[11u] RFR: 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll
Lindenmaier, Goetz
goetz.lindenmaier at sap.com
Mon Dec 9 11:27:25 UTC 2019
Hi,
this change was just recently pushed to 11.0.6-oracle and I would
like to downport it to 11.0.6 (repo jdk11u).
Unfortunately it does not apply well in 11u and I had to implement
parts anew.
webrev: http://cr.openjdk.java.net/~goetz/wr19/8233954-UnsatisfiedLink_in_EC-jdk11/01/
bug: https://bugs.openjdk.java.net/browse/JDK-8233954
orig. change: https://hg.openjdk.java.net/jdk/jdk/rev/e7df7c86eda1
The patch to file NamedGroup.java did not apply.
File NamedGroup.java was only introduced with
https://bugs.openjdk.java.net/browse/JDK-8171279: "8171279: Support X25519 and X448 in TLS"
Before, the code lived in SupportedGroupsExtension.java.
8171279 added a new constructor to NamedGroup.
After introducing NamedGroup.java,
https://bugs.openjdk.java.net/browse/JDK-8226374 "8226374: Restrict TLS signature schemes and named groups"
changed the new constructor.
I had to implement this anew.
There are two constructors for "EC" NamedGroups.
In these, I check for JsseJce.isEcAvailable().
If this is not available, I mark the whole NamedGroup as
not available in new boolean isEcAvailable.
The original patch sets 'mediator' which then is
assigned to NamedGroup.isAvailable. This field again
is checked in the two isAvailable(...) functions.
Field NamedGroup.isAvailable is not implemented in 11.
Therefor I added a similar check for my field isEcAvailable in these
functions. I chose a different name to distinguish from 14's
isAvailable because that is used in other contexts, too.
For SignatureScheme.java I had to do some adaptions to apply the change.
signAlgParamSpec was renamed to signAlgParams in 14, see
https://bugs.openjdk.java.net/browse/JDK-8226374: "8226374: Restrict TLS signature schemes and named groups"
I had to undo the renaming in the patch.
JsseJce.getSignature() was renamed to Signature.getInstance in
https://bugs.openjdk.java.net/browse/JDK-8217835: "8217835: Remove the experimental SunJSSE FIPS compliant mode"
I had to undo this in the patch, too.
I ran the test that is patched into the bug description. It fails without my
adapted change, and passes with it.
Please review.
Best regards,
Goetz.
More information about the jdk-updates-dev
mailing list