[Bug 2899] New: [IcedTea8] Don't use WithSeed versions of NSS functions as they don't fully process the seed

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Wed Mar 30 04:50:38 UTC 2016 

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2899

            Bug ID: 2899
           Summary: [IcedTea8] Don't use WithSeed versions of NSS
                    functions as they don't fully process the seed
           Product: IcedTea
           Version: 8-hg
          Hardware: all
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: IcedTea
          Assignee: gnu.andrew at redhat.com
          Reporter: gnu.andrew at redhat.com
                CC: unassigned at icedtea.classpath.org

Upstream SunEC uses the following steps to generate EC keys pair:

     Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair ->
EC_NewKey -> ec_GenerateRandomPrivateKey -> ec_NewKey

where ec_GenerateRandomPrivateKey uses the seed data passed from
Java side to generate a private key from it and this key is then passed
to ec_NewKey.

The IcedTea version uses:

     Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair ->
EC_NewKeyFromSeed -> ec_NewKey

thus skipping ec_GenerateRandomPrivateKey (it is not called in
EC_NewKeyFromSeed) and using the seed provided from Java side as is
without generating private key over it.

The proposed patch fixes this using EC_NewKey instead of
EC_NewKeyFromSeed and ECDSA_SignDigest instead of
ECDSA_SignDigestWithSeed. That way the seed from Java side is not used at
all and NSS uses its own seed calling RNG_GenerateGlobalRandomBytes.

-#define EC_NewKey(a,b,c,d,e) EC_NewKeyFromSeed(a,b,c,d)
-#define ECDSA_SignDigest(a,b,c,d,e,f) ECDSA_SignDigestWithSeed(a,b,c,d,e)
+#define EC_NewKey(a,b,c,d,e) EC_NewKey(a,b)
+#define ECDSA_SignDigest(a,b,c,d,e,f) ECDSA_SignDigest(a,b,c)

The better way to fix ECDSA may be to adopt approach from upstream SunEC
that does not generate new seed in ec_GenerateRandomPrivateKey reusing
the seed passed from the Java side instead.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20160330/b25f377f/attachment.html>

More information about the distro-pkg-dev mailing list