This fix addresses an issue in which the provider behaves incorrectly
when initialized with parameters for a curve that is not supported by
the provider. If I am interpreting your suggestion correctly, it sounds
like you are requesting a change to the set of curves that is supported
by the provider. While this change may be a good idea, it is not within
the scope of this ticket.
If you want SunEC to support arbitrary curve parameters, you will need
to create a separate ticket for that. I suspect this change would
require a fair amount of work (if it is even possible), and it may not
be worth the effort.
On 7/10/2017 12:17 PM, Michael StJohns wrote:
Actually - wouldn't it make a lot more sense to generalize the
provider so it can take ANY set of curve data? Locking this to only
what has an OID to parameters mapping doesn't seem to be actually
meeting the contract for an EC key generator.
I understand a number of tools (e.g. PKIX related/keytool) can't be
used without the OID, but this isn't at that level.
The webrev feels more like a bandaid than a solution.
Mike
On 7/10/2017 12:03 PM, Seán Coffey wrote:
Thanks for the update! Looks fine to me.
Regards,
Sean.
On 10/07/17 16:13, Adam Petcher wrote:
New webrev: http://cr.openjdk.java.net/~apetcher/8182999/webrev.01/
Yes, this is a good idea. I made this work by printing out the value
from AlgorithmParameters.toString(), so hopefully that means you
should always get a useful string. At the moment (with SunEC
AlgorithmParameters), the string prints the friendly name followed
by the OID:
Unsupported curve: brainpoolP256r1 (1.3.36.3.3.2.8.1.1.7)
On 7/7/2017 4:12 PM, Seán Coffey wrote:
Adam,
would it be useful to get the curve name in the new exception ? I
think it would help with future debugging. Line 96 already gets the
curve name if we're dealing with ECGenParameterSpec instance. I
think the same approach could be applied to your new code.
Regards,
Sean.
On 07/07/2017 19:59, Adam Petcher wrote:
This is a bug fix related to invalid curves in the SunEC provider.
During ECKeyPairGenerator.initialize(), the provider only checks
whether the curve is known, but it doesn't check whether the curve
is actually supported by the native code. So the call to
generateKeyPair() can fail in the native code and throw a
ProviderException. This change adds a new native method to check
whether the curve is supported. This method is called by
initialize(), which will set the state to uninitialized and throw
the expected exception when the curve is not supported.
JBS: https://bugs.openjdk.java.net/browse/JDK-8182999
Webrev: http://cr.openjdk.java.net/~apetcher/8182999/webrev.00/
