[security-dev 01170]: Re: [PATCH FOR REVIEW]: 6763530: Fix breakage of NSS-based Elliptic Curve Cryptography in OpenJDK6
Michael StJohns
mstjohns at comcast.net
Thu Sep 3 16:10:23 UTC 2009
At 03:14 PM 9/2/2009, Andrew John Hughes wrote:
>Ok here is a new webrev:
>
>http://cr.openjdk.java.net/~andrew/6763530/webrev.02/
>
>with a slightly revised version of your change (you can't throw a
>PKCS11Exception which only takes a long ID from the native code, so I
>changed this to an IllegalArgumentException).
Yeah - when I realized this a while later (when I actually started building the JDK from source) I actually considered changing PKCS11Exception to implement constructors with just a message and with a message and a code. If you throw with just a message the code would get set to CKR_GENERAL_ERROR. If you throw with message and a code, the message for the code would get prepended to the provided message. That's another topic though.
This particular error comes under the heading of one that shouldn't happen - we did the explicit encoding so the "toByteArray()" shouldn't fail. That's pretty much the definition of a runtime error. Maybe use the little used PKCS11RuntimeError instead of the IllegalArgumentException?
Mike
More information about the security-dev
mailing list