[security-dev 01170]: Re: [PATCH FOR REVIEW]: 6763530: Fix breakage of NSS-based Elliptic Curve Cryptography in OpenJDK6

Michael StJohns mstjohns at comcast.net
Thu Sep 3 09:10:23 PDT 2009




At 03:14 PM 9/2/2009, Andrew John Hughes wrote:
>Ok here is a new webrev:
>
>http://cr.openjdk.java.net/~andrew/6763530/webrev.02/
>
>with a slightly revised version of your change (you can't throw a
>PKCS11Exception which only takes a long ID from the native code, so I
>changed this to an IllegalArgumentException).

Yeah - when I realized this a while later (when I actually started building the JDK from source) I actually considered changing PKCS11Exception to implement constructors with just a message and with a message and a code.   If you throw with just a message the code would get set to CKR_GENERAL_ERROR.  If you throw with message and a code, the message for the code would get prepended to the provided message.  That's another topic though.

This particular error comes under the heading of one that shouldn't happen - we did the explicit encoding so the "toByteArray()" shouldn't fail.  That's pretty much the definition of a runtime error.  Maybe use the little used PKCS11RuntimeError instead of the IllegalArgumentException?


Mike






More information about the security-dev mailing list