-
Notifications
You must be signed in to change notification settings - Fork 0
/
pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch
164 lines (146 loc) · 6.45 KB
/
pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
# HG changeset patch
# User andrew
# Date 1467652889 -3600
# Mon Jul 04 18:21:29 2016 +0100
# Node ID a4541d1d8609cadb08d3e31b40b9184ff32dd6c3
# Parent bc6eab2038c603afb2eb2b4644f3b900c8fd0c46
PR3083, RH1346460: Regression in SSL debug output without an ECC provider
Summary: Return null rather than throwing an exception when there's no ECC provider.
diff --git openjdk.orig/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
--- openjdk.orig/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
+++ openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
@@ -121,7 +121,7 @@
private static void ensureCurveIsSupported(ECParameterSpec ecSpec)
throws InvalidAlgorithmParameterException {
- AlgorithmParameters ecParams = ECUtil.getECParameters(null);
+ AlgorithmParameters ecParams = ECUtil.getECParameters(null, true);
byte[] encodedParams;
try {
ecParams.init(ecSpec);
diff --git openjdk.orig/jdk/src/share/classes/sun/security/util/Debug.java openjdk/jdk/src/share/classes/sun/security/util/Debug.java
--- openjdk.orig/jdk/src/share/classes/sun/security/util/Debug.java
+++ openjdk/jdk/src/share/classes/sun/security/util/Debug.java
@@ -73,6 +73,7 @@
System.err.println("certpath PKIX CertPathBuilder and");
System.err.println(" CertPathValidator debugging");
System.err.println("combiner SubjectDomainCombiner debugging");
+ System.err.println("ecc Elliptic Curve Cryptography debugging");
System.err.println("gssloginconfig");
System.err.println(" GSS LoginConfigImpl debugging");
System.err.println("configfile JAAS ConfigFile loading");
diff --git openjdk.orig/jdk/src/share/classes/sun/security/util/ECUtil.java openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java
--- openjdk.orig/jdk/src/share/classes/sun/security/util/ECUtil.java
+++ openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java
@@ -41,6 +41,9 @@
public final class ECUtil {
+ /* Are we debugging ? */
+ private static final Debug debug = Debug.getInstance("ecc");
+
// Used by SunPKCS11 and SunJSSE.
public static ECPoint decodePoint(byte[] data, EllipticCurve curve)
throws IOException {
@@ -90,6 +93,10 @@
}
public static AlgorithmParameters getECParameters(Provider p) {
+ return getECParameters(p, false);
+ }
+
+ public static AlgorithmParameters getECParameters(Provider p, boolean throwException) {
try {
if (p != null) {
return AlgorithmParameters.getInstance("EC", p);
@@ -97,13 +104,21 @@
return AlgorithmParameters.getInstance("EC");
} catch (NoSuchAlgorithmException nsae) {
- throw new RuntimeException(nsae);
+ if (throwException) {
+ throw new RuntimeException(nsae);
+ } else {
+ // ECC provider is optional so just return null
+ if (debug != null) {
+ debug.println("Provider unavailable: " + nsae);
+ }
+ return null;
+ }
}
}
public static byte[] encodeECParameterSpec(Provider p,
ECParameterSpec spec) {
- AlgorithmParameters parameters = getECParameters(p);
+ AlgorithmParameters parameters = getECParameters(p, true);
try {
parameters.init(spec);
@@ -122,11 +137,16 @@
public static ECParameterSpec getECParameterSpec(Provider p,
ECParameterSpec spec) {
AlgorithmParameters parameters = getECParameters(p);
+ if (parameters == null)
+ return null;
try {
parameters.init(spec);
return parameters.getParameterSpec(ECParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
+ if (debug != null) {
+ debug.println("Invalid parameter specification: " + ipse);
+ }
return null;
}
}
@@ -135,34 +155,49 @@
byte[] params)
throws IOException {
AlgorithmParameters parameters = getECParameters(p);
+ if (parameters == null)
+ return null;
parameters.init(params);
try {
return parameters.getParameterSpec(ECParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
+ if (debug != null) {
+ debug.println("Invalid parameter specification: " + ipse);
+ }
return null;
}
}
public static ECParameterSpec getECParameterSpec(Provider p, String name) {
AlgorithmParameters parameters = getECParameters(p);
+ if (parameters == null)
+ return null;
try {
parameters.init(new ECGenParameterSpec(name));
return parameters.getParameterSpec(ECParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
+ if (debug != null) {
+ debug.println("Invalid parameter specification: " + ipse);
+ }
return null;
}
}
public static ECParameterSpec getECParameterSpec(Provider p, int keySize) {
AlgorithmParameters parameters = getECParameters(p);
+ if (parameters == null)
+ return null;
try {
parameters.init(new ECKeySizeParameterSpec(keySize));
return parameters.getParameterSpec(ECParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
+ if (debug != null) {
+ debug.println("Invalid parameter specification: " + ipse);
+ }
return null;
}
@@ -171,11 +206,16 @@
public static String getCurveName(Provider p, ECParameterSpec spec) {
ECGenParameterSpec nameSpec;
AlgorithmParameters parameters = getECParameters(p);
+ if (parameters == null)
+ return null;
try {
parameters.init(spec);
nameSpec = parameters.getParameterSpec(ECGenParameterSpec.class);
} catch (InvalidParameterSpecException ipse) {
+ if (debug != null) {
+ debug.println("Invalid parameter specification: " + ipse);
+ }
return null;
}