[CAUTION] [11u] RFR: 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll
Langer, Christoph
christoph.langer at sap.com
Wed Dec 11 19:29:22 UTC 2019
Hi Goetz,
Wow, that was a bit more than just apply/trivial resolve.
I'm wondering whether in line 346 one should go with "this.isEcAvailable = true;" since this constructor is used for NamedGroupType.NAMED_GROUP_ARBITRARY. And JDK-8233954 does the mediator check only for NamedGroupSpec.NAMED_GROUP_ECDHE which is covered in line 306. So, this would probably match the behavior of JDK-8233954 more precisely.
Best regards
Christoph
> -----Original Message-----
> From: jdk-updates-dev <jdk-updates-dev-bounces at openjdk.java.net> On
> Behalf Of Lindenmaier, Goetz
> Sent: Montag, 9. Dezember 2019 12:27
> To: jdk-updates-dev at openjdk.java.net
> Subject: [CAUTION] [11u] RFR: 8233954: UnsatisfiedLinkError or
> NoSuchAlgorithmException after removing sunec.dll
>
> Hi,
>
> this change was just recently pushed to 11.0.6-oracle and I would
> like to downport it to 11.0.6 (repo jdk11u).
>
> Unfortunately it does not apply well in 11u and I had to implement
> parts anew.
> webrev: http://cr.openjdk.java.net/~goetz/wr19/8233954-
> UnsatisfiedLink_in_EC-jdk11/01/
> bug: https://bugs.openjdk.java.net/browse/JDK-8233954
> orig. change: https://hg.openjdk.java.net/jdk/jdk/rev/e7df7c86eda1
>
> The patch to file NamedGroup.java did not apply.
> File NamedGroup.java was only introduced with
> https://bugs.openjdk.java.net/browse/JDK-8171279: "8171279: Support
> X25519 and X448 in TLS"
> Before, the code lived in SupportedGroupsExtension.java.
> 8171279 added a new constructor to NamedGroup.
> After introducing NamedGroup.java,
> https://bugs.openjdk.java.net/browse/JDK-8226374 "8226374: Restrict TLS
> signature schemes and named groups"
> changed the new constructor.
> I had to implement this anew.
> There are two constructors for "EC" NamedGroups.
> In these, I check for JsseJce.isEcAvailable().
> If this is not available, I mark the whole NamedGroup as
> not available in new boolean isEcAvailable.
>
> The original patch sets 'mediator' which then is
> assigned to NamedGroup.isAvailable. This field again
> is checked in the two isAvailable(...) functions.
>
> Field NamedGroup.isAvailable is not implemented in 11.
> Therefor I added a similar check for my field isEcAvailable in these
> functions. I chose a different name to distinguish from 14's
> isAvailable because that is used in other contexts, too.
>
> For SignatureScheme.java I had to do some adaptions to apply the change.
>
> signAlgParamSpec was renamed to signAlgParams in 14, see
> https://bugs.openjdk.java.net/browse/JDK-8226374: "8226374: Restrict TLS
> signature schemes and named groups"
> I had to undo the renaming in the patch.
>
> JsseJce.getSignature() was renamed to Signature.getInstance in
> https://bugs.openjdk.java.net/browse/JDK-8217835: "8217835: Remove the
> experimental SunJSSE FIPS compliant mode"
> I had to undo this in the patch, too.
>
> I ran the test that is patched into the bug description. It fails without my
> adapted change, and passes with it.
>
> Please review.
>
> Best regards,
> Goetz.
>
>
More information about the jdk-updates-dev
mailing list