Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8233954

UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll

    XMLWordPrintable

Details

    • b25
    • x86_64
    • windows_10
    • Not verified

    Backports

      Description

        ADDITIONAL SYSTEM INFORMATION :
        java version "11.0.5" 2019-10-15 LTS
        Java(TM) SE Runtime Environment 18.9 (build 11.0.5+10-LTS)
        Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.5+10-LTS, mixed mode)

        Windows 10 Pro

        A DESCRIPTION OF THE PROBLEM :
        We develop an application with which we bundle the Oracle JDK. We currently use Java 8 but are looking to go to Java 11.

        Our Legal department requires that the Elliptic Curve Cryptography library is removed so we have done so, according to the instructions in jdk/legal/jdk.crypto.ec/ecc.md which tells us to simply delete libsunec.so/libsunec.dylib/sunec.dll.

        Doing so works well on Java 8 but with Java 11(.0.5, but as it appears earlier versions as well) this results in failure to establish TLS connections. We've seen two types of failures as shown below. The first one is from the small test program I'm attaching.
        1)
        Exception in thread "main" java.lang.UnsatisfiedLinkError: sun.security.ec.ECKeyPairGenerator.isCurveSupported([B)Z
        at jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator.isCurveSupported(Native Method)
        at jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator.ensureCurveIsSupported(ECKeyPairGenerator.java:135)
        at jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator.initialize(ECKeyPairGenerator.java:114)
        at java.base/java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:699)
        at java.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossession.<init>(ECDHKeyExchange.java:112)
        at java.base/sun.security.ssl.SSLKeyExchange$T13KeyAgreement.createPossession(SSLKeyExchange.java:575)
        at java.base/sun.security.ssl.SSLKeyExchange.createPossessions(SSLKeyExchange.java:88)
        at java.base/sun.security.ssl.KeyShareExtension$CHKeyShareProducer.produce(KeyShareExtension.java:263)
        at java.base/sun.security.ssl.SSLExtension.produce(SSLExtension.java:532)
        at java.base/sun.security.ssl.SSLExtensions.produce(SSLExtensions.java:249)
        at java.base/sun.security.ssl.ClientHello$ClientHelloKickstartProducer.produce(ClientHello.java:648)
        at java.base/sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:515)
        at java.base/sun.security.ssl.ClientHandshakeContext.kickstart(ClientHandshakeContext.java:107)
        at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:228)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:395)
        at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:168)
        at com.example.NoEcTest.main(NoEcTest.java:13)

        2)
          java.lang.RuntimeException: Could not generate ECDH keypair
           at java.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossession.<init>(ECDHKeyExchange.java:117)
           at java.base/sun.security.ssl.SSLKeyExchange$T13KeyAgreement.createPossession(SSLKeyExchange.java:575)
           at java.base/sun.security.ssl.SSLKeyExchange.createPossessions(SSLKeyExchange.java:88)
           at java.base/sun.security.ssl.KeyShareExtension$CHKeyShareProducer.produce(KeyShareExtension.java:263)
           at java.base/sun.security.ssl.SSLExtension.produce(SSLExtension.java:532)
           at java.base/sun.security.ssl.SSLExtensions.produce(SSLExtensions.java:249)
           at java.base/sun.security.ssl.ClientHello$ClientHelloKickstartProducer.produce(ClientHello.java:648)
           at java.base/sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:515)
           at java.base/sun.security.ssl.ClientHandshakeContext.kickstart(ClientHandshakeContext.java:107)
           at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:228)
           at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:395)
           at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
           at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
           at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
           at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
           at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
           at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
           at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
           at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
           at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
           at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
           at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
           at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
           at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:87)
           at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
           at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
           at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:735)
           at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:710)
           at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:598)
           [REDACTED]
          Caused by: java.security.NoSuchAlgorithmException: EC KeyPairGenerator not available
           at java.base/java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:236)
           at java.base/sun.security.ssl.JsseJce.getKeyPairGenerator(JsseJce.java:237)
           at java.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossession.<init>(ECDHKeyExchange.java:109)
           ... 35 more}

        REGRESSION : Last worked in version 8u231

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        1) Install Oracle JDK 11.0.5 on Windows
        2) Remove sunec.dll
        3) Try to establish a TLS connection

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        To be able to connect (as long as the server accepts some non-EC cipher suites).
        ACTUAL -
        Exception in thread "main" java.lang.UnsatisfiedLinkError: sun.security.ec.ECKeyPairGenerator.isCurveSupported([B)Z
        at jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator.isCurveSupported(Native Method)
        at jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator.ensureCurveIsSupported(ECKeyPairGenerator.java:135)
        at jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator.initialize(ECKeyPairGenerator.java:114)
        at java.base/java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:699)
        at java.base/sun.security.ssl.ECDHKeyExchange$ECDHEPossession.<init>(ECDHKeyExchange.java:112)
        at java.base/sun.security.ssl.SSLKeyExchange$T13KeyAgreement.createPossession(SSLKeyExchange.java:575)
        at java.base/sun.security.ssl.SSLKeyExchange.createPossessions(SSLKeyExchange.java:88)
        at java.base/sun.security.ssl.KeyShareExtension$CHKeyShareProducer.produce(KeyShareExtension.java:263)
        at java.base/sun.security.ssl.SSLExtension.produce(SSLExtension.java:532)
        at java.base/sun.security.ssl.SSLExtensions.produce(SSLExtensions.java:249)
        at java.base/sun.security.ssl.ClientHello$ClientHelloKickstartProducer.produce(ClientHello.java:648)
        at java.base/sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:515)
        at java.base/sun.security.ssl.ClientHandshakeContext.kickstart(ClientHandshakeContext.java:107)
        at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:228)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:395)
        at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:168)
        at com.example.NoEcTest.main(NoEcTest.java:13)

        ---------- BEGIN SOURCE ----------
        package com.example;

        import java.io.IOException;
        import java.net.HttpURLConnection;
        import java.net.URL;

        public class NoEcTest {

          public static void main(String[] args) throws IOException {
            URL url = new URL("https://example.com/");
            HttpURLConnection con = (HttpURLConnection) url.openConnection();
            con.setRequestMethod("GET");
            con.connect();
            System.out.println(con.getResponseCode());
          }

        }
        ---------- END SOURCE ----------

        CUSTOMER SUBMITTED WORKAROUND :
        Providing another EC library (like Bouncy Castle).

        FREQUENCY : always


        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8234538 UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8235979 UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8236258 UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8247027 UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8257185 UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8235294 UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8243694 UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8256914 UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8234612 Add a new test case to check if sunec is not available

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8234611 Could UnsatisfiedLinkError get thrown for SunEC provider

            • P3 - Major loss of function.
            • Closed

            Enhancement - null JDK-8234615 Separate the algorithms in the SunEC provider

            • P3 - Major loss of function.
            • Resolved
            links to

            Commit Commit openjdk/jdk13u-dev/5af784b4

            Review Review openjdk/jdk13u-dev/33

            Activity

              People

                xuelei Xuelei Fan
                webbuggrp Webbug Group
                Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: