/hg/icedtea7-forest/jdk: PR2900: Don't use WithSeed versions of ...

Tue Jun 14 18:13:49 UTC 2016

changeset 0e51300bbf46 in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=0e51300bbf46
author: andrew
date: Fri May 27 03:58:28 2016 +0100

	PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed
	Summary: Initialise the random number generator and feed the seed to it.


diffstat:

 src/share/native/sun/security/ec/ECC_JNI.cpp |  23 +++++++++++++++++++++++
 src/share/native/sun/security/ec/ecc_impl.h  |   4 ++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diffs (81 lines):

diff -r 8477a30c1924 -r 0e51300bbf46 src/share/native/sun/security/ec/ECC_JNI.cpp

--- a/src/share/native/sun/security/ec/ECC_JNI.cpp	Sun Apr 17 01:21:07 2016 +0100
+++ b/src/share/native/sun/security/ec/ECC_JNI.cpp	Fri May 27 03:58:28 2016 +0100
@@ -134,8 +134,17 @@
     env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
 
     // Generate the new keypair (using the supplied seed)
+#ifdef SYSTEM_NSS
+    if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+	!= SECSuccess) {
+	ThrowException(env, KEY_EXCEPTION);
+	goto cleanup;
+    }
+    if (EC_NewKey(ecparams, &privKey) != SECSuccess) {
+#else
     if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer,
         jSeedLength, 0) != SECSuccess) {
+#endif
         ThrowException(env, KEY_EXCEPTION);
         goto cleanup;
     }
@@ -269,8 +278,18 @@
     env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer);
 
     // Sign the digest (using the supplied seed)
+#ifdef SYSTEM_NSS
+    if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength)
+	!= SECSuccess) {
+	ThrowException(env, KEY_EXCEPTION);
+	goto cleanup;
+    }
+    if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item)
+	!= SECSuccess) {
+#else
     if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item,
         (unsigned char *) pSeedBuffer, jSeedLength, 0) != SECSuccess) {
+#endif
         ThrowException(env, KEY_EXCEPTION);
         goto cleanup;
     }
@@ -506,6 +525,9 @@
     if (SECOID_Init() != SECSuccess) {
 	ThrowException(env, INTERNAL_ERROR);
     }
+    if (RNG_RNGInit() != SECSuccess) {
+	ThrowException(env, INTERNAL_ERROR);
+    }
 #endif
 }
 
@@ -514,6 +536,7 @@
   (JNIEnv *env, jclass UNUSED(clazz))
 {
 #ifdef SYSTEM_NSS
+    RNG_RNGShutdown();
     if (SECOID_Shutdown() != SECSuccess) {
 	ThrowException(env, INTERNAL_ERROR);
     }
diff -r 8477a30c1924 -r 0e51300bbf46 src/share/native/sun/security/ec/ecc_impl.h
--- a/src/share/native/sun/security/ec/ecc_impl.h	Sun Apr 17 01:21:07 2016 +0100
+++ b/src/share/native/sun/security/ec/ecc_impl.h	Fri May 27 03:58:28 2016 +0100
@@ -254,8 +254,10 @@
  This function is no longer required because the random bytes are now
  supplied by the caller. Force a failure.
 */
+#ifndef SYSTEM_NSS
 #define RNG_GenerateGlobalRandomBytes(p,l) SECFailure
 #endif
+#endif
 #define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
 #define MP_TO_SEC_ERROR(err)
 
@@ -267,8 +269,6 @@
 
 #ifdef SYSTEM_NSS
 #define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b)
-#define EC_NewKey(a,b,c,d,e) EC_NewKeyFromSeed(a,b,c,d)
-#define ECDSA_SignDigest(a,b,c,d,e,f) ECDSA_SignDigestWithSeed(a,b,c,d,e)
 #define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c)
 #define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e)
 #else
