RFR 8182999: SunEC throws ProviderException on invalid curves
Adam Petcher
adam.petcher at oracle.com
Mon Jul 10 15:13:27 UTC 2017
New webrev: http://cr.openjdk.java.net/~apetcher/8182999/webrev.01/
Yes, this is a good idea. I made this work by printing out the value
from AlgorithmParameters.toString(), so hopefully that means you should
always get a useful string. At the moment (with SunEC
AlgorithmParameters), the string prints the friendly name followed by
the OID:
Unsupported curve: brainpoolP256r1 (1.3.36.3.3.2.8.1.1.7)
On 7/7/2017 4:12 PM, Seán Coffey wrote:
> Adam,
>
> would it be useful to get the curve name in the new exception ? I
> think it would help with future debugging. Line 96 already gets the
> curve name if we're dealing with ECGenParameterSpec instance. I think
> the same approach could be applied to your new code.
>
> Regards,
> Sean.
>
>
> On 07/07/2017 19:59, Adam Petcher wrote:
>> This is a bug fix related to invalid curves in the SunEC provider.
>> During ECKeyPairGenerator.initialize(), the provider only checks
>> whether the curve is known, but it doesn't check whether the curve is
>> actually supported by the native code. So the call to
>> generateKeyPair() can fail in the native code and throw a
>> ProviderException. This change adds a new native method to check
>> whether the curve is supported. This method is called by
>> initialize(), which will set the state to uninitialized and throw the
>> expected exception when the curve is not supported.
>>
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8182999
>> Webrev: http://cr.openjdk.java.net/~apetcher/8182999/webrev.00/
>>
>
More information about the security-dev
mailing list