# HG changeset patch # User andrew # Date 1418148279 0 # Node ID 610eb1b5fd0beb4c4cf8918f418eeddf9ff58121 # Parent 9ed0bdd5de2a5ebfa5fedb9442ee630b8d63ef0e PR2135: Race condition in SunEC provider with system NSS diff -r 9ed0bdd5de2a -r 610eb1b5fd0b make/sun/security/ec/Makefile --- a/make/sun/security/ec/Makefile Fri Dec 05 09:52:04 2014 +0000 +++ b/make/sun/security/ec/Makefile Tue Dec 09 18:04:39 2014 +0000 @@ -158,7 +158,8 @@ FILES_export = \ $(PKGDIR)/ECDHKeyAgreement.java \ $(PKGDIR)/ECDSASignature.java \ - $(PKGDIR)/ECKeyPairGenerator.java + $(PKGDIR)/ECKeyPairGenerator.java \ + $(PKGDIR)/SunEC.java JAVAHFLAGS = -bootclasspath \ "$(CLASSDESTDIR)$(CLASSPATH_SEPARATOR)$(CLASSBINDIR)$(JCE_PATH)" diff -r 9ed0bdd5de2a -r 610eb1b5fd0b make/sun/security/ec/mapfile-vers --- a/make/sun/security/ec/mapfile-vers Fri Dec 05 09:52:04 2014 +0000 +++ b/make/sun/security/ec/mapfile-vers Tue Dec 09 18:04:39 2014 +0000 @@ -31,6 +31,8 @@ Java_sun_security_ec_ECDSASignature_signDigest; Java_sun_security_ec_ECDSASignature_verifySignedDigest; Java_sun_security_ec_ECDHKeyAgreement_deriveKey; + Java_sun_security_ec_SunEC_initialize; + Java_sun_security_ec_SunEC_cleanup; local: *; }; diff -r 9ed0bdd5de2a -r 610eb1b5fd0b src/share/classes/sun/security/ec/SunEC.java --- a/src/share/classes/sun/security/ec/SunEC.java Fri Dec 05 09:52:04 2014 +0000 +++ b/src/share/classes/sun/security/ec/SunEC.java Tue Dec 09 18:04:39 2014 +0000 @@ -58,6 +58,7 @@ AccessController.doPrivileged(new PrivilegedAction() { public Void run() { System.loadLibrary("sunec"); // check for native library + initialize(); return null; } }); @@ -81,4 +82,22 @@ } } + /** + * Cleanup native resources during finalisation. + */ + @Override + protected void finalize() { + cleanup(); + } + + /** + * Initialize the native code. + */ + private static native void initialize(); + + /** + * Cleanup in the native layer. + */ + private static native void cleanup(); + } diff -r 9ed0bdd5de2a -r 610eb1b5fd0b src/share/native/sun/security/ec/ECC_JNI.cpp --- a/src/share/native/sun/security/ec/ECC_JNI.cpp Fri Dec 05 09:52:04 2014 +0000 +++ b/src/share/native/sun/security/ec/ECC_JNI.cpp Tue Dec 09 18:04:39 2014 +0000 @@ -116,13 +116,6 @@ params_item.data = (unsigned char *) env->GetByteArrayElements(encodedParams, 0); -#ifdef SYSTEM_NSS - if (SECOID_Init() != SECSuccess) { - ThrowException(env, INTERNAL_ERROR); - goto cleanup; - } -#endif - // Fill a new ECParams using the supplied OID if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { /* bad curve OID */ @@ -178,11 +171,6 @@ if (params_item.data) { env->ReleaseByteArrayElements(encodedParams, (jbyte *) params_item.data, JNI_ABORT); -#ifdef SYSTEM_NSS - if (SECOID_Shutdown() != SECSuccess) { - ThrowException(env, INTERNAL_ERROR); - } -#endif } if (ecparams) { @@ -246,13 +234,6 @@ params_item.data = (unsigned char *) env->GetByteArrayElements(encodedParams, 0); -#ifdef SYSTEM_NSS - if (SECOID_Init() != SECSuccess) { - ThrowException(env, INTERNAL_ERROR); - goto cleanup; - } -#endif - // Fill a new ECParams using the supplied OID if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { /* bad curve OID */ @@ -294,11 +275,6 @@ if (params_item.data) { env->ReleaseByteArrayElements(encodedParams, (jbyte *) params_item.data, JNI_ABORT); -#ifdef SYSTEM_NSS - if (SECOID_Shutdown() != SECSuccess) { - ThrowException(env, INTERNAL_ERROR); - } -#endif } if (privKey.privateValue.data) { @@ -367,13 +343,6 @@ params_item.data = (unsigned char *) env->GetByteArrayElements(encodedParams, 0); -#ifdef SYSTEM_NSS - if (SECOID_Init() != SECSuccess) { - ThrowException(env, INTERNAL_ERROR); - goto cleanup; - } -#endif - // Fill a new ECParams using the supplied OID if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { /* bad curve OID */ @@ -397,11 +366,6 @@ if (params_item.data) { env->ReleaseByteArrayElements(encodedParams, (jbyte *) params_item.data, JNI_ABORT); -#ifdef SYSTEM_NSS - if (SECOID_Shutdown() != SECSuccess) { - ThrowException(env, INTERNAL_ERROR); - } -#endif } if (pubKey.publicValue.data) @@ -451,13 +415,6 @@ params_item.data = (unsigned char *) env->GetByteArrayElements(encodedParams, 0); -#ifdef SYSTEM_NSS - if (SECOID_Init() != SECSuccess) { - ThrowException(env, INTERNAL_ERROR); - goto cleanup; - } -#endif - // Fill a new ECParams using the supplied OID if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { /* bad curve OID */ @@ -499,11 +456,6 @@ if (params_item.data) { env->ReleaseByteArrayElements(encodedParams, (jbyte *) params_item.data, JNI_ABORT); -#ifdef SYSTEM_NSS - if (SECOID_Shutdown() != SECSuccess) { - ThrowException(env, INTERNAL_ERROR); - } -#endif } if (ecparams) @@ -513,4 +465,26 @@ return jSecret; } +JNIEXPORT void +JNICALL Java_sun_security_ec_SunEC_initialize + (JNIEnv *env, jclass UNUSED(clazz)) +{ +#ifdef SYSTEM_NSS + if (SECOID_Init() != SECSuccess) { + ThrowException(env, INTERNAL_ERROR); + } +#endif +} + +JNIEXPORT void +JNICALL Java_sun_security_ec_SunEC_cleanup + (JNIEnv *env, jclass UNUSED(clazz)) +{ +#ifdef SYSTEM_NSS + if (SECOID_Shutdown() != SECSuccess) { + ThrowException(env, INTERNAL_ERROR); + } +#endif +} + } /* extern "C" */