial or
|
|
||||||
+ * the only coefficient of trinomial
|
|
||||||
+ */
|
|
||||||
+ int k2; /* two remaining coefficients of pentanomial */
|
|
||||||
+ int k3;
|
|
||||||
+};
|
|
||||||
+typedef struct ECFieldIDStr ECFieldID;
|
|
||||||
+
|
|
||||||
+struct ECCurveStr {
|
|
||||||
+ SECItem a; /* contains octet stream encoding of
|
|
||||||
+ * field element (X9.62 section 4.3.3)
|
|
||||||
+ */
|
|
||||||
+ SECItem b;
|
|
||||||
+ SECItem seed;
|
|
||||||
+};
|
|
||||||
+typedef struct ECCurveStr ECCurve;
|
|
||||||
+
|
|
||||||
+typedef void PRArenaPool;
|
|
||||||
+
|
|
||||||
+struct ECParamsStr {
|
|
||||||
+ PRArenaPool * arena;
|
|
||||||
+ ECParamsType type;
|
|
||||||
+ ECFieldID fieldID;
|
|
||||||
+ ECCurve curve;
|
|
||||||
+ SECItem base;
|
|
||||||
+ SECItem order;
|
|
||||||
+ int cofactor;
|
|
||||||
+ SECItem DEREncoding;
|
|
||||||
+ ECCurveName name;
|
|
||||||
+ SECItem curveOID;
|
|
||||||
+};
|
|
||||||
+typedef struct ECParamsStr ECParams;
|
|
||||||
+
|
|
||||||
+struct ECPublicKeyStr {
|
|
||||||
+ ECParams ecParams;
|
|
||||||
+ SECItem publicValue; /* elliptic curve point encoded as
|
|
||||||
+ * octet stream.
|
|
||||||
+ */
|
|
||||||
+};
|
|
||||||
+typedef struct ECPublicKeyStr ECPublicKey;
|
|
||||||
+
|
|
||||||
+struct ECPrivateKeyStr {
|
|
||||||
+ ECParams ecParams;
|
|
||||||
+ SECItem publicValue; /* encoded ec point */
|
|
||||||
+ SECItem privateValue; /* private big integer */
|
|
||||||
+ SECItem version; /* As per SEC 1, Appendix C, Section C.4 */
|
|
||||||
+};
|
|
||||||
+typedef struct ECPrivateKeyStr ECPrivateKey;
|
|
||||||
+
|
|
||||||
+typedef enum _SECStatus {
|
|
||||||
+ SECBufferTooSmall = -3,
|
|
||||||
+ SECWouldBlock = -2,
|
|
||||||
+ SECFailure = -1,
|
|
||||||
+ SECSuccess = 0
|
|
||||||
+} SECStatus;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+#ifdef _KERNEL
|
|
||||||
+#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l))
|
|
||||||
+#else
|
|
||||||
+/*
|
|
||||||
+ This function is no longer required because the random bytes are now
|
|
||||||
+ supplied by the caller. Force a failure.
|
|
||||||
+*/
|
|
||||||
+#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
|
|
||||||
+#endif
|
|
||||||
+#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
|
|
||||||
+#define MP_TO_SEC_ERROR(err)
|
|
||||||
+
|
|
||||||
+#define SECITEM_TO_MPINT(it, mp) \
|
|
||||||
+ CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len))
|
|
||||||
+
|
|
||||||
+extern int ecc_knzero_random_generator(uint8_t *, size_t);
|
|
||||||
+extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t);
|
|
||||||
+
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
|
|
||||||
+#define EC_NewKey(a,b,c,d,e) EC_NewKeyFromSeed(a,b,c,d)
|
|
||||||
+#define ECDSA_SignDigest(a,b,c,d,e,f,g) ECDSA_SignDigestWithSeed(a,b,c,d,e)
|
|
||||||
+#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
|
|
||||||
+#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
|
|
||||||
+#else
|
|
||||||
+extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int);
|
|
||||||
+
|
|
||||||
+extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int);
|
|
||||||
+extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *,
|
|
||||||
+ int);
|
|
||||||
+extern void SECITEM_FreeItem(SECItem *, boolean_t);
|
|
||||||
+
|
|
||||||
+/* This function has been modified to accept an array of random bytes */
|
|
||||||
+extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
|
|
||||||
+ const unsigned char* random, int randomlen, int);
|
|
||||||
+/* This function has been modified to accept an array of random bytes */
|
|
||||||
+extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *,
|
|
||||||
+ const unsigned char* random, int randomlen, int, int timing);
|
|
||||||
+extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *,
|
|
||||||
+ const SECItem *, int);
|
|
||||||
+extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t,
|
|
||||||
+ SECItem *, int);
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+#ifdef __cplusplus
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+#endif /* _ECC_IMPL_H */
|
|
||||||
diff -r 984a4af2ed4e src/share/native/sun/security/ec/impl/ecc_impl.h
|
|
||||||
--- openjdk/jdk/src/share/native/sun/security/ec/impl/ecc_impl.h
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,271 +0,0 @@
|
|
||||||
-/*
|
|
||||||
- * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
|
|
||||||
- * Use is subject to license terms.
|
|
||||||
- *
|
|
||||||
- * This library is free software; you can redistribute it and/or
|
|
||||||
- * modify it under the terms of the GNU Lesser General Public
|
|
||||||
- * License as published by the Free Software Foundation; either
|
|
||||||
- * version 2.1 of the License, or (at your option) any later version.
|
|
||||||
- *
|
|
||||||
- * This library is distributed in the hope that it will be useful,
|
|
||||||
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
- * Lesser General Public License for more details.
|
|
||||||
- *
|
|
||||||
- * You should have received a copy of the GNU Lesser General Public License
|
|
||||||
- * along with this library; if not, write to the Free Software Foundation,
|
|
||||||
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
||||||
- *
|
|
||||||
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
||||||
- * or visit www.oracle.com if you need additional information or have any
|
|
||||||
- * questions.
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-/* *********************************************************************
|
|
||||||
- *
|
|
||||||
- * The Original Code is the Netscape security libraries.
|
|
||||||
- *
|
|
||||||
- * The Initial Developer of the Original Code is
|
|
||||||
- * Netscape Communications Corporation.
|
|
||||||
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
|
|
||||||
- * the Initial Developer. All Rights Reserved.
|
|
||||||
- *
|
|
||||||
- * Contributor(s):
|
|
||||||
- * Dr Vipul Gupta <vipul.gupta@sun.com> and
|
|
||||||
- * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
|
|
||||||
- *
|
|
||||||
- * Last Modified Date from the Original Code: May 2017
|
|
||||||
- *********************************************************************** */
|
|
||||||
-
|
|
||||||
-#ifndef _ECC_IMPL_H
|
|
||||||
-#define _ECC_IMPL_H
|
|
||||||
-
|
|
||||||
-#ifdef __cplusplus
|
|
||||||
-extern "C" {
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
-#include <sys/types.h>
|
|
||||||
-#include "ecl-exp.h"
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * Multi-platform definitions
|
|
||||||
- */
|
|
||||||
-#ifdef __linux__
|
|
||||||
-#define B_FALSE FALSE
|
|
||||||
-#define B_TRUE TRUE
|
|
||||||
-typedef unsigned char uint8_t;
|
|
||||||
-typedef unsigned long ulong_t;
|
|
||||||
-typedef enum { B_FALSE, B_TRUE } boolean_t;
|
|
||||||
-#endif /* __linux__ */
|
|
||||||
-
|
|
||||||
-#ifdef _ALLBSD_SOURCE
|
|
||||||
-#include <stdint.h>
|
|
||||||
-#define B_FALSE FALSE
|
|
||||||
-#define B_TRUE TRUE
|
|
||||||
-typedef unsigned long ulong_t;
|
|
||||||
-typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
|
|
||||||
-#endif /* _ALLBSD_SOURCE */
|
|
||||||
-
|
|
||||||
-#ifdef AIX
|
|
||||||
-#define B_FALSE FALSE
|
|
||||||
-#define B_TRUE TRUE
|
|
||||||
-typedef unsigned char uint8_t;
|
|
||||||
-typedef unsigned long ulong_t;
|
|
||||||
-#endif /* AIX */
|
|
||||||
-
|
|
||||||
-#ifdef _WIN32
|
|
||||||
-typedef unsigned char uint8_t;
|
|
||||||
-typedef unsigned long ulong_t;
|
|
||||||
-typedef enum boolean { B_FALSE, B_TRUE } boolean_t;
|
|
||||||
-#define strdup _strdup /* Replace POSIX name with ISO C++ name */
|
|
||||||
-#endif /* _WIN32 */
|
|
||||||
-
|
|
||||||
-#ifndef _KERNEL
|
|
||||||
-#include <stdlib.h>
|
|
||||||
-#endif /* _KERNEL */
|
|
||||||
-
|
|
||||||
-#define EC_MAX_DIGEST_LEN 1024 /* max digest that can be signed */
|
|
||||||
-#define EC_MAX_POINT_LEN 145 /* max len of DER encoded Q */
|
|
||||||
-#define EC_MAX_VALUE_LEN 72 /* max len of ANSI X9.62 private value d */
|
|
||||||
-#define EC_MAX_SIG_LEN 144 /* max signature len for supported curves */
|
|
||||||
-#define EC_MIN_KEY_LEN 112 /* min key length in bits */
|
|
||||||
-#define EC_MAX_KEY_LEN 571 /* max key length in bits */
|
|
||||||
-#define EC_MAX_OID_LEN 10 /* max length of OID buffer */
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * Various structures and definitions from NSS are here.
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
-#ifdef _KERNEL
|
|
||||||
-#define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f))
|
|
||||||
-#define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f))
|
|
||||||
-#define PORT_ArenaGrow(a, b, c, d) NULL
|
|
||||||
-#define PORT_ZAlloc(n, f) kmem_zalloc((n), (f))
|
|
||||||
-#define PORT_Alloc(n, f) kmem_alloc((n), (f))
|
|
||||||
-#else
|
|
||||||
-#define PORT_ArenaAlloc(a, n, f) malloc((n))
|
|
||||||
-#define PORT_ArenaZAlloc(a, n, f) calloc(1, (n))
|
|
||||||
-#define PORT_ArenaGrow(a, b, c, d) NULL
|
|
||||||
-#define PORT_ZAlloc(n, f) calloc(1, (n))
|
|
||||||
-#define PORT_Alloc(n, f) malloc((n))
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
-#define PORT_NewArena(b) (char *)12345
|
|
||||||
-#define PORT_ArenaMark(a) NULL
|
|
||||||
-#define PORT_ArenaUnmark(a, b)
|
|
||||||
-#define PORT_ArenaRelease(a, m)
|
|
||||||
-#define PORT_FreeArena(a, b)
|
|
||||||
-#define PORT_Strlen(s) strlen((s))
|
|
||||||
-#define PORT_SetError(e)
|
|
||||||
-
|
|
||||||
-#define PRBool boolean_t
|
|
||||||
-#define PR_TRUE B_TRUE
|
|
||||||
-#define PR_FALSE B_FALSE
|
|
||||||
-
|
|
||||||
-#ifdef _KERNEL
|
|
||||||
-#define PORT_Assert ASSERT
|
|
||||||
-#define PORT_Memcpy(t, f, l) bcopy((f), (t), (l))
|
|
||||||
-#else
|
|
||||||
-#define PORT_Assert assert
|
|
||||||
-#define PORT_Memcpy(t, f, l) memcpy((t), (f), (l))
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
-#define CHECK_OK(func) if (func == NULL) goto cleanup
|
|
||||||
-#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
|
|
||||||
-
|
|
||||||
-typedef enum {
|
|
||||||
- siBuffer = 0,
|
|
||||||
- siClearDataBuffer = 1,
|
|
||||||
- siCipherDataBuffer = 2,
|
|
||||||
- siDERCertBuffer = 3,
|
|
||||||
- siEncodedCertBuffer = 4,
|
|
||||||
- siDERNameBuffer = 5,
|
|
||||||
- siEncodedNameBuffer = 6,
|
|
||||||
- siAsciiNameString = 7,
|
|
||||||
- siAsciiString = 8,
|
|
||||||
- siDEROID = 9,
|
|
||||||
- siUnsignedInteger = 10,
|
|
||||||
- siUTCTime = 11,
|
|
||||||
- siGeneralizedTime = 12
|
|
||||||
-} SECItemType;
|
|
||||||
-
|
|
||||||
-typedef struct SECItemStr SECItem;
|
|
||||||
-
|
|
||||||
-struct SECItemStr {
|
|
||||||
- SECItemType type;
|
|
||||||
- unsigned char *data;
|
|
||||||
- unsigned int len;
|
|
||||||
-};
|
|
||||||
-
|
|
||||||
-typedef SECItem SECKEYECParams;
|
|
||||||
-
|
|
||||||
-typedef enum { ec_params_explicit,
|
|
||||||
- ec_params_named
|
|
||||||
-} ECParamsType;
|
|
||||||
-
|
|
||||||
-typedef enum { ec_field_GFp = 1,
|
|
||||||
- ec_field_GF2m
|
|
||||||
-} ECFieldType;
|
|
||||||
-
|
|
||||||
-struct ECFieldIDStr {
|
|
||||||
- int size; /* field size in bits */
|
|
||||||
- ECFieldType type;
|
|
||||||
- union {
|
|
||||||
- SECItem prime; /* prime p for (GFp) */
|
|
||||||
- SECItem poly; /* irreducible binary polynomial for (GF2m) */
|
|
||||||
- } u;
|
|
||||||
- int k1; /* first coefficient of pentanomial or
|
|
||||||
- * the only coefficient of trinomial
|
|
||||||
- */
|
|
||||||
- int k2; /* two remaining coefficients of pentanomial */
|
|
||||||
- int k3;
|
|
||||||
-};
|
|
||||||
-typedef struct ECFieldIDStr ECFieldID;
|
|
||||||
-
|
|
||||||
-struct ECCurveStr {
|
|
||||||
- SECItem a; /* contains octet stream encoding of
|
|
||||||
- * field element (X9.62 section 4.3.3)
|
|
||||||
- */
|
|
||||||
- SECItem b;
|
|
||||||
- SECItem seed;
|
|
||||||
-};
|
|
||||||
-typedef struct ECCurveStr ECCurve;
|
|
||||||
-
|
|
||||||
-typedef void PRArenaPool;
|
|
||||||
-
|
|
||||||
-struct ECParamsStr {
|
|
||||||
- PRArenaPool * arena;
|
|
||||||
- ECParamsType type;
|
|
||||||
- ECFieldID fieldID;
|
|
||||||
- ECCurve curve;
|
|
||||||
- SECItem base;
|
|
||||||
- SECItem order;
|
|
||||||
- int cofactor;
|
|
||||||
- SECItem DEREncoding;
|
|
||||||
- ECCurveName name;
|
|
||||||
- SECItem curveOID;
|
|
||||||
-};
|
|
||||||
-typedef struct ECParamsStr ECParams;
|
|
||||||
-
|
|
||||||
-struct ECPublicKeyStr {
|
|
||||||
- ECParams ecParams;
|
|
||||||
- SECItem publicValue; /* elliptic curve point encoded as
|
|
||||||
- * octet stream.
|
|
||||||
- */
|
|
||||||
-};
|
|
||||||
-typedef struct ECPublicKeyStr ECPublicKey;
|
|
||||||
-
|
|
||||||
-struct ECPrivateKeyStr {
|
|
||||||
- ECParams ecParams;
|
|
||||||
- SECItem publicValue; /* encoded ec point */
|
|
||||||
- SECItem privateValue; /* private big integer */
|
|
||||||
- SECItem version; /* As per SEC 1, Appendix C, Section C.4 */
|
|
||||||
-};
|
|
||||||
-typedef struct ECPrivateKeyStr ECPrivateKey;
|
|
||||||
-
|
|
||||||
-typedef enum _SECStatus {
|
|
||||||
- SECBufferTooSmall = -3,
|
|
||||||
- SECWouldBlock = -2,
|
|
||||||
- SECFailure = -1,
|
|
||||||
- SECSuccess = 0
|
|
||||||
-} SECStatus;
|
|
||||||
-
|
|
||||||
-#ifdef _KERNEL
|
|
||||||
-#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l))
|
|
||||||
-#else
|
|
||||||
-/*
|
|
||||||
- This function is no longer required because the random bytes are now
|
|
||||||
- supplied by the caller. Force a failure.
|
|
||||||
-*/
|
|
||||||
-#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
|
|
||||||
-#endif
|
|
||||||
-#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
|
|
||||||
-#define MP_TO_SEC_ERROR(err)
|
|
||||||
-
|
|
||||||
-#define SECITEM_TO_MPINT(it, mp) \
|
|
||||||
- CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len))
|
|
||||||
-
|
|
||||||
-extern int ecc_knzero_random_generator(uint8_t *, size_t);
|
|
||||||
-extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t);
|
|
||||||
-
|
|
||||||
-extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int);
|
|
||||||
-extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int);
|
|
||||||
-extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *,
|
|
||||||
- int);
|
|
||||||
-extern void SECITEM_FreeItem(SECItem *, boolean_t);
|
|
||||||
-/* This function has been modified to accept an array of random bytes */
|
|
||||||
-extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
|
|
||||||
- const unsigned char* random, int randomlen, int);
|
|
||||||
-/* This function has been modified to accept an array of random bytes */
|
|
||||||
-extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *,
|
|
||||||
- const unsigned char* random, int randomlen, int, int timing);
|
|
||||||
-extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *,
|
|
||||||
- const SECItem *, int);
|
|
||||||
-extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t,
|
|
||||||
- SECItem *, int);
|
|
||||||
-
|
|
||||||
-#ifdef __cplusplus
|
|
||||||
-}
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
-#endif /* _ECC_IMPL_H */
|
|
||||||
diff -r 984a4af2ed4e src/solaris/javavm/export/jni_md.h
|
|
||||||
--- openjdk/jdk/src/solaris/javavm/export/jni_md.h
|
|
||||||
+++ openjdk/jdk/src/solaris/javavm/export/jni_md.h
|
|
||||||
@@ -36,6 +36,11 @@
|
|
||||||
#define JNIEXPORT
|
|
||||||
#define JNIIMPORT
|
|
||||||
#endif
|
|
||||||
+#if (defined(__GNUC__)) || __has_attribute(unused)
|
|
||||||
+ #define UNUSED(x) UNUSED_ ## x __attribute__((__unused__))
|
|
||||||
+#else
|
|
||||||
+ #define UNUSED(x) UNUSED_ ## x
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
#define JNICALL
|
|
||||||
|
|
@ -1,89 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User andrew
|
|
||||||
# Date 1453863007 0
|
|
||||||
# Wed Jan 27 02:50:07 2016 +0000
|
|
||||||
# Node ID f0635543beb309c4da1bb88c906a76ee4b75e16d
|
|
||||||
# Parent 4a5a0d4e1ae0feec2f47d17be380d6fcd5eff126
|
|
||||||
PR1983: Support using the system installation of NSS with the SunEC provider
|
|
||||||
Summary: Add new configure option --enable-system-nss
|
|
||||||
|
|
||||||
diff -r 92af9369869f common/autoconf/jdk-options.m4
|
|
||||||
--- openjdk/common/autoconf/jdk-options.m4 Thu Jan 21 22:17:02 2016 +0000
|
|
||||||
+++ openjdk/common/autoconf/jdk-options.m4 Wed Jan 27 05:32:12 2016 +0000
|
|
||||||
@@ -414,9 +414,10 @@
|
|
||||||
#
|
|
||||||
AC_DEFUN_ONCE([JDKOPT_DETECT_INTREE_EC],
|
|
||||||
[
|
|
||||||
- AC_MSG_CHECKING([if elliptic curve crypto implementation is present])
|
|
||||||
+ AC_REQUIRE([LIB_SETUP_MISC_LIBS])
|
|
||||||
+ AC_MSG_CHECKING([if the elliptic curve crypto implementation is present])
|
|
||||||
|
|
||||||
- if test -d "${SRC_ROOT}/jdk/src/share/native/sun/security/ec/impl"; then
|
|
||||||
+ if test "x${system_nss}" = "xyes" -o -d "${SRC_ROOT}/jdk/src/share/native/sun/security/ec/impl"; then
|
|
||||||
ENABLE_INTREE_EC=yes
|
|
||||||
AC_MSG_RESULT([yes])
|
|
||||||
else
|
|
||||||
diff -r 92af9369869f common/autoconf/libraries.m4
|
|
||||||
--- openjdk/common/autoconf/libraries.m4 Thu Jan 21 22:17:02 2016 +0000
|
|
||||||
+++ openjdk/common/autoconf/libraries.m4 Wed Jan 27 05:32:12 2016 +0000
|
|
||||||
@@ -731,6 +731,47 @@
|
|
||||||
LIBDL="$LIBS"
|
|
||||||
AC_SUBST(LIBDL)
|
|
||||||
LIBS="$save_LIBS"
|
|
||||||
+
|
|
||||||
+ ###############################################################################
|
|
||||||
+ #
|
|
||||||
+ # Check for the NSS libraries
|
|
||||||
+ #
|
|
||||||
+
|
|
||||||
+ AC_MSG_CHECKING([whether to build the Sun EC provider against the system NSS libraries])
|
|
||||||
+
|
|
||||||
+ # default is bundled
|
|
||||||
+ DEFAULT_SYSTEM_NSS=no
|
|
||||||
+
|
|
||||||
+ AC_ARG_ENABLE([system-nss], [AS_HELP_STRING([--enable-system-nss],
|
|
||||||
+ [build the SunEC provider using the system NSS libraries @<:@disabled@:>@])],
|
|
||||||
+ [
|
|
||||||
+ case "${enableval}" in
|
|
||||||
+ yes)
|
|
||||||
+ system_nss=yes
|
|
||||||
+ ;;
|
|
||||||
+ *)
|
|
||||||
+ system_nss=no
|
|
||||||
+ ;;
|
|
||||||
+ esac
|
|
||||||
+ ],
|
|
||||||
+ [
|
|
||||||
+ system_nss=${DEFAULT_SYSTEM_NSS}
|
|
||||||
+ ])
|
|
||||||
+ AC_MSG_RESULT([$system_nss])
|
|
||||||
+
|
|
||||||
+ if test "x${system_nss}" = "xyes"; then
|
|
||||||
+ PKG_CHECK_MODULES(NSS, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no])
|
|
||||||
+ if test "x${NSS_SOFTOKN_FOUND}" = "xyes"; then
|
|
||||||
+ NSS_LIBS="$NSS_LIBS -lfreebl";
|
|
||||||
+ USE_EXTERNAL_NSS=true
|
|
||||||
+ else
|
|
||||||
+ AC_MSG_ERROR([--enable-system-nss specified, but NSS not found.])
|
|
||||||
+ fi
|
|
||||||
+ else
|
|
||||||
+ USE_EXTERNAL_NSS=false
|
|
||||||
+ fi
|
|
||||||
+ AC_SUBST(USE_EXTERNAL_NSS)
|
|
||||||
+
|
|
||||||
])
|
|
||||||
|
|
||||||
AC_DEFUN_ONCE([LIB_SETUP_STATIC_LINK_LIBSTDCPP],
|
|
||||||
diff -r 92af9369869f common/autoconf/spec.gmk.in
|
|
||||||
--- openjdk/common/autoconf/spec.gmk.in Thu Jan 21 22:17:02 2016 +0000
|
|
||||||
+++ openjdk/common/autoconf/spec.gmk.in Wed Jan 27 05:32:12 2016 +0000
|
|
||||||
@@ -647,6 +647,9 @@
|
|
||||||
# Read-only single-machine data
|
|
||||||
INSTALL_SYSCONFDIR=@sysconfdir@
|
|
||||||
|
|
||||||
+USE_EXTERNAL_NSS:=@USE_EXTERNAL_NSS@
|
|
||||||
+NSS_LIBS:=@NSS_LIBS@
|
|
||||||
+NSS_CFLAGS:=@NSS_CFLAGS@
|
|
||||||
|
|
||||||
####################################################
|
|
||||||
#
|
|
@ -1,178 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User andrew
|
|
||||||
# Date 1453866306 0
|
|
||||||
# Wed Jan 27 03:45:06 2016 +0000
|
|
||||||
# Node ID 0ff7720931e8dbf7de25720bdc93b18527ab89e8
|
|
||||||
# Parent 48c15869ecd568263249af4b9a4e98d4e57f9a8f
|
|
||||||
PR2127: SunEC provider crashes when built using system NSS
|
|
||||||
Summary: Use NSS memory management functions
|
|
||||||
|
|
||||||
diff -r 48c15869ecd5 -r 0ff7720931e8 src/share/native/sun/security/ec/ECC_JNI.cpp
|
|
||||||
--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 02:54:06 2016 +0000
|
|
||||||
+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 03:45:06 2016 +0000
|
|
||||||
@@ -32,6 +32,13 @@
|
|
||||||
#define INVALID_PARAMETER_EXCEPTION \
|
|
||||||
"java/security/InvalidParameterException"
|
|
||||||
#define KEY_EXCEPTION "java/security/KeyException"
|
|
||||||
+#define INTERNAL_ERROR "java/lang/InternalError"
|
|
||||||
+
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+#define SYSTEM_UNUSED(x) UNUSED(x)
|
|
||||||
+#else
|
|
||||||
+#define SYSTEM_UNUSED(x) x
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
extern "C" {
|
|
||||||
|
|
||||||
@@ -49,8 +56,13 @@
|
|
||||||
/*
|
|
||||||
* Deep free of the ECParams struct
|
|
||||||
*/
|
|
||||||
-void FreeECParams(ECParams *ecparams, jboolean freeStruct)
|
|
||||||
+void FreeECParams(ECParams *ecparams, jboolean SYSTEM_UNUSED(freeStruct))
|
|
||||||
{
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+ // Needs to be freed using the matching method to the one
|
|
||||||
+ // that allocated it. PR_TRUE means the memory is zeroed.
|
|
||||||
+ PORT_FreeArena(ecparams->arena, PR_TRUE);
|
|
||||||
+#else
|
|
||||||
// Use B_FALSE to free the SECItem->data element, but not the SECItem itself
|
|
||||||
// Use B_TRUE to free both
|
|
||||||
|
|
||||||
@@ -64,6 +76,7 @@
|
|
||||||
SECITEM_FreeItem(&ecparams->curveOID, B_FALSE);
|
|
||||||
if (freeStruct)
|
|
||||||
free(ecparams);
|
|
||||||
+#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem)
|
|
||||||
@@ -108,6 +121,13 @@
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+ if (SECOID_Init() != SECSuccess) {
|
|
||||||
+ ThrowException(env, INTERNAL_ERROR);
|
|
||||||
+ goto cleanup;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
// Fill a new ECParams using the supplied OID
|
|
||||||
if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) {
|
|
||||||
/* bad curve OID */
|
|
||||||
@@ -163,16 +183,26 @@
|
|
||||||
if (params_item.data) {
|
|
||||||
env->ReleaseByteArrayElements(encodedParams,
|
|
||||||
(jbyte *) params_item.data, JNI_ABORT);
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+ if (SECOID_Shutdown() != SECSuccess) {
|
|
||||||
+ ThrowException(env, INTERNAL_ERROR);
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
}
|
|
||||||
if (ecparams) {
|
|
||||||
FreeECParams(ecparams, true);
|
|
||||||
}
|
|
||||||
if (privKey) {
|
|
||||||
FreeECParams(&privKey->ecParams, false);
|
|
||||||
+#ifndef SYSTEM_NSS
|
|
||||||
+ // The entire ECPrivateKey is allocated in the arena
|
|
||||||
+ // when using system NSS, so only the in-tree version
|
|
||||||
+ // needs to clear these manually.
|
|
||||||
SECITEM_FreeItem(&privKey->version, B_FALSE);
|
|
||||||
SECITEM_FreeItem(&privKey->privateValue, B_FALSE);
|
|
||||||
SECITEM_FreeItem(&privKey->publicValue, B_FALSE);
|
|
||||||
free(privKey);
|
|
||||||
+#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pSeedBuffer) {
|
|
||||||
@@ -223,6 +253,13 @@
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+ if (SECOID_Init() != SECSuccess) {
|
|
||||||
+ ThrowException(env, INTERNAL_ERROR);
|
|
||||||
+ goto cleanup;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
// Fill a new ECParams using the supplied OID
|
|
||||||
if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) {
|
|
||||||
/* bad curve OID */
|
|
||||||
@@ -270,6 +307,11 @@
|
|
||||||
if (params_item.data) {
|
|
||||||
env->ReleaseByteArrayElements(encodedParams,
|
|
||||||
(jbyte *) params_item.data, JNI_ABORT);
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+ if (SECOID_Shutdown() != SECSuccess) {
|
|
||||||
+ ThrowException(env, INTERNAL_ERROR);
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
}
|
|
||||||
if (privKey.privateValue.data) {
|
|
||||||
env->ReleaseByteArrayElements(privateKey,
|
|
||||||
@@ -336,6 +378,13 @@
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+ if (SECOID_Init() != SECSuccess) {
|
|
||||||
+ ThrowException(env, INTERNAL_ERROR);
|
|
||||||
+ goto cleanup;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
// Fill a new ECParams using the supplied OID
|
|
||||||
if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) {
|
|
||||||
/* bad curve OID */
|
|
||||||
@@ -356,9 +405,15 @@
|
|
||||||
|
|
||||||
cleanup:
|
|
||||||
{
|
|
||||||
- if (params_item.data)
|
|
||||||
+ if (params_item.data) {
|
|
||||||
env->ReleaseByteArrayElements(encodedParams,
|
|
||||||
(jbyte *) params_item.data, JNI_ABORT);
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+ if (SECOID_Shutdown() != SECSuccess) {
|
|
||||||
+ ThrowException(env, INTERNAL_ERROR);
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (pubKey.publicValue.data)
|
|
||||||
env->ReleaseByteArrayElements(publicKey,
|
|
||||||
@@ -419,6 +474,13 @@
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+ if (SECOID_Init() != SECSuccess) {
|
|
||||||
+ ThrowException(env, INTERNAL_ERROR);
|
|
||||||
+ goto cleanup;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
// Fill a new ECParams using the supplied OID
|
|
||||||
if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) {
|
|
||||||
/* bad curve OID */
|
|
||||||
@@ -460,9 +522,15 @@
|
|
||||||
env->ReleaseByteArrayElements(publicKey,
|
|
||||||
(jbyte *) publicValue_item.data, JNI_ABORT);
|
|
||||||
|
|
||||||
- if (params_item.data)
|
|
||||||
+ if (params_item.data) {
|
|
||||||
env->ReleaseByteArrayElements(encodedParams,
|
|
||||||
(jbyte *) params_item.data, JNI_ABORT);
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+ if (SECOID_Shutdown() != SECSuccess) {
|
|
||||||
+ ThrowException(env, INTERNAL_ERROR);
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (ecparams)
|
|
||||||
FreeECParams(ecparams, true);
|
|
@ -1,189 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User andrew
|
|
||||||
# Date 1453867347 0
|
|
||||||
# Wed Jan 27 04:02:27 2016 +0000
|
|
||||||
# Node ID 26e2e029ee256e9815fdc324831a03d8582255e1
|
|
||||||
# Parent 0ff7720931e8dbf7de25720bdc93b18527ab89e8
|
|
||||||
PR2815: Race condition in SunEC provider with system NSS
|
|
||||||
Summary: Perform initialisation and shutdown only when library is loaded or SunEC is finalized respectively
|
|
||||||
|
|
||||||
diff -r 0ff7720931e8 -r 26e2e029ee25 make/mapfiles/libsunec/mapfile-vers
|
|
||||||
--- openjdk/jdk/make/mapfiles/libsunec/mapfile-vers Wed Jan 27 03:45:06 2016 +0000
|
|
||||||
+++ openjdk/jdk/make/mapfiles/libsunec/mapfile-vers Wed Jan 27 04:02:27 2016 +0000
|
|
||||||
@@ -31,6 +31,8 @@
|
|
||||||
Java_sun_security_ec_ECDSASignature_signDigest;
|
|
||||||
Java_sun_security_ec_ECDSASignature_verifySignedDigest;
|
|
||||||
Java_sun_security_ec_ECDHKeyAgreement_deriveKey;
|
|
||||||
+ Java_sun_security_ec_SunEC_initialize;
|
|
||||||
+ Java_sun_security_ec_SunEC_cleanup;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
||||||
diff -r 0ff7720931e8 -r 26e2e029ee25 src/share/classes/sun/security/ec/SunEC.java
|
|
||||||
--- openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java Wed Jan 27 03:45:06 2016 +0000
|
|
||||||
+++ openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java Wed Jan 27 04:02:27 2016 +0000
|
|
||||||
@@ -58,6 +58,7 @@
|
|
||||||
AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
|
||||||
public Void run() {
|
|
||||||
System.loadLibrary("sunec"); // check for native library
|
|
||||||
+ initialize();
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
});
|
|
||||||
@@ -81,4 +82,22 @@
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /**
|
|
||||||
+ * Cleanup native resources during finalisation.
|
|
||||||
+ */
|
|
||||||
+ @Override
|
|
||||||
+ protected void finalize() {
|
|
||||||
+ cleanup();
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /**
|
|
||||||
+ * Initialize the native code.
|
|
||||||
+ */
|
|
||||||
+ private static native void initialize();
|
|
||||||
+
|
|
||||||
+ /**
|
|
||||||
+ * Cleanup in the native layer.
|
|
||||||
+ */
|
|
||||||
+ private static native void cleanup();
|
|
||||||
+
|
|
||||||
}
|
|
||||||
diff -r 0ff7720931e8 -r 26e2e029ee25 src/share/native/sun/security/ec/ECC_JNI.cpp
|
|
||||||
--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 03:45:06 2016 +0000
|
|
||||||
+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 04:02:27 2016 +0000
|
|
||||||
@@ -121,13 +121,6 @@
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
-#ifdef SYSTEM_NSS
|
|
||||||
- if (SECOID_Init() != SECSuccess) {
|
|
||||||
- ThrowException(env, INTERNAL_ERROR);
|
|
||||||
- goto cleanup;
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
// Fill a new ECParams using the supplied OID
|
|
||||||
if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) {
|
|
||||||
/* bad curve OID */
|
|
||||||
@@ -183,11 +176,6 @@
|
|
||||||
if (params_item.data) {
|
|
||||||
env->ReleaseByteArrayElements(encodedParams,
|
|
||||||
(jbyte *) params_item.data, JNI_ABORT);
|
|
||||||
-#ifdef SYSTEM_NSS
|
|
||||||
- if (SECOID_Shutdown() != SECSuccess) {
|
|
||||||
- ThrowException(env, INTERNAL_ERROR);
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
}
|
|
||||||
if (ecparams) {
|
|
||||||
FreeECParams(ecparams, true);
|
|
||||||
@@ -253,13 +241,6 @@
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
-#ifdef SYSTEM_NSS
|
|
||||||
- if (SECOID_Init() != SECSuccess) {
|
|
||||||
- ThrowException(env, INTERNAL_ERROR);
|
|
||||||
- goto cleanup;
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
// Fill a new ECParams using the supplied OID
|
|
||||||
if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) {
|
|
||||||
/* bad curve OID */
|
|
||||||
@@ -307,11 +288,6 @@
|
|
||||||
if (params_item.data) {
|
|
||||||
env->ReleaseByteArrayElements(encodedParams,
|
|
||||||
(jbyte *) params_item.data, JNI_ABORT);
|
|
||||||
-#ifdef SYSTEM_NSS
|
|
||||||
- if (SECOID_Shutdown() != SECSuccess) {
|
|
||||||
- ThrowException(env, INTERNAL_ERROR);
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
}
|
|
||||||
if (privKey.privateValue.data) {
|
|
||||||
env->ReleaseByteArrayElements(privateKey,
|
|
||||||
@@ -378,13 +354,6 @@
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
-#ifdef SYSTEM_NSS
|
|
||||||
- if (SECOID_Init() != SECSuccess) {
|
|
||||||
- ThrowException(env, INTERNAL_ERROR);
|
|
||||||
- goto cleanup;
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
// Fill a new ECParams using the supplied OID
|
|
||||||
if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) {
|
|
||||||
/* bad curve OID */
|
|
||||||
@@ -408,11 +377,6 @@
|
|
||||||
if (params_item.data) {
|
|
||||||
env->ReleaseByteArrayElements(encodedParams,
|
|
||||||
(jbyte *) params_item.data, JNI_ABORT);
|
|
||||||
-#ifdef SYSTEM_NSS
|
|
||||||
- if (SECOID_Shutdown() != SECSuccess) {
|
|
||||||
- ThrowException(env, INTERNAL_ERROR);
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pubKey.publicValue.data)
|
|
||||||
@@ -474,13 +438,6 @@
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
-#ifdef SYSTEM_NSS
|
|
||||||
- if (SECOID_Init() != SECSuccess) {
|
|
||||||
- ThrowException(env, INTERNAL_ERROR);
|
|
||||||
- goto cleanup;
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
// Fill a new ECParams using the supplied OID
|
|
||||||
if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) {
|
|
||||||
/* bad curve OID */
|
|
||||||
@@ -525,11 +482,6 @@
|
|
||||||
if (params_item.data) {
|
|
||||||
env->ReleaseByteArrayElements(encodedParams,
|
|
||||||
(jbyte *) params_item.data, JNI_ABORT);
|
|
||||||
-#ifdef SYSTEM_NSS
|
|
||||||
- if (SECOID_Shutdown() != SECSuccess) {
|
|
||||||
- ThrowException(env, INTERNAL_ERROR);
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ecparams)
|
|
||||||
@@ -539,4 +491,26 @@
|
|
||||||
return jSecret;
|
|
||||||
}
|
|
||||||
|
|
||||||
+JNIEXPORT void
|
|
||||||
+JNICALL Java_sun_security_ec_SunEC_initialize
|
|
||||||
+ (JNIEnv *env, jclass UNUSED(clazz))
|
|
||||||
+{
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+ if (SECOID_Init() != SECSuccess) {
|
|
||||||
+ ThrowException(env, INTERNAL_ERROR);
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+JNIEXPORT void
|
|
||||||
+JNICALL Java_sun_security_ec_SunEC_cleanup
|
|
||||||
+ (JNIEnv *env, jclass UNUSED(clazz))
|
|
||||||
+{
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+ if (SECOID_Shutdown() != SECSuccess) {
|
|
||||||
+ ThrowException(env, INTERNAL_ERROR);
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
} /* extern "C" */
|
|
@ -1,24 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User andrew
|
|
||||||
# Date 1459313680 -3600
|
|
||||||
# Wed Mar 30 05:54:40 2016 +0100
|
|
||||||
# Node ID 9dc0eca5fa8926e6a952fa4f1931e78aa1f52443
|
|
||||||
# Parent 8957aff589013e671f02d38023d5ff245ef27e87
|
|
||||||
PR2899: Don't use WithSeed versions of NSS functions as they don't fully process the seed
|
|
||||||
Contributed-by: Alex Kashchenko <akashche@redhat.com>
|
|
||||||
Updated 2017/07/04 to accomodate 8175110 by Andrew Hughes <gnu.andrew@redhat.com>
|
|
||||||
|
|
||||||
diff -r e5fdbb82bd49 src/share/native/sun/security/ec/ecc_impl.h
|
|
||||||
--- openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h
|
|
||||||
+++ openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h
|
|
||||||
@@ -267,8 +267,8 @@
|
|
||||||
|
|
||||||
#ifdef SYSTEM_NSS
|
|
||||||
#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
|
|
||||||
-#define EC_NewKey(a,b,c,d,e) EC_NewKeyFromSeed(a,b,c,d)
|
|
||||||
-#define ECDSA_SignDigest(a,b,c,d,e,f,g) ECDSA_SignDigestWithSeed(a,b,c,d,e)
|
|
||||||
+#define EC_NewKey(a,b,c,d,e) EC_NewKey(a,b)
|
|
||||||
+#define ECDSA_SignDigest(a,b,c,d,e,f,g) ECDSA_SignDigest(a,b,c)
|
|
||||||
#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
|
|
||||||
#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
|
|
||||||
#else
|
|
@ -1,91 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User andrew
|
|
||||||
# Date 1461349033 -3600
|
|
||||||
# Fri Apr 22 19:17:13 2016 +0100
|
|
||||||
# Node ID dab76de2f91cf1791c03560a3f45aaa69f8351fd
|
|
||||||
# Parent 3fa42705acab6d69b6141f47ebba4f85739a338c
|
|
||||||
PR2934: SunEC provider throwing KeyException with current NSS
|
|
||||||
Summary: Initialise the random number generator and feed the seed to it.
|
|
||||||
Updated 2017/07/04 to accomodate 8175110
|
|
||||||
|
|
||||||
diff -r 8aed1e903a4c src/share/native/sun/security/ec/ECC_JNI.cpp
|
|
||||||
--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
|
|
||||||
+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
|
|
||||||
@@ -134,8 +134,17 @@
|
|
||||||
env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
|
|
||||||
|
|
||||||
// Generate the new keypair (using the supplied seed)
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
|
|
||||||
+ != SECSuccess) {
|
|
||||||
+ ThrowException(env, KEY_EXCEPTION);
|
|
||||||
+ goto cleanup;
|
|
||||||
+ }
|
|
||||||
+ if (EC_NewKey(ecparams, &privKey) != SECSuccess) {
|
|
||||||
+#else
|
|
||||||
if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer,
|
|
||||||
jSeedLength, 0) != SECSuccess) {
|
|
||||||
+#endif
|
|
||||||
ThrowException(env, KEY_EXCEPTION);
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
@@ -267,8 +276,18 @@
|
|
||||||
env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
|
|
||||||
|
|
||||||
// Sign the digest (using the supplied seed)
|
|
||||||
+#ifdef SYSTEM_NSS
|
|
||||||
+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
|
|
||||||
+ != SECSuccess) {
|
|
||||||
+ ThrowException(env, KEY_EXCEPTION);
|
|
||||||
+ goto cleanup;
|
|
||||||
+ }
|
|
||||||
+ if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item)
|
|
||||||
+ != SECSuccess) {
|
|
||||||
+#else
|
|
||||||
if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item,
|
|
||||||
(unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) {
|
|
||||||
+#endif
|
|
||||||
ThrowException(env, KEY_EXCEPTION);
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
@@ -499,6 +518,9 @@
|
|
||||||
if (SECOID_Init() != SECSuccess) {
|
|
||||||
ThrowException(env, INTERNAL_ERROR);
|
|
||||||
}
|
|
||||||
+ if (RNG_RNGInit() != SECSuccess) {
|
|
||||||
+ ThrowException(env, INTERNAL_ERROR);
|
|
||||||
+ }
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -507,6 +529,7 @@
|
|
||||||
(JNIEnv *env, jclass UNUSED(clazz))
|
|
||||||
{
|
|
||||||
#ifdef SYSTEM_NSS
|
|
||||||
+ RNG_RNGShutdown();
|
|
||||||
if (SECOID_Shutdown() != SECSuccess) {
|
|
||||||
ThrowException(env, INTERNAL_ERROR);
|
|
||||||
}
|
|
||||||
diff -r 8aed1e903a4c src/share/native/sun/security/ec/ecc_impl.h
|
|
||||||
--- openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h
|
|
||||||
+++ openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h
|
|
||||||
@@ -254,8 +254,10 @@
|
|
||||||
This function is no longer required because the random bytes are now
|
|
||||||
supplied by the caller. Force a failure.
|
|
||||||
*/
|
|
||||||
+#ifndef SYSTEM_NSS
|
|
||||||
#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
|
|
||||||
#endif
|
|
||||||
+#endif
|
|
||||||
#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
|
|
||||||
#define MP_TO_SEC_ERROR(err)
|
|
||||||
|
|
||||||
@@ -267,8 +269,6 @@
|
|
||||||
|
|
||||||
#ifdef SYSTEM_NSS
|
|
||||||
#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
|
|
||||||
-#define EC_NewKey(a,b,c,d,e) EC_NewKey(a,b)
|
|
||||||
-#define ECDSA_SignDigest(a,b,c,d,e,f,g) ECDSA_SignDigest(a,b,c)
|
|
||||||
#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
|
|
||||||
#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
|
|
||||||
#else
|
|
@ -1,67 +0,0 @@
|
|||||||
# HG changeset patch
|
|
||||||
# User andrew
|
|
||||||
# Date 1508194072 -3600
|
|
||||||
# Mon Oct 16 23:47:52 2017 +0100
|
|
||||||
# Node ID 5dcb55da00c1531264934559c9f10c2e0ae46420
|
|
||||||
# Parent bf62c56e3604fee0018b19f65fd56c76dc156630
|
|
||||||
PR3479, RH1486025: ECC and NSS JVM crash
|
|
||||||
Summary: SunEC provider can have multiple instances, leading to premature NSS shutdown
|
|
||||||
Contributed-by: Martin Balao <mbalao@redhat.com>
|
|
||||||
|
|
||||||
diff --git a/make/mapfiles/libsunec/mapfile-vers b/make/mapfiles/libsunec/mapfile-vers
|
|
||||||
--- openjdk/jdk/make/mapfiles/libsunec/mapfile-vers
|
|
||||||
+++ openjdk/jdk/make/mapfiles/libsunec/mapfile-vers
|
|
||||||
@@ -32,7 +32,6 @@
|
|
||||||
Java_sun_security_ec_ECDSASignature_verifySignedDigest;
|
|
||||||
Java_sun_security_ec_ECDHKeyAgreement_deriveKey;
|
|
||||||
Java_sun_security_ec_SunEC_initialize;
|
|
||||||
- Java_sun_security_ec_SunEC_cleanup;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
||||||
diff --git a/src/share/classes/sun/security/ec/SunEC.java b/src/share/classes/sun/security/ec/SunEC.java
|
|
||||||
--- openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java
|
|
||||||
+++ openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java
|
|
||||||
@@ -83,21 +83,8 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
- * Cleanup native resources during finalisation.
|
|
||||||
- */
|
|
||||||
- @Override
|
|
||||||
- protected void finalize() {
|
|
||||||
- cleanup();
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- /**
|
|
||||||
* Initialize the native code.
|
|
||||||
*/
|
|
||||||
private static native void initialize();
|
|
||||||
|
|
||||||
- /**
|
|
||||||
- * Cleanup in the native layer.
|
|
||||||
- */
|
|
||||||
- private static native void cleanup();
|
|
||||||
-
|
|
||||||
}
|
|
||||||
diff --git a/src/share/native/sun/security/ec/ECC_JNI.cpp b/src/share/native/sun/security/ec/ECC_JNI.cpp
|
|
||||||
--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
|
|
||||||
+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp
|
|
||||||
@@ -525,14 +525,12 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
JNIEXPORT void
|
|
||||||
-JNICALL Java_sun_security_ec_SunEC_cleanup
|
|
||||||
- (JNIEnv *env, jclass UNUSED(clazz))
|
|
||||||
+JNICALL JNI_OnUnload
|
|
||||||
+ (JavaVM *vm, void *reserved)
|
|
||||||
{
|
|
||||||
#ifdef SYSTEM_NSS
|
|
||||||
RNG_RNGShutdown();
|
|
||||||
- if (SECOID_Shutdown() != SECSuccess) {
|
|
||||||
- ThrowException(env, INTERNAL_ERROR);
|
|
||||||
- }
|
|
||||||
+ SECOID_Shutdown();
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user