Merge
authormullan
Tue, 05 Aug 2014 10:01:38 -0400
changeset 25814 040219b86923
parent 25813 4640a86f2b43 (current diff)
parent 25812 5412629bed70 (diff)
child 25815 647f633280c3
child 26026 8d7f6c44eff4
Merge
--- a/jdk/src/windows/native/sun/security/mscapi/security.cpp	Tue Aug 05 10:00:27 2014 -0400
+++ b/jdk/src/windows/native/sun/security/mscapi/security.cpp	Tue Aug 05 10:01:38 2014 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -74,7 +74,10 @@
     const char* pszHashAlgorithm = NULL;
     ALG_ID algId = 0;
 
-    pszHashAlgorithm = env->GetStringUTFChars(jHashAlgorithm, NULL);
+    if ((pszHashAlgorithm = env->GetStringUTFChars(jHashAlgorithm, NULL))
+        == NULL) {
+        return algId;
+    }
 
     if ((strcmp("SHA", pszHashAlgorithm) == 0) ||
         (strcmp("SHA1", pszHashAlgorithm) == 0) ||
@@ -179,7 +182,9 @@
          */
         if (length < 0) {
             length = env->GetArrayLength(seed);
-            reseedBytes = env->GetByteArrayElements(seed, 0);
+            if ((reseedBytes = env->GetByteArrayElements(seed, 0)) == NULL) {
+                __leave;
+            }
 
             if (::CryptGenRandom(
                 hCryptProv,
@@ -211,7 +216,9 @@
         } else { // length == 0
 
             length = env->GetArrayLength(seed);
-            seedBytes = env->GetByteArrayElements(seed, 0);
+            if ((seedBytes = env->GetByteArrayElements(seed, 0)) == NULL) {
+                __leave;
+            }
 
             if (::CryptGenRandom(
                 hCryptProv,
@@ -275,7 +282,10 @@
     __try
     {
         // Open a system certificate store.
-        pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL);
+        if ((pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL))
+            == NULL) {
+            __leave;
+        }
         if ((hCertStore = ::CertOpenSystemStore(NULL, pszCertStoreName))
             == NULL) {
 
@@ -710,7 +720,10 @@
 
     __try
     {
-        pszKeyContainerName = env->GetStringUTFChars(keyContainerName, NULL);
+        if ((pszKeyContainerName =
+            env->GetStringUTFChars(keyContainerName, NULL)) == NULL) {
+            __leave;
+        }
 
         // Acquire a CSP context (create a new key container).
         // Prefer a PROV_RSA_AES CSP, when available, due to its support
@@ -847,7 +860,10 @@
     __try
     {
         // Open a system certificate store.
-        pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL);
+        if ((pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL))
+            == NULL) {
+            __leave;
+        }
         if ((hCertStore = ::CertOpenSystemStore(NULL, pszCertStoreName)) == NULL) {
             ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
             __leave;
@@ -1086,7 +1102,10 @@
     __try
     {
         // Open a system certificate store.
-        pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL);
+        if ((pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL))
+            == NULL) {
+            __leave;
+        }
         if ((hCertStore = ::CertOpenSystemStore(NULL, pszCertStoreName)) == NULL) {
             ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
             __leave;
@@ -1123,7 +1142,10 @@
                 cchNameString);
 
             // Compare the certificate's friendly name with supplied alias name
-            pszCertAliasName = env->GetStringUTFChars(jCertAliasName, NULL);
+            if ((pszCertAliasName = env->GetStringUTFChars(jCertAliasName, NULL))
+                == NULL) {
+                __leave;
+            }
             if (strcmp(pszCertAliasName, pszNameString) == 0) {
 
                 // Only delete the certificate if the alias names matches
@@ -1181,7 +1203,10 @@
 
     __try
     {
-        pszKeyContainerName = env->GetStringUTFChars(keyContainerName, NULL);
+        if ((pszKeyContainerName =
+            env->GetStringUTFChars(keyContainerName, NULL)) == NULL) {
+            __leave;
+        }
 
         // Destroying the default key container is not permitted
         // (because it may contain more one keypair).
@@ -1234,8 +1259,14 @@
 
     __try
     {
-        pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL);
-        pszCertAliasName = env->GetStringUTFChars(jCertAliasName, NULL);
+        if ((pszCertStoreName = env->GetStringUTFChars(jCertStoreName, NULL))
+            == NULL) {
+            __leave;
+        }
+        if ((pszCertAliasName = env->GetStringUTFChars(jCertAliasName, NULL))
+            == NULL) {
+            __leave;
+        }
 
         // Open a system certificate store.
         if ((hCertStore = ::CertOpenSystemStore(NULL, pszCertStoreName)) == NULL) {
@@ -1530,7 +1561,9 @@
     __try {
 
         jsize length = env->GetArrayLength(jKeyBlob);
-        keyBlob = env->GetByteArrayElements(jKeyBlob, 0);
+        if ((keyBlob = env->GetByteArrayElements(jKeyBlob, 0)) == NULL) {
+            __leave;
+        }
 
         PUBLICKEYSTRUC* pPublicKeyStruc = (PUBLICKEYSTRUC *) keyBlob;
 
@@ -1580,7 +1613,9 @@
     __try {
 
         jsize length = env->GetArrayLength(jKeyBlob);
-        keyBlob = env->GetByteArrayElements(jKeyBlob, 0);
+        if ((keyBlob = env->GetByteArrayElements(jKeyBlob, 0)) == NULL) {
+            __leave;
+        }
 
         PUBLICKEYSTRUC* pPublicKeyStruc = (PUBLICKEYSTRUC *) keyBlob;
 
@@ -1632,6 +1667,9 @@
     }
 
     jbyte* sourceBytes = env->GetByteArrayElements(source, 0);
+    if (sourceBytes == NULL) {
+        return -1;
+    }
 
     // Copy bytes from the end of the source array to the beginning of the
     // destination array (until the destination array is full).
@@ -1740,45 +1778,61 @@
         }
         // The length argument must be the smaller of jPublicExponentLength
         // and sizeof(pRsaPubKey->pubkey)
-        convertToLittleEndian(env, jPublicExponent,
-            (jbyte *) &(pRsaPubKey->pubexp), jPublicExponentLength);
+        if ((jElementLength = convertToLittleEndian(env, jPublicExponent,
+            (jbyte *) &(pRsaPubKey->pubexp), jPublicExponentLength)) < 0) {
+            __leave;
+        }
 
         // Modulus n
         jBlobElement =
             (jbyte *) (jBlobBytes + sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY));
-        jElementLength = convertToLittleEndian(env, jModulus, jBlobElement,
-            jKeyByteLength);
+        if ((jElementLength = convertToLittleEndian(env, jModulus, jBlobElement,
+            jKeyByteLength)) < 0) {
+            __leave;
+        }
 
         if (bGeneratePrivateKeyBlob) {
             // Prime p
             jBlobElement += jElementLength;
-            jElementLength = convertToLittleEndian(env, jPrimeP, jBlobElement,
-                jKeyByteLength / 2);
+            if ((jElementLength = convertToLittleEndian(env, jPrimeP,
+                jBlobElement, jKeyByteLength / 2)) < 0) {
+                __leave;
+            }
 
             // Prime q
             jBlobElement += jElementLength;
-            jElementLength = convertToLittleEndian(env, jPrimeQ, jBlobElement,
-                jKeyByteLength / 2);
+            if ((jElementLength = convertToLittleEndian(env, jPrimeQ,
+                jBlobElement, jKeyByteLength / 2)) < 0) {
+                __leave;
+            }
 
             // Prime exponent p
             jBlobElement += jElementLength;
-            jElementLength = convertToLittleEndian(env, jExponentP,
-                jBlobElement, jKeyByteLength / 2);
+            if ((jElementLength = convertToLittleEndian(env, jExponentP,
+                jBlobElement, jKeyByteLength / 2)) < 0) {
+                __leave;
+            }
 
             // Prime exponent q
             jBlobElement += jElementLength;
-            jElementLength = convertToLittleEndian(env, jExponentQ,
-                jBlobElement, jKeyByteLength / 2);
+            if ((jElementLength = convertToLittleEndian(env, jExponentQ,
+                jBlobElement, jKeyByteLength / 2)) < 0) {
+                __leave;
+            }
 
             // CRT coefficient
             jBlobElement += jElementLength;
-            jElementLength = convertToLittleEndian(env, jCrtCoefficient,
-                jBlobElement, jKeyByteLength / 2);
+            if ((jElementLength = convertToLittleEndian(env, jCrtCoefficient,
+                jBlobElement, jKeyByteLength / 2)) < 0) {
+                __leave;
+            }
 
             // Private exponent
             jBlobElement += jElementLength;
-            convertToLittleEndian(env, jPrivateExponent, jBlobElement,
-                jKeyByteLength);
+            if ((jElementLength = convertToLittleEndian(env, jPrivateExponent,
+                jBlobElement, jKeyByteLength)) < 0) {
+                __leave;
+            }
         }
 
         jBlob = env->NewByteArray(jBlobLength);
@@ -1849,9 +1903,15 @@
 
     __try
     {
-        pszKeyContainerName = env->GetStringUTFChars(keyContainerName, NULL);
+        if ((pszKeyContainerName =
+            env->GetStringUTFChars(keyContainerName, NULL)) == NULL) {
+            __leave;
+        }
         dwBlobLen = env->GetArrayLength(keyBlob);
-        pbKeyBlob = (BYTE *) env->GetByteArrayElements(keyBlob, 0);
+        if ((pbKeyBlob = (BYTE *) env->GetByteArrayElements(keyBlob, 0))
+            == NULL) {
+            __leave;
+        }
 
         // Acquire a CSP context (create a new key container).
         if (::CryptAcquireContext(
@@ -1923,7 +1983,10 @@
     __try
     {
         dwBlobLen = env->GetArrayLength(keyBlob);
-        pbKeyBlob = (BYTE *) env->GetByteArrayElements(keyBlob, 0);
+        if ((pbKeyBlob = (BYTE *) env->GetByteArrayElements(keyBlob, 0))
+            == NULL) {
+            __leave;
+        }
 
         // Acquire a CSP context (create a new key container).
         // Prefer a PROV_RSA_AES CSP, when available, due to its support
--- a/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java	Tue Aug 05 10:00:27 2014 -0400
+++ b/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java	Tue Aug 05 10:01:38 2014 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 6405536 6414980
+ * @bug 6405536 6414980 8051972
  * @summary Make sure that we can parse certificates using various named curves
  *   and verify their signatures
  * @author Andreas Sterbenz
@@ -153,8 +153,14 @@
                 signer = getRandomCert(certList);
             } while (cert.getIssuerX500Principal().equals(signer.getSubjectX500Principal()));
             try {
-                cert.verify(signer.getPublicKey());
-                throw new Exception("Verified invalid signature");
+                PublicKey signerPublicKey = signer.getPublicKey();
+                cert.verify(signerPublicKey);
+                // Ignore false positives
+                if (cert.getPublicKey().equals(signerPublicKey)) {
+                    System.out.println("OK: self-signed certificate detected");
+                } else {
+                    throw new Exception("Verified invalid signature");
+                }
             } catch (SignatureException e) {
                 System.out.println("OK: " + e);
             } catch (InvalidKeyException e) {