[Bug 2390] New: Revert removal of elliptic curves in NamedCurve not supported by NSS, but by PKCS#11 devices

[bugzilla-daemon at icedtea.classpath.org]

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2390

            Bug ID: 2390
           Summary: Revert removal of elliptic curves in NamedCurve not
                    supported by NSS, but by PKCS#11 devices
           Product: IcedTea
           Version: 2.5.4
          Hardware: all
                OS: All
            Status: NEW
          Severity: critical
          Priority: P5
         Component: IcedTea
          Assignee: gnu.andrew at redhat.com
          Reporter: johan.eklund at primekey.se
                CC: unassigned at icedtea.classpath.org

The bug fix 2124 for
  "Synchronise elliptic curves in sun.security.ec.NamedCurve with those listed
by NSS"
removed all known curves except for the "secp256r1", "secp384r1" and
"secp521r1".

This makes it impossible to use the SunPKCS11 provider for EC crypto operations
with known curve names and breaks all existing installations for where non-NSS
curves are used with this provider.

Please note that 2125, 2126 and 2239 is likely to have similar implications.

Work-around: recompile with the "patches/pr2124.patch"

TL/DR:
SunPKCS11 is used for communication with Hardware Security Modules (HSMs) over
the PKCS#11 protocol (http://docs.oasis-open.org/pkcs11/). HSMs are used to
ensure that the private key cannot easily be copied and are typically used in
high security setups.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150602/668340a8/attachment.html>