View Issue Details

IDProjectCategoryView StatusLast Update
0011245CentOS-7javapublic2016-07-30 21:29
Reporterjeremy.barlow@puppet.com 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Platformx86_64OSCentOSOS Version7.0.1406
Product Version 
Target VersionFixed in Version 
Summary0011245: JDK 1.7.0_111 SunEC InternalError for older nss version
DescriptionWhen we upgraded from JDK 1.7.0_101 to 1.7.0_111 with the same nss version in place, 3.15.4, various calls into the java.security.Security JDK namespace throw errors. After we upgrade to the latest version of nss, though, the problems no longer occur. This suggests that the latest JDK versions should have a minimum requirement on newer versions of nss that do not have this problem.
Steps To Reproduce1) (optional) Compile the code below with javac to produce the attached `GetProviders.class` file.

import java.security.Provider;
import java.security.Security;

public class GetProviders {
    public static void main (String argv[]) {
       Provider[] providers = Security.getProviders();
       if (providers != null) {
         System.out.println ("Got " + providers.length + " providers");
         for (Provider provider : providers) {
           System.out.println("Provider: " + provider.getName());
         }
       }
    }
}

2) Run `yum install java-1.7.0-openjdk`.

3) With `nss` version 3.15.4 installed, run `java GetProviders`

---------
Expected:
---------

See output like the following:

Got 9 providers
Provider: SUN
Provider: SunRsaSign
Provider: SunEC
Provider: SunJSSE
Provider: SunJCE
Provider: SunJGSS
Provider: SunSASL
Provider: XMLDSig
Provider: SunPCSC

-------
Actual:
-------

Exception in thread "main" java.lang.InternalError
    at sun.security.ec.SunEC.initialize(Native Method)
    at sun.security.ec.SunEC.access$000(SunEC.java:49)
    at sun.security.ec.SunEC$1.run(SunEC.java:61)
    at sun.security.ec.SunEC$1.run(SunEC.java:58)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.security.ec.SunEC.<clinit>(SunEC.java:58)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at java.lang.Class.newInstance(Class.java:383)
    at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:221)
    at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)
    at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)
    at sun.security.jca.ProviderList.loadAll(ProviderList.java:282)
    at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:299)
    at sun.security.jca.Providers.getFullProviderList(Providers.java:173)
    at java.security.Security.getProviders(Security.java:456)
    at GetProviders.main(GetProviders.java:6)

3) Run `yum upgrade nss`.

nss is upgraded to 3.21.0.

4) Run `java GetProviders`. See the "expected" output from step 3.
Additional InformationA similar discussion about this for JDK 8 on Fedora occurred on this ticket in the RedHat Bugzilla took place here - https://bugzilla.redhat.com/show_bug.cgi?id=1332456. Maybe the same sort of fix in packaging could be done to address this issue for CentOS 7.

Also, this same problem is reproducible with CentOS 6.
TagsNo tags attached.
abrt_hash
URL

Activities

jeremy.barlow@puppet.com

jeremy.barlow@puppet.com

2016-07-30 21:22

reporter  

GetProviders.class (978 bytes)
jeremy.barlow@puppet.com

jeremy.barlow@puppet.com

2016-07-30 21:29

reporter   ~0027169

Note that the Security.getProviders() call is made by common Java packages like the maven and leiningen build tools, among others, so I expect that the effect of this issue would be pretty widespread.

Issue History

Date Modified Username Field Change
2016-07-30 21:22 jeremy.barlow@puppet.com New Issue
2016-07-30 21:22 jeremy.barlow@puppet.com File Added: GetProviders.class
2016-07-30 21:29 jeremy.barlow@puppet.com Note Added: 0027169