# HG changeset patch # User mullan # Date 1407247298 14400 # Node ID 040219b86923269c61646b5322dadd196da04207 # Parent 4640a86f2b43decc227a116923629f5bd7830f6c# Parent 5412629bed70d8b4c161f0bf12cbef68c3eaa54e Merge diff -r 4640a86f2b43 -r 040219b86923 jdk/src/windows/native/sun/security/mscapi/security.cpp --- a/jdk/src/windows/native/sun/security/mscapi/security.cpp Tue Aug 05 10:00:27 2014 -0400 +++ b/jdk/src/windows/native/sun/security/mscapi/security.cpp Tue Aug 05 10:01:38 2014 -0400 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -74,7 +74,10 @@ const char* pszHashAlgorithm = NULL; ALG_ID algId = 0; - pszHashAlgorithm = env->GetStringUTFChars(jHashAlgorithm, NULL); + if ((pszHashAlgorithm = env->GetStringUTFChars(jHashAlgorithm, NULL)) + == NULL) { + return algId; + } if ((strcmp("SHA", pszHashAlgorithm) == 0) || (strcmp("SHA1", pszHashAlgorithm) == 0) || @@ -179,7 +182,9 @@ */ if (length < 0) { length = env->GetArrayLength(seed); - reseedBytes = env->GetByteArrayElements(seed, 0); + if ((reseedBytes = env->GetByteArrayElements(seed, 0)) == NULL) { + __leave; + } if (::CryptGenRandom( hCryptProv, @@ -211,7 +216,9 @@ } else { // length == 0 length = env->GetArrayLength(seed); - seedBytes = env->GetByteArrayElements(seed, 0); + if ((seedBytes = env->GetByteArrayElements(seed, 0)) == NULL) { + __leave; + } if (::CryptGenRandom( hCryptProv, @@ -275,7 +282,10 @@ __try { // Open a system certificate store. - pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL); + if ((pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL)) + == NULL) { + __leave; + } if ((hCertStore = ::CertOpenSystemStore(NULL, pszCertStoreName)) == NULL) { @@ -710,7 +720,10 @@ __try { - pszKeyContainerName = env->GetStringUTFChars(keyContainerName, NULL); + if ((pszKeyContainerName = + env->GetStringUTFChars(keyContainerName, NULL)) == NULL) { + __leave; + } // Acquire a CSP context (create a new key container). // Prefer a PROV_RSA_AES CSP, when available, due to its support @@ -847,7 +860,10 @@ __try { // Open a system certificate store. - pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL); + if ((pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL)) + == NULL) { + __leave; + } if ((hCertStore = ::CertOpenSystemStore(NULL, pszCertStoreName)) == NULL) { ThrowException(env, KEYSTORE_EXCEPTION, GetLastError()); __leave; @@ -1086,7 +1102,10 @@ __try { // Open a system certificate store. - pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL); + if ((pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL)) + == NULL) { + __leave; + } if ((hCertStore = ::CertOpenSystemStore(NULL, pszCertStoreName)) == NULL) { ThrowException(env, KEYSTORE_EXCEPTION, GetLastError()); __leave; @@ -1123,7 +1142,10 @@ cchNameString); // Compare the certificate's friendly name with supplied alias name - pszCertAliasName = env->GetStringUTFChars(jCertAliasName, NULL); + if ((pszCertAliasName = env->GetStringUTFChars(jCertAliasName, NULL)) + == NULL) { + __leave; + } if (strcmp(pszCertAliasName, pszNameString) == 0) { // Only delete the certificate if the alias names matches @@ -1181,7 +1203,10 @@ __try { - pszKeyContainerName = env->GetStringUTFChars(keyContainerName, NULL); + if ((pszKeyContainerName = + env->GetStringUTFChars(keyContainerName, NULL)) == NULL) { + __leave; + } // Destroying the default key container is not permitted // (because it may contain more one keypair). @@ -1234,8 +1259,14 @@ __try { - pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL); - pszCertAliasName = env->GetStringUTFChars(jCertAliasName, NULL); + if ((pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL)) + == NULL) { + __leave; + } + if ((pszCertAliasName = env->GetStringUTFChars(jCertAliasName, NULL)) + == NULL) { + __leave; + } // Open a system certificate store. if ((hCertStore = ::CertOpenSystemStore(NULL, pszCertStoreName)) == NULL) { @@ -1530,7 +1561,9 @@ __try { jsize length = env->GetArrayLength(jKeyBlob); - keyBlob = env->GetByteArrayElements(jKeyBlob, 0); + if ((keyBlob = env->GetByteArrayElements(jKeyBlob, 0)) == NULL) { + __leave; + } PUBLICKEYSTRUC* pPublicKeyStruc = (PUBLICKEYSTRUC *) keyBlob; @@ -1580,7 +1613,9 @@ __try { jsize length = env->GetArrayLength(jKeyBlob); - keyBlob = env->GetByteArrayElements(jKeyBlob, 0); + if ((keyBlob = env->GetByteArrayElements(jKeyBlob, 0)) == NULL) { + __leave; + } PUBLICKEYSTRUC* pPublicKeyStruc = (PUBLICKEYSTRUC *) keyBlob; @@ -1632,6 +1667,9 @@ } jbyte* sourceBytes = env->GetByteArrayElements(source, 0); + if (sourceBytes == NULL) { + return -1; + } // Copy bytes from the end of the source array to the beginning of the // destination array (until the destination array is full). @@ -1740,45 +1778,61 @@ } // The length argument must be the smaller of jPublicExponentLength // and sizeof(pRsaPubKey->pubkey) - convertToLittleEndian(env, jPublicExponent, - (jbyte *) &(pRsaPubKey->pubexp), jPublicExponentLength); + if ((jElementLength = convertToLittleEndian(env, jPublicExponent, + (jbyte *) &(pRsaPubKey->pubexp), jPublicExponentLength)) < 0) { + __leave; + } // Modulus n jBlobElement = (jbyte *) (jBlobBytes + sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY)); - jElementLength = convertToLittleEndian(env, jModulus, jBlobElement, - jKeyByteLength); + if ((jElementLength = convertToLittleEndian(env, jModulus, jBlobElement, + jKeyByteLength)) < 0) { + __leave; + } if (bGeneratePrivateKeyBlob) { // Prime p jBlobElement += jElementLength; - jElementLength = convertToLittleEndian(env, jPrimeP, jBlobElement, - jKeyByteLength / 2); + if ((jElementLength = convertToLittleEndian(env, jPrimeP, + jBlobElement, jKeyByteLength / 2)) < 0) { + __leave; + } // Prime q jBlobElement += jElementLength; - jElementLength = convertToLittleEndian(env, jPrimeQ, jBlobElement, - jKeyByteLength / 2); + if ((jElementLength = convertToLittleEndian(env, jPrimeQ, + jBlobElement, jKeyByteLength / 2)) < 0) { + __leave; + } // Prime exponent p jBlobElement += jElementLength; - jElementLength = convertToLittleEndian(env, jExponentP, - jBlobElement, jKeyByteLength / 2); + if ((jElementLength = convertToLittleEndian(env, jExponentP, + jBlobElement, jKeyByteLength / 2)) < 0) { + __leave; + } // Prime exponent q jBlobElement += jElementLength; - jElementLength = convertToLittleEndian(env, jExponentQ, - jBlobElement, jKeyByteLength / 2); + if ((jElementLength = convertToLittleEndian(env, jExponentQ, + jBlobElement, jKeyByteLength / 2)) < 0) { + __leave; + } // CRT coefficient jBlobElement += jElementLength; - jElementLength = convertToLittleEndian(env, jCrtCoefficient, - jBlobElement, jKeyByteLength / 2); + if ((jElementLength = convertToLittleEndian(env, jCrtCoefficient, + jBlobElement, jKeyByteLength / 2)) < 0) { + __leave; + } // Private exponent jBlobElement += jElementLength; - convertToLittleEndian(env, jPrivateExponent, jBlobElement, - jKeyByteLength); + if ((jElementLength = convertToLittleEndian(env, jPrivateExponent, + jBlobElement, jKeyByteLength)) < 0) { + __leave; + } } jBlob = env->NewByteArray(jBlobLength); @@ -1849,9 +1903,15 @@ __try { - pszKeyContainerName = env->GetStringUTFChars(keyContainerName, NULL); + if ((pszKeyContainerName = + env->GetStringUTFChars(keyContainerName, NULL)) == NULL) { + __leave; + } dwBlobLen = env->GetArrayLength(keyBlob); - pbKeyBlob = (BYTE *) env->GetByteArrayElements(keyBlob, 0); + if ((pbKeyBlob = (BYTE *) env->GetByteArrayElements(keyBlob, 0)) + == NULL) { + __leave; + } // Acquire a CSP context (create a new key container). if (::CryptAcquireContext( @@ -1923,7 +1983,10 @@ __try { dwBlobLen = env->GetArrayLength(keyBlob); - pbKeyBlob = (BYTE *) env->GetByteArrayElements(keyBlob, 0); + if ((pbKeyBlob = (BYTE *) env->GetByteArrayElements(keyBlob, 0)) + == NULL) { + __leave; + } // Acquire a CSP context (create a new key container). // Prefer a PROV_RSA_AES CSP, when available, due to its support diff -r 4640a86f2b43 -r 040219b86923 jdk/test/sun/security/pkcs11/ec/ReadCertificates.java --- a/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java Tue Aug 05 10:00:27 2014 -0400 +++ b/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java Tue Aug 05 10:01:38 2014 -0400 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /** * @test - * @bug 6405536 6414980 + * @bug 6405536 6414980 8051972 * @summary Make sure that we can parse certificates using various named curves * and verify their signatures * @author Andreas Sterbenz @@ -153,8 +153,14 @@ signer = getRandomCert(certList); } while (cert.getIssuerX500Principal().equals(signer.getSubjectX500Principal())); try { - cert.verify(signer.getPublicKey()); - throw new Exception("Verified invalid signature"); + PublicKey signerPublicKey = signer.getPublicKey(); + cert.verify(signerPublicKey); + // Ignore false positives + if (cert.getPublicKey().equals(signerPublicKey)) { + System.out.println("OK: self-signed certificate detected"); + } else { + throw new Exception("Verified invalid signature"); + } } catch (SignatureException e) { System.out.println("OK: " + e); } catch (InvalidKeyException e) {