RFR 8182999: SunEC throws ProviderException on invalid curves

Adam Petcher adam.petcher at oracle.com
Mon Jul 10 15:13:27 UTC 2017


New webrev: http://cr.openjdk.java.net/~apetcher/8182999/webrev.01/

Yes, this is a good idea. I made this work by printing out the value 
from AlgorithmParameters.toString(), so hopefully that means you should 
always get a useful string. At the moment (with SunEC 
AlgorithmParameters), the string prints the friendly name followed by 
the OID:

Unsupported curve: brainpoolP256r1 (1.3.36.3.3.2.8.1.1.7)

On 7/7/2017 4:12 PM, Seán Coffey wrote:
> Adam,
>
> would it be useful to get the curve name in the new exception ? I 
> think it would help with future debugging. Line 96 already gets the 
> curve name if we're dealing with ECGenParameterSpec instance. I think 
> the same approach could be applied to your new code.
>
> Regards,
> Sean.
>
>
> On 07/07/2017 19:59, Adam Petcher wrote:
>> This is a bug fix related to invalid curves in the SunEC provider. 
>> During ECKeyPairGenerator.initialize(), the provider only checks 
>> whether the curve is known, but it doesn't check whether the curve is 
>> actually supported by the native code. So the call to 
>> generateKeyPair() can fail in the native code and throw a 
>> ProviderException. This change adds a new native method to check 
>> whether the curve is supported. This method is called by 
>> initialize(), which will set the state to uninitialized and throw the 
>> expected exception when the curve is not supported.
>>
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8182999
>> Webrev: http://cr.openjdk.java.net/~apetcher/8182999/webrev.00/
>>
>



More information about the security-dev mailing list