[Bug 2497] New: SunEC fails to provide necessary curves for I2P

Tue Jul 7 21:01:20 UTC 2015

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2497

            Bug ID: 2497
           Summary: SunEC fails to provide necessary curves for I2P
           Product: IcedTea
           Version: unspecified
          Hardware: x86_64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: IcedTea
          Assignee: gnu.andrew at redhat.com
          Reporter: sam at cmpct.info
                CC: unassigned at icedtea.classpath.org

Created attachment 1377
  --> http://icedtea.classpath.org/bugzilla/attachment.cgi?id=1377&action=edit
Obtained by: java -cp
/usr/share/i2p/lib/i2p.jar[:/usr/share/bcprov/lib/bcprov.jar]
net.i2p.crypto.KeyGenerator

It is impossible to use I2P with IcedTea compiled with (+nss +sunec) or
(+sunec). sunec is the default on Gentoo.

It appears that I2P is unable to complete key generation for any ECDSA curve it
requires (all of which are standard).

gnu_andrew and I debugged this on IRC, and determined the problem resides
within the SunEC provider. When SunEC is removed from the crypto providers, I2P
is able to perform the ECDSA functions needed.

I2P is completely unusable without ECDSA as it recently changed to use it for
almost all of its cryptographic operations. Being a darknet, it's quite heavy
on those.

Attached is the output of an exposed I2P test (java -cp
/usr/share/i2p/lib/i2p.jar[:/usr/share/bcprov/lib/bcprov.jar]
net.i2p.crypto.KeyGenerator). 

You can fetch i2p.jar and a Gentoo ebuild if desired from
http://darkcloud2.cmpct.info/i2p_ec.tar.gz. i2p.jar can be used to repeat the
test.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150707/4ae03aec/attachment.html>