java-1.8.0-openjdk/pr2815.patch
Jiri Vanek acfc6fd068 Add patches to allow the SunEC provider to be built with the system NSS install.
Re-generate source tarball so it includes ecc_impl.h.
Adjust tarball generation script to allow ecc_impl.h to be included.
Bring over NSS changes from java-1.7.0-openjdk spec file (NSS_CFLAGS/NSS_LIBS)
Remove patch which disables the SunEC provider as it is now usable.
Correct spelling mistakes in tarball generation script.
Resolves: rhbz#1019554
2016-02-24 18:46:52 +01:00

190 lines
5.3 KiB
Diff

# HG changeset patch
# User andrew
# Date 1453867347 0
# Wed Jan 27 04:02:27 2016 +0000
# Node ID 26e2e029ee256e9815fdc324831a03d8582255e1
# Parent 0ff7720931e8dbf7de25720bdc93b18527ab89e8
PR2815: Race condition in SunEC provider with system NSS
Summary: Perform initialisation and shutdown only when library is loaded or SunEC is finalized respectively
diff -r 0ff7720931e8 -r 26e2e029ee25 make/mapfiles/libsunec/mapfile-vers
--- openjdk/jdk/make/mapfiles/libsunec/mapfile-vers Wed Jan 27 03:45:06 2016 +0000
+++ openjdk/jdk/make/mapfiles/libsunec/mapfile-vers Wed Jan 27 04:02:27 2016 +0000
@@ -31,6 +31,8 @@
Java_sun_security_ec_ECDSASignature_signDigest;
Java_sun_security_ec_ECDSASignature_verifySignedDigest;
Java_sun_security_ec_ECDHKeyAgreement_deriveKey;
+ Java_sun_security_ec_SunEC_initialize;
+ Java_sun_security_ec_SunEC_cleanup;
local:
*;
};
diff -r 0ff7720931e8 -r 26e2e029ee25 src/share/classes/sun/security/ec/SunEC.java
--- openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java Wed Jan 27 03:45:06 2016 +0000
+++ openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java Wed Jan 27 04:02:27 2016 +0000
@@ -58,6 +58,7 @@
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
System.loadLibrary("sunec"); // check for native library
+ initialize();
return null;
}
});
@@ -81,4 +82,22 @@
}
}
+ /**
+ * Cleanup native resources during finalisation.
+ */
+ @Override
+ protected void finalize() {
+ cleanup();
+ }
+
+ /**
+ * Initialize the native code.
+ */
+ private static native void initialize();
+
+ /**
+ * Cleanup in the native layer.
+ */
+ private static native void cleanup();
+
}
diff -r 0ff7720931e8 -r 26e2e029ee25 src/share/native/sun/security/ec/ECC_JNI.cpp
--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 03:45:06 2016 +0000
+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 04:02:27 2016 +0000
@@ -121,13 +121,6 @@
goto cleanup;
}
-#ifdef SYSTEM_NSS
- if (SECOID_Init() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- goto cleanup;
- }
-#endif
-
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
/* bad curve OID */
@@ -183,11 +176,6 @@
if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
-#ifdef SYSTEM_NSS
- if (SECOID_Shutdown() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- }
-#endif
}
if (ecparams) {
FreeECParams(ecparams, true);
@@ -253,13 +241,6 @@
goto cleanup;
}
-#ifdef SYSTEM_NSS
- if (SECOID_Init() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- goto cleanup;
- }
-#endif
-
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
/* bad curve OID */
@@ -307,11 +288,6 @@
if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
-#ifdef SYSTEM_NSS
- if (SECOID_Shutdown() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- }
-#endif
}
if (privKey.privateValue.data) {
env->ReleaseByteArrayElements(privateKey,
@@ -378,13 +354,6 @@
goto cleanup;
}
-#ifdef SYSTEM_NSS
- if (SECOID_Init() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- goto cleanup;
- }
-#endif
-
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
/* bad curve OID */
@@ -408,11 +377,6 @@
if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
-#ifdef SYSTEM_NSS
- if (SECOID_Shutdown() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- }
-#endif
}
if (pubKey.publicValue.data)
@@ -474,13 +438,6 @@
goto cleanup;
}
-#ifdef SYSTEM_NSS
- if (SECOID_Init() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- goto cleanup;
- }
-#endif
-
// Fill a new ECParams using the supplied OID
if (EC_DecodeParams(&params_item, &ecparams, 0) != SECSuccess) {
/* bad curve OID */
@@ -525,11 +482,6 @@
if (params_item.data) {
env->ReleaseByteArrayElements(encodedParams,
(jbyte *) params_item.data, JNI_ABORT);
-#ifdef SYSTEM_NSS
- if (SECOID_Shutdown() != SECSuccess) {
- ThrowException(env, INTERNAL_ERROR);
- }
-#endif
}
if (ecparams)
@@ -539,4 +491,26 @@
return jSecret;
}
+JNIEXPORT void
+JNICALL Java_sun_security_ec_SunEC_initialize
+ (JNIEnv *env, jclass UNUSED(clazz))
+{
+#ifdef SYSTEM_NSS
+ if (SECOID_Init() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
+#endif
+}
+
+JNIEXPORT void
+JNICALL Java_sun_security_ec_SunEC_cleanup
+ (JNIEnv *env, jclass UNUSED(clazz))
+{
+#ifdef SYSTEM_NSS
+ if (SECOID_Shutdown() != SECSuccess) {
+ ThrowException(env, INTERNAL_ERROR);
+ }
+#endif
+}
+
} /* extern "C" */